[Privacy Act Issuances (1997)]
[From the U.S. Government Publishing Office, www.gpo.gov]
Agency for Health Care Policy and Research
Table of Contents
09-35-0001 Agency Management Information System/Grants (AMIS/
GRANTS and CONTRACTS), HHS/AHRQ/OM.
09-35-0002 Agency for Healthcare Research and Quality, Medical
Expenditure Panel Survey (MEPS) and National Medical Expenditure
Survey 2 (NMES 2), HHS/AHRQ/CCFS.
09-35-0001
System name:
Agency Management Information System/Grants (AMIS/GRANTS) and
CONTRACTS), HHS/AHRQ/OM.
Security classification:
None.
System location:
Agency for Healthcare Research and Quality, Office of Management,
Executive Office Center, Suite 601, 2101 E. Jefferson Street,
Rockville, Maryland 20852.
Program Support Center, Office of Management, Division of
Acquisition Management, Parklawn building, Room 5C-10, 5600 Fishers
Lane, Rockville, Maryland 20857.
For a list of contractors, please write to the system manager at
the address listed below.
Inactive records will be stored at: Washington National Records
Center, 4205 Suitland Road, Suitland, Maryland 20746-8001.
Categories of individuals covered by the system:
Research training and career development grant applicants and
principal investigators, research training grant program directors,
and research fellowship recipients; peer and other special reviewers;
contract project directors and other contractor key personnel.
Categories of records in the system:
Research grant, research training grant, research career
development, research fellowship, and contract files, including
applications, proposals, award notices, and summary comments of peer
reviewers.
Authority for maintenance of the system:
AHRQ grants and contract administration authorities: secs. 902,
922, 924, 926 Public Health Service (PHS) Act (42 U.S.C. 299a, 299c-
1, 299c-3, 299c-5); Sec. 1142 of the Social Security Act (42 U.S.C.
1320b-12) and sec. 487 PHS Act (42 U.S.C. 288) (National Research
Service Awards).
Purposes(s):
The information in this system is used to facilitate day-to-day
grants and contracts management operations and for purposes of
review, analysis, planning and policy formulation by AHRQ staff
members and by other components of DHHS which conduct research. AHRQ
also may refer these records to the appropriate office in the
Department for the purpose of monitoring payback; if necessary, debt
collection; and investigation of alleged scientific misconduct.
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
1. Disclosure may be made to a congressional office from the
records of an individual in response to an inquiry from the
congressional office made at the request of the individual.
2. The Department may disclose information from this system of
records to the Department of Justice, to a court or other tribunal,
when (a) HHS, or any component thereof; or (b) any HHS employee in
his or her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal, is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose of
which the records were collected.
3. AHRQ may disclose information about an individual grant or
contract applicant or fellowship applicant to credit reporting
agencies to obtain a credit report in order to determine his/her
credit worthiness.
4. Disclosure may be made to the National Technical Information
Service (NTIS), U.S. Department of Commerce, to contribute to the
Smithsonian Science Information Exchange, for dissemination of
scientific and fiscal information on funded awards (abstracts and
relevant administrative and financial data.)
5. Disclosure may be made to qualified experts, not within the
definition of Department employees, for opinions, as a part of the
grant application review award process.
6. Disclosure may be made to an AHRQ grantee or contractor for
the purposes of (a) carrying out research, or (b) providing services
relating to grant review, or for carrying out quality assessment,
program evaluation, and/or management reviews. They will be required
by written agreement to maintain Privacy Act safeguards with respect
to such records.
7. Disclosure may be made to a Federal Agency, in response to its
request, in connection with the hiring or retention of an employee,
the issuance of security clearance, the reporting of an investigation
of an employee, the letting of a contract, or the issuance of a
license, grant, or other benefit of the requesting agency, to the
extent that the record is relevant and necessary to the requesting
agency's decision on the matter.
8. Where Federal agencies having power to subpoena other Federal
agencies' records, such as the Internal Revenue Service or the Civil
Rights Commission, issue a subpoena to the Department for records in
this system of records, the Department will make such records
available.
9. Disclosure may be made to the cognizant Audit Agency for
auditing.
10. In the event that a system of records maintained by the
Department indicates a violation of potential violation of law,
whether civil, criminal or regulatory in nature, and whether arising
by statute or by regulation, rule or order issued pursuant thereto,
the relevant records in system of records may be referred for
purposes of litigation, as a routine use, to the appropriate agency,
whether Federal (e.g., the Department of Justice), or State (e.g.,
the State's Attorney General's Office) charged with the
responsibility of investigating or processing such violation or
charged with enforcing or implementing the statute or rule,
regulation or order issued pursuant thereto.
11. Disclosure may be made to the grants/contractor institution
in connection with performance or administration under the terms and
condition of the award, or in connection with problems that might
arise in performance or administration if an award is made on a
grant/contract proposal.
Disclosure to consumer reporting agencies:
Disclosure pursuant to 5 U.S.C. 552a(b)(12): Disclosure may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 1681ff. or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purpose of
this disclosure is to aid in the collection of outstanding debts owed
to the Federal Government; typically, to provide an incentive for
debtors to repay delinquent Federal Government debts by making these
debts part of their credit records. Disclosure of records is limited
to the individual's name, address, Social Security number, and other
information necessary to establish the individual's identity; the
amount, status, and history of the claim; and the agency program
under which the claim arose. This disclosure will be made only after
the procedural prerequisites of 31 U.S.C. 3711 have been followed.
Policies and practices for Storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on hard disks with magnetic tape backup was
well as in manual files (file folders).
Retrievability:
Electronic records are retrievable by key data fields such as
investigator name, application, grant or contract number. Paper
records are retrievable by name of principal investigator and/or
grant/contract number.
Safeguards:
1. Authorized users: All AHRQ staff who work with grants or
contracts have access to the system. Level of access will be granted
by the System Manager. Only staff members of the Division of Grants
Management and Division of Contracts Management have regular access
to their Division's paper grant and contract files. Limited access to
official grant and contract files is granted to other AHRQ and DHHS
staff with need-to-know about AHRQ research projects, only with
authorization of the responsible Division Director.
2. Physical safeguards: File servers and database servers are
maintained in areas secured by combination lock. Data is backed up
from hard drive to magnetic tape daily. Paper records are
[[Page 18940]]
secured in locked file cabinets in locked offices. All file cabinet
and computer equipment is maintained under general building security.
3. Procedural safeguards: Access to electronic records by non-
AHRQ personnel is through the Systems Manager only. DHHS staff may
inspect AHRQ grant and contract records on a need-to-know basis only,
with the approval of the responsible of the responsible Division
Director. Visitors are not left unattended in the office containing
the files. Offices are locked when not in use. Grant and contract
records are either transmitted in sealed envelopes or are hand-
carried.
4. Technical safeguards: Initial electronic access is through the
AHRQ local area network which is controlled by password. Subsequent
level of security exist for access to the Agency Management
Information System/Grants and contracts (AMIS/GRANTS and CONTRACTS)
system itself and, within the system, individual users are granted
appropriate levels of access (read on, read/write) depending upon
individual need. Levels of access are granted by the System Manager.
Retention and disposal:
Electronic records containing portions of information from the
paper applications and proposal of unfunded grant and contract
applications will be retained and accessible at AHRQ for ten years.
The complete paper applications and proposals of unfunded grants and
contracts will be retired to the Federal Records Retention Center
after one year and subsequently disposed of in accordance with the
records retention schedule. Electronic records containing portions of
information from the paper applications of funded grants or contracts
will be retained and made accessible at AHRQ for fifteen years
following final payment. Paper records of funded grant applications
and contracts and their respective files are retained at AHRQ for one
year beyond the termination date of the grant or until after the
final report is received, whichever is sooner. They are then retired
to the Federal Records Center and disposed of twelve years after
final payment in accordance with the National Archives and Records
Administration General Records Schedule. The pertinent records
retention control schedule may be obtained by writing a System
Manager at the following address.
System manager(s) and address:
For administrative information: AMIS/GRANTS and CONTRACTS Policy-
Coordinating Official/Administrator, 301-594-1439
For grants information: Director, Division of Grants Management,
301-594-1447
For contracts information: Director, Division of Contracts
Management, 301-594-1445
All System Managers are located at the following address: Office
of Management, AHRQ, Executive Officer Center, Suite 601, 2101 E.
Jefferson Street, Rockville, Maryland 20852.
Notification procedure:
To determine if a record exists, write to the System Manager at
the above address. The requester must also verify his or her identity
by providing either a notarization of the request or a written
certification that the requester is who he or she claims to be. The
requester should specify name or number of grant/contract. The
requester must also sign a statement indicating an understanding that
the knowing and willful request for acquisition of information from a
protected record pertaining to an individual under false pretense is
a criminal offense under the Act, punishable by a five thousand
dollar fine.
Record access procedures:
Same as notification procedures. Requester should also reasonably
specify the record contents being sought. Positive identification of
the requester as above is required. Subject individuals may also
request an accounting of disclosures that have been made of their
record, if any.
Contesting record procedures:
Contact the official at the address specified under the System
Manager subheading above and reasonably identify the record, specify
the information being contested, and state the corrective action
sought and reason(s) for requesting the correction, along with
supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Grant applications, contractor project directors, reports and
correspondence from the research community, and statement from grant
review committees; consumer reporting agencies; DHHS System of
Records 09-25-0036, Extramural Awards: IMPAC (Grant/Contract/
Cooperative Agreement Information), HHS/NIH/DRG.
Systems exempted from certain provisions of the act:
None.
09-35-0002
System name:
Medical Expenditure Panel Survey (MEPS) and National Medical
Expenditure Survey 2 (NMES 2), HHS/AHRQ/CCFS.
Security classification:
None.
System location:
Center for Cost and Financing Studies, AHRQ, Executive Office
Center, Suite 500, 2101 E. Jefferson Street, Rockville, Maryland
20852-4993.
Categories of individuals covered by the system:
(1) Individuals and members of households selected by probability
sampling techniques to be representative of the civilian
noninstitutionalized population of the United States; health care
providers, staff responding on behalf of health insurers and the
employers of members of sampled households; (2) residents and next-
of-kin of such residents of nursing and personal care homes, selected
by probability sampling techniques to be representative of residents
of such homes, and facilities and the staff responding on behalf of
such facilities.
Categories of records in the system:
Records containing information on: (1) The incidence of illness
and accidental injuries, prevalence of diseases and impairments, the
extent of disability, the use, expenditures and sources of payment
for health care services, and other characteristics of individuals
obtained in household interviews (demographic and socioeconomic
characteristics such as age, martial status, education, occupation
and family income) and the names, telephone numbers and addresses of
the responding staffs of health care providers, health insurers, and
employers; (2) the utilization of long-term care, nursing home care,
care in personal care homes through data on residents (demographic
and social characteristics, health status and charges and sources of
payment for care); through data facility characteristics (general
characteristics, certification, services offered and corresponding
expenses), and through data on next-of-kin or representative of
residents (demographic and social characteristics, health status, and
expenditures for health care of residents); and (3) Medicare claims
records of members of sampled households and of sampled residents of
nursing and personal care homes.
[[Page 18941]]
Authority for maintenance of the system:
Section 913 and 306 of the Public Health Service (PHS) Act (42
U.S.C. 299b-2 and 242k(b)). Sections 924(c) and 308(d) of the PHS Act
(42 U.S.C. 299c-3(c) and 242m(d)) provide authority for additional
restrictions on identifiable information about individuals.
Purpose(s):
The data are used in aggregated form for statistical and health
services research purposes respecting analysis and evaluation of
health care costs, and the accessibility, planning, organization,
distribution, technology, utilization, quality, and financing of
health services and systems.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Department has contracted with private firms for the purpose
of collecting, analyzing, aggregating, or otherwise refining records
in this system. Relevant records are collected by and/or disclosed to
such contractors. The contractors are required to maintain Privacy
Act safeguards with respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, magnetic tapes, CD ROM and secure network servers.
Retrievability:
Information can be retrieved by respondent name and address.
However, this information is not stored in routinely used analytic
files.
Safeguards:
AHRQ and its contractors implement personnel, physical, and
procedural safeguards as follows:
1. Authorized users: Access is limited to persons authorized and
needing to use the records, including project directors, contract
officers, interviewers, health care researchers and analysts,
statisticians, statistical clerks and data entry staff on the staffs
of AHRQ and the MEPS contractors.
2. Physical safeguards: The hard-copy records are stored in
locked safes, locked files, and locked offices when not in use.
Computer terminals used to process identifiable data are located in
secured areas and are accessible only to authorized users. Automated
backup files are stored in locked, fire proof safes.
3. Procedural safeguards: All employees of AHRQ and contractor
personnel with access to AHRQ records are required, as a condition of
employment, to sign an affidavit binding them to nondisclosure of
individually identifiable information. Periodic training sessions are
conducted to reinforce the statutorily-based confidentiality
restrictions. Actual identifiers are maintained in separate files
linked only if there is a specific need as authorized by the System
Manager. Data stored in computers both at AHRQ and the contractor
sites are accessed through the use of passwords/keywords unique to
each user and changed at least every 45 days. An automated audit
trail will be maintained. Contractors who maintain records in this
system are instructed to make no further disclosure of the records
other than those requested by AHRQ/CCFS. Privacy Act requirements and
the restrictions of 42 U.S.C. 242m(d) are specifically included in
contracts for survey, research and data processing activities related
to this system. The DHHS project directors, contract officers and
project officers oversee compliance with these requirements.
4. These safeguards are in accordance with chapter 45-13,
``Safeguarding Records Contained in Systems of Records,'' of the HHS
General Administration Manual, supplementary chapter PHS hf. 45-13;
Part 6, ``ADP Systems Security,'' of the HHS ADP Systems Manual, and
the National Bureau of Standards Federal Information Processing
Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Hard-copy records will be burned or shredded following
verification that such data were correctly entered into a machine
readable format.
System manager(s) and address:
Director, Division of Survey Operations, CCFS/AHRQ, Executive
Office Center, Suite 501, 2101 East Jefferson Street, Rockville,
Maryland 20852.
Notification procedure:
To determine if a record exists, write to the System Manager,
giving your full name and address.
Record access procedures:
The system is exempt from the requirements of the Privacy Act;
however, a subject individual may be granted access to his/her
records at the System's Manager's discretion. Positive identification
is required from anyone seeking access.
Contesting record procedures:
If access has been granted and some information is being
contested, contact the System Manager and reasonably identify the
record, specify the contested information, and state the corrective
action sought, with supporting information to show how the record is
inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
Respondents in the survey samples including: Members of
households, physicians, hospitals, health insurers, employers, staff
of nursing and personal care homes, the next-of-kin of residents of
such homes and facilities, and Systems 09-70-0005, Medicare Bill File
(Statistics), HHS/HCFA/BDMS.
Systems exempted from certain provisions of the act:
With respect to this system of records, exemption has been
granted from the requirements contained in subsections 552a(c)(3),
(d)(1) through (4) and (e)(4) (G) and (H), in accordance with the
provisions of subsection 552a(k)(4) of the Privacy Act of 1974. This
system has been exempted because it contains only records which are
required by statue to be maintained and used solely as statistical
records.
Agency for Toxic Substances and Disease Registry
09-19-0001
System name: Records of Persons Exposed or Potentially Exposed
to Toxic or Hazardous Substances, HHS/ATSDR/OHA.
System location:
Division of Health Studies, Agency for Toxic Substances and
Disease Registry, Executive Park, Bldg. 4, 1600 Clifton Road,
Atlanta, GA 30333.
Division of Health Assessment and Consultation, Agency for Toxic
Substances and Disease Registry, Executive Park, Bldg. 31, 1600
Clifton Road, Atlanta, GA 30333.
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30333.
Data are also located at contractor sites. A list of contractor
sites where individually identified data are currently located is
available upon request to the System Manager.
Categories of individuals covered by the system:
Individuals exposed or potentially exposed to toxic or hazardous
substances may include the following: (1) Selected persons living or
having lived near a hazardous waste site, including facilities owned
or operated by the United States; (2) Persons exposed or potentially
exposed to environmental hazards resulting from ingestion of
contaminated drinking water, persons exposed to contaminated soil,
persons living on mining wastes, persons inhaling toxic substances
(all of which may or may not be the result of contamination by a
specified waste site); (3) Participants in health outcome studies
(including exposure studies, symptom and disease prevalence studies,
cluster investigations), and epidemiologic studies to determine the
public health threat of exposure to hazardous or toxic substances;
(4) Registry participants with exposures associated with specific
chemicals, (5) Participants from site of emergency activities, and
other sites that are the subject of a citizen's petition; (6) Persons
working or having worked in response actions at hazardous waste sites
or other occupational settings where exposure to hazardous substances
occurred. The first five categories of persons above may include
children as well as adults.
Categories of records in the system:
Name, address, (including length of time at current address),
telephone number, date of birth, Social Security number, sex, current
and past occupations, dates, pathways and routes of toxic or
hazardous substance exposure or potential exposure, smoking history,
results of medical and laboratory tests, records on biological
specimens (e.g. blood, urine, etc.), and related documents such as
questionnaire responses. The specific type of records collected and
maintained is determined by the needs of the individual registry or
study.
Purpose(s):
Records in this system are used to carry out the legislated
environmental public health mandates of the Agency for Toxic
Substances and Disease Registry (ATSDR). Specifically this
information is used to: (1) Identify the public health threat caused
by exposure to toxic and hazardous substances utilizing health
outcome studies, epidemiologic studies, and other health effects
studies; and (2) establish and maintain national registries of
persons exposed to toxic substances and persons with serious diseases
and illnesses associated or potentially associated with exposure to
toxic substances. Registries will have the additional purposes of
tracking exposed individuals, keeping them informed of health effects
of exposure, preventive measures and possible breakthroughs in
treatment, along with serving as a centralized location for research
data on these exposed individuals.
Records may be disclosed to the National Center for Environmental
Health, Centers for Disease Control and Prevention, for laboratory
analysis of samples and for collaborative efforts (i.e., providing
staff, performing statistical analysis, etc.) in coordinating
investigations.
Records (i.e., name, Social Security number, date of birth) may
be disclosed to the National Center for Health Statistics to obtain a
determination of vital status. Death certificates with the cause of
death will then be obtained from Federal, State, or local agencies to
enable ATSDR (1) to determine whether excess mortality is occurring
among individuals exposed to toxic or hazardous substances, and (2)
to notify similarly exposed persons. Records may also be disclosed to
the Social Security Administration for additional sources of locating
information.
Authority for maintenance of the system:
Comprehensive Environmental Response, Compensation, and Liability
Act of 1980 as amended by Superfund Amendments and Reauthorization
Act of 1986 (42 U.S.C. 9601, 9604); and the Resource Conservation and
Recovery Act of 1976 as amended in 1984 (42 U.S.C. 6901).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Records may be disclosed to Department of Health and Human
Services contractors to locate individuals exposed or potentially
exposed to toxic or hazardous substances (e.g., in the establishment
of the National Exposure Registry), conduct interviews, perform
medical examinations, collect and analyze biological specimens,
evaluate and interpret data, and perform followup health
investigations so that the research purposes for which the records
are collected may be accomplished. The contractor must comply with
the requirements of the Privacy Act with respect to such records.
2. Records may be disclosed to Federal agencies such as the
Environmental Protection Agency (EPA), State and local health
departments, and other public health or cooperating medical
authorities in connection with program activities and related
collaborative efforts to deal more effectively with exposures to
hazardous or toxic substances, and to satisfy mandatory reporting
requirements when applicable.
3. Records (i.e., name, Social Security number) may be disclosed
to other Federal agencies and to missing person location agencies to
obtain information to aid in locating individuals involved in these
studies.
4. Records may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identified form, and (2) warrants
the risk to the privacy of the individual that additional exposure of
the record might bring; (C) has required the recipient to (1)
establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; (D) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
5. Disclosures may be made to a congressional office from the
records of an individual, in response to a verified inquiry from the
congressional office made at the written request of that individual.
6. In the event of litigation initiated by EPA in collaboration
with ATSDR, ATSDR may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent ATSDR. The types of litigative proceedings that
ATSDR may request include the recovery of expenses incurred in
cleanup operations at Superfund or Resource Conservation and Recovery
Act sites, including program and staff costs.
7. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, computer tapes and disks (hard and floppy).
Retrievability:
By name or Social Security number.
Safeguards:
The following special safeguards are provided to protect the
records from inadvertent disclosure:
1. Authorized Users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of ATSDR or its contractors, as authorized by the system
manager to accomplish the stated purposes for which the data in this
system have been collected. A list of authorized users will be
maintained by the system manager.
2. Physical Safeguards. Questionnaires, log books, and other
source data are maintained in locked cabinets in locked rooms, 24-
hour guard service in buildings, personnel screening of visitors,
electronic anti-intrusion devices in operation at the Federal Records
Center (FRC), fire extinguishers, overhead sprinkler system, and
card-access control equipment in the mainframe computer room (Clifton
Road facility), computer terminals, lockable personal computers, and
automated records located in secured areas.
3. Procedural Safeguards: Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, computer software to control access, frequently
changed passwords, and Fault Management System.
Knowledge of individual tape passwords is required to access
tapes, and acces to systems is limited to users obtaining prior
supervisory approval. When Privacy Act tapes are scratched, a special
``certified'' process is performed in which tapes are completely
written over to avoid inadvertent data disclosure. When possible, a
backup copy of data is stored at an offsite location and a log kept
of all changes to each file and all persons reviewing the file.
Selected safeguards will be applicable to specific elements of the
system, as appropriate. Additional safeguards may also be built into
the program by the system analyst as warranted by the sensitivity of
the specific data set.
ATSDR and contractor employees who maintain records are
instructed in specific procedures to protect the security of records,
and are to check with the system manager prior to making disclosures
of data. When individually identified data are being used in a room,
admittance at either ATSDR or contractor sites is restricted to
specifically authorized personnel.
Appropriate Privacy Act provisions are included in contracts and
the ATSDR Project Director, contract officers, and project officers
oversee compliance with these requirements. Upon completion of the
contract, all data will be either returned to ATSDR or destroyed, as
specified by the contract.
4. Implementation Guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 66, ``Automated
Information Systems Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B-Archives and Records.
Retention and disposal:
A Comprehensive Records Control Schedule has been approved for
ATSDR which designates the procedures which allow the system managers
to retain records for their designated life. Registry records will be
actively maintained as long as funding is provided for by
legislation. Contractors will retain the records only as long as
necessary to complete data collection and verify ATSDR's receipt of
the data in usable form. Record copy of study reports is maintained
in the agency from two to three years in accordance with retention
schedules. Source documents for computer tapes or disks are disposed
of when no longer needed in the study as specified by the records
control schedule.
Records may be transferred to a Federal Records Center for
storage when no longer needed for evaluation or analysis. Disposal
methods include the paper recycling process, burning or shredding
hard copy records, and erasing computer tapes and disks.
System manager(s) and address:
Director, Division of Health Studies, Agency for Toxic Substances
and Disease Registry, Executive Park, Bldg. 4, 1600 Clifton Road,
Atlanta, GA 30333.
Director, Division of Health Assessment and Consultation, Agency
for Toxic Substances and Disease Registry, Executive Park, Bldg. 31,
1600 Clifton Road, Atlanta, GA 30333.
Policy coordination is provided by: Deputy Assistant
Administrator, Agency for Toxic Substances and Disease Registry,
Executive Park, Bldg. 37, 1600 Clifton Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself/herself
by contacting the appropriate system manager at the address above.
Persons who knowingly and willfully request or acquire a record
pertaining to an individual under false pretenses are subject to
criminal prosecution. Requesters in person must provide photo
identification (such as driver's license) or other positive
identification that would authenticate the identity of the individual
making the request. Individuals who do not appear in person must
submit a request which has been notarized to verify their identity. A
parent or guardian who requests notification of, or access to, a
minor's medical record must provide a birth certificate (or notarized
copy), court order, or other competent evidence of guardianship. An
individual who requests notification of, or access to, a medical
record shall at the time the request is made, designate in writing a
responsible representative (who may be a physician, other health
professional, or other responsible individual) who will be willing to
review the record and inform the subject individual of its contents
at the representative's discretion.
In addition, the following information should be provided when
requesting notification: (1) Full name and Social Security number;
(2) nature of the study, or probable exposure or disease subregistry
which might include the requester.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may also be
requested.
Contesting record procedures:
Contact the system manager at the address specified above,
reasonably identify the record and specify the information being
contested, the corrective action sought, and the reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
Subject individuals, families of deceased individuals, concerned
citizens associated with a particular site, State and local health
departments, physican records, hospital records, Social Security
Administration, Environmental Protection Agency and other agencies
responsible for environmental public health.
Systems exempted from certain provisions of the act:
None.
Centers for Disease Control
Table of Contents
09-20-0001 Certified Interpreting Physician File. HHS/CDC/
NIOSH.
09-20-0055 Administrative Files for Research/Demonstration and
Training Grants, and Cooperative Agreements Applications. HHS/CDC/
PGO.
09-20-0059 Division of Training Mailing List. HHS/CDC/NIOSH.
09-20-0089 Studies of Treatment of Tuberculosis and other
Mycobacterioses. HHS/CDC/NCPS.
09-20-0090 Studies of Testing for Tuberculosis and other
Mycobacterioses. HHS/CDC/NCPS.
09-20-0096 Records of Tuskegee Study Health Benefit Recipients.
HHS/CDC/NCPS.
09-20-0102 Alien Mental Waiver Program. HHS/CDC/NCPS.
09-20-0103 Alien Tuberculosis Follow-up Program. HHS/CDC/NCPS.
09-20-0106 Specimen Handling for Testing and Related Data. HHS/
CDC/NCID.
09-20-0112 Fellowship Program and Guest Researcher Records.
HHS/CDC/PMO.
09-20-0113 Epidemic Investigation Case Records. HHS/CDC/NCID.
09-20-0117 Medical and Test Record Results of Individuals
Involved in NIOSH Laboratory Studies. HHS/CDC/NIOSH.
09-20-0118 Study at Work Sites where Agents Suspected of Being
Occupational Hazards Exist. HHS/CDC/NIOSH.
09-20-0136 Epidemiologic Studies and Surveillance of Disease
Problems. HHS/CDC/NCID.
09-20-0137 Passport File. HHS/CDC/IHPO.
09-20-0138 Epidemic Intelligence Service Officers Files. HHS/
CDC/EPO.
09-20-0147 Occupational Health Epidemiological Studies. HHS/
CDC/NIOSH.
09-20-0149 Morbidity Studies in Coal Mining, Metal and Non-
metal Mining and General Industry. HHS/CDC/NIOSH.
09-20-0153 Mortality Studies in Coal Mining, Metal and Non-
metal Mining and General Industry. HHS/CDC/NIOSH.
09-20-0154 Medical and Laboratory Studies. HHS/CDC/NIOSH.
09-20-0157 Clinical Laboratory Personnel Proficiency Test
Results (Medicare). HHS/CDC/PHPPO.
09-20-0159 Records of Subjects in Certification, Testing,
Studies of Personal Protective Devices, and Accident Investigations.
HHS/CDC/NIOSH.
09-20-0160 Records of Subjects in Health Promotion and
Education Studies. HHS/CDC/NCCDPHP.
09-20-0161 Records of Health Professionals in Disease
Prevention and Control Training Programs. HHS/CDC/NCPS.
09-20-0162 Records of Subjects in Agent Orange, Vietnam
Experience, and Selected Cancers Studies. HHS/CDC/NCEH.
09-20-0163 Applicants for National Center for Health Statistics
Technical Assistance, HHS/CDC/NCHS.
09-20-0164 Health and Demographic Surveys Conducted in
Probability Samples of the U.S. Population, HHS/CDC/NCHS.
09-20-0165 Health Manpower Inventories and Surveys, HHS/CDC/
NCHS.
09-20-0166 Vital Statistics for Births, Deaths, Fetal Deaths,
Marriages and Divorces Occurring in the United States During Each
Year, HHS/CDC/NCHS.
09-20-0167 Health Resources Utilization Statistics, HHS/CDC/
NCHS.
09-20-0168 Curricula Vitae of Consultants to the National
Center for Health Statistics, HHS/CDC/NCHS.
09-20-0169 Users of Health Statistics, HHS/CDC/NCHS.
09-20-0001
System name: Certified Interpreting Physician File, HHS/CDC/
NIOSH.
Security classification:
None.
System location:
Division of Respiratory Disease Studie , National Institute for
Occupational Safety and Health (NIOSH), 1095 Willowdale Road, MS 217,
Morgantown, WV 26505-2845.
Data are also located at contractor sites as studies are
developed, data collected, and reports written. A list of contractor
sites where individually identified data are currently located is
available upon request to the system manager.
Categories of individuals covered by the system:
Physicians who have been taken the test to be certified to
interpret X-rays under the Federal Mine Health and Safety Act of
1977. Records are also maintained on physicians who have attempted to
obtain certification, but did not qualify.
Categories of records in the system:
Certification qualifications of physicians.
Authority for maintenance of the system:
Federal Mine Health and Safety Act of 1977, Section 501,
``Research'' (30 U.S.C. 951).
Purpose(s):
The main purpose is to certify physicians as qualify to interpret
X-rays using the ILO system of classification for pneumoconiosis.
Routine use(s) of records maintained in the system, including
categories of users and the purposes:
Name and address supplied to coal operators and X-ray facilities
so that they may contact physicians to do work for them.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, microcomputer files, Computer tapes/disks and
printouts, microfilm.
Retrievability:
Name and/or social security number, supplied on a voluntary basis
are the indices used to retrieve records.
Safeguards:
1. Authorized Users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC) or its contractors, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening and escorting of
visitors, a limited access, secured computer room with fire
extinguishers and overhead sprinkler system, computer terminals and
automated records located in secured areas.
3. Procedural safeguards: Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, and frequently changed passwords. Knowledge of
individual tape passwords is required to access tapes, and access to
systems is limited to users obtaining prior supervisory approval.
Additional safeguards may be built into the program by the system
analyst as warranted by the sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Records are retained indefinitely. Disposal methods include
erasing computer tapes, burning or shredding printouts or
transferring records to the Federal Records Center.
System manager(s) and address:
Administrative Officer, Division of Respiratory Disease Studies
(DRDS), National Institute for Occupational Safety and Health
(NIOSH), 1095 Willowdale Road, MS 217, Morgantown, WV 26505-2845.
Chief, Examinations Processing Branch, DRDS, NIOSH, Receiving
Center, Post Office Box 4258, MS 122, Morgantown, WV 26504-4258.
Policy coordination is provided by: Director, Division of
Respiratory Disease Studies, National Institute for Occupational
Safety and Health, 1095, Willowdale Road, MS 220, Morgantown, WV
26505-2845.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained directly from the individual or his/her
designee.
Systems exempted from certain provisions of the act:
None.
09-20-0055
System name: Administrative Files for Research/Demonstration and
Training Grants, and Cooperative Agreements Applications, HHS/CDC/
PGO.
Security classification:
None.
System location:
Division of Research Grants, National Institutes of Health,
Westbard Bldg., Westbard Avenue, Bethesda, MD 20014.
Grants Management Office, Procurement and Grants Office, Rm. 300,
Buckhead Bldg., Centers for Disease Control and Prevention, 1600
Clifton Road, NE, Atlanta, GA 30333.
Office of Extramural Coordination and Special Projects, National
Institute for Occupational Safety and Health (NIOSH), Bldg. 1, Rm.
3053, Centers for Disease Control and Prevention, 1600 Clifton Road,
NE, Atlanta, GA 30333.
Division of Training and Manpower Development, Division of
Biomedical and Behavioral Science, Division of Physical Sciences and
Engineering, and Division of Surveillance, Hazard Evaluations, and
Field Studies, NIOSH, 4676 Columbia Parkway, Cincinnati, OH 45226.
Division of Respiratory Disease Studies and Division of Safety
Research, NIOSH, 1095 Willowdale Road, Morgantown, WV 26505-2845.
Federal Records Center, 4205 Suitland Road, Suitland, MD 20409,
and 1557 St. Joseph Avenue, East Point, GA 30344.
A list of contractor sites where individually identified data are
currently located is available upon request to the system manager.
Data are also occasionally located at grantee sites as studies
are developed, data collected, and reports written. A list of grantee
sites where individually identified data are currently located is
available upon request to the system manager.
Categories of individuals covered by the system:
Applicants for occupational safety and health research and
demonstration grants, and training grants.
Categories of records in the system:
Draft and final grant application and review history, awards,
financial records and progress reports and related correspondence.
Authority for maintenance of the system:
Occupational Safety and Health Act, Section 20, ``Research and
Related Activities'' and Section 21, `Training and Employee
Education'' (29 U.S.C. 669, 670).
Purpose(s):
The purpose of this system is to review grant applications for
research and training and to administer funded grants. This
information is provided to the National Institutes of Health and to
components of the Centers for Disease Control (CDC) including NIOSH
for review.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Referrals may be made of assignments of research investigators
and project monitors on specific research projects to the National
Technical Information Service (NTIS), Department of Commerce, to
contribute to the Smithsonian Science Information Exchange.
To the cognizant audit agency for auditing.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
To qualified experts not within the definition of Department
employees as prescribed in Department regulations for opinions as a
part of the application review process.
To a Federal agency, in response to its request, in connection
with the letting of a contract, or the issuance of a license, grant,
cooperative agreement, or other benefit by the requesting agency, to
the extent that the record is relevant and necessary to the
requesting agency's decision on the matter.
To individuals and organizations deemed qualified by PHS to carry
out specific research related to the review and award processes of
PHS.
To the grantee institution relative to performance or
administration under the terms and conditions of the award.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
5x8 cards, computer tapes/discs and printouts, notebooks, and
file folders.
Retrievability:
Name is the index used to retrieve information.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Records are kept in locked cabinets in
locked rooms. Guard service in buildings provides screening of
visitors. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with system
manager prior to making disclosures of data.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual. FRC
safeguards are in compliance with GSA Federal Property Mangement
Regulations, subchapter B--Archives and Records.
Retention and disposal:
Approved and funded applications are kept for one year beyond
closeout, and then sent to the Federal Records Center (FRC) for 10
years, after which time they are destroyed. Unsuccessful applications
are retained for up to 2 years at the agency, and then sent to the
FRC for 10 years. Draft applications are kept for one year or until
an official application is received (at which time the draft is
destroyed). Disposal methods include the paper recycling process,
burning or shredding paper materials, and erasing computer tapes.
System manager(s) and address:
Grants Management Officer, Procurement and Grants Office,
Buckhead Bldg., Rm. 300, MS E09, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333.
Associate Director for Extramural Programs, NIOSH, Bldg. 1, Rm.
3053, MS D30, Centers for Disease Control and Prevention, 1600
Clifton Road, NE, Atlanta, GA 30333.
Policy coordination is provided by: Associate Director for
Management and Operations, Bldg. 1, Rm. 2011, MS D15, Centers for
Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta, GA
30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the appropriate system manager at the address
above. Requesters in person must provide driver's license or other
positive identification. Individuals who do not appear in person must
either (1) submit a notarized request to verify their identify or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained directly from the individual.
Systems exempted from certain provisions of the act:
None.
09-20-0059
System name: Division of Training Mailing List, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Training and Manpower Development (DTMD), National
Institute for Occupational Safety and Health (NIOSH), Robert A. Taft
Laboratories, 4676 Columbia Parkway, Cincinnati, Ohio 45226.
Data are also occasionally located at contractor sites as studies
are developed, data collected, and reports written. A list of
contractor sites where individually identifiable data are currently
located is available upon request to the system manager.
Categories of individuals covered by the system:
Persons who have taken a NIOSH training course or who ask to be
placed on the list.
Categories of records in the system:
Names and addresses.
Authority for maintenance of the system:
Occupational Safety and Health Act, Section 21, ``Training and
Employee Education'' (29 U.S.C. 670).
Purpose(s):
The purpose of this system is to advise prospective students of
upcoming NIOSH training courses.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts, addressograph plates.
Retrievability:
Name and student number are the indices used to retrieve records
from this system.
Safeguards:
l. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC) or its contractors, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening of visitors, a
limited access, secured computer room with fire extinguishers and
overhead sprinkler system, computer terminals and automated records
located in secured areas.
3. Procedural safeguards: Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, and frequently changed passwords. Knowledge of
individual tape passwords is required to access tapes, and access to
systems is limited to users obtaining prior supervisory approval.
Additional safeguards may be built into the program by the system
analyst as warranted by the sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Record copy maintained from three to ten years in accordance with
retention schedules. Source documents for computer disposed of when
no longer needed in the study, as determined by the system manager.
Disposal methods include erasing computer tapes and burning or
shredding paper materials.
System manager(s) and address:
Audio Visual Production Officer, Division of Training and
Manpower Development (DTMD), National Institute for Occupational
Safety and Health (NIOSH), Robert A. Taft Laboratories, 4676 Columbia
Parkway, Cincinnati, Ohio 45226.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identify or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained directly from the individual.
Systems exempted from certain provisions of the act:
None.
09-20-0089
System name: Studies of Treatment of Tuberculosis and other
Mycobacterioses, HHS/CDC/NCPS.
Security classification:
None.
System location:
Division of Tuberculosis Elimination, National Center for
Prevention Services, Corporate Square, Bldg. 10, Room 2208, Centers
for Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta,
GA 30333 and Federal Records Center, 1557 St. Joseph Avenue, East
Point, GA 30344.
A list of contractor sites where individually identified data are
currently located is available upon request to the system manager.
Categories of individuals covered by the system:
Adults and children with tuberculosis or other mycobacterial
diseases having been or currently being treated or observed by a
limited number of participating local or county health departments,
clinics, and hospitals (from 1959 until the present time), including
those individuals in selected areas receiving isoniazid therapy or
BCG vaccinations, and patients for whom routine tuberculosis
treatment is ineffective. Also included are contacts to tuberculosis
patients, adults with inactive tuberculosis, and controls.
Categories of records in the system:
Abstracts of medical data pertaining to clinical trials,
including medical history, skin tests, physical examinations,
laboratory test results, X-ray results, medications prescribed,
smoking habits, etc.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation'' (42 U.S.C. 241).
Purpose(s):
To determine the effectiveness and safety of a variety of
treatments and preventive measures for tuberculosis and other
mycobacterial diseases, to determine the best measures against drug
resistant tuberculosis, and to monitor incidence of complications
among individuals who have received preventive therapy, including
isoniazid.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records may be disclosed to health departments and other public
health or cooperating medical authorities in connection with program
activities and related collaborative efforts to deal more effectively
with diseases and conditions of public health significance.
A record may be disclosed for a research purpose, when the
department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (C) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; (D) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
The Department is under contract with private firms for the
purpose of collating, analyzing, aggregating or otherwise refining
records in this system. Relevant records are maintained by the
contractors. The contractors are required to maintain Privacy Act
safeguards with respect to such records.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Cards, file folders, computer tapes/disks and printouts.
Retrievability:
Records are retrieved by the participant's name and/or study I.D.
number.
Safeguards:
1. Authorized users: A database security package is implemented
on CDC's mainframe computer to control unauthorized access to the
system. Attempts to gain access by unauthorized individuals are
automatically recorded and reviewed on a regular basis. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff of the Centers for
Disease Control (CDC), or its contractors, as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Access to the CDC Clifton Road facility
where the mainframe computer is located is controlled by a card key
system. Access to the computer room is controlled by a card key and
security code (numeric keypad) system. Access to the data entry area
is also controlled by a card key system. The hard copy records are
kept in locked cabinets in locked rooms. The local fire department is
located directly across the street from the Clifton Road buildings.
The computer room is protected by an automatic sprinkler system,
automatic sensors (e.g., water, heat, smoke, etc.) are installed, and
portable fire extinguishers are located throughout the computer room.
The system is backed up on a nightly basis with copies of the files
stored off site in a secure fire proof safe. The 24-hour guard
service in buildings provides screening of visitors. Electronic anti-
intrusion devices are in effect at the Federal Records Center.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. When Privacy Act tapes are erased, a special ``certified''
process is performed in which tapes are completely written over to
avoid inadvertent data disclosure. Additional safeguards may be built
into the program by the system analyst as warranted by the
sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for five years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Director, Division of Tuberculosis Elimination, National Center
for Prevention Services, Corporate Square, Bldg. 10, Rm. 10, MS E10,
Centers for Disease Control and Prevention, l600 Clifton Road, NE,
Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals, state and local health departments, hospitals,
laboratories, clinics, and family members of study participants.
Systems exempted from certain provisions of the act:
None.
09-20-0090
System name: Studies of Testing for Tuberculosis and other
Mycobacterioses, HHS/CDC/NCPS.
Security classification:
None.
System location:
Division of Tuberculosis Elimination, National Center for
Prevention Services, Corporate Square, ldg. 10, Rm. 2208, Centers for
Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta, GA
30333 and
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
Categories of individuals covered by the system:
Study participants include patients, clientele, and employees of
local and county health departments, hospitals, and other
institutions currently observing and/or treating cases of
tuberculosis and other mycobacterial diseases. Participants include
adults and children.
Categories of records in the system:
Medical records.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation'' (42 U.S.C. 241).
Purpose(s):
To study the diagnostic value of tests used to identify persons
infected with M. tuberculosis or sensitized by other mycobacteria.
These records may also be used by the Food and Drug Administration in
conducting research related to Investigational New Drugs (IND).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Test results will be returned to the collaborating physician or
responsible hospital official.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Cards, file folders, computer tapes/disks and printouts.
Retrievability:
Records are retrieved by name and I.D. number.
Safeguards:
1. Authorized users: A database security package is implemented
on CDC's mainframe computer to control unauthorized access to the
system. Attempts to gain access by unauthorized individuals are
automatically recorded and reviewed on a regular basis. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff of the Centers for
Disease Control (CDC), or its contractors, as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Access to the CDC Clifton Road facility
where the mainframe computer is located is controlled by a card key
system. Access to the computer room is controlled by a card key and
security code (numeric keypad) system. Access to the data entry area
is also controlled by a card key system. The hard copy records are
kept in locked cabinets in locked rooms. The local fire department is
located directly across the street from the Clifton Road buildings.
The computer room is protected by an automatic sprinkler system,
automatic sensors (e.g., water, heat, smoke, etc.) are installed, and
portable fire extinguishers are located throughout the computer room.
The system is backed up on a nightly basis with copies of the files
stored off site in a secure fire proof safe. The 24-hour guard
service in buildings provides screening of visitors. Electronic anti-
intrusion devices are in effect at the Federal Records Center.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. When Privacy Act tapes are erased, a special ``certified''
process is performed in which tapes are completely written over to
avoid inadvertent data disclosure. Additional safeguards may be built
into the program by the system analyst as warranted by the
sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for five years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Director, Division of Tuberculosis Elimination, National Center
for Prevention Services, Corporate Square, Bldg. 10, Rm. 2208,
Centers for Disease Control and Prevention, 1600 Clifton Road, NE,
Atlanta, GA 30333 and Federal Records Center, 1557 St. Joseph Avenue,
East Point, GA 30344.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals and hospitals.
Systems exempted from certain provisions of the act:
None.
09-20-0096
System name: Records of Tuskegee Study Health Benefit
Recipients, HHS/CDC/NCPS.
Security classification:
None.
System location:
National Center for Prevention Services, Corporate Square, Bldg.
11, Rms. 2117, 2118, Centers for Disease Control and Prevention, 1600
Clifton Road, NE, Atlanta, GA 30333 and Federal Records Center, 1557
St. Joseph Avenue, East Point, GA 30344.
Categories of individuals covered by the system:
Adult participants in the study, their spouses, and their direct
offspring.
Categories of records in the system:
Records relating to medical treatment of Tuskegee Study Health
Benefit Program beneficiaries.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation'' (42 U.S.C. 241).
Purpose(s):
To determine eligibility and provide medical benefits for
participants and qualified family members.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained;(B) has determined that the research
purpose (1) cannot be reasonably accomplished unless the record is
provided in individually identifiable form, and (2) warrants the risk
to the privacy of the individual that additional exposure of the
record might bring; (C) has required the recipient to (1) establish
reasonable administrative, technical, and physical safeguards to
prevent unauthorized use or disclosure of the record, (2) remove or
destroy the information that identifies the individual at the
earliest time at which removal or destruction can be accomplished
consistent with the purpose of the research project, unless the
recipient has presented adequate justification of a research or
health nature for retaining such information, and (3) make no further
use or disclosure of the record except (a) in emergency circumstances
affecting the health or safety of any individual, (b) for use in
another research project, under these same conditions, and with
written authorization of the Department, (c) for disclosure to a
properly identified person for the purpose of an audit related to the
research project, if information that would enable research subjects
to be identified is removed or destroyed at the earliest opportunity
consistent with the purpose of the audit, or (d) when required by
law; (D) has secured a written statement attesting to the recipient's
understanding of, and willingness to abide by these provisions.
Records may be disclosed to health departments and other public
health or cooperating medical authorities in connection with program
activities and related collaborative efforts to deal more effectively
with diseases and conditions of public health significance.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Records are retrieved alphabetically by name.
Safeguards:
l. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms,
electronic anti-intrusion devices in operation at the Federal Records
Center, 24-hour guard service in buildings, personnel screening of
visitors.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with the
system manager prior to making disclosures of data.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual. FRC safeguards are in compliance with GSA Federal Property
Management Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for five years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records are to be maintained
permanently.
System manager(s) and address:
Director, National Center for Prevention Services, Corporate
Square, Bldg. 11, Rm. 2106, MS E07, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Participants and family members of participants entitled to
medical care; Social Security Administration for Medicare
information; and State welfare departments for information on
Medicaid.
Systems exempted from certain provisions of the act:
None.
09-20-0102
System name: Alien Mental Waiver Program, HHS/CDC/NCPS.
Security classification:
None.
System location:
Medical Screening Section, Division of Quarantine, National
Center for Prevention Services, Corporate Square, Bldg. 10, Rm. 1105,
Centers for Disease Control and Prevention, 1600 Clifton Road, NE,
Atlanta, GA 30333 andFederal Records Center, 1557 St. Joseph Avenue,
East Point, GA 30344.
Categories of individuals covered by the system:
Immigrant aliens with waivers of excludability who have or have
had a physical or mental disorder with associated behavior that may
pose, or has posed, a threat to the property, safety, or welfare of
the alien or others.
Categories of records in the system:
Medical history files.
Authority for maintenance of the system:
Public Health Service Act, Section 325, ``Examination of Aliens''
(42 U.S.C. 252); Immigration and Nationality Act, Section 212(g),
``Application for Waiver of Grounds of Excludability'' (8 U.S.C.
ll82(g)).
Purpose(s):
To comply with the requirements of section 212(g) of the
Immigration and Nationality Act, the Centers for Disease Control
(CDC) must receive and maintain medical records on aliens who apply
for waivers of excludability due to a physical or mental disorder
with associated harmful behavior. CDC is furnished with a copy of the
alien's medical examination report and psychiatric/psychological
evaluation and uses the information to process the initial
applications for such waivers and for periodic medical surveillance
and evaluation of individual cases.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Department of State (DOS) or Immigration and Naturalization
Service (INS) obtains initial medical examinations and submits to the
Division of Quarantine, CDC. Final diagnosis returned to submitter.
Alien or sponsor furnishes copy of medical file to local health care
facility in the United States.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Individual file folders.
Retrievability:
Records are retrieved by name.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of personnel, i.e., program manager and immediate staff members, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening of visitors,
electronic anti-intrusion devices in operation at the Federal Records
Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with the
system manager prior to making disclosures of data.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual. FRC safeguards are in compliance with GSA Federal Property
Management Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for five years. Disposal methods
include burning or shredding paper materials or transferring records
to the Federal Records Center when no longer needed for evaluation
and analysis. Records destroyed by paper recycling process when 10
years old, unless needed for further study.
System manager(s) and address:
Director, Division of Quarantine, National Center for Prevention
Services, Corporate Square, Bldg. 10, Room 1207, MS E03, Centers for
Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta, GA
30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's or mentally incompetent person's medical record shall
designate a family physician or other health professional (other than
a family member) to whom the record, if any, will be sent. The parent
or guardian must verify relationship to the child or mentally
incompetent person by means of a birth certificate or court order, as
well as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Prior to alien's arrival in the U.S., medical information
supporting the diagnosis of a physical or mental mental disorder with
associated harmful behavior is submitted by Department of State and/
or Justice Department (INS); after arrival, mental status evaluations
submitted by medical specialists, schools, or institutions.
Systems exempted from certain provisions of the act:
None.
09-20-0103
System name: Alien Tuberculosis Followup Program, HHS/CDC/NCPS.
Security classification:
None.
System location:
Office of the Director, Division of Quarantine, Center for
Prevention Services, 1644 Freeway Office Park, Room 1327, Centers for
Disease Control, 1600 Clifton Road, Atlanta, GA 30333.
Categories of individuals covered by the system:
Immigrant aliens with tuberculosis.
Categories of records in the system:
Medical history.
Authority for maintenance of the system:
Public Health Service Act, Section 325, ``Examination of Aliens''
(42 U.S.C 252); Immigration and Nationality Act, Section 212(g),
``Application for Waiver of Grounds of Excludability'' (8 U.S.C.
1182(g)).
Purpose(s):
To provide a record system for the surveillance and periodic
medical evaluation of immigrant aliens with tuberculosis.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to State health departments, city health
departments or the courts, private physicians or other health care
facilities that will provide medical care for the immigrant alien.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Card files, computer tapes/disks and printouts.
Retrievability:
Records are retrieved by name, Alien Registration Number, and by
year of birth.
Safeguards:
1. Authorized users: A database security package is implemented
on CDC's mainframe computer to control unauthorized access to the
system. Attempts to gain access by unauthorized individuals are
automatically recorded and reviewed on a regular basis. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff of the Centers for
Disease Control (CDC), or its contractors, as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Access to the CDC Clifton Road facility
where the mainframe computer is located is controlled by a card key
system. Access to the computer room is controlled by a card key and
security code (numeric keypad) system. Access to the data entry area
is also controlled by a card key system. The hard copy records are
kept in locked cabinets in locked rooms. The local fire department is
located directly across the street from the Clifton Road buildings.
The computer room is protected by an automatic sprinkler system,
automatic sensors (e.g., water, heat, smoke, etc.) are installed, and
portable fire extinguishers are located throughout the computer room.
The system is backed up on a nightly basis with copies of the files
stored off site in a secure fire proof safe. The 24-hour guard
service in buildings provides screening of visitors. Electronic anti-
intrusion devices are in effect at the Federal Records Center.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. When Privacy Act tapes are erased, a special ``certified''
process is performed in which tapes are completely written over to
avoid inadvertent data disclosure. Additional safeguards may be built
into the program by the system analyst as warranted by the
sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Card files are maintained in agency for two years. Destroyed by
paper recycling process after 2 years. Computer file maintained 4
years at CDC. Records destroyed by erasing tape after 4 years.
System manager(s) and address:
Director, Division of Quarantine, National Center for Prevention
Services, 1644 Freeway Office Park, Rm.1328, Centers for Disease
Control, 1600 Clifton Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information obtained from alien's visa medical documents at port
of entry by Quarantine Inspectors.
Systems exempted from certain provisions of the act:
None.
09-20-0106
System name: Specimen Handling for Testing and Related Data,
HHS/CDC/NCID.
Security classification:
None.
System location:
Material, Data and Specimen Handling Section, Scientific
Resources Program, National Center for Infectious Diseases, Bldg. 4,
Rm. B35, Centers for Disease Control and Prevention, 1600 Clifton
Road, NE, Atlanta, GA 30333.
San Juan Laboratories, Center for Infectious Diseases, Centers
for Disease Control, San Juan, Puerto Rico 00936.
Division of Vector-Borne Infectious Diseases, National Center for
Infectious Diseases, Centers for Disease Control and Prevention, Foot
Hills Campus, Fort Collins, CO 80522 and Federal Records Center, 1557
St. Joseph Avenue, East Point, GA 30344.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the appropriate
system manager.
Categories of individuals covered by the system:
Adults and children whose specimens have been submitted to the
Centers for Disease Control (CDC) for testing.
Categories of records in the system:
Results of diagnostic tests involving microbiology, clinical
chemistry, hematology, immunology, genetics and pathology.
Authority for maintenance of the system:
Public Health Service Act, section 301, ``Research and
Investigation,'' (42 U.S.C. 241); sections 304, 306 and 308(d) which
discuss authority to grant assurances of confidentiality for health
research and related activities (42 U.S.C. 242 b, k, and m(d)).
Purpose(s):
For documentation of test results which are returned to
submitter. Used between specialty units for research purposes; and
for epidemiological investigations, for epidemic causes, prevention,
family groupings of diseases, and geographical location of specific
diseases; also, used by epidemiologists and researchers in
determining drug resistance of specific organisms.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The following routine uses apply to all records in this system
except those maintained under an assurance of confidentiality
provided by Section 308(d) of the Public Health Service Act (unless
expressly authorized in the consent form or stipulated in the
Assurance Statement):
CDC is under contract with private firms for the purposes of
collating, analyzing, aggregating, or otherwise refining records in
this system. Relevant records are disclosed to such contractors. The
contractors are required to maintain Privacy Act safeguards with
respect to such records.
A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (C) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; (D) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
To individuals and organizations deemed qualified by the
Secretary to carry out quality assessment, medical audits, or
utilization review.
Records may be disclosed to Health Departments and other public
health or cooperating medical authorities in connection with program
activities and related collaborative efforts to deal more effectively
with diseases and conditions of public health significance.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Original Form - file folders; microfilm copies, computer tapes/
disks and printouts.
Retrievability:
Retrieved by name or designated number furnished by the
submitter, CDC identifying number, and/or microfilm number.
Safeguards:
1. Authorized users: A database security package is implemented
on CDC's mainframe computer to control unauthorized access to the
system. Attempts to gain access by unauthorized individuals are
automatically recorded and reviewed on a regular basis. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff of the Centers for
Disease Control (CDC), or its contractors, as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Access to the CDC Clifton Road facility
where the mainframe computer is located is controlled by a card key
system. Access to the computer room is controlled by a card key and
security code (numeric keypad) system. Access to the data entry area
is also controlled by a card key system. The hard copy records are
kept in locked cabinets in locked rooms. The local fire department is
located directly across the street from the Clifton Road buildings.
The computer room is protected by an automatic sprinkler system,
automatic sensors (e.g., water, heat, smoke, etc.) are installed, and
portable fire extinguishers are located throughout the computer room.
The system is backed up on a nightly basis with copies of the files
stored off site in a secure fire proof safe. The 24-hour guard
service in buildings provides screening of visitors. Electronic anti-
intrusion devices are in effect at the Federal Records Center.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. When Privacy Act tapes are erased, a special ``certified''
process is performed in which tapes are completely written over to
avoid inadvertent data disclosure. Additional safeguards may be built
into the program by the system analyst as warranted by the
sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for five years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process when 10 years old, unless needed for further study.
System manager(s) and address:
Director, National Center for Infectious Diseases, Bldg. 1, Rm.
6013, Centers for Disease Control and Prevention, 1600 Clifton Road,
NE, Atlanta, GA 30333.
Director, Epidemiology Program Office, Bldg. 1, Rm. 5009, MS C08,
Centers for Disease Control and Prevention, 1600 Clifton Road, NE,
Atlanta, GA 30333.
Director, National Center for Prevention Services, Corporate
Square, Bldg. 11, Rm. 2106, MS E07, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333-3724.
Director, National Center for Environmental Health, Chamblee
Bldg. 101, Rm. 3116, MS F29, Centers for Disease Control and
Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-3724.
Director, National Center for Injury Prevention and Control,
Koger Davidson Bldg., Rm. 1078, MS F36, Centers for Disease Control
and Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-3724.
Director, National Immunization Program, Corporate Square, bldg.
12, Rm. 5113, MS E05, Centers for Disease Control and Prevention,
1600 Clifton Road, NE, Atlanta, GA 30333.
Policy coordination is provided by: Associate Director for
Management and Operations, Bldg. 1, Rm. 2011, MS D15, Centers for
Disease Control and Prevention, 1600 Clifton Road NE, Atlanta, GA
30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the appropriate system manager at the address
above. Requesters in person must provide driver's license or other
positive identification. Individuals who do not appear in person must
either (1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Approved public health laboratories, Federal medical facilities,
private physicians.
Systems exempted from certain provisions of the act:
None.
09-20-0112
System name: Fellowship Program and Guest Researcher Records,
HHS/CDC/PMO.
Security classification:
None.
System location:
Recruitment Branch, Human Resources Management Office, Bldg. 1,
Rm. B237, Centers for Disease Control and Prevention, 1600 Clifton
Road, NE, Atlanta, GA 30333.
National Personnel Records Center (Civilian Personnel Records),
111 Winnebago Street, St. Louis, MO 63118.
National Personnel Records Center (Civilian Personnel Records),
111 Winnebago Street, St. Louis, MO 63118.
Categories of individuals covered by the system:
Visiting Fellows, Visiting Associates, Visiting Scientists, Staff
Fellows, and Guest Researchers within CDC and ATSDR.
Categories of records in the system:
Applications, requests for appointment, curriculum vitae, letters
of reference.
Authority for maintenance of the system:
Public Health Service Act, Section 207(g),(h), ``Appointment of
Personnel,'' Section 208, ``Pay and Allowances,'' and Section 301,
``Research and Investigation'' (42 U.S.C. 209(g),(h), 210 and 241).
Purpose(s):
This system is utilized by the Centers for Disease Control (CDC)
officials for the purpose of review of applications and supporting
documents in order to award fellowships; and for determinations
regarding salary or stipend increases.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, computer tapes/disks and printouts.
Retrievability:
The system is accessed by name of the individual, fellow, or
guest researcher.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Records are kept in locked cabinets in
locked rooms. Guard service in buildings provides screening of
visitors. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with system
manager prior to making disclosures of data.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual. FRC
safeguards are in compliance with GSA Federal Property Mangement
Regulations, subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for two years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the National Personnel Records Center
where records are retained in accordance with retention schedules.
System manager(s) and address:
Chief, Recruitment Branch, Human Resources Management Office,
Bldg. 1, Rm. 1043. Centers for Disease Control and Prevention, l600
Clifton Road, NE, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Secured from applicant.
Systems exempted from certain provisions of the act:
None.
09-20-0113
System name: Epidemic Investigation Case Records, HHS/CDC/NCID.
Security classification:
None.
System location:
National Center for Infectious Diseases, Bldg. 1, Rm. 6013,
Centers for Disease Control, l600 Clifton Road, Atlanta, GA 30333.
Epidemiology Program Office, Bldg. 1, Rm. 5009, Centers for
Disease Control, 1600 Clifton Road, Atlanta, GA 30333.
National Center for Prevention Services, 1600 Freeway Park, Rm.
313, Centers for Disease Control, 1600 Clifton Road, Atlanta, GA
30333.
National Center for Environmental Health, Chamblee Bldg. 101,
Centers for Disease Control, 4770 Buford Highway NE, Atlanta, GA
30341-3724.
National Center for Injury Prevention and Control, Koger Davidson
Building, Rm. 2037, Centers for Disease Control, 4770 Buford Highway
NE, Atlanta, GA 30341-3724.
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
Categories of individuals covered by the system:
Adults and children with disease and other health conditions of
public health significance, their contacts, others with possible
exposure and appropriate controls.
Categories of records in the system:
Medical histories, case reports.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation,'' (42 U.S.C. 241); sections 304, 306, and 308(d),
which discuss authority to grant assurances of confidentiality for
health research and related activities (42 U.S.C. 242 b, k, and
m(d)); and section 361, ``Quarantine and Inspection, Control of
Communicable Diseases,` (42 U.S.C. 264).
Purpose(s):
The record system is used by professional staff at the Centers
for Disease Control (CDC) for more complete knowledge of the disease/
condition in the following ways: (1) An examination of existing files
enables investigators to determine areas that have been adequately
investigated and to specify those that might be pursued; or (2)
Records may later be examined in the light of future discoveries and
proven associations so that relevant data collected at the time of
the outbreak may be analyzed and reassessed. CDC may or may not
request duplicate copies of these State and/or local health
department records for further analysis following completion of the
field investigation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The following routine uses apply to all records in this system
except those maintained under an assurance of confidentiality
provided by Section 308(d) of the Public Health Service Act (unless
expressly authorized in the consent form or stipulated in the
Assurance Statement):
These records may be disclosed, i.e., returned to the State and/
or local health departments in order for them to take measures to
control, prevent, or treat disease and to conduct follow-up
activities with patients and others contacted during the
investigations. Private physicians may also be supplied pertinent
medical information on their patients from these records.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, cards, computer tapes/disks and printouts.
Retrievability:
Retrieved alphabetically by name.
Safeguards:
1. Authorized users: A database security package is implemented
on CDC's mainframe computer to control unauthorized access to the
system. Attempts to gain access by unauthorized individuals are
automatically recorded and reviewed on a regular basis. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff of the Centers for
Disease Control (CDC), or its contractors, as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Access to the CDC Clifton Road facility
where the mainframe computer is located is controlled by a card key
system. Access to the computer room is controlled by a card key and
security code (numeric keypad) system. Access to the data entry area
is also controlled by a card key system. The hard copy records are
kept in locked cabinets in locked rooms. The local fire department is
located directly across the street from the Clifton Road buildings.
The computer room is protected by an automatic sprinkler system,
automatic sensors (e.g., water, heat, smoke, etc.) are installed, and
portable fire extinguishers are located throughout the computer room.
The system is backed up on a nightly basis with copies of the files
stored off site in a secure fire proof safe. The 24-hour guard
service in buildings provides screening of visitors. Electronic anti-
intrusion devices are in effect at the Federal Records Center.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. When Privacy Act tapes are erased, a special ``certified''
process is performed in which tapes are completely written over to
avoid inadvertent data disclosure. Additional safeguards may be built
into the program by the system analyst as warranted by the
sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for four years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Director, National Center for Infectious Diseases, Bldg. 1, Rm.
6013, MS C12, Centers for Disease Control, 1600 Clifton Road,
Atlanta, GA 30333
Director, Epidemiology Program Office, Bldg. 1, Rm. 5009, MS C08,
Centers for Disease Control, 1600 Clifton Road, Atlanta, GA 30333
Director, National Center for Environmental Health, Chamblee
Bldg. 101, Rm. 2115, MS F29, Centers for Disease Control, 4770 Buford
Highway NE, Atlanta, GA 30341-3724.
Director, National Center for Injury Prevention and Control,
Koger Davidson Bldg., Rm. 2037, MS F36, Centers for Disease Control,
4770 Buford Highway NE, Atlanta, GA 30341-3724.
Policy coordination is provided by: Director, Office of Program
Support, Bldg. 1, Rm. 2011, MS D15, Centers for Disease Control, 1600
Clifton Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the appropriate system manager at the address
above. Requesters in person must provide driver's license or other
positive identification. Individuals who do not appear in person must
either (1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to,
a child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals, State and local health departments, and private
physicians.
Systems exempted from certain provisions of the act:
None.
09-20-0117
System name: Medical and Test Record Results of Individuals
Involved in NIOSH Laboratory Studies, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Biomedical and Behavioral Science (DBBS), National
Institute for Occupational Safety and Health (NIOSH), Robert A. Taft
Laboratories, 4676 Columbia Parkway, Cincinnati, Ohio 45226
Division of Standards Development and Technology Transfer
(DSDTT), National Institute for Occupational Safety and Health
(NIOSH), Robert A. Taft Laboratories, 4676 Columbia Parkway,
Cincinnati, Ohio 45226 and
Federal Records Center, 3150 Bertwynn Drive, Dayton, Ohio 45439.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager.
Data may be located only at those facilities that have an
adequate data security program and the collaborating researcher must
return the data to NIOSH or destroy individual identifiers at the
conclusion of the project.
Categories of individuals covered by the system:
Volunteer subjects from the general population.
Categories of records in the system:
Occupational history, medical history, results of medical tests
including biopsy specimens, demographic data, results of
psychological and psychometric tests, and data necessary to interpret
the medical results.
Authority for maintenance of the system:
Occupational Safety and Health Act, Section 20, ``Research and
Related Activities'' (29 U.S.C. 669).
Purpose(s):
This system is to develop composite data summaries to support the
development of criteria for occupational safety and health standards,
and to provide other recommendations for improving worker safety and
health.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, or other Federal or State scientists) in order
to accomplish the research purpose for which the records are
collected. The collaborating researchers must agree in writing to
comply with the confidentiality provisions of the Privacy Act and
NIOSH must have determined that the researchers' data security
procedures will protect confidentiality.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual files, computer cards, computer tapes/disks, computer
listings, microfilm.
Retrievability:
Name and case number are the indexes used to retrieve records
from this system.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Records are kept in locked cabinets in
locked rooms. Guard service in buildings provides screening of
visitors. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with system
manager prior to making disclosures of data.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual. FRC
safeguards are in compliance with GSA Federal Property Mangement
Regulations, subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for three years. Personal
identifiers are destroyed as soon as they are no longer necessary for
the protection of the individuals involved. Disposal methods include
erasing computer tapes, burning or shredding paper materials or
transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Director, Division of Biomedical and Behavioral Science (DBBS),
National Institute for Occupational Safety and Health (NIOSH), Robert
A. Taft Laboratories, 4676 Columbia Parkway, Cincinnati, Ohio 45226
and
Medical Officer, Division of Standards Development and Technology
Transfer (DSDTT), National Institute for Occupational Safety and
Health (NIOSH), Robert A. Taft Laboratories, 4676 Columbia Parkway,
Cincinnati, Ohio 45226.
Policy coordination is provided by: Director, Office of Program
Support, Bldg. 1, Rm. 2011, Centers for Disease Control, 1600 Clifton
Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the appropriate system manager at the address
above. Requesters in person must provide driver's license or other
positive identification. Individuals who do not appear in person must
either (1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained directly from the individual.
Systems exempted from certain provisions of the act:
None.
09-20-0118
System name: Study at Work Sites where Agents Suspected of Being
Occupational Hazards Exist, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Biomedical and Behavioral Science, (DBBS), National
Institute for Occupational Safety and Health (NIOSH), Robert A. Taft
Laboratories, 4676 Columbia Parkway, Cincinnati, Ohio 45226 and
Federal Records Center, 3150 Bertwynn Drive, Dayton, Ohio 45439.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager. Data may be located
only at those facilities that have an adequate data security program
and the collaborating researcher must return the data to NIOSH or
destroy individual identifiers at the conclusion of the project.
Categories of individuals covered by the system:
Subjects employed at specific sites under study.
Categories of records in the system:
Occupational history, medical history, results of medical tests
including results of hearing tests, demographic data, employee
records, psychological and psychometric tests, and data necessary to
interpret the medical results.
Authority for maintenance of the system:
Occupational Safety and Health Act, Section 20, ``Research and
Related Activities'' (29 U.S.C. 669).
Purpose(s):
This system is to determine the relationship between worker
exposure to hazardous agents or stressors and occupational disease.
This information is used to recommend procedures to reduce the
incidence of occupational disease.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, or other Federal or State scientists) in order
to accomplish the research purpose for which the records are
collected. The collaborating researchers must agree in writing to
comply with the confidentiality provisions of the Privacy Act and
NIOSH must have determined that the researchers' data security
procedures will protect confidentiality.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual files, computer cards, computer tapes/disks, computer
listings, microfilm.
Retrievability:
Name and case number are the indexes used to retrieve records
from this system.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Records are kept in locked cabinets in
locked rooms. Guard service in buildings provides screening of
visitors. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with system
manager prior to making disclosures of data.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual. FRC
safeguards are in compliance with GSA Federal Property Mangement
Regulations, subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for three years. Personal
identifiers are destroyed as soon as the system has stabilized, and
statistical summaries can be run. Disposal methods include erasing
computer tapes, burning or shredding paper materials or transferring
records to the Federal Records Center when no longer needed for
evaluation and analysis. Records destroyed by paper recycling process
when 20 years old, unless needed for further study.
System manager(s) and address:
Director, Division of Biomedical and Behavioral Science (DBBS),
National Institute for Occupational Safety and Health (NIOSH), Robert
A. Taft Laboratories, 4676 Columbia Parkway, Cincinnati, Ohio 45226.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained directly from the individual and from
employee records.
Systems exempted from certain provisions of the act:
None.
09-20-0136
System name: Epidemiologic Studies and Surveillance of Disease
Problems, HHS/CDC/NCID.
Security classification:
None.
System location:
National Center for Infectious Diseases, Bldg. 1, Rm. 6013,
Centers for Disease Control and Prevention, 1600 Clifton Road, NE,
Atlanta, GA 30333.
National Center for Prevention Services, Corporate Square, Bldg.
11, Rm. 2106, Centers for Disease Control and Prevention, 1600
Clifton Road, NE, Atlanta, GA 30333.
National Center for Environmental Health, Chamblee Bldg. 101, Rm.
3116, Centers for Disease Control and Prevention, 4770 Buford
Highway, NE, Atlanta, GA 30341-3724.
National Center for Injury Prevention and Control, Koger Davidson
Bldg., Rm. 1078, Centers for Disease Control and Prevention, 4770
Buford Highway, NE, Atlanta, GA 30341-3724.
Epidemiology Program Office, Bldg. 1, Rm. 5009, Centers for
Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta, GA
30333.
Public Health Practice Program Office, Executive Park, Bldg. 24,
Rm. 110, Centers for Disease Control and Prevention, 1600 Clifton
Road, NE, Atlanta, GA 30333.
National Center for Chronic Disease Prevention and Health
Promotion, Rhodes Bldg., Rm. 4000, Centers for Disease Control and
Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-3724.
National Immunization Program, Corporate Square, Bldg. 12, Rm.
5113, Centers for Disease Control and Prevention, 1600 Clifton Road,
NE, Atlanta, GA 30333.
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the appropriate
system manager.
Categories of individuals covered by the system:
Adults and children with diseases and other preventable
conditions of public health significance; also included are control
group participants. Workers employed by the Department of Energy and
its predecessor agencies and their contractors are also included.
Categories of records in the system:
Case reports, medical records, questionnaires, and related
documents.
Authority for maintenance of the system:
Public Health Service Act, section 301, ``Research and
Investigation,'' (42 U.S.C. 241); sections 304, 306 and 308(d) which
discuss authority to grant assurances of confidentiality for health
research and related activities (42 U.S.C. 242 b, k, and m(d)).
Purpose(s):
This record system enables Centers for Disease Control (CDC)
officials to better understand disease patterns in the United States,
develop programs for prevention and control of health problems, and
communicate new knowledge to the health community.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
CDC is under contract with private firms for the purpose of
collating, analyzing, aggregating or otherwise refining records in
this system. Relevant records are maintained by such contractors.
Contractors are required to maintain Privacy Act safeguards with
respect to such records.
The following routine uses apply to all records in this system
except those maintained under an assurance of confidentiality
provided by section 308(d) of the Public Health Service Act (unless
expressly authorized in the consent form or stipulated in the
Assurance Statement):
A record may be disclosed for a research purpose, when the
Department:
(A) Has determined that the use or disclosure does not violate
legal or policy limitations under which the record was provided,
collected, or obtained;
(B) Has determined that the research purpose (1) cannot be
reasonably accomplished unless the record is provided in individually
identified form, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring;
(C) Has required the recipient to (1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, (2) remove or destroy
the information that identifies the individual at the earliest time
at which removal or destruction can be accomplished consistent with
the purpose of the research project, unless the recipient has
presented adequate justification of a research or health nature for
retaining such information, and (3) make no further use or disclosure
of the record except (a) in emergency circumstances affecting the
health or safety of any individual, (b) for use in another research
project, under these same conditions, and with written authorization
of the Department, (c) for disclosure to a properly identified person
for the purpose of an audit related to the research project, if
information that would enable research subjects to be identified is
removed or destroyed at the earliest opportunity consistent with the
purpose of the audit, or (d) when required by law;
(D) Has secured a written statement attesting to the recipient's
understanding of, and willingness to abide by these provisions.
Disclosure may be made to organizations deemed qualified by the
Secretary to carry out quality assessment, medical audits or
utilization review.
Records may be disclosed to health departments and other public
health or cooperating medical authorities in connection with program
activities and related collaborative efforts to deal more effectively
with diseases and conditions of public health significance.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts and file folders.
Retrievability:
By name of individual and by identification number.
Safeguards:
1.Authorized users: A database security package is implemented on
CDC's mainframe computer to control unauthorized access to the
system. Attempts to gain access by unauthorized individuals are
automatically recorded and reviewed on a regular basis. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff of the Centers for
Disease Control (CDC), or its contractors, as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Access to the CDC Clifton Road facility
where the mainframe computer is located is controlled by a card key
system, with access to the computer room controlled by a card key and
security code (numeric keypad) system. Access to the data entry area
is also controlled by a card key system and the hard copy records are
kept in locked cabinets in locked rooms. The local fire department is
located directly across the street from the Clifton Road facility.
The computer room is protected by a dry pipe fire protection system,
numerous automatic sensors (e.g., water, heat, smoke, etc.) are
installed, and a proper mix of portable fire extinguishers are
located throughout the computer room. The system is backed up on a
nightly basis with copies of the files stored off site in a secure
fire proof safe. Guard service in buildings provides personal
screening of visitors. Electronic anti-intrusion devices are in
effect at the Federal Records Center.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. When Privacy Act tapes are scratched, a special ``certified''
process is performed in which tapes are completely written over to
avoid inadvertent data disclosure. Additional safeguards may be built
into the program by the system analyst as warranted by the
sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Record copy of study reports maintained in agency from two to
three years in accordance with retention schedules. Source documents
for computer disposed of when no longer needed by program officials.
Personal identifiers may be deleted from records when no longer
needed in the study as determined by the system manager, and as
provided in the signed consent form, as appropriate. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records are destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Director, National Center for Infectious Diseases, Bldg. 1, Rm.
6013, MS C12, Centers for Disease Control and Prevention, 1600
Clifton Road, NE, Atlanta, GA 30333.
Director, National Center for Prevention Services, Corporate
Square, Bldg. 11, Rm. 2106, MS E07, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333.
Director, National Center for Environmental Health, Chamblee
Bldg. 101, Rm. 3116, MS F29, Centers for Disease Control and
Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-3724.
Director, National Center for Injury Prevention and Control,
Koger Davidson Bldg., Rm. 1078, MS F36, Centers for Disease Control
and Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-3724.
Director, Epidemiology Program Office, Bldg. 1, Rm. 5009, MS C08,
Centers for Disease Control and Prevention, 1600 Clifton Road, NE,
Atlanta, GA 30333.
Director, Public Health Practice Program Office, Executive Park,
Bldg. 24, Rm. 110, MS E20, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333.
Director, National Center for Chronic Disease Prevention and
Health Promotion, Rhodes Bldg., Rm. 4000, MS K40, Centers for Disease
Control and Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-
3724.
Director, National Immunization Program, Corporate Square, Bldg.
12, Rm. 5113, MS E05, Centers for Disease Control and Prevention,
1600 Clifton Road, NE, Atlanta, GA 30333.
Policy coordination is provided by: Associate Director for
Management and Operations, Bldg. 1, Rm. 2011, MS D15, Centers for
Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta, GA
30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself or may obtain information concerning participation in
epidemiological studies or surveillance activities by contacting the
appropriate system manager at the address listed above. Requesters in
person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion. A parent or guardian who requests notification of, or
access to, a child's medical record shall designate a family
physician or other health professional (other than a family member)
to whom the record, if any, will be sent. The parent or guardian must
verify relationship to the child by means of a birth certificate or
court order, as well as verify that he or she is who he or she claims
to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the first official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals, private physicians, State and local health
departments, and other health care providers.
Systems exempted from certain provisions of the act:
None.
09-20-0137
System name: Passport File, HHS/CDC/IHPO.
Security classification:
None.
System location:
International Health Program Office, Bldg. 11 South, Centers for
Disease Control, l600 Clifton Road, Atlanta, GA 30333.
Categories of individuals covered by the system:
The Centers for Disease Control (CDC) employees.
Categories of records in the system:
Passport status records.
Authority for maintenance of the system:
Title 5, Government Organization and Employees (5 U.S.C. 301).
Purpose(s):
To show status of passports of CDC employees who travel to
foreign countries on official business.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Retrieved by name.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of International Health Program Office personnel and designated
support staff of CDC, as authorized by the system manager to
accomplish the stated purposes for which the data in this system have
been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening of visitors.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with the
system manager prior to making disclosures of data.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual.
Retention and disposal:
Records are maintained in agency for five years. When passports
expire or when they are cancelled, they are returned to the subject
individual. If the individual does not wish to receive the cancelled
or expired passport, the document is destroyed by shredding.
System manager(s) and address:
Director, International Health Program Office, Bldg. 11South,
Centers for Disease Control, 1600 Clifton Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
CDC employees.
Systems exempted from certain provisions of the act:
None.
09-20-0138
System name: Epidemic Intelligence Service Officers Files. HHS/
CDC/EPO.
Security classification:
None.
System location:
Epidemiology Program Office, Bldg. 1, Rm. 5127, Centers for
Disease Control, l600 Clifton Road, Atlanta, GA 30333
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
Categories of individuals covered by the system:
EIS Officers - Current, alumni and applicants.
Categories of records in the system:
Applications, interview materials, letters of recommendations,
call-to-duty papers.
Authority for maintenance of the system:
Public Health Service Act, Section 203, ``Commissioned Corps''
and Section 207, ``Appointment of Personnel` (42 U.S.C. 204, 209).
Purpose(s):
The system is designed to process individual applications for the
Epidemic Intelligence Service Officer program, and to assess a
candidate's suitability for a position in the program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Retrieved by name.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening of visitors,
electronic anti-intrusion devices in operation at the Federal Records
Center (FRC).
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with the
system manager prior to making disclosures of data.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual. FRC safeguards are in compliance with GSA Federal Property
Management Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for eight years. Disposal
methods include burning or shredding paper materials or transferring
records to the Federal Records Center when no longer needed for
evaluation. Destroyed by paper recycling process after 16 years
unless needed for further analysis.
System manager(s) and address:
Director, Epidemiology Program Office, Bldg. 1, Rm. 5009, Centers
for Disease Control, 1600 Clifton Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Educational institutions, previous employers and subject
individuals.
Systems exempted from certain provisions of the act:
None.
09-20-0147
System name:
Occupational Health Epidemiological Studies. HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Surveillance, Hazard Evaluation, and Field Studies
(DSHEFS), National Institute for Occupational Safety and Health
(NIOSH), Robert A. Taft Laboratories, 4676 Columbia Parkway,
Cincinnati, OH 45226.
Division of Respiratory Disease Studies (DRDS), National
Institute for Occupational Safety and Health (NIOSH), 1095 Willowdale
Road, Morgantown, WV 20505-2888.
Pittsburgh Research Laboratory, NIOSH, 626 Cochrans Mill Road,
Pittsburgh, PA 15236.
Spokane Research Laboratory, NIOSH, 315 E. Montgomery Avenue,
Spokane, WA 99207.
Office of Compensation Analysis and Support (OCAS), NIOSH, Robert
A. Taft Laboratories, 4676 Columbia Parkway, Cincinnati, Ohio 45226.
and
Federal Records Center, 3150 Bertwynn Drive, Dayton, OH 45439.
Data are also occasionally located at contractor sites as studies
are developed, data collected, and reports written. A list of
contractor sites where individually identifiable data are currently
located is available upon request to the system manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager. Data may be located
only at those facilities that have an adequate data security program
and the collaborating researcher must return the data to NIOSH or
destroy individual identifiers at the conclusion of the project.
Categories of individuals covered by the system:
Working population exposed to physical and/or chemical agents or
other workplace hazards that may damage the human body in any way.
Some examples are: (1) Organic carcinogens; (2) inorganic
carcinogens; (3) mucosal or dermal irritants; (4)
[[Page 42867]]
fibrogenic materials; (5) acute toxic agents including sensitizing
agents; (6) neurotoxic agents; (7) mutagenic (male and female) and
teratogenic agents; (8) bio-accumulating non-carcinogen agents; and
(9) chronic vascular disease-causing agents. Also included are those
individuals in the general population who have been selected as
control groups. Workers employed by the Department of Energy and its
predecessor agencies and their contractors are also included.
Categories of records in the system:
Physical exams, sputum cytology results, questionnaires, urine
test records, X-rays, medical history, pulmonary function test
records, medical disability forms, blood test records, hearing test
results, smoking history, occupational histories, previous and
current employment records, union membership records, driver's
license data, demographic information, exposure history information
and test results are examples of the records in this system. The
specific types of records collected and maintained are determined by
the needs of the individual study.
Authority for maintenance of the system:
Public Health Service Act, section 301, ``Research and
Investigation'' (42 U.S.C. 241); Occupational Safety and Health Act,
section 20, ``Research and Related Activities'' (29 U.S.C. 669); the
Federal Mine Safety and Health Act of 1977, section 501, ``Research''
(30 U.S.C. 951); and the Energy Employees Occupational Illness
Compensation Program Act of 2000 (EEOICPA) (Pub. L. 106-398, 114
Stat. 1654, 1654A-1231, October 30, 2000).
Purpose(s):
Studies carried out under this system are to evaluate mortality
and morbidity of occupationally related diseases and injuries, to
determine their causes, and to lead toward prevention of
occupationally related diseases and injuries in the future.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
Portions of records (name, Social Security number if known, date
of birth, and last known address) may be disclosed to one or more of
the sources selected from those listed in Appendix I, as applicable.
This may be done for obtaining a determination regarding an
individual's health status and last known address. If the sources
determine that the individual is dead, NIOSH may obtain death
certificates, which state the cause of death, from the appropriate
Federal, State or local agency. If the individual is alive, NIOSH may
obtain information on health status from disease registries or on
last known address in order to contact the individual for a health
study or to inform him or her of health findings. This information on
health status enables NIOSH to evaluate whether excess occupationally
related mortality or morbidity is occurring.
In the event of litigation where the defendant is: (a) The
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Department of Justice has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected. Records may also be disclosed when deemed desirable or
necessary, to the Department of Justice, to enable that Department to
effectively represent the Department of Health and Human Services and
the Department of Labor in litigation involving the Energy Employees
Occupational Illness Compensation Program Act of 2000 (EEOICPA).
Records subject to the Privacy Act are disclosed to private firms
for data entry, scientific support services, nosology coding,
computer systems analysis and computer programming services. The
contractors promptly return data entry records after the contracted
work is completed. The contractors are required to maintain Privacy
Act safeguards.
Certain diseases or exposures may be reported to State and/or
local health departments where the State has a legally constituted
reporting program for communicable diseases and which provides for
the confidentiality of the information.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice and to the Department of
Labor, Office of the Solicitor, where appropriate, to enable the
Departments to effectively represent the Institute, provided such
disclosure is compatible with the purpose for which the records were
collected. The only types of litigative proceedings that NIOSH is
authorized to request are: (1) Enforcement of a subpoena issued to an
employer to provide relevant information; and (2) administrative
search warrants to obtain access to places of employment and relevant
information therein and related contempt citations against an
employer for failure to comply with a warrant obtained by the
Institute; and (3) injunctive relief against employers or mine
operators to obtain access to relevant information.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, cooperative agreement holders, or other
Federal or State scientists) in order to accomplish the research
purpose for which the records are collected. The collaborating
researchers must agree in writing to comply with the confidentiality
provisions of the Privacy Act and NIOSH must have determined that the
researchers' data security procedures will protect confidentiality.
Disclosure of epidemiologic study records pertaining to uranium
workers may be made to the Department of Justice to be used in
determining eligibility for compensation payments to the uranium
workers or their survivors.
Records may be disclosed by CDC in connection with public health
activities to the Social Security Administration for sources of
locating information to accomplish the research or program purposes
for which the records were collected.
Disclosure of dose reconstructions, epidemiologic study records
and employment and medical information pertaining to Department of
Energy employees and other cancer-related claimants covered under the
Energy Employees Occupational Illness Compensation Program Act may be
made to the Department of Labor to be used in determining eligibility
for compensation payments to such claimants and in defending its
determinations under the Act.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manager files, card files, computer tapes/disks and printouts,
microfilm, microfiche, and other files as appropriate.
Retrievability:
Name, assigned number, plant name, and year tested are some of
the indices used to retrieve records from these systems. Other
retrieval methods are utilized as individual research dictates.
Safeguards:
1. Authorized Users: A database software security package is
utilized to control unauthorized access to the system. Access is
granted to only a limited number of physicians, scientists,
statisticians, and designated support staff or contractors, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical Safeguards: Hard copy records are kept in locked
cabinets in locked rooms. Guard service in buildings provides
screening of visitors. The limited access, secured computer room
contains fire extinguishers and an overhead sprinkler system.
Computer terminals and automated records are located in secured
areas. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural Safeguards: Data sets are password protected and/or
encrypted. Protection for computerized records both on the mainframe
and the CIO Local Area Network (LAN) includes programmed verification
of valid user identification code and password prior to logging on to
the system, mandatory password changes, limited log-ins, virus
protection, and user rights/file attribute restrictions. Password
protection imposes user name and password log-in requirements to
prevent unauthorized access. Each user name is assigned limited
access rights to files and directories at varying levels to control
file sharing. There are routine daily backup procedures and Vault
Management System for secure off-site storage is available for backup
tapes. Additional safeguards may be built into the program by the
system analyst as warranted by the sensitivity of the data.
Employees and contractor staff who maintain records are
instructed to check with the system manager prior to making
disclosures of data. When individually identified data are being used
in a room, admittance at either government or contractor sites is
restricted to specifically authorized personnel. Privacy Act
provisions are included in contracts, and the Project Director,
contract officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation Guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual; and Part 6, ``Automated Information System Security,'' of the
HHS Information Resources Management Manual. FRC safeguards are in
compliance with GSA Federal Property Management Regulations,
Subchapter B--Archives and Records. Data maintained in CDC Atlanta's
Processing Center are in compliance with OMB Circular A-130, Appendix
III. Security is provided for information collection, processing,
transmission, storage, and dissemination in general support systems
and major applications. The CIO LANs operate under the current CDC
approved version of Novell Netware, and are in compliance with ``CDC
& ATSDR Security Standards for Novell File Servers.''
Retention and disposal:
Records are maintained in agency for three years after the close
of the study. Records transferred to the Federal Records Center when
no longer needed for evaluation and analysis are destroyed 75 years
for epidemiologic studies, unless needed for further study. Records
from health hazard evaluations will be retained at least 20 years,
and then disposed of in accordance with the CDC Records Control
Schedule. Disposal methods include erasing computer tapes and burning
or shredding paper materials.
System manager(s) and address:
Program Management Officer, Division of Surveillance, Hazard
Evaluations, and Field Studies (DSHEFS), National Institute for
Occupational Safety and Health (NIOSH), Robert A. Taft Laboratories,
Rm. 40A, MS R12, 4676 Columbia Parkway, Cincinnati, OH 45226.
Director, Division of Respiratory Disease Studies (DRDS),
National Institute for Occupational Safety and Health (NIOSH), Bldg.
ALOSH, Rm. H-2920, MS H2900, 1095 Willowdale Road, Morgantown, WV
26505.
Director, Pittsburgh Research Laboratory, NIOSH, 626 Cochrans
Mill Road, Pittsburgh, PA 15236.
Director, Spokane Research Laboratory, NIOSH, 315 E. Montgomery
Avenue, Spokane, WA 99207.
Director, Office of Compensation and Support (OCAS), NIOSH,
Robert A. Taft Laboratories, 4676 Columbia Parkway, Cincinnati, OH
45226.
Policy coordination is provided by: Director, National Institute
for Occupational Safety and Health (NIOSH), Bldg. HHH, Rm. 715H, MS
P-12, 200 Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the above address.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either:
(1) Submit a notarized request to verify their identity; or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a $5,000 fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion. A subject individual will be granted direct access to a
medical record if the system manager determines direct access is not
likely to have adverse effect on the subject individual.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
[[Page 42869]]
Record source categories:
Vital status information is obtained from Federal, State and
local governments and other available sources selected from those
listed in Appendix I. Information is obtained directly from the
individual and employer records, whenever possible.
Systems exempted from certain provisions of the act:
None.
Appendix I--Potential Sources for Determination of Health Status,
Vital Status and/or Last Known Address
Military records
Appropriate State Motor Vehicle Registration
Departments
Appropriate State Driver's License Departments
Appropriate State Government Division of: Assistance
Payments (Welfare), Social Services, Medical Services,
Food Stamp Program, Child Support, Board of
Corrections, Aging, Indian Affairs, Worker's
Compensation, Disability Insurance
Retail Credit Association follow-up
Veterans Administration files
Appropriate employee union or association records
Appropriate company pension or employment records
Company group insurance records
Appropriate State Vital Statistics Offices
Life insurance companies
Railroad Retirement Board
Area nursing homes
Area Indian Trading Posts
Mailing List Correction Cards (U.S. Postal Service)
Letters and telephone conversations with former
employees of the same establishment as cohort member
Appropriate local newspaper (obituaries)
Social Security Administration
Internal Revenue Service
National Death Index
Health Care Finance Administration
Pension Benefit Guarantee Corporation
State Disease Registries
09-20-0149
System name: Morbidity Studies in Coal Mining, Metal and Non-
metal Mining and General Industry, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Respiratory Disease Studies (DRDS), National
Institute for Occupational Safety and Health (NIOSH), 1095 Willowdale
Road, Morgantown, WV 26505-2845.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager. Data may be located
only at those facilities that have an adequate data security program
and the collaborating researcher must return the data to NIOSH or
destroy individual identifiers at the conclusion of the project.
Categories of individuals covered by the system:
Persons working, or having worked at coal mining operations,
mining operations other than coal and at workplaces not identified as
surface mining or below ground mining operations and exposed or
potentially exposed to substances which are known or suspected
respiratory irritants or carcinogens. Also included are those
individuals in the general population who have been selected as a
control group.
Categories of records in the system:
Previous and current employment records, medical and occupational
histories, demographic data, X-rays, smoking histories, results of
medical tests such as pulmonary function data and spirometry test
results, permission forms, industrial environmental data, and
questionnaires. The specific types of records collected and
maintained are determined by the research needs of the specific
study.
Authority for maintenance of the system:
Occupational Safety and Health Act, Section 20, ``Research and
Related Activities'' (29 U.S.C. 669); Federal Mine Safety and Health
Act of l977, Sections 203, ``Medical Examinations'' and 50l,
``Research'' (30 U.S.C. 843, 95l); Public Health Service Act, Section
301, ``Research and Investigation'' (42 U.S.C. 241).
Purpose(s):
The purpose of this system is to investigate occupationally
related diseases at workplaces identified as general industry,
surface mining, or below ground mining operations and to determine
the cause and prevention of such diseases.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Data may be sent to State Vital Statistics Divisions to obtain
death certificates, and to Missing Person Location Agencies to find
those individuals who cannot otherwise be located.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
Data on the incidence of pneumoconiosis may be sent to the Mining
Safety and Health Administration, Department of Labor.
Test data which indicate the existence of cancer may be provided
to the State Cancer Registry where the State has a legally
constituted cancer registry program which provides for the
confidentiality of information.
Certain communicable diseases may be reported to State and/or
local Health Departments where the State has a legally constituted
reporting program for communicable diseases and which provides for
the confidentiality of the information.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, or other Federal or State scientists) in order
to accomplish the research purpose for which the records are
collected. The collaborating researchers must agree in writing to
comply with the confidentiality provisions of the Privacy Act and
NIOSH must have determined that the researchers' data security
procedures will protect confidentiality.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts, CD ROM; microfiche, and
manual files.
Retrievability:
Name and/or assigned numerical identifier, plant name and study
name are some of the indices used to retrieve records from this
system. Social security numbers, supplied on a voluntary basis may
occasionally be used for data retrieval.
Safeguards:
1. Authorized users: The NIOSH mainframe computer, located within
the Morgantown facility, uses a security package to control
unauthorized access to the system. Attempts to gain access by
unauthorized individuals are automatically recorded and reviewed on a
daily basis. Access is granted to only a limited number of
physicians, scientists, statisticians, and designated support staff
of the Centers for Disease Control (CDC), or its contractors, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical safeguards: Access to the facility is monitored, and
controlled after hours, by a 24-hour guard service. Hard copy records
are kept in locked cabinets in locked rooms. Access to the computer
room is controlled by a punch lock system. System print-outs are made
available to the requester through the use of ``pigeon-hole''
mailboxes which are individually secured by (combination) locking
doors. The local fire department is one mile from the facility, which
is of structural steel and cement block construction, with pre-cast
cement panels on the envelope. No combustible materials are used in
the building construction, including all interior walls. The computer
room is protected by a Halon gas, built-in extinguisher system. Heat
sensors are installed, and portable fire extinguishers are located
throughout the computer room. The active system files are backed up
on a weekly basis. The entire system is backed up, with copies of the
files stored in a secure, fireproof safe in a separate location
within the facility.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or a job submission. Additional safeguards may be built into the
program by the system analyst as warranted by the sensitivity of the
data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Master records for completed studies are maintained in agency
until transferred to the National Archives, which will occur within
five years of completion. Source documents for computer data are
disposed of when no longer needed in the study, as determined by the
system manager, and as provided in the signed consent form, as
appropriate. Disposal methods include erasing computer tapes, burning
or shredding paper materials or transferring records to the Federal
Records Center when no longer needed for evaluation and analysis.
Electronic records are maintained according to the provisions of the
Records Control Schedule for NIOSH Electronic Records, which is
consistent with the records maintenance requirements for other forms
of records. Copies of notifications to workers/private physicians of
needed medical attention and/or medical treatment are destroyed when
no longer needed for administrative purposes, but may be retained for
as long as seventy years. Paper records are destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Administrative Officer, Division of Respiratory Disease Studies
(DRDS), National Institute for Occupational Safety and Health
(NIOSH), 1095 Willowdale Road, MS 217, Morgantown, WV 26505-2845.
Epidemiologist, Epidemiological Investigations Branch, DRDS,
NIOSH, 1095 Willowdale Road, MS 234, Morgantown, WV 26505-2845.
Policy coordination is provided by: Director, Division of
Respiratory Disease Studies, National Institute for Occupational
Safety and Health, 1095 Willowdale Road, MS 220, Morgantown, WV
26505-2845.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained from the individual and from employer
industry records. Vital status information is obtained from Federal,
State and local governments and other available sources.
Systems exempted from certain provisions of the act:
None.
09-20-0153
System name: Mortality Studies in Coal Mining, Metal and Non-
metal Mining and General Industry, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Respiratory Disease Studies, National Institute for
Occupational Safety and Health, 1095 Willowdale Road, Morgantown, WV
26505-2845.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager. Data may be located
only at those facilities that have an adequate data security program
and the collaborating researcher must return the data to NIOSH or
destroy individual identifiers at the conclusion of the project.
Categories of individuals covered by the system:
Persons working, or having worked at coal mining operations,
mining operations other than coal and at workplaces not identified as
surface mining or below ground mining operations and exposed or
potentially exposed to substances which are known or suspected
respiratory irritants or carcinogens. Also included are those
individuals in the general population who have been selected as a
control group.
Categories of records in the system:
Previous and current employment records, medical and occupational
histories, demographic data, X-rays, smoking histories, results of
medical tests such as pulmonary function data and spirometry test
results, permission forms, industrial environmental data, and
questionnaires. The specific types of records collected and
maintained are determined by the research needs of the specific
study.
Authority for maintenance of the system:
Occupational Safety and Health Act, Section 20, ``Research and
Related Activities'' (29 U.S.C. 669); Federal Mine Safety and Health
Act of 1977, Section 4, ``Mandatory Safety and Health Standards'' and
Section 501, ``Research'' (30 U.S.C. 811, 951); Public Health Service
Act, Section 301, ``Research and Investigation'' (42 U.S.C. 241).
Purpose(s):
The purpose of this system is to investigate occupationally
related diseases at workplaces identified as general industry,
surface mining or below ground mining operations, to determine the
cause and prevention of such diseases, and to evaluate whether excess
occupationally related mortality is occurring.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Data may be sent to State Vital Statistics Divisions to obtain
death certificates, and to Missing Person Location Agencies to find
those individuals who cannot otherwise be located.
Portions of records (name, social security number if known, date
of birth, and last known address) may be disclosed to one or more
other sources selected from those listed in Appendix I, as
applicable. This may be done solely for obtaining a determination as
to whether or not an individual has died. The purpose of determining
death is so that NIOSH may obtain death certificates, which state the
cause of death, from the appropriate Federal, State, or local agency.
Cause of death enables NIOSH to evaluate whether excess
occupationally related mortality is occurring.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, or other Federal or State scientists) in order
to accomplish the research purpose for which the records are
collected. The collaborating researchers must agree in writing to
comply with the confidentiality provisions of the Privacy Act and
NIOSH must have determined that the researchers' data security
procedures will protect confidentiality.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts, CD ROM; microfiche, and
manual files.
Retrievability:
Name and/or assigned numerical identifier, plant name, and study
name are some of the indices used to retrieve records from this
system. Social security numbers, supplied on a voluntary basis may
occasionally be used for data retrieval.
Safeguards:
1. Authorized users: The NIOSH mainframe computer, located within
the Morgantown facility, uses a security package to control
unauthorized access to the system. Attempts to gain access by
unauthorized individuals are automatically recorded and reviewed on a
daily basis. Access is granted to only a limited number of
physicians, scientists, statisticians, and designated support staff
of the Centers for Disease Control (CDC), or its contractors, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical safeguards: Access to the facility is monitored, and
controlled after hours, by a 24-hour guard service. Hard copy records
are kept in locked cabinets in locked rooms. Access to the computer
room is controlled by a punch lock system. System print-outs are made
available to the requester through the use of ``pigeon-hole''
mailboxes which are individually secured by (combination) locking
doors. The local fire department is one mile from the facility, which
is of structural steel and cement block construction, with pre-cast
cement panels on the envelope. No combustible materials are used in
the building construction, including all interior walls. The computer
room is protected by a Halon gas, built-in extinguisher system. Heat
sensors are installed, and portable fire extinguishers are located
throughout the computer room. The active system files are backed up
on a weekly basis. The entire system is backed up, with copies of the
files stored in a secure, fireproof safe in a separate location
within the facility.
3. Procedural safeguards: System security includes automatic
suspension of accounts, forced password changes, and control of
systems and data set access. Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or a job submission. Additional safeguards may be built into the
program by the system analyst as warranted by the sensitivity of the
data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Master records for completed studies are maintained in agency
until transferred to the National Archives, which will occur within
five years of completion. Source documents for computer data are
disposed of when no longer needed in the study, as determined by the
system manager, and as provided in the signed consent form, as
appropriate. Disposal methods include erasing computer tapes, burning
or shredding paper materials or transferring records to the Federal
Records Center when no longer needed for evaluation and analysis.
Electronic records are maintained according to the provisions of the
Records Control Schedule for NIOSH Electronic Records, which is
consistent with the records maintenance requirements for other forms
of records. Copies of notifications to workers/private physicians of
needed medical attention and/or medical treatment are destroyed when
no longer needed for administrative purposes, but may be retained for
as long as seventy years. Paper records are destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Administrative Officer, Division of Respiratory Disease Studies
(DRDS), National Institute for Occupational Safety and Health
(NIOSH), 1095 Willowdale Road, MS 217, Morgantown, WV 26505-2845.
Epidemiologist, Epidemiological Investigations Branch, DRDS,
NIOSH, 1095 Willowdale Road, MS 234, Morgantown, WV 26505-2845.
Policy coordination is provided by: Director, Division of
Respiratory Disease Studies, National Institute for Occupational
Safety and Health, 1095 Willowdale Road, MS 220, Morgantown, WV
26505-2845.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study or treatment, if known; and (3) nature of the questionnaire
or study in which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained from the individual, company personnel
records, death certificates, and from industry and trade union
records. Vital status information is obtained from Federal, State and
local governments and other available sources.
Systems exempted from certain provisions of the act:
None.
Appendix I - Potential Sources for Determination of Vital Status
Military Records Appropriate State Motor Vehicle Registration
Departments Appropriate State Drivers License Departments Appropriate
State Government Divisions of: Assistance Payments (Welfare), Social
Services, Medical Services, Food Stamp Program, Child Support, Board
of Corrections, Aging; Indian Affairs, Workman's Compensation,
Disability Insurance Veterans Administration Files Appropriate
Employee Union or Association Records Appropriate Company Pension or
Employment Records Company Group Insurance Records Appropriate State
Vital Statistics Offices Life Insurance Companies Railroad Retirement
Board Area Nursing Homes Area Indian Trading Posts Mailing List
Correction Cards (U.S. Postal Service) Letters and Telephone
Conversations with Relatives Letters and Telephone Conversations with
Former Employees of the Same Establishment as Cohort Member
Appropriate Local Newspaper (Obituaries) Social Security
Administration Internal Revenue Service.
09-20-0154
System name: Medical and Laboratory Studies, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Respiratory Disease Studies, National Institute for
Occupational Safety and Health, 1095 Willowdale Road, Morgantown, WV
26505-2845.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager. Data may be located
only at those facilities that have an adequate data security program
and the collaborating researcher must return the data to NIOSH or
destroy individual identifiers at the conclusion of the project.
Categories of individuals covered by the system:
Individuals who have had examinations at Division of Respiratory
Disease Studies (DRDS) staff or submitted medical information in
cooperation with a DRDS study.
Categories of records in the system:
Analyses of biochemical data, occupational and medical histories,
and results of medical tests. The specific types of records collected
and maintained are determined by the needs of the individual study.
Authority for maintenance of the system:
Federal Mine Safety and Health Act of 1977, Section 501,
``Research'' (30 U.S.C. 95l); Occupational Safety and Health Act,
Section 20, ``Research and Related Activities'' and Section 22(d),
``Authority of Director, National Institute for Occupational Safety
and Health'' (29 U.S.C. 669, 671(d)).
Purpose(s):
The purpose of this system is to perform medical and
epidemiological research, statistical analysis, and to identify early
indicators of occupationally related diseases (biochemical indices);
data is given to other NIOSH units for biochemical and
epidemiological studies.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Data may be sent to State Vital Statistics Divisions to obtain
death certificates, and to Missing Person Location Agencies to find
those individuals who cannot otherwise be located.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
Test data which indicate the existence of cancer may be provided
to the State Cancer Registry where the State has a legally
constituted cancer registry program which provides for the
confidentiality of information.
Certain communicable diseases may be reported to State and/or
local Health Departments where the State has a legally constituted
reporting program for communicable diseases and which provides for
the confidentiality of the information.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, or other Federal or State scientists) in order
to accomplish the research purpose for which the records are
collected. The collaborating researchers must agree in writing to
comply with the confidentiality provisions of the Privacy Act and
NIOSH must have determined that the researchers' data security
procedures will protect confidentiality.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts, CD ROM; microfiche, and
manual files.
Retrievability:
Name and case number are the indices used to retrieve records
from this system.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Records are kept in locked cabinets in
locked rooms. Guard service in buildings provides screening of
visitors. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with system
manager prior to making disclosures of data.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual. FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, subchapter B--Archives and Records.
Retention and disposal:
Master records for completed studies are maintained in agency
until transferred to the National Archives, which will occur within
five years of completion. Source documents for computer data are
disposed of when no longer needed in the study, as determined by the
system manager, and as provided in the signed consent form, as
appropriate. Disposal methods include erasing computer tapes, burning
or shredding paper materials or transferring records to the Federal
Records Center when no longer needed for evaluation and analysis.
Electronic records are maintained according to the provisions of the
Records Control Schedule for NIOSH Electronic Records, which is
consistent with the records maintenance requirements for other forms
of records. Copies of notifications to workers/private physicians of
needed medical attention and/or medical treatment are destroyed when
no longer needed for administrative purposes, but may be retained for
as long as seventy years. Paper records are destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Administrative Officer, Division of Respiratory Disease Studies
(DRDS), National Institute for Occupational Safety and Health
(NIOSH), 1095 Willowdale Road, MS 217, Morgantown, WV 26505-2845.
Health Science Administrator, Clinical Investigations Branch,
DRDS, NIOSH, 1095 Willowdale Road, MS 245, Morgantown, WV 26505-2845.
Policy coordination is provided by: Director, Division of
Respiratory Disease Studies, National Institute for Occupational
Safety and Health, 1095 Willowdale Road, MS 220, Morgantown, WV
26505-2845.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known; and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained directly from the individual.
Systems exempted from certain provisions of the act:
None.
09-20-0157
System name: Clinical Laboratory Personnel Proficiency Test
Results (Medicare), HHS/CDC/PHPPO.
Security classification:
None.
System location:
Public Health Practice Program Office, Chamblee Bldg. 102, Rm.
2401, Centers for Disease Control and Prevention, 4770 Buford
Highway, NE, Atlanta, GA 30341-3724.
Categories of individuals covered by the system:
Clinical laboratory technicians and technologists,
cytotechnologists, independent laboratory directors.
Categories of records in the system:
Answer sheets, examination scores.
Authority for maintenance of the system:
Social Security Act, Section 1123 ``Qualifications for Health
Care Personnel'' (42 U.S.C. 1320a-2).
Purpose(s):
To maintain a record of examination scores. When applicable,
answer sheets are used to revalidate results.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Centers for Disease Control is under contract with private
firms for the purpose of collating, analyzing, or otherwise refining
records in this system. Relevant records are maintained by the
contractors. The contractors are required to maintain Privacy Act
safeguards with respect to such records.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer-generated listings filed by discipline, and by State, in
file folders. Computer tapes filed at the Federal Records Center.
Retrievability:
Listings and answer sheets are retrieved by examination
discipline, State, examinee's name and address, and examination
number.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of Laboratory Program Office personnel and designated support staff
of the Centers for Disease Control (CDC), or its contractors, as
authorized by the system manager to accomplish the stated purposes
for which the data in this system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening of visitors,
electronic anti-intrusion devices in operation at the Federal Records
Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with the
system manager prior to making disclosures of data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual. FRC safeguards are in compliance with GSA Federal Property
Management Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are retained in agency for three years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process after 15 years, unless needed for further study.
System manager(s) and address:
Director, Public Health Practice Program Office, Executive Park,
Bldg. 24, Rm. 110, MS E20, Centers for Disease Control, l600 Clifton
Road, NE, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2)
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
The following information should be provided when requesting
notification: (1) Full name; (2) approximate date(s) of the
examination(s); (3) name of the examination and location at which
examination was administered.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Scored examinations.
Systems exempted from certain provisions of the act:
None.
09-20-0159
System name: Records of Subjects in Certification, Testing,
Studies of Personal Protective Devices, and Accident
Investigations, HHS/CDC/NIOSH.
Security classification:
None.
System location:
Division of Safety Research (DSR), National Institute for
Occupational Safety and Health (NIOSH), 944 Chestnut Ridge Road,
Morgantown, WV 26505-2888.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Also, occasionally data may be located at the facilities of
collaborating researchers where analyses are performed, data
collected and reports written. A list of these facilities is
available upon request to the system manager. Data may be located
only at those facilities that have an adequate data security program
and the collaborating researcher must return the data to NIOSH or
destroy individual identifiers at the conclusion of the project.
Categories of individuals covered by the system:
Individuals exposed to hazardous work environments and
individuals selected as control groups are covered by this system.
Additionally, the system pertains to individuals selected to test the
interaction between people, personal protection or safety equipment,
users of such equipment, and a hazardous environment. Some examples
include individuals involved in investigated accidents and persons
selected to perform respirator facepiece fit tests, perform lifting
and manual materials handling studies, perform work tests while
wearing protective equipment, perform strength test studies, and
perform hand speed tests.
Categories of records in the system:
The system contains such records as physical examinations,
questionnaires, results of laboratory tests (physiological measures
and performance tests), workplace performance records, occupational
histories, medical histories, demographic data, and related medical
information. The specific types of records collected and maintained
are determined by the needs of the individual study.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation'' (42 U.S.C. 241); Occupational Safety and Health Act,
Section 20, ``Research and Related Activities'' (29 U.S.C. 669); and
Federal Mine Safety and Health Act of l977, Section 50l, ``Research''
(30 U.S.C. 95l).
Purpose(s):
The purpose of this system is to permit acquisition of
information related to certification and performance of personal
protective equipment, and safety research studies.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office, made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Portions of records (name, Social Security number if known, date
of birth, and last known address) may be disclosed to one or more
sources selected from those listed in Appendix I. This may be done to
determine if the individual has died so that a death certificate can
be obtained. Knowing the cause of death enables NIOSH to evaluate
whether excess occupationally-related mortality is occurring.
In the event of litigation initiated at the request of NIOSH, the
Institute may disclose such records as it deems desirable or
necessary to the Department of Justice to enable the Department to
effectively represent the Institute, provided such disclosure is
compatible with the purpose for which the records were collected. The
only types of litigative proceedings that NIOSH is authorized to
request are (1) enforcement of a subpoena issued to an employer to
provide relevant information, or (2) contempt citation against an
employer for failure to comply with a warrant obtained by the
Institute.
Records subject to the Privacy Act are disclosed to private firms
for data entry, computer systems analysis, and computer programming
services. The contractors promptly return data entry records after
the contracted work is completed. The contractors are required to
maintain Privacy Act safeguards.
Disclosure may be made to NIOSH collaborating researchers (NIOSH
contractors, grantees, or other Federal or State scientists) in order
to accomplish the research purpose for which the records are
collected. The collaborating researchers must agree in writing to
comply with the confidentiality provisions of the Privacy Act and
NIOSH must have determined that the researchers' data security
procedures will protect confidentiality.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual files, computer cards, tapes/disks and printouts,
microfilm, index audiogram files, audiograms, questionnaire forms.
Retrievability:
Name, assigned number, plant name, and year tested are some of
the indices used to retrieve records from these systems. Other
retrieval methods are utilized as individual research dictates.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of the Centers for Disease Control (CDC), as authorized by the
system manager to accomplish the stated purposes for which the data
in this system have been collected.
2. Physical safeguards: Records are kept in locked cabinets in
locked rooms. Guard service in buildings provides screening of
visitors. Electronic anti-intrusion devices are in operation at the
Federal Records Center.
3. Procedural safeguards: Users of individually identified data
protect information from public scrutiny, and only specifically
authorized personnel may be admitted to the record storage area. CDC
employees who maintain records are instructed to check with system
manager prior to making disclosures of data.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual. FRC
safeguards are in compliance with GSA Federal Property Mangement
Regulations, subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for three years. Personal
identifiers are stripped from records when no longer needed. Disposal
methods include erasing computer tapes, burning or shredding paper
materials or transferring records to the Federal Records Center when
no longer needed for evaluation and analysis. Records destroyed by
paper recycling process when 20 years old, unless needed for further
study.
System manager(s) and address:
Deputy Director, Division of Safety Research (DRS), National
Institute for Occupational Safety and Health (NIOSH), 944 Chestnut
Ridge Road, Morgantown, WV 26505-2888.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2) must
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known, and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained from the individual and from employer
records.
Systems exempted from certain provisions of the act:
None.
09-20-0160
System name: Records of Subjects in Health Promotion and
Education Studies, HHS/CDC/CCDPHP.
Security classification:
None.
System location:
National Center for Chronic Disease Prevention and Health
Promotion, Koger/Rhodes Bldg., Rm. 4004, Centers for Disease Control,
1600 Clifton Road, Atlanta, GA 30333.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the system
manager.
Categories of individuals covered by the system:
Adults and children, including health and education agency
administrators, school health personnel, teachers, parents, and
students who participate in studies and surveys designed to obtain
data on their knowledge, attitudes, and reported behavior related to
a variety of health problems and/or other potential preventable
conditions of public health significance; also included are control
group participants.
Categories of records in the system:
Responses to questionnaires by adults and children, including
health and education agency administrators, school health personnel,
teachers, parents, and students, pertaining to health knowledge,
attitudes and behavior, site visit data, organizational data
regarding health education in school curriculum, course content,
medical histories, demographic data of the survey population as well
as identification data for follow-up purposes.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation'' (42 U.S.C. 241).
Purpose(s):
This record system enables the Centers for Disease Control (CDC)
officials to develop and evaluate existing health promotion programs
for disease prevention and control, and to communicate new knowledge
to the health community for the implementation of such programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to CDC contractors in the conduct of
research studies covered by this system notice and in the preparation
of scientific reports, in order to accomplish the stated purpose of
the system. The recipients will be required to maintain Privacy Act
safeguards with respect to such records.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts, file folders.
Retrievability:
Name of individual, identification number, school name and year
tested are some of the indices used to retrieve records from this
system.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of researchers and designated support staff of CDC or its
contractors, as authorized by the system manager to accomplish the
stated purposes for which the data in this system have been
collected.
2. Physical safeguards: Locked cabinets in locked rooms, guard
service in buildings, personnel screening of visitors, fire
extinguishers, overhead sprinkler system and card-access control
equipment in the computer room, computer terminals and automated
records located in secured areas.
3. Procedural safeguards: Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. Knowledge of individual tape passwords is required to access
tapes, and access to systems is limited to users obtaining prior
supervisory approval. When Privacy Act tapes are scratched, a special
`certified'' process is performed in which tapes are completely
written over to avoid inadvertent data disclosure. Additional
safeguards may be built into the program by the system analyst as
warranted by the sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation Guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Records are maintained in agency for two years. Source documents
for computer disposed of when no longer needed by program officials.
Personal identifiers may be deleted from records when no longer
needed in the study as determined by the system manager, and as
provided in the signed consent form, as appropriate. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process when 20 years old, unless needed for further study.
System manager(s) and address:
Director, National Center for Chronic Disease Prevention and
Health Promotion, Koger/Rhodes Bldg., Rm. 4004, Centers for Disease
Control, 1600 Clifton Road, Atlanta, GA 30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the system manager at the address above.
Requesters in person must provide driver's license or other positive
identification. Individuals who do not appear in person must either
(1) submit a notarized request to verify their identity or (2) must
certify that they are the individuals they claim to be and that they
understand that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act subject to a 5,000 dollars
fine.
An individual who requests notification of or access to medical
records shall, at the time the request is made, designate in writing
a responsible representative who is willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of, or access to a
child's medical record shall designate a family physician or other
health professional (other than a family member) to whom the record,
if any, will be sent. The parent or guardian must verify relationship
to the child by means of a birth certificate or court order, as well
as verify that he or she is who he or she claims to be.
The following information must be provided when requesting
notification: (1) Full name; (2) the approximate date and place of
the study, if known, and (3) nature of the questionnaire or study in
which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals, and participating public and private schools which
maintain records on enrolled students.
Systems exempted from certain provisions of the act:
None.
09-20-0161
System name: Records of Health Professionals in Disease
Prevention and Control Training Programs, HHS/CDC/NCPS.
Security classification:
None.
System location:
National Center for Prevention Services, Corporate Square, Bldg.
12, Rm. 3308, Centers for Disease Control and Prevention, 1600
Clifton Road, NE, Atlanta, GA 30333.
Public Health Practice Program Office, Bldg. 2, Rm. B50, Centers
for Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta,
GA 30333.
National Center for Injury Prevention and Control, Koger Davidson
Bldg., Rm. 1078, Centers for Disease Control and Prevention, 4770
Buford Highway, NE, Atlanta, GA 30341-3724.
Division of Health Education, Executive Park, Bldg. 4, Agency for
Toxic Substances and Disease Registry, 1600 Clifton Road, NE,
Atlanta, GA 30333.
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
A list of contractor sites where individually identifiable data
are currently located is available upon request to the appropriate
system manager.
Categories of individuals covered by the system:
Physicians, nurses, physician assistants, clinician trainees, and
other health personnel who have participated in training activities,
surveys, and studies developed by the Centers for Disease Control
(CDC), and control group health professionals who have not
participated in training activities.
Categories of records in the system:
Responses to questionnaires by physicians, nurses, physician
assistants, clinician trainees, and related health personnel,
pertaining to knowledge, attitude and practices relating to health
problems, diseases and/or other potential preventable conditions of
public health significance; health care and related training data;
and demographic data of the survey population as well as
identification data for followup purposes.
Authority for maintenance of the system:
Public Health Service Act, Section 301, ``Research and
Investigation'' (42 U.S.C. 241).
Purpose(s):
This record system enables CDC officials to maintain training
records and assess the impact of the agency's training programs on
the knowledge, attitudes and practices of clinicians and other health
care personnel, in order to develop improved training curricula and
programs for disease prevention and control for such health care
personnel.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to CDC contractors in the conduct of
training surveys and studies covered by this system notice and in the
preparation of scientific reports, in order to accomplish the stated
purposes of the system. The recipients will be required to maintain
Privacy Act safeguards with respect to such records.
CDC is under contract with private firms for the purpose of
collating, analyzing, aggregating or otherwise refining records in
this system. Relevant records are disclosed to such contractors. The
contractors are required to maintain Privacy Act safeguards with
respect to such records.
Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tapes/disks and printouts, file folders.
Retrievability:
Name of individual respondent, identification number, and type of
training received are some of the indices used to retrieve records
from this system.
Safeguards:
1. Authorized users: Access is granted to only a limited number
of personnel, i.e., CDC Project Officer, interviewers and designated
support staff of CDC or its contractors, as authorized by the system
manager to accomplish the stated purposes for which the data in this
system have been collected.
2. Physical safeguards: Locked cabinets in locked rooms, 24-hour
guard service in buildings, personnel screening of visitors,
electronic anti-intrusion devices in operation at the Federal Records
Center, fire extinguishers, overhead sprinkler system and card-access
control equipment in the computer room, computer terminals and
automated records located in secured areas.
3. Procedural safeguards: Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission, frequently changed passwords, and Vault Management
System. Knowledge of individual tape passwords is required to access
tapes, and access to systems is limited to users obtaining prior
supervisory approval. When Privacy Act tapes are scratched, a special
``certified'' process is performed in which tapes are completely
written over to avoid inadvertent data disclosure. Additional
safeguards may be built into the program by the system analyst as
warranted by the sensitivity of the data.
CDC and contractor employees who maintain records are instructed
to check with the system manager prior to making disclosures of data.
When individually identified data are being used in a room,
admittance at either CDC or contractor sites is restricted to
specifically authorized personnel. Privacy Act provisions are
included in contracts, and the CDC Project Director, contract
officers and project officers oversee compliance with these
requirements. Upon completion of the contract, all data will be
either returned to CDC or destroyed, as specified by the contract.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
Records are maintained in agency for two years. Disposal methods
include erasing computer tapes, burning or shredding paper materials
or transferring records to the Federal Records Center when no longer
needed for evaluation and analysis. Records destroyed by paper
recycling process after 12 years, unless needed for further study.
System manager(s) and address:
Director, National Center for Prevention Services, Corporate
Square, Bldg. 11, Rm. 2106, MS E07, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333.
Director, Public Health Practice Program Office, Executive Park,
Bldg. 24, Rm. 110, MS E20, Centers for Disease Control and
Prevention, 1600 Clifton Road, NE, Atlanta, GA 30333.
Director, National Center for Injury Prevention and Control,
Koger Davidson Bldg., Rm. 1078, MS F36, Centers for Disease Control
and Prevention, 4770 Buford Highway, NE, Atlanta, GA 30341-3724.
Director, Division of Health Education, Executive Park, Bldg. 4,
Rm. 2220D, MS E33, Agency for Toxic Substances and Disease Registry,
1600 Clifton Road, NE, Atlanta, GA 30333.
Policy coordination is provided by: Associate Director for
Management and Operations, Bldg. 1, Rm. 2011, MS D15, Centers for
Disease Control and Prevention, 1600 Clifton Road, NE, Atlanta, GA
30333.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the appropriate system manager at the address
above. Requesters in person must provide driver's license or other
positive identification. Individuals who do not appear in person must
either (1) submit a notarized request to verify their identity or (2)
must certify that they are the individuals they claim to be and that
they understand that the knowing and willful request for or
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Privacy Act subject to a
5,000 dollars fine.
The following information must be provided when requesting
notification: (1) Full name; (2) name of the clinic/organization in
which requester was employed at time of training or survey
participation, and (3) nature of the training or survey questionnaire
in which the requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals in the system and selected clinics which employ
individuals who are in the system.
Systems exempted from certain provisions of the act:
None.
09-20-0162
System name: Records of Subjects in Agent Orange, Vietnam
Experience, and Selected Cancers Studies, HHS/CDC/NCEH.
Security classification:
None.
System location:
National Center for Environmental Health, Chamblee Bldg. 101, Rm.
G336, Centers for Disease Control and Prevention, 4770 Buford Highway
NE, Atlanta, GA 30341-3724 and Federal Records Center, 1557 St.
Joseph Avenue, East Point, GA 30344.
Data are located at contractor sites as data are collected. A
list of contractor sites where individually identified data are
currently located is available upon request to the system manager.
Categories of individuals covered by the system:
Selected male U.S. Army veterans at grade E-5 or below who
enlisted or were drafted for one tour of duty in Vietnam or other
countries during 1966 - 1972; males with birthdates 1929-1953 who
have cases of selected cancers (specifically, lymphomas, soft tissue
sarcomas, nasal and nasopharyngeal, and primary liver) diagnosed
between December 1, 1984 to November 30, 1988; also included are
control group participants.
Categories of records in the system:
Information identifying the participants (such as name, address,
social security number, military service number, telephone number,
date of birth), interview questionnaire responses, medical,
laboratory, and psychological test result data, and records on
biological specimens (e.g. blood, tumor, urine, etc.).
Authority for maintenance of the system:
Pub. L. 96-151, ``Veterans Health Programs Extension and
Improvement Act of 1979'' (38 U.S.C. 219 note); Pub. L. 97-72,
``Veterans' Health Care, Training, and Small Business Loan Act of
1981'' (38 U.S.C. 219 note); Public Health Service Act, sections 304,
306, and 308(d), which discuss authority to grant assurances of
confidentiality for health research and related activities (42 U.S.C.
242 b, k, and m(d)).
Purpose(s):
Records in this system are used to support studies to assess the
health of Vietnam veterans relative to the health of other men of
similar age. Specifically this information should enable the Centers
for Disease Control (CDC) to:
1. Evaluate the relationship of documented exposure to herbicides
used in Vietnam (primarily Agent Orange) to possible adverse health
consequences. Such possible effects to be evaluated include
dermatologic, neurological, psychological, immunological,
carcinogenic, reproductive, gastrointestinal, and others.
2. Assess the health effects of service in Vietnam (including
factors other than herbicide exposure) as opposed to the experiences
of veterans who served in other countries.
3. Evaluate the risk of selected cancers among Vietnam veterans
in contrast to men of similar age who did not serve in Vietnam.
Portions of records (i.e., name, social security number or
military service number, date of birth) may be disclosed to the
National Center for Health Statistics for obtaining a determination
of vital status. Death certificates stating the cause of death will
then be obtained from the appropriate Federal, State, or local agency
to enable CDC to evaluate whether excess mortality is occurring among
Vietnam veterans. Portions may also be disclosed to the Social
Security Administration who will provide additional sources of
information for locating veterans involved in the study.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records may be disclosed to Department of Health and Human
Services contractors to locate veterans, cancer cases and controls,
conduct interviews, perform medical examinations, analyze pathology
specimens, and similar medical services, so that the research
purposes for which the records are collected may be accomplished. The
contractor must comply with the requirements of the Privacy Act with
respect to such records.
Portions of records (i.e., name, social security number or
military service number) may be disclosed to other Federal agencies
such as the Veterans Administration and Internal Revenue Service only
to obtain information to aid in locating veterans involved in the
study. These disclosures will be made to update locating information
provided by the Army and Joint Services Environmental Support Group.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, microfilm, computer cards, tapes/disks and
printouts.
Retrievability:
By name, social security number or military service number (when
supplied voluntarily or contained in existing records used in studies
under this system), or other identifying number.
Safeguards:
Records in this system are collected under an Assurance of
Confidentiality authorized by section 308(d) of the Public Health
Service Act. To comply with this Assurance, the following special
safeguards are necessary:
1. Authorized users: Access is granted to only a limited number
of physicians, scientists, statisticians, and designated support
staff of CDC or its contractors, as authorized by the Project
Director to accomplish the stated purposes for which the data in this
system has been collected.
2. Physical safeguards: Questionnaires and other source data are
maintained in locked fire-resistant cabinets in locked rooms. When
entered into the computer, individually identified information is
kept separate from data used for analysis. Tape data are stored in
fire-resistant safes. There is 24-hour guard service in buildings,
personnel screening of visitors, fire extinguishers, overhead
sprinkler system and card-access control equipment in the computer
room, and computer terminals and automated records are located in
secured areas. Electronic anti-intrusion devices are in operation at
the Federal Records Center.
3. Procedural safeguards: Protection for computerized records
includes programmed verification of valid user identification code,
account code and password prior to acceptance of a terminal session
or job submission and frequently changed passwords. Knowledge of
individual tape passwords is required to access tapes, and access to
systems is limited to users obtaining prior supervisory approval.
Names and other details necessary to identify individuals are not
included in data files used for analysis. These files are indexed by
code numbers which are linked with complete identifiers only if there
is a specific need such as data verification or followup interviews.
Keys which link identification numbers to names are stored separately
with access limited to CDC project officers and authorized staff.
CDC and contractor employees who maintain records are instructed
in specific rules of conduct to protect the security and
confidentiality of records in accordance with section 308(d) of the
Public Health Service Act. When individually identified records are
being used in a room at a contractor site, admittance to the room is
restricted to employees pledged to confidentiality under this
statute. All data will be either returned to CDC or destroyed, as
specified by the contract.
Appropriate Privacy Act provisions and confidentiality provisions
under section 308(d) of the Public Health Service Act are included in
contracts. The CDC Project Director, contract officers, and project
officers oversee compliance with these requirements.
4. Implementation guidelines: The safeguards outlined above are
developed in accordance with Chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary Chapter PHS.hf: 45-13; Part 6, ``Automated
Information System Security,'' of the HHS Information Resources
Management Manual; the National Bureau of Standards Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31). FRC
safeguards are in compliance with GSA Federal Property Management
Regulations, Subchapter B--Archives and Records.
Retention and disposal:
CDC retains research records in accordance with the CDC Records
Control Schedule Item 37, which allows the system manager to maintain
the records for 20 years unless needed for future reference. Because
five-year mortality updates are planned until the study population
expires, and health information from the questionnaire will be
correlated with the mortality data, the computerized records to which
questionnaire data will be converted may be kept as long as research
needs dictate. Contractors will retain the records only as long as
necessary to complete data collection and verify CDC's receipt of the
data in usable form.
Records may be transferred to a Federal Records Center for
storage when no longer needed for evaluation or analysis and will be
retained there subject to statutory confidentiality requirements.
Disposal methods include the paper recycling process, shredding
hardcopy records, and erasing computer tapes and disks.
System manager(s) and address:
Director, National Center for Environmental Health, Chamblee
Bldg. 101, Rm. 3116, Centers for Disease Control, 4770 Buford Highway
NE, Atlanta, GA 30341-3724.
Notification procedure:
An individual may learn if a record exists about himself by
contacting the system manager at the address above. Persons who
knowingly and willfully request or acquire a record pertaining to an
individual under false pretenses are subject to a 5,000 dollars fine
for this criminal offense. Requesters in person must provide photo
identification (such as driver's license) or other positive
identification (i.e., place of birth, etc.) that would authenticate
the identity of the individual making the request. Individuals who do
not appear in person must submit a notarized request to verify their
identity. A guardian who requests notification of, or access to, a
mentally incompetent or severely physically impaired person's record
must provide a birth certificate (or notarized copy), court order, or
other competent evidence of guardianship. An individual who requests
notification of, or access to, a medical record shall at the time the
request is made, designate in writing a responsible representative
(who may be a physician, other health professional, or other
responsible individual) who will be willing to review the record and
inform the subject individual of its contents at the representative's
discretion.
In addition, the following information must be provided when
requesting notification: (1) Full name and social security or
military service number; (2) nature of the study in which the
requester participated.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An accounting of
disclosures that have been made of the record, if any, may be
requested.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Subject individuals, Department of Defense (Army and Joint
Services Environmental Support Group), Surveillance, Epidemiology,
and End Results Centers (cancer registries). Records are derived from
U.S. Army system of records: AO708.02ADAPC, ``Official Military
Personnel File.`
Systems exempted from certain provisions of the act:
None.
09-20-0163
System name: Applicants for National Center for Health
Statistics Technical Assistance, HHS/OASH/NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Presidential Building, rm.
1140, Centers for Disease Control, 6525 Belcrest Road, Hyattsville,
Maryland 20782.
Categories of individuals covered by the system:
Applicants for and students of concentrated, intensive short-term
courses related to health statistics. They are employees of Federal,
State, and local governments and other persons in health-related
fields engaged in collecting and analyzing vital and health
statistics.
Categories of records in the system:
Applicant form which contains brief education information,
current employment, and courses in which applicant is interested.
Authority for maintenance of the system:
Public Health Service Act, section 304(b)(1) (42 U.S.C. 242b),
authorizing the Secretary to use resources to provide technical
assistance.
Purpose(s):
To set up courses, notify applicants of acceptance or non-
acceptance, and acceptance for a future course if necessary. Used
exclusively within the National Center for Health Statistics (NCHS).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Alphabetically filed in file cabinet.
Retrievability:
Retrievable by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained. NCHS implements
personnel, physical, and procedural safeguards as follows:
(1) Authorized Users: Records are used only by staff
administering the technical assistance programs.
(2) Physical Safeguards: Routine building security.
(3) Procedural Safeguards: Persons other than staff authorized to
work with the records are not allowed access to them.
These safeguards are established in accordance with guidelines in
DHHS Chapter 45-13 of the General Administration Manual, in
supplementary Chapter PHS.hf:45-13, and in the NCHS Staff Manual on
Confidentiality.
Retention and disposal:
File destroyed six months after each course is completed.
System manager(s) and address:
Director, National Center for Health Statistics, Presidential
Building, Rm. 1140, Centers for Disease Control, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Notification procedure:
To determine if a record exists, write to the System Manager.
Record access procedures:
Same as notification procedures. Positive identification is
required from anyone seeking access. Requestors should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosures that have been made of
their records, if any.
Contesting record procedures:
Contact the official at the address specified under System
Manager above, reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Voluntary submission of Application Form by person wishing to
take the courses.
Systems exempted from certain provisions of the act:
None.
09-20-0164
System name: Health and Demographic Surveys Conducted in
Probability Samples of the U.S. Population, HHS/OASH/NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Presidential Building, rm.
1140, Centers for Disease Control, 6525 Belcrest Road, Hyattsville,
Maryland 20782.
Categories of individuals covered by the system:
Individuals and members of households selected by probability
sampling techniques to be representative of the civilian population
of the United States.
Categories of records in the system:
Records containing information on: (1) The incidence of illness
and accidental injuries, prevalence of diseases and impairments, the
extent of disability, the utilization and cost of health care
services, and other health characteristics of individuals obtained in
household interviews and from their named health care providers and
insurers; or (2) the nutritional status, prevalence levels of
specially defined chronic diseases, growth and development patterns
and distributions of various health related measurements and related
data obtained in a survey involving health examinations, tests, and
other measurement procedures; or (3) marital and child bearing
history and intended future births, the use of prenatal care, and the
family planning practices of individual women obtained by interview.
Demographic and socioeconomic characteristics such as age, marital
status, education, occupation, and family income are also obtained.
Authority for maintenance of the system:
Public Health Service Act, Section 306(b) (42 U.S.C. 242k).
Purpose(s):
The data are used for statistical purposes only. Uses within the
Department include the preparation of aggregated data in the form of
statistical tables for publication, analysis, and interpretation, to
meet the legislative mandates of 42 U.S.C. 242k, i.e., to determine
levels of illness and disability and their effects on the population,
the use of health care facilities, trends in family formation and
dissolution, and the like.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The data are disseminated for purposes of statistical research
and analysis outside DHHS in forms which do not permit the
identification of individuals, such as publications of statistical
tables, specially requested tabulations and public use computer
tapes. These are communicated to interested persons outside DHHS,
such as members of Congress and their staffs, other executive branch
agencies, universities, States, cities, private foundations, etc. The
findings are used by demographers, sociologist, health statisticians,
epidemiologists, other scholars and concerned citizens, to evaluate
health matters, make determinations on needs for legislation,
appropriations, new service programs, and the like.
The Department occasionally contracts with a private firm for the
purpose of collecting analyzing, aggregating, or otherwise refining
records in this system. Relevant records are disclosed to such a
contractor. The contractor is required to maintain Privacy Act
safeguards with respect to such records.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files and magnetic tapes.
Retrievability:
A serial number tied to the selection process of successively
smaller geographic areas is assigned to each record on magnetic tape.
This serial number is cross-indexed to the original, individually
identifiable record.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained. NCHS and its
contractors implement personnel, physical, and procedural safeguards
as follows:
1. Authorized users: Persons authorized and needing to use the
records, including project directors, contract officers,
interviewers, analysts, statisticians, statistical clerks, and data
entry personnel on the staffs of the Center and the contractors.
2. Physical safeguards: The manual portions of the records are
stored in locked files or offices when not in use. (The automated
portions of the records do not contain individually identifiable
data. Because they are not subject to the Privacy Act, descriptions
of the computer safeguards used are not included in this notice.)
Access to the buildings in which the manual records are stored is
controlled by special entry devices and 24-hour security guards.
3. Procedural safeguards: All employees of NCHS and contractor
personnel with access to NCHS records are required, as a condition of
employment, to sign an affidavit binding them to nondisclosure of
individually identifiable information; periodic training sessions are
conducted to reinforce the confidentiality restrictions.
Contractors who maintain records in the system are instructed to
make no further disclosure of the records. Privacy Act requirements
are specifically included in contracts for survey and research
activities related to this system. The HHS project directors,
contract officers, and project officers oversee compliance with these
requirements.
These safeguards are in accordance with chapter 45-13,
``Safeguarding Records Contained in Systems of Records,'' of the HHS
General Administration Manual; supplementary chapter PHS.hf: 45-13;
the National Bureau of Standards Federal Information Processing
Standards (FIPS Pub. 41 and FIPS Pub. 312); and the NCHS Staff Manual
on Confidentiality.
Retention and disposal:
Original survey records are reviewed for accuracy, edited, and
data (without personal identifiers such as name or Social Security
Number) are transferred to magnetic tape. The original records are
retained in office files of NCHS until the process of conversion to
magnetic tape and verification of information is completed. This
process is completed within approximately nine months. The original
records are then sent to the Federal Records Center where they are
stored for 5 years for interview survey records and 10 years for
examination records. Microfilm copies of examination records are
retained at the Federal Records Center for 40 years.
System manager(s) and address:
Director, National Center for Health Statistics, Presidential
Building, rm 1140, Centers for Disease Control, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Notification procedure:
To determine if a record exists, write to the System Manager.
Record access procedures:
Access to record systems which have been granted an exemption
from the Privacy Act access requirement may be made at the discretion
of the System Manager. Positive identification is required from
anyone seeking access. Appeal of access refusal may be made to the
Director, Office of Management, Public Health Service. An individual
may also request an accounting of disclosures of his/her record, if
any.
Contesting record procedures:
If access has been granted, contact the System Manager and
reasonably identify the record, specify the information being
contested, and state the corrective action sought, with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Respondents included in the survey samples.
Systems exempted from certain provisions of the act:
With respect to this system of records, exemption has been
granted from the requirements contained in subsections 552a(c)(3),
(d) (1) through (4), and (e)(4) (G) and (H) in accordance with the
provisions of subsection 552a(k)(4) of the Privacy Act of 1974. The
reason this system has been exempted is that this system contains
only records required by statute to be maintained and used solely as
statistical records. The exemption was published in the Federal
Register, October 8, 1975, page 47413.
09-20-0165
System name: Health Manpower Inventories and Surveys, HHS/OASH/
NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Presidential Building, rm.
1140, Centers for Disease Control, 6525 Belcrest Road, Hyattsville,
Maryland 20782.
Categories of individuals covered by the system:
Individuals trained in specific health occupations, such as
dentists, nurses, pharmacists, optometrists, dental hygienists, and
other providers of health care services.
Categories of records in the system:
Records containing information on educational attainment, place
of education, activity status, place and setting of employment or
practice, place of residence, date of birth, sex, and marital status.
Authority for maintenance of the system:
Public Health Service Act, section 306(b) (42 U.S.C. 242k).
Purpose(s):
The data are used for statistical purposes only. Uses within the
Department include the preparation of aggregated data in the form of
statistical tables for publication, analysis, and interpretation to
meet legislative mandates of the Public Health Service Act, section
306 (42 U.S.C. 242k), such as an annual report on health resources,
including a description and analysis of the statistics included under
section 306(b)(1)(G). In addition, probability samples of individuals
are selected by NCHS for statistical research purposes. Tables,
magnetic tapes, and statistical samples of individuals are provided
for statistical purposes only to the Bureau of Health Professions,
Health Resources and Services Administration, for its use in
determining health manpower scarcity areas, for loan forgiveness, and
developing and evaluating educational and training programs for
health manpower.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The data are made available to Health Systems Agencies and the
State Agency designated under the Public Health Service Act (42
U.S.C. 300 l and m) for statistical purposes only for developing and
evaluating health plans.
The data are also disseminated for the purpose of statistical
research and analysis outside DHHS in forms which do not permit the
identification of individuals, such as publication of statistical
tables, specially requested tables, and public use magnetic tapes.
These are communicated to interested persons outside DHHS, such as
Members of Congress, other executive branch agencies, professional
associations, universities, State, cities, private foundations, etc.
The statistical summaries are used by health manpower researchers,
legislators statisticians and concerned citizens to evaluate the
Nation's health manpower resources, make determinations on needs for
legislation, new health manpower training programs, and the like.
The Department occasionally contracts with a private firm for the
purpose of collecting, analyzing, aggregating or otherwise refining
records in the system. Relevant records are disclosed to such a
contractor. The contractor is required to maintain Privacy Act
safeguards with respect to such records.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files and magnetic tape.
Retrievability:
Name and address, date of the inventory or survey, and other
identifiers permit the retrieval of a computer record of the
individual's information contained on magnetic tape. Original records
of information are reviewed by the contractor and/or National Center
for Health Statistics (NCHS) staff for accuracy and edited, and data
with personal identifier (such as name and address) are transferred
to magnetic tape. The records are then matched by personal
identifiers to produce an unduplicated file of individuals in a
health occupation.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained. NCHS and its
contractors implement personnel, physical, and procedural safeguards
as follows:
1. Authorized users: Persons authorized and needing to use the
records, including project directors, contract officers,
interviewers, analysts, statisticians, statistical clerks, and data
entry personnel on the staffs of the Center and the contractors.
2. Physical safeguards: The manual portions of the records are
stored in locked files or offices when not in use. The automated
records and the computer equipment are in secured areas with fire
extinguishers and sprinkler system. Access to the buildings in which
the manual and the automated records are stored is controlled by
special entry devices and 24-hour security guards.
3. Procedural safeguards: All employees of NCHS and contractor
personnel with access to NCHS records are required, as a condition of
employment, to sign an affidavit binding them to nondisclosure of
individually identifiable information; periodic training sessions are
conducted to reinforce the confidentiality restrictions. Data stored
in computers are accessed through the use of passwords/keywords known
only to the principal investigators and authorized personnel. These
passwords/keywords are changed frequently.
Contractors who maintain records in the system are instructed to
make no further disclosure of the records. Privacy Act requirements
are specifically included in contracts for survey and research
activities related to this system. The HHS project directors,
contract officers, and project officers oversee compliance with these
requirements.
These safeguards are in accordance with chapter 45-13,
``Safeguarding Records Contained in Systems of Records,'' of the HHS
General Administration Manual; supplementary chapter PHS.hf: 45-13;
Part 6, ``ADP Systems Security,'' of the HHS ADP Systems Manual; the
National Bureau of Standards of Federal Information Processing
Standards (FIPS Pub. 41 and FIPS Pub. 312); and the NCHS Staff Manual
on Confidentiality.
Retention and disposal:
The original records are retained in the offices of national
professional associations and/or State boards of licensure, or the
NCHS data processing facility until the process of conversion to
magnetic tape and verification of information is completed and a
subsequent inventory or survey is initiated. For these reasons the
records may be retained for a period of up to five years before
disposal.
System manager(s) and address:
Director, National Center for Health Statistics, Centers for
Disease Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Notification procedure:
To determine if a record exists, write to the System Manager at
the above address.
Record access procedures:
Access to record systems which have been granted an exemption
from the Privacy Act access requirement may be made at the discretion
of the System Manager. Positive identification is required from
anyone seeking access. Appeal of access refusal may be made to the
Director, Office of Management, Public Health Service. An individual
may also request an accounting of disclosure of his/her record, if
any.
Contesting record procedures:
If access has been granted, contact the System Manager and
reasonably identify the record, specify the information being
contested, and state the corrective action sought, with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Health practitioners, state licensing agencies, or professional
associations.
Systems exempted from certain provisions of the act:
With respect to this system of records, exemption has been
granted from the requirements contained in subsections 552a(c)(3),
(d)(1) through (4), and (e)(4)(G) and (H) in accordance with the
provisions of subsection 552a(k)(4) of the Privacy Act of 1974. The
reasons that the system has been exempted is that this system
contains only records required by statute to be maintained and used
solely as statistical records. The exemption was published in the
Federal Register, October 8, 1975, page 47413.
09-20-0166
System name: Vital Statistics for Births, Deaths, Fetal Deaths,
Marriages and Divorces Occurring in the United States during Each
Year, HHS/OASH/NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Centers for Disease
Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Categories of individuals covered by the system:
Individuals who are born and their parents; individuals who die;
individuals who are married or divorced; and parents experiencing
fetal deaths.
Categories of records in the system:
The records include microfilm images of State records or machine-
readable data prepared by the State from records collected under the
laws of each State for births, deaths, fetal deaths, marriages and
divorces. The records contain the demographic characteristics of
individuals associated with each event. In addition, the birth
records include information on the characteristics of each live
birth, the health status of the infant, and socioeconomic
characteristics of the parents. The death records contain medical
information relating to cause of death and to socioeconomic
characteristics of the deceased; the fetal death record contains
medical information relating to cause of death and socioeconomic
characteristics of the parents. Marriages and divorces include
demographic and socioeconomic characteristics of both parties to the
event and legal information regarding the event.
Periodically the National Center for Health Statistics (NCHS)
conducts followback surveys, collecting information on random samples
of births and deaths through mail questionnaires. The content of
questionnaires for the followback surveys varies. Past surveys have
collected information on such topics as hospital utilization in the
last year of life, smoking habits of the deceased, health status of
infants, and pregnancy and employment histories of mothers.
Lists of names and other identifying information in the system
are provided to NCHS by individuals and organizations who for health
research purposes seek to have them matched against files of
decedents in order to identify State death records.
Authority for maintenance of the system:
Public Health Service Act, section 306(h) (42 U.S.C. 242k.)
Purpose(s):
The data are used for statistical purposes only. Uses within the
Department include the preparation of aggregated data in the form of
statistical tables for publication, analysis, and interpretation, to
meet the legislative mandates of 42 U.S.C 242k, i.e., to determine
the extent and nature of illness and disability of the population of
the U.S., including life expectancy and levels of infant and maternal
mortality, environmental and other health hazards, trends in family
formation, growth, and dissolution, and other related matters. The
followback surveys are designed primarily to expand the scope of data
that NCHS can collect from the national registration system, to make
the registration system more responsive to changing needs for data,
and to evaluate the quality of data collected on the birth and death
records.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The processed data are disseminated for public use in forms that
do not permit identification of individuals, such as published
statistical tables, special unpublished tabulations, and public use
computer tapes, which carry no individual identifiers. They are used
by members of Congress and their staffs, other executive branch
agencies, state and city governments, public and private research
institutions, life insurance companies, faculty and students of
universities, physicians, workers in health information, newspaper
reporters and feature writers, etc. The findings are used to make
determinations on needs for legislation, appropriations, and programs
in the health field; to pinpoint health problems, measure progress of
national health programs, and make population estimates; for
epidemiological studies, marketing research, sociological studies,
and studies of the family; and for other research directed at
understanding our society.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files and magnetic tapes.
Retrievability:
Some States submit microfilm copies of certificates of birth,
death, fetal death, marriage, and divorce, and statistics are
extracted from them. These microfilms contain individual identifiers;
they are the only individually identified records in the system.
Other States submit vital statistics data on magnetic tape, showing
only a State file number for each case but no personal identifiers.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained. NCHS and its
contractors implement personnel, physical, and procedural safeguards
as follows:
1. Authorized users: Persons authorized and needing to use the
records, including project directors, contract officers,
interviewers, analysts, statisticians, statistical clerks, and data
entry personnel on the staffs of the Center and the contractors.
2. Physical safeguards: The manual portions of the records are
stored in locked files or offices when not in use. (The automated
portions of the records do not contain individually identifiable
data. Because they are not subject to the Privacy Act, descriptions
of the computer safeguards used are not included in this notice.)
Access to the buildings in which the manual records are stored is
controlled by special entry devices and 24-hour security guards.
3. Procedural safeguards: All employees of NCHS and contractor
personnel with access to NCHS records are required, as a condition of
employment, to sign an affidavit binding them to nondisclosure of
individually identifiable information; periodic training sessions are
conducted to reinforce the confidentiality restrictions.
Contractors who maintain records in the system are instructed to
make no further disclosure of the records. Privacy Act requirements
are specifically included in contracts for survey and research
activities related to this system. The HHS project directors,
contract officers, and project officers oversee compliance with these
requirements.
These safeguards are in accordance with chapter 45-13,
``Safeguarding Records Contained in Systems of Records,'' of the HHS
General Administration Manual; supplementary chapter PHS.hf: 45-13;
the National Bureau of Standards Federal Information Processing
Standards (FIPS Pub. 41 and FIPS Pub. 312); and the NCHS Staff Manual
on Confidentiality.
Retention and disposal:
The microfilm copies of the individually identifiable records are
retained in office files of NCHS until the process of conversion to
magnetic tape and verification of information is completed. The death
records are sent to the Federal Records Center ten years after
tabulation for deaths occurring during the three year period
surrounding census years and one year after tabulation for other
years. They are held until disposed of, 15 years after tabulation for
deaths of the censal years, and five years after tabulation for other
years. Records of births, fetal deaths, marriages, and divorces are
disposed of two years after tabulation. The questionnaires for the
followback surveys are destroyed after conversion to magnetic tape,
tabulation, and analyses have been completed.
System manager(s) and address:
Director, National Center for Health Statistics, Centers for
Disease Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Notification procedure:
To determine if a record exists, write to the System Manager at
the above address.
Record access procedures:
Access to record systems which have been granted an exemption
from the Privacy Act access requirement may be made at the discretion
of the System Manager. Positive identification is required from
anyone seeking access. Appeal of access refusal may be made to the
Director, Office of Management, Public Health Service. An individual
may also request an accounting of disclosures of his/her record, if
any.
Contesting record procedures:
If access has been granted, contact the System Manager and
reasonably identify the record, specify the information being
contested, and state the corrective action sought with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Vital statistics records are obtained from State vital statistics
offices, or, in rare instances, from other State or county
repositories of marriage or divorce data. Information in followback
surveys is obtained from hospitals, physicians, or relatives of the
infants or the deceased.
Systems exempted from certain provisions of the act:
With respect to this system of records, exemption has been
granted from the requirements contained in subsections 552a(c)(3),
(d)(1) through (4), and (e)(4)(G) and (H), in accordance with the
provision of subsection 552a(k)(4) of the Privacy Act of 1974. The
reason that the system has been exempted is that this system contains
only records required by statute to be maintained and used solely as
statistical records. The exemption was published in the Federal
Register, October 8, 1975, page 47413.
09-20-0167
System name: Health Resources Utilization Statistics, HHS/OASH/
NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Centers for Disease
Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Categories of individuals covered by the system:
Recipients of medical care included in statistical surveys and
reports of the National Center for Health Statistics (NCHS),
including but not limited to: (1) Staff and residents of nursing
homes selected by random sampling techniques to be representative of
nursing homes in the U.S.; (2) physicians providing medical care and
patients visiting such physicians; (3) patient medical records from
selected short-stay hospitals.
Categories of records in the system:
Records containing information on: (1) The utilization of long-
term care and nursing home care through data on clients and residents
(demographic and social characteristics, health status and charges
paid for care) and the facility (general characteristics,
certification, services offered and expense); (2) the demographic
characteristics, medical and other problems of persons visiting
physicians, and the physicians' diagnosis, treatment, and disposition
decisions made during such visits as obtained from physicians during
randomly assigned one-week survey periods; (3) the demographic
characteristics administrative information (admission and discharge
dates, discharge status, and medical record number), and medical
information (diagnosis and surgical procedures) abstracted from the
face sheet of short-stay hospital medical records.
In many cases, these records do not contain individual
identifiers when they come under control of the National Center for
Health Statistics; they carry only sequence numbers, which only the
originating agency would be able to translate into a personal
identifier--and even then, not in all cases. Names of residents and
staff of nursing homes and patients of physicians are listed on
separated forms for sampling purposes only and are not included in
the final statistical records.
Authority for maintenance of the system:
Public Health Service Act, Section 306(b) (42 U.S.C. 242k).
Purpose(s):
The data are used for statistical purposes only, as specified by
statute, section 308(d) of 42 U.S.C. 242m. Uses within the Department
include the preparation of aggregated data in the form of statistical
tables for publication, analysis and interpretation to meet the
legislative mandates of 42 U.S.C. 242k, i.e., collection of
statistics on the utilization of health services, including the
utilization of: (1) Long-term care services and nursing home
facilities to determine levels of illness and disability, effects on
the serviced population, and the costs of care; (2) ambulatory health
services by specialties and types of practice of the health
professionals providing such services; and (3) short-stay hospitals
to determine characteristics of patients, length of stay, diagnosis
and surgical operations, and utilization patterns of care in
hospitals of different size and ownership.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The data are disseminated in forms which do not permit the
identification of individuals, such as publications of statistical
tables, special requested tabulations, and public use computer tapes.
These are communicated to interested persons outside DHHS, such as
members of Congress and their staffs, other executive branch
agencies, universities and medical schools, state and local health
planning agencies, private foundations, etc. The findings are used by
demographers, sociologists, health statisticians, epidemiologists,
medical educators, health planners, other scholars, and concerned
citizens, to evaluate health matters, make determinations on needs
for legislation, appropriations, new service programs, and the like.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files and magnetic tapes.
Retrievability:
Data are retrieved by individual identifier only in the editing
stage of data processing and only for the purpose of correcting
errors in the recording of information. Original survey records are
reviewed for accuracy and edited, then data (without personal
identifiers such as name or Social Security Number) are transferred
to magnetic tape.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained. NCHS and its
contractors implement personnel, physical, and procedural safeguards
as follows:
1. Authorized users: Persons authorized and needing to use the
records, including project directors, contract officers,
interviewers, analysts, statisticians, statistical clerks, and data
entry personnel on the staffs of the Center and the contractors.
2. Physical safeguards: The manual portions of the records are
stored in locked files or offices when not in use. (The automated
portions of the records do not contain individually identifiable
data. Because they are not subject to the Privacy Act, descriptions
of the computer safeguards used are not included in this notice.)
Access to the buildings in which the manual records are stored is
controlled by special entry devices and 24-hour security guards.
3. Procedural safeguards: All employees of NCHS and contractor
personnel with access to NCHS records are required, as a condition of
employment, to sign an affidavit binding them to nondisclosure of
individually identifiable information; periodic training sessions are
conducted to reinforce the confidentiality restrictions.
Contractors who maintain records in the system are instructed to
make no further disclosure of the records. Privacy Act requirements
are specifically included in contracts for survey and research
activities related to this system. The HHS project directors,
contract officers, and project officers oversee compliance with these
requirements.
These safeguards are in accordance with chapter 45-13,
``Safeguarding Records Contained in Systems of Records,'' of the HHS
General Administration Manual; supplementary chapter PHS.hf: 45-13;
the National Bureau of Standards Federal Information Processing
Standards (FIPS Pub. 41 and FIPS Pub. 312); and the NCHS Staff Manual
on Confidentiality.
Retention and disposal:
The original records are retained in office files of NCHS or NCHS
contractors for two years. The procedure for family planning records
differs in that the original documents are retained in office files
for only two months. In all instances, the original records are then
sent to the Federal Records Center where they are stored for five
years.
System manager(s) and address:
Director, National Center for Health Statistics, Centers for
Disease Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Notification procedure:
To determine if a record exists, write to the System Manager at
the above address.
Record access procedures:
Access to record systems which have been granted an exemption
from the Privacy Act access requirement may be made at the discretion
of the System Manager. Positive identification is required from
anyone seeking access. Appeal of access refusal may be made to the
Director, Office of Management, Public Health Service. An individual
may also request an accounting of disclosures of his/her record, if
any.
Contesting record procedures:
If access has been granted, contact the System Manager and
reasonably identify the record, specify the information being
contested, and state the corrective action sought, with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Hospitals, physicians, clinics, nursing homes, and other
providers of health care.
Systems exempted from certain provisions of the act:
With respect to this system of records, exemption has been
granted from the requirements contained in subsections 552(a)(3),
(d)(1) through (4), and (e)(4)(G) and (H), in accordance with
provisions of subsections 552a (k)(4) of the Privacy Act of 1974. The
reason for this exemption is that this system contains only records
required by statute to be maintained and used solely as statistical
records. The exemption was published in the Federal Register,
September 11, 1978, page 40229.
09-20-0168
System name: Curricula Vitae of Consultants to the National
Center for Health Statistics, HHS/OASH/NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Centers for Disease
Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Categories of individuals covered by the system:
Persons who are current or potential consultants to NCHS. These
are persons with special expertise who may be able to assist NCHS on
a consultant basis in the planning and conducting of surveys,
studies, statistical reporting programs, or statistical analyses of
data, or in providing training and technical assistance, or assisting
in conducting conferences.
Categories of records in the system:
Information relating to the professional training and experience
of the consultant. This includes address; current position; employer;
duties; place, time, and length of education; degrees received;
honors received; former positions and work experiences; memberships
in professional organizations; special committee and task force
assignments; offices held; publications; references; health
condition; availability for, and interest in travel and accepting
certain assignments; compensation required, etc.
Authority for maintenance of the system:
Public Health Service Act, section 304(b) (42 USC 242b),
authorizing the Secretary to take the necessary steps to implement
statistical and epidemiological activities relating to health.
Purpose(s):
The data are used by staff of NCHS or its contractors for
selecting consultants to assist in projects conducted or sponsored by
NCHS.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Where Federal agencies having the power to subpoena other
Federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
2. The Department occasionally contracts with a private firm for
the purpose of collating, analyzing, aggregating or otherwise
refining records in this system. Relevant records are disclosed to
such a contractor. The contractor is required to maintain Privacy Act
safeguards with respect to such records.
3. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
4. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The information is contained on paper records and computer-
readable tape.
Retrievability:
Information is retrieved by name, address, speciality, and by
other characteristics.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained. NCHS implements
personnel, physical, and procedural safeguards as follows:
(1) Authorized Users: Records are used only by staff whose
official duties require them to use records on consultants.
(2) Physical Safeguards: Records are maintained in locked metal
files or in a locked room when not in use. Computerized files are
further protected by the Resource Access Control Facility (``RACF'').
(3) Procedural Safeguards: Persons other than staff authorized to
work with the records are not allowed access to them.
These safeguards are established in accordance with guidelines in
DHHS Chapter 45-13 of the General Administration Manual, in
supplementary Chapter PHS.hf:45-13, and in the NCHS Staff Manual on
Confidentiality.
Retention and disposal:
Records are maintained permanently until the consultant's death,
disability for consultant work, or request that his/her records be
removed from the file.
System manager(s) and address:
Director, National Center for Health Statistics, Centers for
Disease Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Notification procedure:
To determine if a record exists, write to the System Manager.
Information needed consists of name of individual.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. Positive
identification is required from anyone seeking access. Individuals
may also request an accounting of disclosures that have been made of
their records, if any.
Contesting record procedures:
Write to the official at the address specified under notification
procedures above, and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Records are obtained from the consultants themselves, except that
references may be obtained from present and former employers or
supervisors of the consultants, or from individuals given as
references by the consultants.
Systems exempted from certain provisions of the act:
None.
09-20-0169
System name: Users of Health Statistics, HHS/OASH/NCHS.
Security classification:
None.
System location:
National Center for Health Statistics, Centers for Disease
Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, Maryland 20782.
Categories of individuals covered by the system:
Persons who are past, present, or potential users of health
statistics and would therefore have special interests in the programs
conducted by NCHS, such as (1) persons who subscribe to NCHS
publication series, (2) persons who purchase NCHS public use data
tapes or publications, (3) persons who contact NCHS to request data
or information on health statistics, (4) persons who attend health
statistics conferences, and (5) persons known from their publications
or otherwise to have a research, legislative, policy, or
adminstrative interest in data produced by NCHS.
Categories of records in the system:
This system consists of information relating to the professional
health statistical interests of health statistics users, such as
their: Name, address, position, organization, education, memberships
in professional organizations, special committee and task force
assignments, offices held in organizations, publications, health
statistics meetings attended, uses made of health statistics, health
statistics projects, purchases of NCHS tapes or publications, and
expressions of interests and concerns about health statistics.
Authority for maintenance of the system:
Public Health Service Act, section 308(g)(2) (42 U.S.C.
242m(g)(2), which authorizes the Secretary to take necessary action
to assure that appropriate, high quality data are disseminated on as
wide a basis as is practicable.
Purpose(s):
NCHS uses the data in detemining how improvements can be made in
(1) the content and methodology of its data programs, (2) its data
publications, (3) dissemination of health statistics, and (4)
meetings or other means for soliciting users' concerns and knowledge
sharing.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The Department occasionally contracts with a private firm for
the purpose of conducting surveys or collecting, analyzing,
aggregating, otherwise refining, or evaluating data in this system.
Relevant records are disclosed to such a contractor. The contractor
is required to maintain Privacy Act safeguards with respect to such
records.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
3. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The information is contained on paper records and/or computer-
readable tape.
Retrievability:
Information is retrieved by name, and may also be retrievable by
unique identifying number, address, specialty, or other identifying
characteristics.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained in each project.
NCHS and its contractors implement personnel, physical, and
procedural safeguards such as the following:
(1) Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to authorized
contractor personnel, the NCHS project officer, and NCHS employees
whose duties require the use of such information. One-time and
special access to the data is controlled by the System Manager, the
NCHS Project Officer, and the Contract and/or Project Director.
Furthermore, all employees of NCHS and contractor personnel with
access to NCHS records are required, as a condition of employment, to
sign an affidavit binding them to nondisclosure of identifiable
individuals' information.
(2) Physical Safeguards: Records are stored in locked files or
secured areas. Computer terminals are in secured areas. Computerized
files are further protected by the Resources Access Control Facility
(``RACF'').
(3) Procedural Safeguards: Data stored in computers are accessed
through the use of passwords/keywords known only to the principal
investigators or authorized personnel. These passwords/keywords are
changed frequently.
Contractors who maintain records in this system are instructed to
make no further disclosure of the records except as authorized by the
system manager and permitted by the Privacy Act. Privacy Act
requirements are specifically included in contracts for research
activities related to this system. The HHS project directors,
contract officers, and project officers oversee compliance with these
requirements.
The particular safeguards implemented in each project are
developed in accordance with chapter 45-13, ``Safeguarding Records
Contained in Systems of Records,'' of the HHS General Administration
Manual, supplementary chapter PHS hf. 45-13; Part 6, ``ADP Systems
Security,'' of the HHS Information Resources Manual; the National
Bureau of Standards Federal Information Processing Standards (FIPS
Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Records are retained for various periods of time depending upon
how useful they are considered to be, in accordance with NCHS policy.
Some records of users may be maintained indefinitely. Disposal
methods include burning or shredding hard copy and erasing computer
tapes and disks.
System manager(s) and address:
Director, National Center for Health Statistics, Centers for
Disease Control, Presidential Building, Rm. 1140, 6525 Belcrest Road,
Hyattsville, MD 20782.
Notification procedure:
To determine if a record exists, write to the System Manager.
Information needed consists of name and address of individual.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. Positive
indentification is required from anyone seeking access. You may also
request an accounting of disclosures that have been made of your
record, if any.
Contesting record procedures:
Write to the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Records may be obtained from (1) order forms for publications or
public use data tapes, (2) mailing lists, (3) registration forms of
meeting (4) author information in books and journals, (5) reference
citations, and (6) reports of colleagues.
Systems exempted from certain provisions of the act:
None.
Food and Drug Administration
Table of Contents
09-10-0002 Regulated Industry Employee Enforcement
Records, HHS/FDA/OC.
09-10-0003 FDA Credential Holder File, HHS/FDA/OC.
09-10-0004 Communications (Oral and Written) With the
Public, HHS/FDA/OC.
09-10-0005 State Food and Drug Official File, HHS/FDA/
ORA.
09-10-0007 Science Advisor Research Associate Program
(SARAP), HHS/FDA/ORA.
09-10-0008 Radiation Protection Program Personnel
Monitoring System, HHS/FDA/CDRH.
09-10-0009 Special Studies and Surveys on FDA-
Regulated Products, HHS/FDA/OM.
09-10-0010 Bioresearch Monitoring Information System,
HHS/FDA.
09-10-0011 Certified Retort Operators, HHS/FDA/CFSAN.
09-10-0013 Employee Conduct Investigative Records,
HHS/FDA/OM.
09-10-0017 Epidemiological Research Studies of the
Center for Devices and Radiological Health, HHS/FDA/
CDRH.
09-10-0018 Employee Identification Card Information
Records, HHS/FDA/OC.
09-10-0019 Mammography Quality Standards Act (MQSA)
Training Records, HHS/FDA/CDRH.
09-10-0002
System name: Regulated Industry Employee Enforcement Records,
HHS/FDA/OC.
Security classification:
None.
System location:
FDA employees:
Administrative Services Branch (HFA-210), 5600 Fishers Lane,
Rockville, MD 20857
Investigations Operations Branch (HFC-132), 5600 Fishers Lane,
Rockville, MD 20857
Administrative, Investigations, and Compliance Branches at
Field/District Offices. For the location of Field/District Offices,
see Appendix A.
For the location of Federal Records Centers, see Appendix B.
Categories of individuals covered by the system:
Employees of nterprises regulated by the Food and Drug
Administration (FDA) and other individuals subject to FDA enforcement
actions.
Categories of records in the system:
Includes correspondence, memoranda, inspection reports, and
related documents that are investigatory material compiled for law
enforcement purposes.
Authority for maintenance of the system:
Federal Food, Drug and Cosmetic Act (21 U.S.C. 321 et seq.), the
Public Health Service Act (42 U.S.C. 201 et seq.), and authority
delegated to the Commissioner, 21 CFR part 5.
Purpose(s):
To provide records used by FDA employees in investigations of
possible violation of the law.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Records that indicate violation or potential violation of law
may be: (1) Referred for investigation and possible enforcement
action under the applicable Federal, State, or foreign laws to the
Department of Justice and other appropriate Federal agencies; an
appropriate State food and drug enforcement health agency or
licensing authority; or, the government of a foreign country; or (2)
disclosed in administrative or court proceeding in determining
whether a record is relevant to an Agency decision concerning
documents of investigatory materials.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from that
congressional office at the request of that individual.
3. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
Is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual files are maintained in letter-size folders. Automated
files are maintained on computer discs and tapes stored ina locked
safe.
Retrievability:
Indexed by company or subject, sometimes with individual name in
a cross-index on an automated index system.
Safeguards:
1. Authorized users: Administrative Services Branch and Office of
Regulatory Affairs personnel.
2. Physical safeguards: Records are kept in locked cabinets in a
secured area, locked rooms, locked buildings and limited access to
authorized personnel. Computer tapes and discs are stored in a locked
safe.
3. Procedural (or technical) safeguards: Computer software
providing restricted commands.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf: 45-13 of the Department's
General Administration Manual and Part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
Records may be retired to a Federal Records Center and
subsequently disposed of in accordance with FDA's Records Control
Schedule. The Records Control Schedule and disposal standard for
these records may be obtained by writing to the system manager at the
address below.
System manager(s) and address:
The policy coordinating official for this system of records is
also the system manager for the Investigations Operations Branch.
Chief, Administrative Services Branch (HFA-210), 5600 Fishers
Lane, Rockville, MD 20857
Assistant to the Director, Investigations Operations Branch
(HFC-132), Office of Regulatory Affairs, 5600 Fishers Lane,
Rockville, MD 20857
Director, Office of Criminal Investigations, Office of Regulatory
Affairs, (HFC-300), 7500 Standish Place, Suite 250N, Rockville, MD
20855
Administrative, Investigative and Compliance Branches at Field/
District Offices, see Appendix A.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Access to record
systems which have been granted an exemption from the Privacy Act
access requirement may be made at the discretion of the system
manager. If access is denied to requested records, an appeal may be
made to:
Commissioner, Food and Drug Administration, 5600 Fishers Lane,
Rockville, MD 20857
You may also request an accounting of disclosures that have been
made of your record, if any.
Contesting record procedures:
If access has been granted, contact the official at the address
specified under notification procedures and reasonably identify the
record, specify the information being contested, the corrective
action sought, and your reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely or irrelevant.
Record source categories:
Individual on whom the record is maintained, from third parties
such as consumers, scientists, representatives of other companies,
state agencies, or developed by FDA during investigations for law
enforcement purposes.
Systems exempted from certain provisions of the act:
This system is exempt from access and contest and certain other
provisions of the Privacy Act (5 U.S.C. 552a (c)(3), (d)(1) to (4),
(e)(3), (e)(4)(G) to (H) and (f), to the extent that it includes
investigatory material compiled for law enforcement purposes,
including criminal law enforcement purposes, where access would be
likely to prejudice the conduct of the investigation.
Appendix A- Addresses and working hours of the Food and Drug
Administration Field Offices
The following is a list of the Food and Drug Administration Field
Offices, their addresses and working hours where individuals may have
access to records in Food and Drug Administration Privacy Act Record
Systems:
NORTHEAST REGION
Regional Office
830 Third Avenue, Brooklyn, NY 11232, Office hours: 8 am to 4:30
pm (e.s.t.).
District Offices
One Montvale Avenue, 3rd Floor, Stoneham, MA 02180, Office hours:
8 am. to 4:30 pm (e.s.t.).
850 Third Avenue, 4th Floor, Brooklyn, NY 11232-1593, Office
hours: 8 am to 4:30 pm (e.s.t.).
599 Delaware Avenue, Buffalo, NY 14202, Office hours: 8 am to
4:30 pm (e.s.t.).
Regional Laboratory
850 Third Avenue, 4th Floor, Brooklyn, NY 11232-1593, Office
hours: 8 am to 4:30 pm (e.s.t.).
Winchester Engineering and Analytical Center (WEAC), 109 Holton
Street, Winchester, MA 01890.
MID-ATLANTIC REGION
Regional Office
2nd and Chestnut Streets, Room 900, Philadelphia, PA 19106,
Office hours: 8 am to 4:30 pm (e.s.t.).
District Offices
2nd and Chestnut Streets, Room 900, Philadelphia, PA 19106,
Office hours: 8 am to 4:30 pm (e.s.t.).
61 Main Street, West Orange, NJ 07052, Office hours: 8 am to 4:30
pm (e.s.t.).
900 Madison Avenue, Baltimore, MD 21201, Office hours: 7:45 am to
4:15 pm (e.s.t.).
1141 Central Parkway, Cincinnati, OH 45202-1097, Office hours: 8
am to 4:30 pm (e.s.t.).
SOUTHEAST REGION
Regional Office
60 Eighth Street, NE, Atlanta, GA 30309, Office hours: 8 am to
4:30 pm (e.s.t.).
District Offices
60 Eighth Street, NE, Atlanta, GA 30309, Office hours: 8 am to
4:30 pm (e.s.t.).
297 Plus Park Boulevard, Nashville, TN 37217, Office hours: 8 am
to 4:30 pm (c.t.).
7200 Lake Ellenor Drive, Suite 120, Orlando, FL 32809, Office
hours: 8 am to 4:30 pm (e.s.t.).
4298 Elysian Fields Avenue, New Orleans, LA 70122, Office hours:
8 am to 4:30 pm (c.t.).
Fernandez Juncos Avenue, Puerta de Tierra, San Juan, PR 00906-
5719, Office hours: 8 am to 4:30 pm (e.s.t.).
Regional Laboratory
60 Eighth Street, NE, Atlanta, GA 30309, Office hours: 8 am to
4:30 pm (e.s.t.).
MIDWEST REGION
Regional Office
20 N. Michigan Avenue, Room 550, Chicago, IL 60602, Working
hours: 8 am to 4:30 pm (e.s.t.).
District Offices
433 W. Van Buren Street, Room 1222, Chicago, IL 60607, Working
hours: 8 am to 4:30 p.m. (e.s.t.).
1560 East Jefferson Avenue, Detroit, MI 48207, Office hours: 8 am
to 4:30 pm (e.s.t.).
240 Hennepin Avenue, Minneapolis, MN 55401, Office hours: 8 am to
4:30 pm (c.t.).
SOUTHWEST REGION
Regional Office
3032 Bryan Street, Dallas, TX 75204, Office hours: 8 am to 4:30
(c.t.).
District Offices
3032 Bryan Street, Dallas, TX 75204, Office hours: 8 am to 4:30
(c.t.).
1009 Cherry Street, Kansas City, MO 64106, Office hours: 8 am to
4:30 pm (c.t.).
Denver Federal Center, Building 20, PO Box 25087, Denver, CO
80225-0087, Working hours: 8 am to 4:30 pm (m.t.).
PACIFIC REGION
Regional Office
Federal Office Building, Room 526, 50 U.N. Plaza, San Francisco,
CA 94102, Working hours: 8 am to 4:30 pm (p.t.).
District Offices
Federal Office Building, Room 526, 50 U.N. Plaza, San Francisco,
CA 94102, Working hours: 8 am to 4:30 pm (p.t.).
1521 W. Pico Boulevard, Los Angeles, CA 90015-2486, Office hours:
8 am to 4:30 pm (p.t.).
22201 23rd Drive, SE, Bothell, WA 98021-4421, Office hours: 8 am
to 4:30 pm (c.t.).
Appendix B--General Services Administration, Federal Archives, and
Records Centers
National Centers:
District of Columbia, Maryland, Virginia, and West Virginia
except for U.S. Court records for Maryland, Virginia, and West
Virginia: Washington National Records Center, Washington, DC 20409.
National Personnel Records Center (Civilian Personnel Records),
111 Winnebago Street, St. Louis, MO 63118.
National Personnel Records Center (Military Personnel Records),
9700 Page Boulevard, St. Louis, MO 63132.
Regional Centers
Maine, Vermont, New Hampshire, Massachusetts, Connecticut, and
Rhode Island, Federal Archives and Records Center, 380 Trapelo Road,
Waltham, MA 02154.
New York, New Jersey, Puerto Rico, the Virgin Islands, and the
Panama Canal Zone, Federal Records Center, Military Ocean Terminal,
Building 22, Bayonne, NJ 07002-5388.
Delaware, Pennsylvania, and U.S. Court records for Maryland,
Virginia, and West Virginia, Federal Records Center, 5000 Wissahickon
Avenue, Philadelphia, PA 19144.
North Carolina, South Carolina, Tennessee, Mississipi, Alabama,
Georgia, Florida and Kentucky, Federal Records Center, 1557 St.
Joseph Avenue, East Point, GA 30344.
Illinois, Wisconsin, Minnesota, and U.S. Court records for
Indiana, Michigan, and Ohio, Federal Records Center, 7358 South
Pulaski Road, Chicago, IL 60629.
Indiana, Michigan, and Ohio except for U.S. Court records,
Federal Records Center, 3150 Springboro Road, Dayton, OH 45439.
Kansas, Iowa, Nebraska, and Missouri, Federal Records Center,
2306 East Bannister Road, Kansas City, MO 64131.
Texas, Oklahoma, Arkansas, Louisiana, and New Mexico, Federal
Records Center, PO Box 6216, Fort Worth, TX 76115.
Shipping address only (do not use for mail), 4900 Hemphill
Street, Building 1, Dock 1, Fort Worth, TX.
Colorado, Wyoming, Utah, Montana, North Dakota, and South Dakota,
Federal Records Center, PO Box 25307, Denver, CO 80225.
American Samoa, California, except Southern California, and
Nevada, except Clark County, Federal Records Center, 1000 Commodore
Drive, San Bruno, CA 94066.
Arizona; Clark County, Nevada; and Southern California (counties
of San Luis Obispo, Kern, San Bernardino, Santa Barbara, Ventura, Los
Angeles, Riverside, Orange, Imperial, Inyo, and San Diego). Federal
Records Center, 24000 Avila Road, 1st Floor, PO Box 6719, Laguna
Niguel, CA 92677.
Washington, Oregon, Idaho, Alaska, Hawaii, and Pacific Ocean
areas (except American Samoa), Federal Records Center, 6125 Sand
Point Way NE, Seattle, WA 98115.
09-10-0003
System name: FDA Credential Holder File, HHS/FDA/OC.
Security classification:
None.
System location:
FDA employees:
Personnel Property Management Section, (HFA-227), Office of
Management, 5600 Fishers Lane, Rockville, MD 20857
Metropolitan Office Services Section (HFA-216), Office of
Management, 200 C Street, SW, Washington, DC 20204
Division of Field Investigations (HFC-130), Office of
Regulatory Affairs, 5600 Fishers Lane, Rockville, MD 20857
Administrative Branch at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC.
State and Local Employees: Division of Federal-State Relations
(HFC-151), 5600 Fishers Lane, Rockville, MD 20857.
Administrative Branch at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC.
Categories of individuals covered by the system:
FDA employees and state and local government employees who have
been issued FDA credentials for enforcement activities.
Categories of records in the system:
Contains name, job title, height, weight, color of eyes and hair,
duty status, and for state and local government employees,
professional qualifications.
Authority for maintenance of the system:
Sections 702 to 704, the Federal Food, Drug, and Cosmetic Act (21
U.S.C. 372 to 374).
Purpose(s):
To issue or reissue credentials which are used to gain entry to
regulated establishments.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information may be disclosed to provide assurance to regulated
enterprises that an individual is a duly designated enforcement
officer and, in the case of state employees, an officer commissioned
as an officer of the Department.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Maintained in file folders and on computer tapes.
Retrievability:
Indexed by name.
Safeguards:
1. Authorized users: Administrative Services Branch and Office of
Regulatory Affairs personnel.
2. Physical safeguards: Records are kept in locked cabinets in a
secured area, locked rooms, locked buildings and limited access to
authorized personnel. Computer tapes and discs are stored in locked
safe.
3. Procedural (or technical) safeguards: Computer software
providing restricted commands.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual and Part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
Records are retained as long as individual is a duly designated
or commissioned official; inactive files destroyed after 10 years.
The records are destroyed by shredding, burning, or other appropriate
means so as to render them illegible.
System manager(s) and address:
FDA employees:
Chief, Services Unit (HFA-227), Office of Management, 5600
Fishers Lane, Rockville, MD 20857
Chief, Metropolitan Office Services Unit (HFA-216), Office of
Management, 200 C Street, SW, Washington, DC 20204
Administrative Branch at Field/District Offices. For the location
of Field /District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC.
Federal-State Officer at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OMO/
DMS.
State employees:
Director, Division of Federal-State Relations (HFC-151), 5600
Fishers Lane, Rockville, MD 20857.
Administrative Branch at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained.
Systems exempted from certain provisions of the act:
None.
09-10-0004
System name: Communications (Oral and Written) With the Public,
HHS/FDA/OC.
Security classification:
None.
System location:
Administrative Services Branch (HFA-210), 5600 Fishers Lane,
Rockville, MD 20857
Office of Legislative Affairs (HFW-1), 5600 Fishers Lane,
Rockville, MD 20857
Administrative Branch at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OMO/
DMS.
For the location of Federal Archives and Records Centers, see
appendix B to system notice 09-10-0002, Regulated Industry Employee
Enforcement Records, HHS/FDA/OMO/DMS.
Categories of individuals covered by the system:
Individuals, other than employees of enterprises regulated by
FDA, who communicate with FDA or, in some cases, are the subject of
communications by others with FDA.
Categories of records in the system:
Includes correspondence from and to individuals, summaries of
conversations prepared by FDA employees, and records prepared by FDA
as a follow-up to consumer complaints, oral and written.
Administrative Services Branch files include copies of correspondence
received from the public, and the FDA reply. The Office of
Legislative Affairs maintains duplicates of letters FDA sends to
members of Congress and summaries of oral inquiries in files
organized by members' names. The Office of Legislative Affairs
maintains a manual control system and the Executive Secretariat,
Office of the Commissioner, maintains an automated control system of
pending correspondence requiring a reply.
Authority for maintenance of the system:
Federal Food, Drug, and Cosmetic Act (21 U.S.C. 321 et seq.); the
Public Health Service Act (42 U.S.C. 201 et seq.), and authority
delegated to the Commissioner (21 CFR 5.1).
Purpose(s):
To aid FDA employees in carrying out their responsibilities,
e.g., responding to follow-up correspondence on complaints, requests
for information, etc.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records that indicate violation or potential violation of law may
be: (1) Referred for investigation and possible enforcement action
under the applicable Federal, State, or foreign laws to the
Department of Justice; an appropriate State food and drug enforcement
health agency or licensing authority; or the government of a foreign
country; or (2) disclosed in administrative or court proceedings in
determining whether a record is relevant to an agency decision
concerning documents of investigatory materials.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual records are maintained in letter-size folders. Automated
records are maintained on computer tapes and discs and stored in a
locked safe.
Retrievability:
Records are arranged by company or by subject. A computer index
gives correspondent's name, date of letter, subject, and location.
Field offices file consumer complaints by complaint number.
Safeguards:
1. Authorized users: FDA employees who display an FDA
identification card; GAO employees upon approval of GAO Liaison
Officer, Operations Coordination Staff, OMO, employees of DHHS
agencies other than FDA whose duties require the use of information
in the system.
2. Physical safeguards: Records are stored in locked cabinets in
secured areas, locked buildings and locked rooms. Computer tapes and
discs are stored in a locked safe.
3. Procedural (or technical) safeguards: Computer software
providing restricted commands. Employees of DHHS agencies other than
FDA must display government identification card, complete agreement
between FDA and the agency concerned, and sign a commitment to
protect privileged information.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual and part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
Records may be retired to a Federal Records Center and
subsequently disposed of in accordance with FDA's Records Control
Schedule. The Records Control Schedule and disposal standard for
these records may be obtained by writing to the system manager at the
appropriate address below.
System manager(s) and address:
Chief, Administrative Services Branch (HFA-210), 5600 Fishers
Lane, Rockville, MD 20857
Office of Legislative Affairs (HFW-1), 5600 Fishers Lane,
Rockville, MD 20857
Administrative Branch at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/OMO/DMS.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably specify the record, information being
contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained or others (generally
members of Congress) who write to FDA about them.
Systems exempted from certain provisions of the act:
None.
09-10-0005
System name: State Food and Drug Official File, HHS/FDA/ORA.
Security classification:
None.
System location:
Regional Food and Drug Offices (See Appendix A 0.
Categories of individuals covered by the system:
State officials who have responsibilities related to those of the
Food and Drug Administration.
Categories of records in the system:
Contains name, date of birth, education and professional
experience, and state in which employed.
Authority for maintenance of the system:
Section 702(a) of the Federal Food, Drug, and Cosmetic Act (21
U.S.C. 372(a)).
Purpose(s):
To provide FDA with the names of State officials who have
responsibilities related to those of the Food and Drug
Administration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Maintained in letter-size manila folders.
Retrievability:
Indexed by name and state.
Safeguards:
1. Authorized users: Personnel of the Division of Federal State
Relations who are engaged in contracts or any other activity
involving commissioning.
2. Physical safeguards: Records are kept in locked cabinets in a
secured area, locked rooms and locked building.
3. Procedural safeguards: Users of personal information in the
performance of their duties have been instructed to protect personal
information from public view and from unauthorized personnel. Access
is strictly limited to those staff members trained in accordance with
the Privacy Act.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual.
Retention and disposal:
Records are retained as long as individual is a state employee.
System manager(s) and address:
Regional Food and Drug Directors (See Appendix A for Address).
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requests should also reasonably
specify the records content being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained.
Systems exempted from certain provisions of the act:
None.
09-10-0007
System name: Science Advisor Research Associate Program (SARAP),
HHS/FDA/ORA.
Security classification:
None.
System location:
Division of Field Science (HFC-140), Office of Regional
Operations, 5600 Fishers Lane, Rockville, MD 20857.
For the location of Federal Archives and Records Centers, see
Appendix B to system notice 09-10-0002, Regulated Industry Employee
Enforcement Records, HHS/FDA/OMO/DMS.
Categories of individuals covered by the system:
FDA field personnel who have applied to participate in full-time
research effort under the program.
Categories of records in the system:
Contains name, curriculum vitae, description of research
proposal, budget, and statement of career goals.
Authority for maintenance of the system:
Section 702(a) of the Federal Food, Drug, and Cosmetic Act (21
U.S.C. 372(a); sections 301 of the Public Health Service (42 U.S.C.
241) and 311 of the PHS Act (42 U.S.C. 243).
Purpose(s):
To monitor the progress of research objectives of approved
individual SARAP research projects.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Maintained in letter-size manila folders.
Retrievability:
Indexed by name.
Safeguards:
1. Authorized users: Personnel of the Division of Field Science.
2. Physical safeguards: Records are kept in locked cabinets in a
secured area, locked rooms, and locked building.
3. Procedural safeguards: Users of personal information in the
performance of their duties have been instructed to protect such
information from public view and from unauthorized personnel. Access
is strictly limited to those staff members trained in accordance with
the Privacy Act.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual.
Retention and disposal:
Records may be retired to a Federal Records Center and
subsequently disposed of in accordance with FDA's Records Control
Schedule. The Records Control Schedule and disposal standard for
these records may be obtained by writing the system manager at the
address below.
System manager(s) and address:
Director, Division of Field Science (HFC-140), Office of Regional
Operations, 5600 Fishers Lane, Rockville, MD 20857.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained.
Systems exempted from certain provisions of the act:
None.
09-10-0008
System name: Radiation Protection Program Personnel Monitoring
System, HHS/FDA/CDRH.
Security classification:
None.
System location:
Office of Health Physics (HFZ-60), Center for Devices and
Radiological Health, 5600 Fishers Lane, Rockville, MD 20857
Radiation Detection Company, 162 Wolfe Road, PO Box 3414,
Sunnyvale, CA 94088
Categories of individuals covered by the system:
U.S. Public Health Service and other personnel in clinics,
laboratories, hospitals, research facilities, etc., who work with
ionizing radiation sources and are required to be monitored by
Nuclear Regulatory Commission or Occupational Safety and Health
Administration regulations.
Categories of records in the system:
Contains name, date of birth, social security account number, job
code, period of exposure, effective date, and radiation exposure
value.
Authority for maintenance of the system:
Atomic Energy Act of 1954 (68 Stat. 919 et seq.), Nuclear
Regulatory Commission Regulations, 10 CFR part 20; Occupational
Safety and Health Act of 1970 (84 Stat. 1590 et seq.), Occupational
Safety and Health Administration Regulations, 29 CFR 1910.96.
Purpose(s):
To monitor incremental and accumulated exposure to ionizing
radiation for radiation protection purposes.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Results are disclosed to employers, i.e., clinics, laboratories,
etc., after the end of each monitoring period.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
Disclosure may be made to HHS contractors and their staff in
order to accomplish the purpose for which the records are collected.
The recipients are required to protect such records from improper
disclosure.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Maintained on magnetic disc computer data bank, with back-up
stored securely off-site. Hard copies are maintained in letter-size
folders.
Retrievability:
Indexed by name, social security account number, and facility.
Safeguards:
1. Authorized users: Authorized CDRH and contractor personnel who
must have access to information in the system in the performance of
their duties.
2. Physical safeguards: Hard copies are filed in secured files,
locked building with controlling security personnel stationed at key
access points to the record area.
3. Procedural (or technical) safeguards: Computer software is
password protected and access is restricted by Resource Access
Control Facility (RACF). Contractor is required to maintain
confidentiality safeguards with respect to these records.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual and Part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
Indefinite retention on magnetic disc.
System manager(s) and address:
Program Manager, U.S.P.H.S. Personnel Monitoring Program, Office
of Health Physics (HFZ-60), Center for Devices and Radiological
Health, 5600 Fishers Lane, Rockville, MD 20857.
Notification procedure:
An individual may learn of his or her record upon written
request, with notarized signature if request is made by mail, or with
identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely or irrelevant.
Record source categories:
Individual on whom the record is maintained.
Systems exempted from certain provisions of the act:
None.
09-10-0009
System name: Special Studies and Surveys on FDA-Regulated
Products, HHS/FDA/OM.
Security classification:
None.
System location:
Division of Contracts and Procurement Management, Office of
Contracts and Grants Management, 5600 Fishers Lane, Park Building,
Room 3-32, Rockville, MD 20857.
A current list of contact sites is available by writing to the
system manager at the address below.
Categories of individuals covered by the system:
Individuals, specialty groups, and households participating
voluntarily in studies and surveys conducted or sponsored by FDA.
Categories of records in the system:
Data collected vary with each study/survey. Normal standard
information for individuals or household members varies but could
include name, age, sex, marital status, address or locale of
residence, etc. Nondemographic items relate to experience with, or
opinions about, a particular product. Patient medical records may be
included in some cases involving specific health problems.
Authority for maintenance of the system:
Section 701(a) of the Federal Food, Drug, and Cosmetic Act (21
U.S.C. 301 et seq.).
Purpose(s):
Used to provide data on individuals, specialty groups, e.g.,
physicians and households participating voluntarily in studies and
surveys conducted or sponsored by FDA.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the records
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Disclosure may be made to HHS contractors and their staff in
order to accomplish the purpose for which the records are collected.
The recipients are required to protect such records from improper
disclosure.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Questionnaires and data are filed in standard filing equipment.
Some statistical data are stored on magnetic tape.
Retrievability:
Accessed by ID number assigned by FDA or contractor during
collection process. Individual files are maintained in agency and/or
contractor's custody until all collection procedures are completed.
Safeguards:
1. Authorized users: Authorized program personnel.
2. Physical safeguards: Questionnaires and data are maintained in
locked containers in secured area. Magnetic tapes are maintained in
secured computer facilities. Locked buildings, locked rooms, locked
file cabinets and locked tape vaults.
3. Procedural (or technical) safeguards: Access limited by
computer password which is changed periodically. Confidentiality
safeguards with respect to these records are required to be
maintained.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf: 45-13 of the Department's
General Administration Manual and Part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
Questionnaires and data are retained until all statistical
problems are resolved; then destroyed. The records are destroyed by
shredding, burning, or other appropriate means so as to render them
illegible.
System manager(s) and address:
Chief, Division of Contracts and Procurement Management, 5600
Fishers Lane, Park Building, Room 3-32, Rockville, MD 20857.
Office of Epidemiology and Biostatistics (HFD-700), Rockville,
MD 20857
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. An individual who requests
notification of, or access to, a medical record shall, at the time
the request is made, designate in writing a responsible
representative who will be willing to review the records and inform
the subject individual of its contents at the representative's
discretion. You may also request an accounting of disclosures that
have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained or patient's medical
records, depending on the type of survey or study.
Systems exempted from certain provisions of the act:
None.
09-10-0010
System name:
Bioresearch Monitoring Information System, HHS/FDA.
Security classification:
None.
System location:
Center for Biologics Evaluation and Research (CBER), Office of
Compliance and Biologics Quality, Bioresearch Monitoring Team (HFM-
650), 1401 Rockville Pike, Rockville, MD 20852.
Center for Devices and Radiological Health (CDRH), Office of
Compliance, Division of Bioresearch Monitoring (HFZ-310), 2094
Gaither Rd., Rockville, MD 20850.
Center for Drug Evaluation and Research (CDER), Office of
Compliance, Division of Scientific Investigations (HFD-340), 7520
Standish Pl., Rockville, MD 20855.
Center for Food Safety and Applied Nutrition (CFSAN), Office of
Premarket Approval, Division of Product Policy (HFS-205), 200 C St.
SW., Washington, DC 20204.
Center for Veterinary Medicine (CVM), Office of Surveillance &
Compliance (HFV-234), Division of Compliance, Bioresearch Monitoring
Staff, 7500 Standish Pl., Rockville, MD 20855.
Categories of individuals covered by the system:
Clinical investigators who are conducting, or have conducted,
clinical studies of new drugs, biologics, and devices under
investigational new drug and biologics, and investigational device
exemption requests; clinical investigators who are conducting, or
have conducted, studies on food or color additives, generally
recognized as safe (GRAS) substances, or infant formula; and clinical
investigators who are conducting, or have conducted, studies on new
animal drugs under investigational new animal drug requests.
Categories of records in the system:
Automated file is maintained on all clinical investigators;
contains name, education, professional qualifications and background,
Program Oriented Data Systems (PODS) locator code, and information on
studies conducted. Manual file contains, in addition to that same
information, investigatory material collected by, or developed by,
the Food and Drug Administration (FDA), during investigations of
possible violations of statutes and regulations governing new drug,
biologic, food or color additive, GRAS substance, infant formula, new
animal drug, and/or device studies.
Authority for maintenance of the system:
Section 505(i)(3), Federal Food, Drug, and Cosmetic Act (21
U.S.C. 355(i)(3)), 21 CFR part 312 (new drugs and biologics for
investigational use); section 520, Federal Food, Drug, and Cosmetic
Act (21 U.S.C. 360j), 21 CFR part 812 (new devices for
investigational use); sections 512(j) and (l)(1), Federal Food, Drug,
and Cosmetic Act (21 U.S.C. 360b(j) and (l)(1)), 21 CFR part 511 (new
animal drugs for investigational use); Sections 409 and 721, Federal
Food, Drug, and Cosmetic Act (21 U.S.C. 348 and 379e), 21 CFR part 71
(color additive petitions), 21 CFR part 171 (food additive
petitions); section 412, Federal Food, Drug, and Cosmetic Act (21
U.S.C. 350a) (infant formula requirements); and section 351, Public
Health Service Act (42 U.S.C. 262).
Purpose(s):
1. To provide controls to assure that investigators meet
requirements of the relevant statutes and regulations governing new
drug, biologic, food or color additive, GRAS substance, infant
formula, new animal drug, and/or device studies.
2.To serve as a data base for the effective performance of
activities necessary for the conduct of the bioresearch monitoring
program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Records that, on their face or in conjunction with other
records, indicate a violation or potential violation of law, may be:
(1) Referred for investigation and possible enforcement action under
the applicable Federal, State, or foreign laws to the Department of
Justice and other appropriate Federal agencies, an appropriate State
food and drug enforcement agency or licensing authority, or the
government of a foreign country where studies are being or have been
conducted; or (2) disclosed to sponsors or IRB's responsible for
initiating, approving, monitoring, or overseeing any studies affected
by the violation or potential violation, if the information disclosed
is relevant to any enforcement, regulatory, investigative, or
prosecutorial responsibility of the receiving entity.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the written request of that individual.
3. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other adjudicative body, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof (where HHS determines
that the litigation is likely to affect HHS or any of its
components),
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other adjudicative body, is relevant and
necessary to the litigation and would help in the effective
representation of the governmental interest, provided, however, that
in each case, HHS determines that such disclosure is compatible with
the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual files of investigatory materials are maintained in letter-
size manila folders and on microfilm. Automated files are maintained
on magnetic disk or tape.
Retrievability:
Indexed by name or code number.
Safeguards:
1. Authorized users: Personnel in CBER's Bioresearch Monitoring
Team and CBER Product Review Offices; Personnel in CDRH's Division of
Bioresearch Monitoring; Personnel in CDER's Division of Scientific
Investigations, Division of Drug Information Resources, Management
and Data Systems Branch; Personnel in CFSAN's Division of Product
Policy, Division of Health Effects Evaluation; and Personnel in CVM's
Division of Compliance, Bioresearch Monitoring Staff.
2. Physical safeguards: Files are stored in secured areas, locked
buildings, locked rooms, locked tape vaults, and lockable data media
cabinets.
3. Procedural (or technical) safeguards: Limited access and
computer password which is changed periodically.
4. Implementation guidelines: These practices are in compliance
with the standards of chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the Department's Automated
Information System Security Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
FDA Records Control Schedule transmittal number H:90-1, Departmental
number B-331.
System manager(s) and address:
Director, Division of Inspections and Surveillance (HFM-650),
Center for Biologics Evaluation and Research, Office of Compliance
and Biologics Quality, 1401 Rockville Pike, Rockville, MD 20852.
Director, Division of Bioresearch Monitoring (HFZ-310), Office of
Compliance, Center for Devices and Radiological Health, 2094 Gaither
Rd., Rockville, MD 20850.
Deputy Director, Division of Scientific Investigation (HFD-341),
Center for Drug Evaluation and Research, Office of Compliance, 7520
Standish Pl., Rockville, MD 20855.
Bioresearch Monitoring Project Manager (HFS-207), Center for Food
Safety and Applied Nutrition, Office of Premarket Approval, Division
of Product Policy, 200 C St. SW., Washington, DC 20204.
Manager, Bioresearch Monitoring Program (HFV-234), Center for
Veterinary Medicine, Division of Compliance, 7500 Standish Pl.,
Rockville, MD 20855.
Notification procedures:
An individual may learn if a record exists about him or her upon
written request with notarized signature or certification of
identification under penalty of perjury if request is made by mail,
or with identification if request is made in person (see also 21 CFR
21.44), directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Access to record
systems which have been granted an exemption from the Privacy Act
access requirement may be made at the discretion of the system
manager. If access is denied to requested records, an appeal may be
made to:
Commissioner, Food and Drug Administration, 5600 Fishers Lane,
Rockville, MD 20857.
You may also request an accounting of disclosures that have been
made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedures above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained. Some material is
obtained from third parties, e.g., drug companies, publications, or
is developed by FDA.
Systems exempted from certain provisions of the act:
This system is exempt from access and contest and certain other
provisions of the Privacy Act (5 U.S.C. 552a(c)(3), (d)(1) to (d)(4),
(e)(3), (e)(4)(G) to (e)(4)(H) and (f)) to the extent that it
includes investigatory material compiled for law enforcement
purposes, where access would be likely to prejudice the conduct of
the investigation.
09-10-0011
System name: Certified Retort Operators, HHS/FDA/CFSAN.
Security classification:
None.
System location:
Division of Hazard Analysis Critical Control Point, (HACCP)
Programs (HFS-615), Center for Food Safety and Applied Nutrition, 200
C Street, SW, Washington, DC 20204.
Categories of individuals covered by the system:
Food industry employees who have attended courses of instruction
relating to operation of retorts.
Categories of records in the system:
Contains name and training records.
Authority for maintenance of the system:
Section 404 of the Federal Food, Drug, and Cosmetic Act (21
U.S.C. 344).
Purpose(s):
To ascertain that programs exist in regulated establishments
relating to food industry employees instructed in operating retorts.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records in this system showing a low-acid canned food
establishment not having supervised canning retort operations may be:
(1) Referred for investigation and possible enforcement action
against the company and responsible officials, to the Department of
Justice, or appropriate State food and drug law enforcement agencies,
or (2) disclosed in administrative or court proceedings in
determining whether a record is relevant to an agency decision
concerning documents of investigatory materials.
Most records in the system may be disclosed to a food company who
may be advised as to whether an individual has satisfied FDA
requirements.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Maintained in standard filing equipment.
Retrievability:
Indexed by name.
Safeguards:
1. Authorized users: Limited access to professional staff and
secretary of the Regulatory Food Chemistry Branch.
2. Physical safeguards: Records are stored in locked containers
in locked rooms and building.
3. Procedural safeguards: Users of personal information in
connection with the performance of their jobs have been instructed to
protect such information from public view and from unauthorized
personnel. Access to records is strictly limited to those staff
members trained in accordance with the Privacy Act.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual.
Retention and disposal:
Records may be retired to a Federal Records Center and
subsequently disposed of in accordance with FDA's Records Control
Schedule. The Records Control Schedule and disposal standard for
these records may be obtained by writing to the system manager at the
address below.
System manager(s) and address:
Director, Division of Hazard Analysis Critical Control Point
(HACCP) Programs (HFS-615), Center for Food Safety and Applied
Nutrition, 200 C Street, SW, Washington, DC 20204.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under the
notification procedure and reasonably identify the record, specify
the information being contested, the corrective action sought, and
your reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Educational institutions that conduct retort operator training.
Systems exempted from certain provisions of the act:
None.
09-10-0013
System name: Employee Conduct Investigative Records, HHS/FDA/OM.
Security classification:
None.
System location:
Office of Internal Affairs (HF-9), Office of the Commissioner,
1801 Rockville Pike, Suite 405, Rockville, MD 20857.
Categories of individuals covered by the system:
Employees or former employees, or special Government employees of
FDA who are alleged to have violated FDA or Departmental regulations
and/or Federal statutes.
Categories of records in the system:
This system includes records relating to correspondence
concerning an individual's employment status or conduct while
employed by FDA. Examples of these records include: Correspondence
from employees, members of Congress and members of the public
alleging misconduct by an official of FDA. It also contains reports
of investigations to resolve allegations of misconduct or violations
of statutes, with related exhibits of statements, affidavits or
records obtained during the investigation; reports of action taken by
management; decisions on any misconduct substantiated by the
investigation; and reports of legal action resulting from violations
of statutes referred for prosecution.
Authority for maintenance of the system:
5 U.S.C. 301; Title 18, U.S.C. (e.g., 18 U.S.C. 201, 203, 207,
208, 209, 1905); 21 U.S.C. 331; 28 U.S.C. 535(b); 44 U.S.C. 3101;
E.0. 10450 and 45 CFR part 73.
Purpose(s):
To provide management with information needed to take actions
against complaints or alleged violations. These complaints may be
referred to the Office of Inspector General, Office of the Secretary,
HHS.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records that indicate violation or potential violation of law
regulation and/or policy may be: (1) Referred for investigation and
possible enforcement action under the applicable Federal, state, or
foreign laws to the Department of Justice; an appropriate state food
and drug enforcement health agency or licensing authority; or the
government of a foreign country; or (2) disclosed in administrative
or court proceedings in determining whether a record is relevant to
an agency decision concerning documents of investigatory materials.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and automated records, in folders, in file cabinets, and on
FDA central computer.
Retrievability:
Alphabetically by name.
Safeguards:
1. Authorized users: Limited access to Division of Ethics and
Program Integrity Staff and authorized support staff of the Office of
Management and Operations.
2. Physical safeguards: Records are maintained in locked rooms
within a locked secured area protected by a 24-hour building guard
service.
3. Procedural safeguards: Users of personal information in
connection with the performance of their jobs have been instructed to
protect such information from public view and from unauthorized
personnel. Access is strictly limited to those employees trained in
accordance with the Privacy Act. Access to computer records is via
user passwords and system access codes.
4. Implementation guidelines: Safeguards are established in
accordance with Chapters 45-13 of the Department's General
Administration Manual.
Retention and disposal:
Records are retained until 5 years after termination of
employment of subject individual or when no longer needed for
reference. Disposal of records is accomplished by shredding, burning,
or other appropriate means so as to render them illegible.
System manager(s) and address:
Special Agent in Charge, Office of Internal Affairs (HFD-9),
Office of the Commissioner, 1801 Rockville, MD 20852.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. Access to record systems
which have been granted an exemption from the Privacy Act access
requirement may be made at the discretion of the system manager. If
access is denied to requested records an appeal may be made to:
Commissioner, Food and Drug Administration, 5600 Fishers Lane,
Rockville, MD 20857
You may also request an accounting of disclosures that have been
made of your record, if any.
Contesting record procedures:
If access has been granted, contact the official at the address
specified under notification procedure above and reasonably identify
the record, specify the information being contested, the corrective
action sought, and your reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information in this system of records is obtained from FDA
personnel and FDA records, subjects of investigations, complaints,
witnesses, other Federal agencies, State and local agencies, and
personal observations by the investigator.
Systems exempted from certain provisions of the act:
This system is exempt from access and contest and certain other
provisions of the Privacy Act, (5 U.S.C. 552a(c)(3), (d) (1) to (4),
(e)(3), (e)(4) (G) to (H), and (f)), to the extent that it includes
investigatory material compiled for law enforcement purposes,
including criminal law enforcements.
09-10-0017
System name: Epidemiological Research Studies of the Center for
Devices and Radiological Health, HHS/FDA/CDRH.
Security classification:
None.
System location:
Epidemiology Branch (HFZ-541), Division of Postmarket
Surveillance, Center for Devices and Radiological Health, 1350
Piccard Drive, Rockville, MD 20850.
Categories of individuals covered by the system:
Persons who have been exposed to radiation (ionizing,
nonionizing, sonic) from either medical, occupational or
environmental sources; patients with cancer, birth defects, or other
diseases or conditions which result from radiation exposure;
unexposed persons (e.g., family members) for the purpose of making
comparisons.
Categories of records in the system:
ID number, Social Security number which is supplied on a
voluntary basis, name, demographic characteristics, radiation
exposure, occupational and personal health histories, medical data,
and information on or from death certificates, if deceased.
Authority for maintenance of the system:
Public Health Service Act, sections 301, 310, 354, 356, and 357,
42 U.S.C. 241, 242A, 263b, 263c, and 263d. Federal Food, Drug, and
Cosmetic Act, section 702(a), 21 U.S.C. 372(a). Reorganization Plan
No. 3 of 1970, Section 2.
Purpose(s):
To maintain records used by epidemiologists, statisticians, and
authorized staff for epidemiological research and analyses on the
effect of radiation exposure.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
A record may be disclosed for a research purpose, when the
Department: (a) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (b) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (c) has required the recipient
to-- (1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and (2) remove or destroy the information that identifies the
individual at the earliest time at which removal or destruction can
be accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except-- (A) in
emergency circumstances affecting the health or safety of any
individual, (B) for use in another research project, under these same
conditions, and with written authorization of the Department, (C) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(D) when required by law; (d) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide these provisions.
Records in the system may be made available to Federal, state,
and local agencies having an interest in protecting the public from
the effects of radiation.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example in defending a claim against the
Public Health Service based upon an individual's mental or physical
condition and alleged to have arisen because of activities of the
Public Health Service in connection with such individual, disclosure
may be made to the Department of Justice to enable that Department to
present an effective defense, provided that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders, on punch cards and on
magnetic tape and discs, computer printouts and on microfiche.
Retrievability:
Records are retrieved by name and study number.
Safeguards:
1. Authorized users: Designated employees of the Center for
Devices and Radiological Health.
2. Physical safeguards: Data collection instruments are stored in
locked file cabinets, locked rooms, and locked buildings.
3. Procedural (or technical) safeguards: Name listings and log
books containing information to permit the identification of an
individual and microfilmed records are kept in locked files. Computer
password is changed periodically.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual and Part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
One year to permanently, depending on the length of follow-up
required to complete all phases of the study. The records are
destroyed by shredding, burning, or other appropriate means so as to
render them illegible. Computer tapes and discs are erased.
System manager(s) and address:
Chief, Epidemiology Branch (HFZ-116), Division of Biometric
Sciences, Center for Devices and Radiological Health, 5600 Fishers
Lane, Rockville, MD 20857.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought. An individual who requests
notification of, or access to, a medical record shall at the time the
request is made, designate in writing a responsible representative
who will be willing to review the record and inform the subject
individual of its contents at the representative's discretion. You
may also request an accounting of disclosures that have been made of
your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals in the system of records, employers, health care
providers and facilities, administrative and vital statistics
agencies.
Systems exempted from certain provisions of the act:
None.
09-10-0018
System name: Employee Identification Card Information Record,
HHS/FDA/OC.
Security classification:
None.
System location:
Personal Property Management Section, Services Unit (HFA-227),
5600 Fishers Lane, Rockville, MD 20857
Metropolitan Office Services Unit (HFA-216), 200 C Street, SW,
Washington, DC 20204
Physical Security Staff (HFA-204), 7500 Standish Place, MPN, Rm.
N-378, Rockville, MD 20855.
Administrative Branch at Field/District Offices. For the location
of Field/District Offices, see appendix A to system notice 09-10-
0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC.
Categories of individuals covered by the system:
Approximately 8,000 FDA employees.
Categories of records in the system:
Contains name, mail routing code, office telephone number,
building, room number, birthdate, sex, identification photograph,
height, weight, color of eyes, color of hair, and type of
appointment.
Authority for maintenance of the system:
40 U.S.C. 471, et seq; Management and Disposal of Government
Property Act.
Purpose(s):
The system is designed to maintain a record of all holders of FDA
identification cards and security card keys, Forms HHS 576 (FDA
employees only) FDA 2923, and FDA 3391, for renewal and recovery
purposes and to identify numbers of lost or stolen cards. The system
may also be used at FDA Headquarters to locate employees whose names
have not been entered in the FDA locator system.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a Congressional office from the record
of an individual in response to an inquiry from the Congressional
office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Forms filed in folders in a locked filing cabinet. Computer tapes
and discs stored in a locked safe.
Retrievability:
Information is filed and retrieved by name and date of birth.
Safeguards:
1. Authorized users: Authorized FDA personnel whose official
duties require access for issuance, renewal, retrieval, and location
purposes.
2. Physical safeguards: Records are kept in locked file cabinets
and on minicomputers at Headquarters and are maintained in secured
areas. Computer discs and tapes are stored in locked safes.
3. Procedural (or technical) safeguards: Computer software
providing restricted commands.
4. Implementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual and Part 6 of the Department's ADP
Systems Manual.
Retention and disposal:
Records are maintained as long as the cards are valid. Computer
tapes are erased immediately upon termination of employment and
inactive forms are destroyed after 6 months by shredding.
System manager(s) and address:
Chief, Administrative Services Branch (HFA-210), 5600 Fishers
Lane, Rockville, MD 20857.
Chief, Physical Security Staff (HFA-204), 7500 Standish Place,
MPN II, Rm. N-378, Rockville, MD 20855.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HFI-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought, and provide any other names
officially used during period of employment. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individual on whom the record is maintained.
Systems exempted from certain provisions of the act:
None.
09-10-0019
System name:
Mammography Quality Standards Act (MQSA) Training Records, HHS/
FDA/CDRH.
Security classification:
None.
System location:
Division of Mammography Quality amd Radiation Programs (HFZ-240),
Center for Devices and Radiological Health, 1350 Piccard Drive,
Rockville, Maryland 20850. A current list of contractor sites is
available by writing to the System manager, indicated below, at this
address.
Categories of individuals covered by the system:
All individuals who receive training for the purpose of
implementing the Mammography Quality Standards Act of 1992;
individuals who successfully complete the training will become
certified to conduct inspections and audits of mammograph facilities.
Categories of records in the system:
Contains name; date of birth; education; professional experience;
employment address; dates of mammography training; participant's test
scores, class grades, and an analysis of those scores; dates of
certification of the inspector; dates of renewal or withdrawal of
certification; and an evaluation of the inspector's field performance
(records of complaints received and how the complaints received and
how the complaints were resolved).
Authority for maintenance of the system:
Pub. L. 102-539, the Mammography Quality Standards Act (MQSA) of
1992 (42 U.S.C. 263b).
Purpose:
To provide the Food and Drug Administration (FDA) with
information about the training, certification, and recertification of
MQSA inspectors for the purpose of implementing the Mammography
Quality Standards Act of 1992.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
records of an individuals, in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her official capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components.
is a party to litigation or has an interest to such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. Disclosure may be made with the individual's supervisor since
MQSA inspections will be a significant part of many inspector's jobs;
therefore, performance in the training courses is an importance
element of information to help the supervisor determine employee
assignments as well as the level of supervision needed.
4. Disclosure may be made to contractors for the purpose of
collecting, compiling, aggregating, analyzing, or refining records in
the system. Contractors will be required to maintain Privacy Act
safeguards with respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Data are maintained in hard copy files and on computer disks,
hard drive, and file servers.
Retrievability:
Indexed by name, state, specific courses, training dates, grades,
date of certification, and date of withdrawal of certification.
Safeguards:
1. Authorized users: Personnel of the Division of Mammography
Quality Reporting Program who are engaged in training the individuals
who inspect mammography facilities, and personnel in the Division who
compile and analyze the test and personal data of the students.
2. Physical safeguards: All records (such as disketts, computer
listings, or documents) are kept in a secured area, locked rooms, and
locked building. The facility has a 24-hour guard service, and access
to the building is further controlled by an operational card key
system. Access to the computer room is limited to a subset of persons
with general access to the building. Access to individual offices is
controlled by simplex locks. The building has smoke/fire detectors;
the computer room has additional smoke/fire detectors plus water,
temperature, and humidity sensors. The computers room hasan
uninterruptible power supply and a power supply and a power
conditioning system.
3.Procedural safeguards: End users and system professionals
continue to receive regular training in information systems security
and have signed an agreement indicating their cooperation with FDA
policies. Users are further instructed on system security during
training sessions for this application and in accordance with the
Privacy Act. Users of personal information in the performance of
their duties have been instructed to protect personal information
from public views and from unauthorized personnel.
All reports containing confidential data are marked
``confidential'' and placed in the developer's or system manager's
mail slot, which is located in an access-controlled room. CDRH SOP
requires that all reports containing confidential information be
shredded before disposal.
4. Technical safeguards: All users have individual IDS and
regularly expiring passwords at least 6 characters long. All users
are assigned specific levels of database control based on their needs
and authority. All users of valid IDs and passwords will be
monitored. Upon job change, the user's authorization is reviewed and
updated as necessary.
All changes to data, as well as the time of change and the
operator's ID are captured in a file as part of the database design.
All data entered online is edited checked.
The system's intrusion alarms, which list all logins and their
source, are monitored daily by the Information Systems Security
Officer. In addition, CDRH maintains commercial auditing software
that permit logging of keystrokes by individual accounts.
CDRH maintains three audits trails for this system:
1. System-wide intrusion alarms and file access notices.
2. Application-dependent logging of all data transactions.
3. Commercial software that permits capturing all keystrokes from
suspicious accounts and terminals.
All systems in support of this database are under the control of
CDRH and meet the same security standards as the application.
5. Inplementation guidelines: Safeguards are established in
accordance with Chapter 45-13 and PHS hf:45-13 of the Department's
General Administration Manual and the Department's Automated
Information Systems Security Handbook.
Retention and disposal:
Records are retained for five years after the certificed MQSA
inspector leaves government service. At the end of five years, in
individual's paper records are shredded and automated records are
erased.
System manager(s) and address:
Director, Division of Mammography Quality and Radiation Programs
(HFZ-240), Center for Devices and Radiological Health, 1350 Piccard
Drive, Rockville, Maryland 20850.
Notification procedure:
An individual may learn if a record exists about him or her upon
written request, with notarized signature if request is made by mail,
or with identification if request is made in person, directed to:
FDA Privacy Act Coordinator (HF1-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857.
Record access procedures:
Same as notification procedure. Requests should also reasonably
specify the record contents being sought. You may also request an
accounting of disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals on whom the record is maintained and training records
pertaining to that individual. Information about certification
renewal or withdrawal is generated in-house by the Division of
Mammography Quality and Radiation Programs. Sources of information
about field performance could include the inspector's supervisor, as
well as any investigation of an inspector's performance as a result
of an inspector's performance as a result of complaints by a
mammography facility.
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Medicare & Medicaid Services
Table of Contents
System Number and System Name
09-70-0005 National Claims History (NCH), HHS/HCFA/BDMS.
09-70-0008 National Provider System (NPS), HHS/HCFA/OIS.
09-70-009 Medicare Provider Analysis and Review (MEDPAR), HHS/
HCFA/OIS.
09-70-0022 Municipal Health Services Program, HHS/HCFA/ORD.
09-70-0030 National Long-Term Care Study Follow-up, DHHS/HCFA/
ORD.
09-70-0033 Person-Level Medicaid Data System, HHS/HCFA/ORD.
09-70-0036 Evaluation of Competitive Bidding for Durable
Medical Equipment Demonstration, HHS/HCFA/ORD.
09-70-0039 Evaluation of the Medicare Alzheimer's Disease
Demonstration, HHS/HCFA/ORD.
09-70-0040 Health Care Financing Administration (HCFA) Organ
Transplant Data File, HHS/HCFA/BDMS.
09-70-0042 Medicare Cancer Registry Record System, HHS/HCFA/
BDMS.
09-70-0045 Evaluation of the Arizona Health Care Cost
Containment and Long -Term Care Systems Demonstration, HHS/HCFA/ORD..
09-70-0046 Home Health Quality Indicator System (HHQUIS), HHS/
HCFA/ORD.
09-70-0048 Monitoring of the Home Health Agency Prospective
Payment Demonstration, HHS/HCFA/ORD.
09-70-0049 Evaluation of the Home Health Agency Prospective
Payment Demonstration, HHS/HCFA/ORD.
09-70-0050 The Medicare/Medicaid Multistate Case-Mix and
Quality Data Base for Nursing Home Residents, HHS/HCFA/ORD.
09-70-0051 Quality Assurance for the Home Health Agency (HHA)
Prospective Payment Demonstration, HHS/HCFA/ORD.
09-70-0052 Posthospitalization Outcomes Studies, HHS/HCFA/ORD.
09-70-0053 The Medicare Beneficiary Health Status Registry
Pilot, HHS/HCFA/ORD.
09-70-0057 Evaluation of the Medicaid Extension of Eligibility
to Certain Low Income Families Not Otherwise Qualified to Receive
Medicaid Benefits Demonstration, HHS/HCFA/ORD.
09-70-0058 Evaluation of the Medicare SELECT Program, HH/HCFA/
ORD.
09-70-0059 The Medicaid Necessity, Appropriateness, and
Outcomes of Care Study, HHS/HCFA/ORD.
09-70-0063 Evaluation of the Medicaid Demonstration for
Improving Access to Care for Susstance Abusing Pregnant Women, HHS/
HCFA/ORD.
09-70-0064 Individuals Authorized Access to the Health Care
Financing Administration (HCFA) Data Center.
09-70-0066 Evaluation of, and External Quality Assurance for,
the Community Nursing Organization Demonstration.
09-70-0067 End-Stage Renal Disease (ESRD) Managed Care
Demonstration System, HHS/HCFA/OSP..
09-70-0069 Links of Social Security Administration (SSA) and
Health Care Financing Adminsitration (HCFA) Data Financing (LOD),
HHS/HCFA/OSP.
09-70-0501 Carrier Medicare Claims Records, HHS/HCFA/BPO.
09-70-0502 Health Insurance Master Record, HHS/HCFA/BPO.
09-70-0503 Intermediary Medicare Claims Records, HHS/HCFA/BPO.
09-70-0504 Beneficiary Parts A and B Uncollectible Overpayment
File, HHS/HCFA/BPO.
09-70-0505 Supplemental Medical Insurance Accounting
Collection and Enrollment System, HHS/HCFA/BPO.
09-70-0508 Reconsideration and Hearing Case Files (Part A)
Hospital Insurance Program, HHS/HCFA/BPO.
09-70-0512 Review and Fair Hearing Case Files--Supplementary
Medical Insurance Program, HHS/HCFA/BPO.
09-70-0513 Medicare Benefits Notices (MBN), HHS/HCFA/CBS.
09-70-0516 Medicare Physican/Supplier Master File, HHS/HCFA/
BPO.
09-70-0517 Physician/Supplier 1099 File (Statement for
Recipients of Medical and Health Care Payments), HHS/HCFA/BPO.
09-70-0518 Medicare Clinic Physician/Supplier Master File,
HHS/HCFA/BPO.
09-70-0520 End Stage Renal Disease (ESRD) Program Management
and Medical Information System (PMMIS), HHS/HCFA/BDMS.
09-70-0522 Billing and Collection Master Record System, HHS/
HCFA/BPO.
09-70-0524 Intern and Resident Informaiton System, HHS/HCFA/
BPO.
09-70-0525 Medicare Physician Identification and Eligibility
System (MPIES), HHS/HCFA/BPO.
09-70-0526 Common Working File (CWF), HHS/HCFA/BPO.
09-70-0527 HCFA Utilization Review Investigatory Files, HHS/
HCFA/BPO.
09-70-0530 Medicare Supplier Identification File, HHS/HCFA/
BPO.
09-70-0531 National Emphysema Treatment Trial (NETT) System,
HHS/HCFA/CHPP.
09-70-0532 Provider Enrollment Chain, and Ownership System
(PECO), HHS/CMS/OPM.
09-70-0535 Medicare Choices Helpline (HELPLINE), HHS/HCFA/CBS.
09-70-0536 Medicare Beneficiary Database, HHS/CMS/CBS.
09-70-1511 Physical Therapists in Independent Practice
(Individuals), HHS/HCFA/HSQB.
09-70-1512 Pro Data Management Information System (PDMIS),
HHS/HCFA/HSQB.
09-70-1516 Uniform Clinical Data Set (UCDS), HHS/HCFA/HSQS.
09-70-1516 Long Term Care Minimum Data Set (LTC MDS), HHS/
HCFA/CMSO.
09-70-1518 Inpatient Rehabilitation Facilities Patient
Assessment Instrument (IRFPAI), HHS/CMS/CMSO.
09-70-2003 Completion of State Medicaid Quality Control (MQC)
Reviews, HHS/HCFA/BQC.
09-70-2006 Income and Eligibility Verification for Medicaid
Eligibility Quality Control (MEQC) Reviews, HHS/HCFA/MB.
09-70-3001 Record of Individuals Authorized Entry to HCFA
Buildings via A Card Key Access System (RICKS), HHS/HCFA/OICS.
09-70-3002 Health Care Fnancing Administration (HCFA) Employee
Building Pass Files, HHS/HCFA/OBA.
09-70-3004 Record of Individuals Allowed Regular and Special
Parking Privileges at the Health Care Financing Administration (HCFA)
Building (PRKG), HHS/HCFA/OICS.
09-70-4001 Group Health Plan System, HHS/HCFA/OPHCOO.
09-70-4003 Medicare HMO/CMP Beneficiary Reconsideration System
(MBRS), HHS/HCFA/OPHCOO.
09-70-4004 Health Plan Management System (HPMS), HHS/HCFA/
CHPP.,
09-70-5001 Medicare Hearings and Appeals System (MHAS), HHS/
HCFA/AAO.
09-70-6001 Medicaid Statistical Information System (MSIS),
HHS/HCFA/BDMS.
09-70-6002 Medicare Current Beneficiary Survey (MCBS) System,
HHS/HCFA/OSP.
09-70-9001 Health Care Financing Administration (HCFA)
Correspondence and Assignment Tracking and Control System (CATCS),
HHS/HCFA/OEO.
09-70-9002 Home Health Agency Outcome and Assessment
Information Set ( HHA OASIS), HHS/CMSO.S-
09-70-9005 Complaints Against Health Insurance Issuers and
Health Plans (CAHII), HHS/HCFA/CMSO.
09-70-0005
System name:
National Claims History (NCH), HHS/HCFA/BDMS.
Security classification:
None.
System location:
HCFA Data Center, Lyon Building, 7131 Rutherford Road, Baltimore,
Maryland 21207-5187.
Categories of individuals covered by the system:
Persons enrolled in hospital insurance or supplementary medical
benefits parts of the Medicare program and their referring and
servicing physicians.
Categories of records in the system:
Bill data, demographic and identifying data on the beneficiary;
diagnosis and procedural codes; provider characteristics and
identifying number (including physicians).
Authority for maintenance of the system:
Section 1874(a) and section 1875 of the Social Security Act (42
U.S.C. 139511).
Purpose(s):
To assist in a variety of health care initiatives with other
entities, and to study the operation and effectiveness of the
Medicare program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made:
(1) To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(2) To the Bureau of Census for use in processing research and
statistical data directly related to the administration of Agency
programs.
(3) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components;
is party to litigation or has an interest to such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(4) To an individual or organization for a research, evaluation,
or epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitation under which the record was provided, collected, or
obtained;
(b) Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring; and
(3) There is reasonable probability that the objective for the
use would be accomplished;
(c) Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project unless
the recipient presents an adequate justification of a research or
health nature for retaining such information; and
(3) Make no further use or disclosure of the record except;
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit; or
(d) When required by law.
(d) Secures a written statement attesting to the recipient's
understanding and willingness to abide by the provisions.
(5) To entities with a legitimate need for data for statistical
analyses bearing on Medicare payment policies for inpatient hospital
services. Information disclosed for this purpose will not include a
beneficiary's health insurance claim number, race, or Medicare status
code; the beneficiary's age will be identified only to the extent of
stating whether he or she resides in the same State as the provider;
the admission and discharge dates will be identified only by calendar
quarter; and the date of surgery will be identified only as the
number of days after admission. Each of the Medicare Provider
Analysis and Review (MEDPAR) files--short-stay hospital services
file, long-term hospital services, skilled nursing facility services
file, and other provider services files--will be modified in
accordance with the foregoing provision for release. The entity must
agree:
(a) Not to try to identify individual beneficiaries;
(b) Not to disclose raw data to any persons except contractors
for data processing and storage (and it must agree to require any
such contractor not to release any data and not to retain any data
after performing the contract);
(c) Not to link this information to other beneficiary-specific
records;
(d) Not to publish or otherwise disclose data in a form raising
unacceptable possibilities that beneficiaries could be identified;
and
(e) To safeguard the confidentiality of the data and to try to
prevent unauthorized access to it.
(6) To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this
system or for developing, modifying, and/or manipulating automated
data processing (ADP) software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for ADP or telecommunications systems
containing or supporting records in the system.
(7) With respect to the quality of care (QC) MEDPAR file, to
entities with a legitimate need for data for the purpose of
conducting research or evaluation on the quality and effectiveness of
care provided in hospitals. Research or evaluation under this routine
use must focus on the improvement of health care or measures for
determining, validating, and monitoring the quality and effectiveness
of hospital care in such areas as access to care, outcomes of care,
and effectiveness of care in improving, restoring, or maintaining the
independence and functioning of Medicare beneficiaries. Information
disclosed under this routine use will be limited to the data elements
described in appendix A.
The QC MEDPAR file may be released to an entity if HCFA
determines:
a. That the use or disclosure does not violate legal limitations
under which the data were provided, collected, or obtained.
b. That the purpose for which the disclosure is to be made:
(1) Cannot reasonably be accomplished unless the data are
provided in the detailed form described in appendix A;
(2) Is reasonably likely to be accomplished in view of the
capabilities of the requesting entity and other factors; and
(3) Is of sufficient importance to warrant the possible effect on
the privacy of the individual that the disclosure of the data might
bring.
c. In order for HCFA to determine that the requirements in
section 7.b. are met, the entity must submit and HCFA must approve:
(1) A research or evaluation plan specifying the objectives of
the research or evaluation, the manner in which the data will be
used, the financial support for the plan, and the date the research
or evaluation will be completed. Evaluation plans designed to assist
specific providers must be supported by letters of commitment to the
evaluation by the providers. Values or differences in values that
would trigger provider action must be addressed in the evaluation
plan as well as the action the provider intends to take; and
(2) A copy of any report by a panel of recognized experts
reviewing the research or evaluation plan (when such review has been
performed).
d. The entity and its contractors, if any, must sign a statement
acknowledging that section 1106(a) of the Social Security Act, which
prohibits the disclosure of confidential information and imposes
criminal penalties, may apply. They must also agree to the following:
(1) Not to link the data to other beneficiary-specific records
nor to use the data to identify individual beneficiaries;
(2) Not to use the data for purposes that are not related to
HCFA-approved research or evaluation of the quality and effectiveness
of hospital inpatient care. Prohibited uses include but are not
limited to: Marketing, (for example, identification and targeting of
under- or over-served health service markets primarily for the
purposes of commercial benefit), insurance (for example, redlining
areas deemed to offer bad health insurance or underwriting risks),
and adverse selection (for example, identifying patients with high
risk diagnoses). The data must not be made available by the entity or
its contractor for an activity not approved by HCFA, even if carried
on within the entity or its contractor;
(3) Not to disclose the data to any persons or organizations
unless the data are in aggregated form as described in paragraph 5.
The data may be disclosed to a contractor for data processing if:
(a) The entity has specified in the research plan submitted to
HCFA that the contractor would receive the data for that purpose, or
the entity has obtained written authorization from HCFA to make the
disclosure to the contractor, and
(b) The contractor has signed a confidentiality statement with
HCFA.
(4) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level where no data cells have 10 or fewer
beneficiaries);
(5) To submit a copy of its plans for any aggregation of the data
intended for publication to HCFA for approval prior to publication;
(6) To establish appropriate administrative, technical,
procedural, and physical safeguards to protect the confidentiality of
the data and to prevent unauthorized access to it;
(7) To return all files to HCFA, and destroy any copies that may
have been made, at the completion of the research or evaluation plan.
(8) To an agency of a State government, or established by State
law, for purposes of determining, evaluating, and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the State, if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
(b) Establishes that the data are exempt from disclosure under
the State and/or local Freedom of Information Act;
(c) Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individuals that additional exposure of the
record might bring; and
(3) There is a reasonable probability that the objective for the
use would be accomplished; and
(d) Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use on another project under the same conditions, and
with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit; or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions. The
recipient must agree to the following:
(a) Not to use the data for purposes that are not related to the
evaluation of cost, quality, and effectiveness of care;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level where no data cells have 10 or fewer
beneficiaries); and
(c) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
(9) With respect to the Medicare mortality information file
derived from the MEDPAR file and other files available to HCFA, to
individual hospitals that have previously supplied to HCFA the
patient-identifiable data included on the file. Release of these data
to the hospital would include mortality predictors which have been
statistically derived by HCFA from data provided by the hospital,
national data, and the number of previous hospitalizations in all
hospitals. Certain conditions must be met before the data are
released:
(a) The data may include information only on patients that the
requesting hospital has previously supplied plus the mortality
predictors;
(b) The hospital administrator must make a specific request for
these data in writing. This request must be on hospital letterhead,
must associate the need for these data with the hospital's quality of
care activities, and must indicate that the hospital will continue to
maintain the confidentiality of the data;
(c) A standard fee must be paid, as determined by HCFA, for these
data prior to their release to the hospital.
(10) To the Railroad Retirement Board for administering
provisions of both the Railroad Retirement and Social Security Acts
relating to railroad employment and/or to the administration of the
Medicare program.
(11) To insurance companies, self-insurers, Health Maintenance
Organizations (HMOs), multiple employer trusts, and other groups
providing protection against medical expenses of their enrollees
without the beneficiary's authorization.
Information to be disclosed shall be limited to Medicare
entitlement, utilization, and payment data. In order to receive this
information the entity must agree to the following conditions:
a. To certify that the individual about whom the information is
being provided is one of its insureds;
b. To utilize the information solely for the purpose of
processing the identified individual's insurance claims; and
c. To safeguard the confidentiality of the data and to prevent
unauthorized access to it.
(12) To insurers, underwriters, third party administrators
(TPAs), self-insurers, group health plans, employers, HMOs, health
and welfare benefit funds, Federal agencies, a State or local
government or political subdivision of either (when the organization
has assumed the role of an insurer, underwriter, or TPA, or in the
case of a State that assumes the liabilities of an insolvent insurer,
through a State created insolvent insurer pool or fund), multiple
employer trusts, no-fault, medical, automobile insurers, workers'
compensation carriers or plans, liability insurers, and other groups
providing protection against medical expenses who are primary payers
to Medicare in accordance with 42 U.S.C. 1395y(b), or any entity
having knowledge of the occurrence of any event affecting (A) an
individual's right to any such benefit or payment, or (B) the initial
or continued right to any such benefit or payment (for example, a
State Medicaid agency, State Workers' Compensation Board, or
Department of Motor Vehicles) for the purpose of coordination of
benefits with the Medicare program and implementation of the Medicare
Secondary Payer (MSP) provision at 42 U.S.C. 1395y(b). The
information HCFA may disclose will be:
b Beneficiary Name
b Beneficiary Address
b Beneficiary Health Insurance Claim Number
b Beneficiary Social Security Number
b Beneficiary Sex
b Beneficiary Date of Birth
b Amount of Medicare Conditional Payment
b Provider Name and Number
b Physician Name and Number
b Supplier Name and Number
b Dates of Service
b Nature of Service
b Diagnosis
To administer the MSP provision at 42 U.S.C. 1395y(b)(1) more
effectively, HCFA would receive from and may disclose to insurers,
underwriters, TPAs, self-insureds, etc., the following types of
information (to the extent that it is available):
b Subscriber Name and Address
b Subscriber Date of Birth
b Subscriber Social Security Number
b Dependent Name
b Dependent Date of Birth
b Dependent Social Security Number
b Dependent Relationship to Subscriber
b Insurer/Underwriter/TPA Name and Address
b Insurer/Underwriter/TPA Group Number
b Insurer/Underwriter/TPA Group Name
b Policy Number
b Effective Date of Coverage
b Employer Name, Employer Identification Number (EIN) and Address
b Employment Status
b Amounts of Payment
To administer the MSP provision at 42 U.S.C. 1395y(b)(2) more
effectively for entities such as workers' compensation carriers or
boards, liability insurers, no-fault and automobile medical policies
or plans, HCFA would receive (to the extent that it is available) and
may disclose the following information:
b Beneficiary's Name and Address
b Beneficiary's Date of Birth
b Beneficiary's Social Security Number
b Name of Insured*
b Insurer Name and Address
b Type of Coverage; automobile, medical, no-fault, or liability
payment, or workers' compensation settlement
b Insured's Policy Number
b Effective Date of Coverage
b Amount of payment under liability, no-fault, or automobile
medical policies, plans, and workers' compensation settlements
b Employer Name and Address (workers' compensation only)
b Name of insured could be the driver of the car, a business, the
beneficiary (i.e., the name of the individual or entity which carries
the insurance policy or plan).
In order to receive this information the entity must agree to the
following conditions:
a. To utilize the information solely for the purpose of
coordination of benefits with the Medicare program in accordance with
42 U.S.C. 1395y(b);
b. To safeguard the confidentiality of the data and to prevent
unauthorized access to it;
c. To prohibit the use of beneficiary-specific data for purposes
other than for the coordination of benefits between the recipient
organization and the Medicare program. This agreement would allow the
entities to use the information to determine cases where they have
primary responsibility for payment or cases where Medicare has
primary responsibility for payment. Examples of prohibited uses would
include but are not limited to: Creation of a mailing list, sale or
transfer of data.
To administer the MSP provision more effectively, HCFA may
receive or disclose the following types of information from or to
entities including insurers, underwriters, TPSs, and self-insured
plans, concerning potentially affected individuals:
b Subscriber Health Insurance Claim Number
b Dependent Name
b Funding arrangements of employer group health plans, for
example, contributory or noncontributory plan, self-insured, re-
insured, HMO, TPA insurance
b Claims payment information, for example, the amount paid, the
date of payment, the name of the insurer or payer
b Dates of employment including termination date, if appropriate
b Number of full- and/or part-time employees in current and
preceding calendar years
b Employment status of subscriber; for example, full- or part-
time, self-employed
(13) To another Federal agency; (1) to contribute to the accuracy
of HCFA's proper payment of Medicare health benefits, and/or (2) to
enable such agency to administer a Federal health benefits program,
or as necessary to enable such agency to fulfill a requirement of a
Federal statute or regulation, if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
(b) Determines that the purpose for which the disclosure is to be
made cannot reasonably be accomplished unless the data are provided
in individually identifiable form;
(c) Requires the recipient to:
(1) Establish reasonable administrative, technical, physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use on another project under the same conditions, and
with written authorization from HCFA; and
(c) When required by law;
(3) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by the following
provisions.
(a) Not to use the data for purposes that are not related to the
subject project;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level where no data cells have 10 or fewer
beneficiaries); and
(c) Not to publish any aggregation of the data without HCFA's
approval.
(14) To States for the purpose of administration of health care
programs when disclosure is necessary to enable the State to fulfill
a mandated statute or regulatory requirement. These data may be
released for these purposes, if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
(b) Establishes that the data are exempt from disclosure under
the State and/or local Freedom of Information Act;
(c) Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individuals that additional exposure of the
record might bring; and
(3) There is a reasonable probability that the objective for the
use would be accomplished; and
(d) Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use on another project under the same conditions, and
with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit; or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions. The
recipient must agree to the following:
(a) Not to use the data for purposes that are not related to the
subject project;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level where no data cells have 10 or fewer
beneficiaries); and
(c) Not to publish any aggregation of the data without HCFA's
approval.
(15) To a Peer Review Organization (PRO) in order to assist the
PRO to perform Title XI functions relating to improving quality of
care. Data may be released for this purpose if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
(b) Requires the PRO to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use on another project under the same conditions, and
with written authorization from HCFA; and
(c) When required by law; or when otherwise permitted by Federal
law.
(3) Complete and sign a written statement attesting to the PRO's
understanding of and willingness to abide by the provisions therein.
This written statement must:
(a) Specify the conditions for maintenance and redisclosure of
such information;
(1) To the extent that may be necessary to conduct a PRO
function; e.g., a case quality review project or study;
(2) In accordance with a project-specific data release agreement;
and
(b) Not to use the data for purposes that are not related to the
subject project.
(16) To the Social Security Administration for their assistance
in the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(17) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered grant program, when disclisure
is deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against, correct, remedy, or otherwise combat fraud or abuse in such
program; and
(18) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in, a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic media.
Retrievability:
All records are indexed by health insurance claim number and by
provider number.
Safeguards:
For computerized records, safeguards established in accordance
with Department standards and National Institute of Standards and
Technology guidelines (e.g., security codes) will be used, limiting
access to authorized personnel. System securities are established in
accordance with HHS, Information Resource Management (IRM) Circular
#10, Automated Information Systems Security Program; and HCFA
Automated Information Systems (AIS) Guide, Systems Security Policies.
Retention and disposal:
Records are maintained with identifiers as long as needed for
program research.
System manager(s) and address:
Director, Bureau of Data Management and Strategy, 1-A-11,
Security Office Park, Baltimore, Maryland 21207-5187.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager and furnish the following information: Name of system;
health insurance claim number; and for verification purposes, the
subject individual's name (women's maiden name, if applicable),
social security number, address, date of birth, and sex; and to
ascertain whether the individual's record is in the system, the
date(s) of utilization and they type of utilization under Part A or
Part B of Medicare services (e.g., home health services, hospital
inpatient services, hospital outpatient services, or skilled nursing
facility services.
Record access procedures:
Same as notification procedures. Individuals in the system should
also reasonably specify the record contents being sought. (These
access procedures are in accordance with the Department regulations
(45 CFR 5b.5.)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulations (45 CFR 5b.7).)
Record source categories:
Medicare enrollment records; Medicare bill records; Medicare
provider records for a sample of person treated as hospital patients
(inpatient and outpatient) and skilled nursing facility patients.
Systems exempted from certain provisions of the act:
None.
Appendix A.--Data Elements Contained in the Quality of Care Medpar File
----------------------------------------------------------------------------------------------------------------
Data element Description Function
----------------------------------------------------------------------------------------------------------------
1. Hl Claim Number...................................... Encrypted to protect the To determine the number of
identity of the stays for a beneficiary.
beneficiary.
2. Day of Admission..................................... 1--Sunday................. To facilitate analysis of
2--Monday admission patterns.
3--Tuesday
4--Wednesday
5--Thursday
6--Friday
7--Saturday
3. Sex.................................................. --male.................... To measure sex-based
--female differences.
--unknown
4. Medicare Status Code................................. Code to show reason for To examine effectiveness
beneficiary's entitlement. of care for different
--aged without ESRD categories of Medicare
--aged with ESRD beneficiaries.
--disabled--without ESRD
--disabled with ESRD
--ESRD only
5. Discharge Destination................................ --To home, self care...... To group stays into
--To short-term hospital Diagnosis Related Groups
--To SNF (DRGs).
--To other type facility
--To home health service
--Left against medical
advice
--Died
--Still a patient
6. Medicare Provider Number............................. Identification number of To allow for review of
hospital. care on an institution-
specific basis.
7. Date of Admission.................................... Date, plus/minus 1 to 20 To measure intervals
days*. between hospital
episodes.
8. Date of Discharge.................................... Date, plus/minus 1 to 20 To measure intervals
days*. between hospital
episodes.
9. Length of Stay....................................... Number of days in hospital To examine days of care.
stay.
10. Intensive Care and Coronary Care Days............... Days in special care units To measure outcomes in and
of hospitals. use of special care
units.
11. Total Charges....................................... All charge fields (fields Charge fields 11-21 are
11-21) are in whole included in measure
dollars. relative resource use
across cases.
12. Routine Accommodation Charges.......................
13. Intensive Care and Coronary Care Charges............
14. Total Department (Ancillary) Charges................
15. Operating Room Charges..............................
16. Pharmacy Charges....................................
17. Laboratory Charges..................................
18. Radiology Charges...................................
19. Supplies Charges....................................
20. Anesthesia Charges..................................
21. Inhalation Therapy Charges..........................
22. Principal and Other Diagnosis Codes................. Five ICD-9-CM Codes....... Fields 22-23 are included
to identify diagnostic/
surgical information and
to group stays into DRGs.
23. Surgical Codes...................................... Three ICD-9-CM Volume 3 ..........................
codes
24. Date of Surgery..................................... Date plus/minus 1 to 20 To measure intervals
days*. between admission/
discharge and surgery
25. Blood Furnished..................................... Number of pints........... To measure outcomes.
26. Diagnosis Related Group............................. DRG1-DRG475............... To define diagnostic
groups used in the
Prospective Payment
System.
27. Date of death....................................... Date, plus/minus 1 to 20 To determine mortality
days*. rates.
28. Urban/rural residence............................... 1=urban................... To examine variations in
2=rural................... care in urban and rural
areas.
29. Zip-Code............................................ 5 digit zip............... To examine variations in
care in small areas.
30. Special Unit Code................................... S--Psychiatric Unit....... Distinguishes PPS-exempt
T--Rehabilitation Unit unit records.
U--Swing-bed Hospital
V--Alcohol/Drug Unit Blank
31. Beneficiary State of Residence...................... Two-position SSA numeric To facilitate seasonal
code. migration studies.
32. Source of Admission................................. Admission Type 1, 2, or 3: To allow analysis of
1--Physician Referral admissions and episodes
2--Clinic Referral of care.
3--HMO Referral
4--Transfer from Hospital
5--Transfer from SNF
6--Transfer from Another
Health Care Facility
7--Emergency Room
8--Court/Law Enforcement
9--Unknown Admission Type
4:
1--Normal Delivery
2--Premature Delivery
3--Sick Baby
4--Extramural
5--Unknown
33. Type of Admission................................... 1--Emergency.............. To allow analysis of
2--Urgent admissions and episodes
3--Elective of care.
4--Newborn
9--Unknown
34. Number of Diagnosis Codes........................... 1 through 5............... Enable search of diagnosis
fields.
35. Number of Surgical Codes............................ 1 through 3............... Enable search of surgical
procedures fields.
36. Actual Age.......................................... Three-position age of To measure age-based
beneficiary based on the differences.
date of admission.
----------------------------------------------------------------------------------------------------------------
* The same random number will be added to all dates in every discharge record occurring for a beneficiary during
the year. The random number will range from � 1 through 20.
The following subsets will be available (no combinations): one to
five States; one to five DRGs; one to five ICD-9-CM codes; and
standardized subsamples (5, 10, or 20 percent).
09-70-0008
System name:
National Provider System (NPS), HHS/HCFA/OIS.
Security classification:
None.
System location:
Health Care Financing Administration, Office of Information
Services, HCFA Data Center, North Building, 7500 Security Boulevard,
Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
As defined by section 1171(3) of the Social Security Act (the
Act), a health care provider is a provider of services as defined in
section 1861(u) of the Act, a provider of medical or other health
services as defined in section 1861(s) of the Social Security Act,
and any other person who furnishes health care services or supplies.
For purposes of the NPS in assigning NPIs, the definition of health
care provider is limited to those entities that furnish, or bill and
are paid for, health care services in the normal course of business.
The statutory definition of a health care provider is broad, with
section 1861(u) containing the Medicare definition of an
institutional provider (such as hospitals, home health agencies,
etc.), and section 1861(s) containing the Medicare definition of
other facilities and practitioners (such as assorted clinics,
physicians, clinical laboratories, suppliers of durable medical
equipment, other licensed/certified health care practitioners). This
System of Records applies only to appropriately licensed or certified
individual practitioners.
While the National Provider System will also include health care
providers that are organizations (e.g., hospitals, pharmacies) and
groups (entities composed of one or more individuals, as described
earlier), these health care providers will not be addressed further
in this systems notice because they are not covered under the Privacy
Act.
Categories of records in the system:
The system contains a unique identifier for each health care
provider (the NPI, which is assigned by the NPS) along with other
information about the provider. This information includes other
identifiers, name(s), demographic, educational/professional data, and
business address data.
Authority for maintenance of the system:
Sections 1173 and 1175 of the Act, as amended by Pub. L. 104-191,
authorize the assignment of a unique identifier to all health care
providers and the maintenance of a database on such health care
providers. Sections 1874, 1816, 1842, 1876, 1880, 1881(c)(7), 1124,
and 1124A of the Social Security Act authorize the assignment of a
unique number to each Medicare provider and the maintenance of a
database on such providers. Sections 1902(a)(4)(A), 1902(a)(6),
1902(a)(25), 1902(a)(27), 1902(a)(49), 1902(a)(59), 1903(r)(6)(H),
and 1124 of the Act authorizes the assignment of a unique number to
each Medicaid provider and the maintenance of a database on such
providers. With respect to physicians who furnish services for which
Medicare payment may be made, section 1842(r) of the Act mandates
such a system. Similarly, section 1834(j) of the Act requires durable
medical equipment suppliers to obtain and renew a supplier number and
limits the conditions under which HCFA may issue more than one number
to a supplier (see section 131(a) of the 1994 Social Security
Amendments). The Economy Act of 1932 as amended (31 U.S.C. 1535 and
1536) is the authority with respect to other Federal agencies.
Purpose(s):
The purpose of the system is to collect the information needed to
uniquely identify an individual health care provider, to assign an
NPI to that health care provider, to maintain and update the
information about the health care provider, and to disseminate health
care provider information in accordance with the provisions of the
Privacy Act.
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
Section 552a(b) of the Privacy Act specifies a number of
permitted releases for information held in systems of records.
Section 552a(b)(3) permits an agency to identify additional routine
uses, compatible with the purpose for which the information was
collected, under which the information may be released without the
consent of the individual to whom the information pertains. HCFA is
identifying the following routine uses for information held in the
National Provider System. Each proposed disclosure of information
under these routine uses will be evaluated to ensure that the
disclosure is legally permissible, including, but not limited to,
ensuring that the purpose of the disclosure is compatible with the
purpose for which the information was collected. Also, HCFA will
require each prospective recipient of such information to agree in
writing to certain conditions to ensure the continuing
confidentiality of the information. More specifically, as a condition
of each disclosure under these routine uses, HCFA will, as necessary
and appropriate:
(a) Determine that no other Federal statute specifically
prohibits disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form,
(2) Is of sufficient importance to warrant the effect on, or the
risk to, the privacy of the individual(s) that additional exposure of
the record(s) might bring, and
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished.
(d) Require the recipient of the information to;
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent of the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III, Security of Federal Automated Information Systems which sets
forth guidelines for security plans for automated information systems
in Federal agencies,
(2) Remove or destroy the information that allows subject
individual(s) to be identified at the earliest time at which removal
or destruction can be accomplished, consistent with the purpose of
the request,
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed, and
(4) Make no further uses or disclosure of the information,
except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions,
provided HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient
attests to an understanding of, and willingness to abide by, the
foregoing provisions and any additional provisions that HCFA deems
appropriate in the particular circumstances; and
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
procedures for matching agreements as contained in 5 U.S.C. 552a(o)
must be followed.
Disclosure may be made:
1. To Federal and Medicaid health plans that are enumerators,
their agents, and the NPS registry for the purpose of uniquely
identifying and assigning NPIs to providers.
2. To entities implementing or maintaining systems and data files
necessary for compliance with standards promulgated to comply with
title XI, part C, of the Social Security Act.
3. To a congressional office, from the record of an individual,
in response to an inquiry from the congressional office made at the
request of that individual.
4. To another Federal agency for use in processing research and
statistical data directly related to the administration of its
programs.
5. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof, or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity, where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party or interest, provided, however, that in each
case HHS determines that such disclosure is compatible with the
purpose for which the records were collected.
6. To an individual or organization for a research,
demonstration, evaluation, or epidemiological project related to the
prevention of disease or disability, the restoration or maintenance
of health, or for the purposes of determining, evaluating and/or
assessing cost, effectiveness, and/or the quality of health care
services provided.
7. To an agency contractor for the purpose of collating,
analyzing, aggregating or otherwise refining or processing records in
this system, or for developing, modifying and/or manipulating
automated information systems (ADP) software. Data would also be
disclosed to contractors incidental to consultation, programming,
operation, user assistance, or maintenance for ADP or
telecommunications systems containing or supporting records in the
system.
8. To an agency of a state Government, or established by state
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or quality of health care services provided in the
state.
9. To another Federal or state agency:
(a) As necessary to enable such agency to fulfill a requirement
of a Federal statute or regulation, or a state statute or regulation
that implements a program funded in whole or in part with Federal
funds.
(b) For the purpose of identifying health care providers for debt
collection under the provisions of the Debt Collection Information
Act of 1996 and the Balanced Budget Act of 1997.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on paper or magnetic media.
Retrievability:
The records are retrieved by the NPI, employer identification
number, other provider number, or as defined by query or report.
Safeguards:
For computerized records, safeguards established in accordance
with Department standards and National Institute of Standards and
Technology guidelines (e.g., security codes) will be used, limiting
access to authorized personnel. System securities are established in
accordance with HHS, Information Resources Management (IRM) Circular
#10, Automated Information Systems Security Program; and HCFA
Automated Information System (AIS) Guide, Systems Security Policies;
and OMB Circular No. A-130 (revised), Appendix III.
Retention and disposal:
The records are retained indefinitely, except in the instance of
an individual provider's death, in which case HCFA would retain such
records for a 10-year period following the provider's death.
System manager(s) and address:
Director, Office of Information Services, Health Care Financing
Administration, 7500 Security Boulevard, Baltimore, Maryland 21244-
1850.
Notification procedure:
For purpose of notification, the subject individual should write
the system manager, who will require the system name, provider name,
and, for verification purposes, date of birth, and medical school (if
applicable), to ascertain whether or not the individual's record is
in the system. (These notification procedures are in accordance with
Department regulation 45 CFR part 5b.)
Record access procedure:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with the Department regulation 45 CFR
5b.5(a)(2).)
Contesting record procedures:
Contact the system manager named above, and reasonably identify
the record and specify the information to be contested. State the
corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department regulation 45 CFR 5b.7.)
Record source categories:
Information from Federal health plan and Medicaid provider
enrollment forms or applications that identify health care providers
and give supporting information on same.
Systems exempted from certain provisions of the act:
None.
09-70-0009
System name:
Medicare Provider Analysis and Review (MEDPAR) HHS/HCFA/OIS.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
The categories of individuals covered by this system are Medicare
beneficiaries who have had stays in inpatient hospitals and skilled
nursing facilities (SNF).
Categories of records in the system:
The MEDPAR will contain claims and demographic information on
Medicare beneficiaries who have had stays in inpatient hospitals and
SNF, Supplemental Security Income (SSI) eligibility information which
HCFA receives from the Social Security Administration on Medicare
beneficiaries who have had stays at inpatient hospitals and SNF, and
enrollment data on Medicare beneficiaries.
Authority for maintenance of the system:
Sections 1102(a), 1871, and 1886(d)(5)(F) of the Social Security
Act, (42 U.S.C. 1302(a), 1395hh, and 1395ww(d)(5)(F)).
Purpose(s):
The primary purpose of the system of records is to collect and
maintain information for all services rendered during a stay at an
inpatient hospital and/or SNF of Medicare beneficiaries, so as to
enable HCFA and its contractors to facilitate research on the quality
and effectiveness of care provided, update annual hospital
Prospective Payment System (PPS) rates, and to recalculate SSI ratios
for hospitals that are paid under the PPS and serve a
disproportionate share of low-income patients may be entitled to
increased reimbursement under Part A of the Medicare program.
Information retrieved from this system of records will also be
disclosed to: support regulatory, reimbursement, and policy functions
performed within the agency or by a contractor or consultant, provide
system data to a hospital that has an appeal properly pending before
the Provider Reimbursement Review Board (PRRB), or before an
intermediary, assist another federal or state agency with information
to enable such agency to administer a federal health benefits
program, or to enable such agency to fulfill a requirement of a
federal statute or regulation that implements a health benefits
program funded in whole or in part with federal funds, support
constituent requests made to a congressional representative, support
litigation involving the agency, facilitate research on the quality
and effectiveness of care provided, and, combat fraud and abuse in
certain health benefits programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' We are proposing to establish the following routine use
disclosures of information maintained in the system:
1. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
2. To a hospital that has an appeal properly pending before the
Provider Reimbursement Review Board (PRRB), or before an
intermediary, on the issue of whether it is entitled to
disproportionate share hospital payments, or the amount of such
payments. As a condition of disclosure under this routine use, HCFA
will require the recipient of the information to:
(a) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use or disclosure of the
record or any part thereof. The physical safeguards must provide a
level of security that is at least the equivalent to the level of
security contemplated in OMB Circular A-130 (Revised), Appendix III,
Security of Federal Automated Information Systems, which sets forth
guidelines for security plans for automated information systems in
federal agencies.
(b) Remove or destroy the information that allows the subject
individual(s) to be identified at the earliest time at which removal
or destruction can be accomplished consistent with the purpose of the
request;
(c) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed; and
(d) Attest in writing that it understands the foregoing
provisions, and is willing to abide by the foregoing provisions and
any additional provisions that HCFA deems appropriate in the
particular circumstances.
3. To another federal or state agency:
(a) To contribute to the accuracy of HCFA's proper payment of
Medicare benefits, and/or
(b) To enable such agency to administer a federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a federal statute or regulation that implements a
health benefits program funded in whole or in part with federal
funds.
4. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
5. To a member of congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
6. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
7. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against, correct, remedy, or otherwise combat fraud or abuse in such
program.
8. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any State or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in, a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic media.
Retrievability:
The Medicare records are retrieved by health insurance claim
(HIC) number of the beneficiary.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the MEDPAR system. For computerized
records, safeguards have been established in accordance with HHS
standards and National Institute of Standards and Technology
guidelines, e.g., security codes will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular �10,
Automated Information Systems Security Program; HCFA Automated
Information Systems (AIS) Guide, Systems Securities Policies, and OMB
Circular No. A-130 (revised), Appendix III.
Retention and disposal:
HCFA and the repository of the National Archive and Records
Administration will retain identifiable MEDPAR data for a total
period not to exceed 25 years.
System manager(s) and address:
Director, Division of Enrollment, Utilization, and Data
Development, Enterprise Databases Group, Office of Information
Services, HCFA, Room N3-16-28, 7500 Security Boulevard, Baltimore,
Maryland, 21244-1850. The telephone number is (410)-786-6759.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, HIC, address, age,
sex, and for verification purposes, the subject individual's name
(woman's maiden name, if applicable) and social security number
(SSN). Furnishing the SSN is voluntary, but it may make searching for
a record easier and prevent delay.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
HCFA's National Claims History system of records, enrollment data
on Medicare beneficiaries, and SSI eligibility information from the
Social Security Administration.
Systems exempted from certain provisions of the act:
None.
09-70-0022
System name: Municipal Health Services Program, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries who obtain health care services at any of
the clinics being funded under the Municipal Health Services Program
(MHSP).
Categories of records in the system:
Bills and records submitted by MHSP clinics to claim Federal
reimbursement for services provided to Medicare beneficiaries.
Authority for maintenance of the system:
Section 402(a) of the Social Security Amendments of 1967, as
amended by section 222(b)(1) of Pub. L. 92-603, and section 6135 of
the Omnibus Budget Reconciliation Act of 1989, Pub. L. 101-239.
Purpose(s):
To provide billing data necessary to permit reimbursement and
evaluation of the clinics participating in the MHSP.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
ORD will store data of hardcopy billing forms and machine
readable media in secure storage areas.
Retrievability:
ORD retrieves the data by beneficiary name, date of service, and
clinic name. ORD will use the data to determine the appropriate level
of reimbursement to be made to MHSP clinics.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
ORD will retain hardcopy bills and machine readable media tapes
with identifiers in secure storage areas. HCFA waivers permitting
reimbursement to MHSP clinics will be effective through December
1993. Therefore HCFA will retain all hardcopy and magnetic tape of
disc data until December 1994. At that time, HCFA will destroy all
hardcopy and strip all machine readable media of all identifying
names and numbers by degaussing.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
The information contained in this record system originates at
MHSP clinics, specified in Appendix A to this notice, whenever a
Medicare beneficiary obtains clinic services. Clinics in three of the
cities, specified in appendix B to this notice, will store hardcopies
or machine readable media copies of the bills in their city health
departments.
Systems exempted from certain provisions of the act:
None.
09-70-0030
System name: National Long-Term Care Survey Follow-up, DHHS/
HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
The system will include records of elderly Medicare beneficiaries
who have been identified in the National Long-Term Care Survey as
having a functional limitation. This information pertains to Medicare
beneficiaries living in institutions, in their communities, and
deceased beneficiaries.
Categories of records in the system:
The data records will include information on personal care;
mobility; physical, mental, and social functioning; formal and
informal services and supports; income and assets; and instrumental
activities such as managing money and taking medicine plus basic
information on nursing home stays, living arrangements, and
demographics from persons who have no limitations.
Authority for maintenance of the system:
Section 1875(a) of the Social Security Act (42 U.S.C. 139511).
Purpose(s):
To provide a national data base on the incidence and prevalance
of dependency among the functionally limited elderly person; the
services they use, and their resources for providing long-term care
in their communities and in institutions. The data will be used for
developing long-term care policies for those who will require such
care.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic tape and disc, paper and card records.
Retrievability:
Records are retrieved by a unique identifying number which is
linked to names, addresses, and Medicare numbers at the Census
Bureau.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
On the possibility that a further follow-up may be undertaken,
tape and hard copy of all interviews will be retained for a period
not to exceed five years, after which they will be destroyed. Data
disposal will consist of burning or shredding the hard copy (and so
certifying) and degaussing computer records. There are no plans to
dispose of non-identifiable individual data.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Individual-specific information will be gathered through
interviews with beneficiaries, their proxies, or their survivors.
Systems exempted from certain provisions of the act:
None.
09-70-0033
System name: Person-Level Medicaid Data System, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Persons who are enrolled in the Medicaid program under either
Federal or State provisions.
Categories of records in the system:
Data from 5 State Medicaid agencies (California, Georgia,
Michigan, New York, and Tennessee) showing the demographic
characteristics of the enrolled population, claims submitted for
covered medical services, and provider characteristics.
Authority for maintenance of the system:
Section 1902(a)(6) of the Social Security Act (42 U.S.C.
1396(a)(6)).
Purpose(s):
To study Medicaid use and expenditures in order to increase
HCFA's understanding of the Medicaid and Medicare programs and to
improve HCFA's ability to conduct program evaluation, strengthen
program management, evaluate policy alternatives, conduct and
evaluate demonstration projects, and advise States in the area of
Medicaid financing. The proposed system will be used for purposes of
research and statistics only.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic tape and computer disk.
Retrievability:
Enrollment records are retrieved by Medicaid and Medicare
identification numbers. Provider records are retrieved by Medicaid
and Medicare provider identification numbers. Claims records contain
both enrollee and provider identification numbers.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are maintained in a secure storage area with identifiers
as long as needed for program research. Records will be disposed 3
years after research is completed.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Medicaid and Medicare enrollment, claims, and provider records.
Systems exempted from certain provisions of the act:
None.
09-70-0036
System name:Evaluation of Competitive Bidding for Durable
Medical Equipment Demonstration, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries residing in approximately six
demonstration sites and three control sites who receive DME services.
Categories of records in the system:
Demographic characteristics (e.g., age, education, income),
measures of health and funcitonal status, cost and utilization of
health services, and satisfaction with services.
Authority for maintenance of the system:
Section 402 of the Social Security Amendments of 1967, Pub. L.
90-248, as amended by section 222(b) of the Social Security
Amendments of 1972, Pub. L. 92-603, 42 U.S.C. 1895b-l.
Purpose(s):
To provide data necessary to evaluate the impact of HCFA's
competitive bidding lkfor durable medical equipment demonstration on
the cost, utilization, and quality of DME services.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary's name and health
insurance claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Contractors who maintain records in this sytem are instructed to
make no further disclosures of the records except as authorized by
the system manager in accordance with the Privacy Act. Privacy Act
requirements are specifically included in contracts related to this
system. The project officer and contract officer oversee compliance
with these requirements. The particular safeguards implemented are
developed in accordance with the DHHS ADP Systems manual, Part 6, ADP
Systems Security (e.g., use of passwords), and the National Bureau of
Standards Federal Information Processing Standards.
Retention and disposal;
Hardcopy data collection forms and magnetic tapes with
identifiers will be retained in secure storage areas. The disposal
technique of degaussing will be used to strip magentic tape of all
identifying names and numbers in December 1989. Hardcopy records will
be destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Information contained in these records is obtained from surveys
to be conducted of Medicare beneficiaries by HCFA's evaluation
contractor.
Systems exempted from certain provisions of the act:
None.
09-70-0039
System name: Evaluation of the Medicare Alzheimer's Disease
Demonstration, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries with Alzheimer's disease and related
dementias who are participating as a treatment or control group
member in one of the 5 to 10 demonstration sites to be chosen under
this study. (Information will also be obtained from each
participant's informal caregiver(s), but that information will be
collected as a part of each participant's record.)
Categories of records in the system:
The system will contain information concerning a participant's
name, Health Insurance Claim number, demographic characteristics
(e.g., age, education, income), medical diagnoses and conditions,
receipt of services, functional status, and cost and utilization of
health services. Medical, social, and other information is also
expected to be collected from each patient's informal caregiver(s) as
part of the participant's record in order to evaluate the impact of
the demonstration on caregivers.
Authority for maintenance of the system:
Section 9342 of Pub. L. 99-509, the Omnibus Budget Reconciliation
Act of 1986 and 42 U.S.C. 1395b-1 note.
Purpose(s):
To provide data necessary to evaluate the impact of HCFA's
Medicare Alzheimer's Disease Demonstration on access, cost,
utilization, and quality of services to the participants in this
study as well as their informal caregivers.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary's name and health
insurance claim number.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Retention and disposal:
Hardcopy data collection forms and magnetic tapes with
identifiers will be retained in secure storage areas. Records will be
retained for one year after the termination of the evaluation
contract. The disposal techniques of degaussing will be used to strip
magnetic tape of all identifying names and numbers. Hardcopy records
will be destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system ar
expected to include: Data collected from the Medicare claims files;
Medicare Statistical Systems; patient intake forms; medical
evaluation examinations; physical and mental status assessments;
interviews with informal caregivers; and Medicaid claims systems (to
the extent that certain participants are also entitled to Medicaid).
Systems exempted from certain provisions of the act:
None.
09-70-0040
System name: Health Care Financing Administration (HCFA) Organ
Transplant Data File, HHS/HCFA/BDMS.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare and non-Medicare organ transplant recipients and donors.
Categories of records in the system:
The system contains individual's name, health insurance claim
number or social security number (SSN), demographic and utilization
information under the Medicare program, and clinical information such
as the etiology of organ disease, medical history and/or current
findings, pre-transplant laboratory data, date of transplant,
complications, immunosuppressive protocol, date and cause of death,
and readmissions.
Authority for maintenance of the system:
Sections 1874(b) (42 U.S.C. 1395kk(b)) and 1875 of the Social
Security Act (42 U.S.C. 139511), as amended.
Purpose(s):
To collect data on organ transplants of Medicare and non-Medicare
recipients and donors in order to evaluate the Medicare criteria for
facilities, on patient selection, organ transplant facility
experience levels, and patient outcomes.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
(5) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(6) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Records are retrieved by the Health Insurance Claim Number or
Social Security Number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are retained for 5 years after the last action on the
record.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
HCFA obtains the identifying information in this system from the
hospital records or directly from the individuals. In addition to
these hospital records, other information will be obtained from
interviews with the patients and caregivers.
Systems exempted from certain provisions of the act:
None.
09-70-0042
System name: Medicare-Cancer Registry Record System, HHS/HCFA/
BDMS.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries diagnosed with cancer in 11 geographic
areas of the United States.
Categories of records in the system:
Data from 11 Surveillance, Epidemiology, and End Results (SEER)
program cancer registries linked with Medicare enrollment and claims
data. The areas covered by the 11 registries are Iowa, Utah, Hawaii,
New Mexico, Connecticut, New Jersey, Puerto Rico, San Francisco-
Oakland, Atlanta, Detroit, and Seattle.
Authority for maintenance of the system:
Section 1875(a) of the Social Security Act (42 U.S.C. 139511(a))
and Sections 301 and 410-416 of the Public Health Service Act (42
U.S.C. 241 and 281-285a-5).
Purpose(s):
To study the use of health care services by Medicare
beneficiaries with cancer. Treatment costs by cancer site, stage at
diagnosis, and comorbidities will be examined. The proposed system
will be used for purposes of research and statistics only.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic tape and computer disk.
Retrievability:
Records will be retrieved by Medicare identification numbers.
Safeguards: For computerized records, safeguards established in
accordance with guidelines in the DHHS Systems Manual, Part 6 ``ADP
Systems Security'', (e.g., security codes, use of passwords) will be
used, limiting access to authorized personnel.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are maintained in a secure storage area with identifiers
as long as needed for program research. Records will be disposed 3
years after research is completed.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Surveillance, Epidemiology, and End Results (SEER) program cancer
registry records and Medicare enrollment and claims files.
Systems exempted from certain provisions of the act:
None.
09-70-0045
System name: Evaluation of the Arizona Health Care Cost
Containment and Long Term Care Systems Demonstration, HHS/HCFA/
ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Persons residing in Arizona who qualify for medical assistance
under the Aid to Families with Dependent Children (AFDC), or the
Supplemental Security Income (SSI) programs, and a sample of persons
in these programs in another state(s) chosen for comparison with
Arizona.
Categories of records in the system:
Records in the system will contain information taken from the
preadmission screening instrument, including beneficiary name,
address, age, social security and Medicare numbers, demographic data,
social worker assessment, available social supports and services,
medical conditions, history and treatments, and a cost-effectiveness
analysis of proposed treatment. The system will also include
information on past encounters with AHCCCS facilities, visit types
(inpatient or outpatient), the type of facility visited, and the
nature of the health resources utilized. During this project,
approval for a beneficiary survey may be requested, in accordance
with the Paperwork Reduction Act and 5 CFR part 1320. Data from such
a survey would be included in the proposed system of records. In
addition, data from a previous beneficiary survey approved by the
Office of Management and Budget (OMB), ``Evaluation of Arizona Health
Care Cost Containment System'', HCFA-386, OMB Number 0938-0281, may
be included in the proposed system of records.
Authority for maintenance of the system:
Section 1115 Waiver authority of Title XIX (Medicaid)
requirements under which the AHCCCS program is operated.
Purpose(s):
The primary objective of the AHCCCS demonstration is to assess
the merits of providing medical care to indigent persons on a
capitated basis, compared to a traditional fee-for-service system.
This system of records will be used to study and evaluate the
performance of the AHCCCS demonstration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary's name, health
insurance claim, or social security number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Contractors who maintain records in this system will be
instructed to make no further disclosures of the records except as
authorized by the system manager in accordance with the Privacy Act.
(See title and business address of responsible agency official under
``System Manager(s) and Address''.) Privacy Act requirements will be
specifically included in contracts related to this system. The
project officer and contract officer will oversee compliance with
these requirements. The particular safeguards implemented will be
developed in accordance with the HHS Information Resource Manual
(IRM), Part 6, ``Systems Security Policies'' (e.g., use of
passwords), and the National Bureau of Standards Federal Information
Processing Standards.
Retention and disposal:
Hardcopy data collection forms and magnetic tapes with
identifiers will be retained in secure storage areas. The disposal
technique of degaussing will be used to strip magnetic tape of all
identifying names and numbers by December 2003, ten years after
project completion. Hardcopy records will also be destroyed by that
time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Information contained in these records will be obtained from
encounter records provided by the AHCCCS administrator, from AHCCCS
beneficiary surveys conducted by HCFA's evaluation contractor, and
from existing HCFA Medicare record systems.
Systems exempted from certain provisions of the act:
None.
09-70-0046
System name: Home Health Quality Indicator System (HHQUIS), HHS/
HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare Beneficiaries.
Categories of records in the system:
The system contains information concerning the patient's name,
Health Insurance Claim number, medical diagnoses, surgical
procedures, conditions, problems, functional status, living
arrangement, utilization of services, outcomes of care.
Authority for maintenance of the system:
Section 207 of Pub. L. 100-360.
Purpose(s):
To assess the quality of Medicare home health care. To determine
the appropriate balance between outcome, process, and structural
measures for quality assurance purposes. To develop outcome-based
measures of home health care quality that are reliable and valid. To
evaluate the differential impacts of various types of outcome
measures on the data collection and administrative costs for HCFA and
home health agencies. To determine how differences in patient
outcomes are related to differences in patient characteristics, and
how case mix differences can be recognized in outcome-based quality
indicators.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Records are retrieved by the Health Insurance Claim Number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are retained for 5 years after the last action on the
record.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
HCFA obtains the identifying information in this system from the
home health patient records of which some will be verified by
beneficiaries. In addition to these patient records other information
will be obtained from interview with the patients and caregivers.
Systems exempted from certain provisions of the act:
None.
Appendix A
Policy Center, Inc., 1355 South Colorado Blvd., Suite 706,
Denver, CO 80222.
09-70-0048
System name: Monitoring of the Home Health Agency Prospective
Payment Demonstration, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries who receive Medicare-covered home health
services at one of the 133 HHAs in five States (California, Florida,
Illinois, Massachusetts, and Texas) chosen to participate in the
demonstration.
Categories of records in the system:
The system will contain information concerning a patient's name,
Health Insurance Claim Number, demographic characteristics (e.g.,
age, sex) medical diagnoses and conditions, receipt of services,
functional status, and utilization of home health services.
Authority for maintenance of the system:
Section 4027 of Pub. L. 100-203, the Omnibus Budget
Reconciliation Act of 1987.
Purpose(s):
To provide data necessary to monitor the operations of the HHA
Prospective Payment Demonstration, compute certain annual payment
rate adjustments that reflect changes in HHAs' patient case mix, and
select random samples of patients to be included in the
demonstration's quality assurance reviews.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary's name and health
insurance claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hardcopy data collection forms and magnetic tapes with
identifiers will be retained in secure storage areas. Records will be
retained for one year after the termination of the monitoring
contract. The disposal techniques of degaussing will be used to strip
magnetic tape of identifying names and numbers. Hardcopy records will
be destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include: Data collected from the Medicare claims files;
Medicare Statistical Systems; HHA plans of treatment and related
patient records; supplemental patient intake forms prepared by the
HHAs; and results of quality assessments conducted by PROs.
Systems exempted from certain provisions of the act:
None.
09-70-0049
System name: Evaluation of the Home Health Agency Prospective
Payment Demonstration, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries who receive Medicare-covered home health
services at one of the 133 HHAs in five States (California, Florida,
Illinois, Massachusetts, and Texas) chosen to participate in the
demonstration.
Categories of records in the system:
The system will contain information concerning a patient's name,
Health Insurance Claim Number, demographic characteristics (e.g.,
age, sex), medical diagnoses and conditions, receipt of services,
functional status, and utilization and cost of home health and other
Medicare services.
Authority for maintenance of the system:
Section 4027 of Pub. L. 100-203, the Omnibus Budget
Reconciliation Act of 1987.
Purpose(s):
To provide data necessary to evaluate the results of the HHA
Prospective Payment Demonstration, including impacts on agency costs,
utilization of health care services, Medicare expenditures, and
quality of care.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary's name and health
insurance claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hardcopy data collection forms and magnetic tapes with
identifiers will be retained in secure storage areas. Records will be
retained for one year after the termination of the evaluation
contract. The disposal techniques of degaussing will be used to strip
magnetic tape of identifying names and numbers. Hardcopy records will
be destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include: Data collected from the Medicare claims files;
Medicare Statistical Systems; HHA plans of treatment and related
patient records; supplemental patient intake forms that will be
completed by the HHAs; a survey of home health patients; and results
of quality assessments conducted by PROs.
Systems exempted from certain provisions of the act:
None.
09-70-0050
System name: The Medicare/Medicaid Multistate Case-Mix and
Quality Data Base for Nursing Home Residents, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Persons living in nursing facilities participating in the
Medicare and/or Medicaid programs in Kansas, Maine, Mississippi, New
York, South Dakota, and Texas. These States are participating
voluntarily in the HCFA sponsored demonstration and have agreed to
transmit data to HCFA to support the routine uses described herein.
Categories of records in the system:
The system shall contain the information found in the
comprehensive assessments of persons residing in Medicare--
participating skilled nursing facilities, and Medicaid--participating
facilities in the above States. This information is found in the
Minimum Data Set Plus (MDS+) which these six States use to meet the
requirements of sections 1819(b)(3) and 1919(b)(3) of the Social
Security Act. Sections 1819(b)(3) and 1919(b)(3) require that States
specify a nursing facility resident assessment instrument that the
Secretary of the Department of Health and Human Services reviews and
then approves. These six States have elected to use the MDS+ to meet
this requirement. It is the information contained in the MDS+ that
forms the system's records. The MDS+ includes standard demographic
data for identification such as resident name, social security
number, gender, race/ethnicity, and date of birth. Additional
information includes a resident's:
Customary routines prior to nursing facility admission
Cognitive status
Communication/hearing status
Vision status
Status in performing activities of daily living
Continence status
Psychosocial well-being status
Mood and behavior status
Activity pursuit patterns
Disease diagnoses, health conditions, and symptoms
Nutritional status
Oral health status
Skin condition
Medications use
Special treatments and assistive devices needed, and received
Authority for maintenance of the system:
Section 402(a) of the Social Security Amendments of 1967, Pub. L.
90-248, as amended by section 222(b) of the Social Security
Amendments of 1972, Pub. L. 92-603.
Purpose(s):
To provide data necessary to monitor implementation, and to
evaluate the results of the Medicare/Medicaid Multistate Case-Mix and
Quality Demonstration, including assessing the impact of a nursing
facility case-mix payment system on the quality of nursing facility
care.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper, magnetic tape, and direct access storage device.
Retrievability:
Records may be retrieved by the resident's name, social security
number, health insurance claim number, or Medicaid identification
number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records will be retained until January 1, 2000; 5 years after the
end of the demonstration.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
The source categories are the medical records of individuals
residing in nursing facilities participating in the Medicare and
Medicaid programs.
09-70-0051
System name: Quality Assurance for the Home Health Agency (HHA)
Prospective Payment Demonstration, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries who receive Medicare-covered home health
services at one of the 67 HHAs in five States (California, Florida,
Illinois, Massachusetts, and Texas) chosen to participate in the
demonstration.
Categories of records in the system:
The system will contain information concerning a patient's name,
Health Insurance Claim Number, demographic characteristics (e.g.,
age, sex) medical diagnoses and conditions, receipt of services,
functional status, and utilization of home health services.
Authority for maintenance of the system:
Section 4027 of Pub. L. 100-203, the Omnibus Budget
Reconciliation Act of 1987.
Purpose(s):
To provide data necessary to assess and monitor the quality of
home health care provided by HHAs participating in the Home Health
Agency Prospective Payment Demonstration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Information will be retrieved by beneficiary's name and health
insurance claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hardcopy data collection forms and magnetic media with
identifiers will be retained in secure storage areas. Records will be
retained for one year after the termination of the monitoring
contract. The disposal techniques of degaussing will be used to strip
magnetic media of identifying names and numbers. Hardcopy records
will be destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include: Data collected from the Medicare claims files;
Medicare Statistical Systems; HHA plans of treatment and related
patient records; supplemental patient intake forms prepared by the
HHAs; and results of quality assessments conducted by the contractor.
Systems exempted from certain provisions of the act:
None.
09-70-0052
System name: PostHospitalization Outcomes Studies, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries age 65 and over who are hospitalized for
specific conditions or procedures in a hospital selected to
participate in the study. Hospitals will be randomly selected from
geographically clustered sites.
Categories of records in the system:
Records in the system will contain information taken from three
sources: (1) Telephone interviews with Medicare beneficiaries who
have been recently hospitalized; (2) patients' medical records; and
(3) Medicare claims data. The telephone interviews will address
information about patients' medical signs and symptoms related to
their hospitalization, functional status, quality of life indicators,
availability of social supports, and satisfaction with the outcome
from the hospitalization. Data from the medical records include
clinical information relevant to patient outcomes. Data fields
consist of comorbidities and medical history, course of treatment,
intra-hospital events, and short-term medical outcomes.
Medicare claims data will include utilization of Medicare
services, both pre-hospitalization and post-hospitalization; the type
and place of service (physician, hospital, skilled nursing facility,
etc.); and the amount charged and paid for the service.
During this project, approval for a beneficiary survey will be
requested, in accordance with the Paperwork Reduction Act and 5 CFR
part 1320. As described above, data from this survey would be
included in the proposed system of records.
Authority for maintenance of the system:
This proposed system of records is authorized by title IX,
section 902(a) of the Public Health Service Act (42 U.S.C. 299a(a)),
as amended; title III, section 304 of the Public Health Service Act
(42 U.S.C. 242b), as amended; and title XVIII, section 1875 of the
Social Security Act.
Purpose(s):
The primary objective of the PHOS is to assess the patient
outcomes following hospitalization for specific conditions or
procedures. This system of records will be used to study the outcomes
following hospitalization.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and electronic media.
Retrievability:
Information will be retrieved by beneficiary's name, health
insurance claim number, or social security number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hard copy data collection forms and electronic media with
identifiers will be retained in secure storage areas. The disposal
technique of degaussing will be used to strip electronic media of all
identifying names and numbers by December 2003, 10 years after
project completion. Hard copy records will also be destroyed by that
time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Information contained in these records will be obtained from PHOS
beneficiary surveys conducted by HCFA's contractor, from patients'
medical records, and from existing HCFA Medicare record systems.
Systems exempted from certain provisions of the act:
None.
09-70-0053
System name: The Medicare Beneficiary Health Status Registry
Pilot, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
A sample of 2,400 elderly Medicare beneficiaries.
Categories of records in the system:
Records in the system will contain information in the Enrollment
Data Base at the time of enrollment, including beneficiary name,
address, age, and Social Security and Medicare numbers. The Registry
Pilot, in accordance with the Paperwork Reduction Act and 5 CFR part
1320, and submitted for approval by OMB, will be included in the
proposed system of records. Information collected through the
Registry Pilot will include health and functional status, quality of
life, risk factors, past and current medical history, and
sociodemographic variables. The file will be linked on a person level
with the National Claims History (NCH) File (containing
hospitalization and physician visit information) and the new UCDS
(containing clinical abstractions from hospitalization records).
Authority for maintenance of the system:
HCFA has independent authority to maintain this system under
title XVIII, section 1875, of the Social Security Act.
Purpose(s):
The purpose of the Registry Pilot is to conduct a field
experiment to determine the optimal design for the collection of
baseline and subsequent information on newly enrolled Medicare
beneficiaries and to follow them longitudinally through the aging
process until death. The Registry Pilot consists of the information
collected through the questionnaire, together with data from NCH and
the UCDS, linked at a person level.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and electronic media.
Retrievability:
Information will be retrieved by beneficiary's name and health
insurance claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hard copy data collection forms and electronic media with
identifiers will be retained in secure storage areas. Identifiers
will be removed from computer diskettes. Hard copy records will be
destroyed, after the data have been entered into the computer system
and verified by edit checks to assure accuracy, within 10 years of
completion of the data collection.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Information contained in these records will be obtained from the
Registry Pilot conducted by HCFA's contractor, and from existing HCFA
Medicare record systems (e.g., NCH, UCDS).
Systems exempted from certain provisions of the act:
None.
09-70-0057
System name: Evaluation of the Medicaid Extension of Eligibility
to Certain Low Income Families Not Otherwise Qualified to Receive
Medicaid Benefits Demonstration, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Individuals from families with gross annual incomes under 150
percent of the Federal poverty level (and who do not currently
qualify for Medicaid benefits) who reside in Maine, South Carolina,
and Washington State and who are participating in the
demonstration,and individuals selected as comparison group members.
Categories of records in the system:
The system will contain information concerning individuals'
names, demographic characteristics (e.g., age and sex), employment,
health care coverage, utilization and cost of health care services,
and responses to survey questions covering access to health care,
functional status, and satisfaction with health care services.
Authority for maintenance of the system:
Section 4745 of the Omnibus Budget Reconciliation Act of 1990
(Pub. L. 101-508).
Purpose(s):
To provide data necessary to analyze the impact of HCFA's
Medicaid Extension of Eligiblity to Certain Low Income Families Not
Otherwise Qualified to Receive Medicaid Benefits Demonstrations on
demonstration participants' access to health care, their use of
services, and the cost of the care they receive.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Information will be retrieved by beneficiary's name and Social
Security number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hard copy data collection forms and magnetic tapes (or equivalent
media) with identifiers will be retained in secure storage areas.
Records will be retained for 2 years after the termination of the
evaluation contract. The disposal techniques of degaussing will be
used to strip magnetic tape (or equivalent media) of identifying
names and numbers. Hard copy records with individual identifiers will
be destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager at the address indicated above. The requestor must
specify the name, address, and Social Security number.
Record access procedure:
Same as notification procedures. Requestors should reasonably
specify the record contents being sought. These procedures are in
accordance with Department regulations (45 CFR 5b.5(a)(2)).
Contesting record procedure:
Contract the system manager named above and reasonable identify
the record and specify the information to be contested. State the
reason for contesting it (e.g., why it is inaccurate, irrelevant,
incomplete, or not current). These procedures are in accordance with
Department regulations at 45 CFR 5b.7.
Record source categories:
Sources of information contained in this records system are
expected to include: Forms used by the demonstration sites to enroll
participants, State Medicaid Management Information Systems, and a
survey of demonstration participant and control group members to be
conducted by the evaluation contractor.
Systems exempted from certain provisions of the privacy act:
None.
09-70-0058
System name: Evaluation of the Medicare SELECT Program, HHS/
HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare enrollees who reside in Alabama, Arizona, California,
Florida, Indiana, Kentucky, Michigan, Minnesota, Missouri, North
Dakota, Ohio, Oregon, Texas, Washington, and Wisconsin who purchase
Medicare SELECT policies and invididuals selected as comparison group
members.
Categories of records in the system:
The system will contain information concerning individuals'
names, Social Security numbers, demographic characteristics (e.g.,
age, sex), supplemental health insurance coverage, utilization an
cost of health care services, and selection of health care providers.
Authority for maintenance of the system:
Section 4358(d) of the Omnibus Budget Reconciliation Act of 1990,
Pub. L. 101-508 (42 U.S.C. 139522 note).
Purpose(s):
To provide data necessary to analyze the impact of Medicare
SELECT policies on participants' use and cost of services, and
selection of providers of care.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Information will be retrieved by the beneficiary's name, Social
Security number, and Health Insurance Claim number:
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Paper copies of data collection forms and magnetic tapes (or
equivalent media) with identifiers will be retained in secure storage
areas. Records will be retained for 2 years after the termination of
the evaluation contract. The disposal techniques of degaussing will
be used to strip magnetic tape (or equivalent media) of identifying
names and numbers. Paper copies of records will be destroyed at this
time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include the following: Medicare SELECT insurance policies
sold to participants; utilization data systems maintained by
providers who serve the covered population and comparison group
members; a survey of demonstration participants and control group
members; and HCFA claims and administrative data.
System exempted from certain provisions of the act:
None.
09-70-0059
System name: The Medicaid Necessity, Appropriateness, and
Outcomes of Care Study, HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicaid enrollees and privately insure individuals who receive
hospital services at 250 hospitals in the three States (California,
Georgia, and Michigan) chosen to participate in the study.
Categories of records in the system:
The system will contain information concerning a patient's name,
medical record number, demographic characteristics (e.g., age, sex),
medical diagnoses and conditions, receipt of services, treatment
protocols, outcomes of care, and other characteristics associated
with the medical care rendered.
Authority for maintenance of the system:
This proposed system of records is authorized by section 9432(c)
of Pub. L. 99-509, the Omnibus Budget Reconciliation Act of 1986.
Purpose(s):
To provide data necessary to evaluate differences in the nature
and outcomes of care received by Medicaid and privately insured
patients for selected conditions and treatments.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and electronic media.
Retrievability:
Information will be retrieved by person's name and medical record
number, or Social Security number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hard copy data collection forms and magnetic tapes (or equivalent
media) with identifiers will be retained in secure storage areas.
Records will be retained for as long as needed for program research.
Records will be disposed of 5 years after research is completed. The
disposal techniques of degaussing will be used to strip magnetic tape
(or equivalent media) of identifying names and numbers.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include: Hospital discharge abstracts, medical records,
hospital business office data on source of payment, and hospital
emergency room logs and records.
Systems exempt from certain provisions of the Act:
None.
09-70-0063
System name: Evaluation of the Medicaid Demonstration for
Improving Access to Care for Substance Abusing Pregnant Women,
HHS/HCFA/ORD.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicaid eligibles in demonstration and in comparison sites.
Areas participating in the demonstration were awarded through a
competitive grant process. The demonstration is being implemented in
five States: Maryland, Massachusetts, New York, South Carolina, and
Washington.
Categories of records in the system:
The system will contain information concerning individuals'
names, Medicaid numbers, Social Security numbers, demographic
characteristics (e.g., age, sex), substance abuse history, and
utilization and cost of health care services.
Authority for maintenance of the system:
Section 1115 of the Social Security Act, 42 U.S.C. 1315.
Purpose(s):
To provide data necessary to analyze the impact of the Medicaid
Demonstration for Improving Access to Care for Substance Abusing
Pregnant Women.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and electronic media.
Retrievability:
Information will be retrieved by the Medicaid eligible woman's
name, Social Security number, and Medicaid number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Paper copies of data collection forms and magnetic tapes (or
equivalent media) with identifiers will be retained in secured
storage areas. Records will be retained for 2 years after the
termination of the evaluation contract. The disposal techniques of
degaussing will be used to strip magnetic tape (or equivalent media)
of identifying names and numbers. Paper copies of records will be
destroyed at this time.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include the following: Vital records; utilization data
systems maintained by case managers and providers who serve the
covered population and comparison group members; a survey of
demonstration participants and control group members; substance abuse
data; and Medicaid claims and administrative data.
Systems exempted from certain provisions of the Act:
None.
09-70-0064
System name:
Individuals Authorized Access to the Health Care Financing
Administration (HCFA) Data Center.
Security classification:
None.
System location:
Health care financing administration, Bureau of Data Management
and Strategy, 7131 Rutherford Road, Baltimore, Maryland 21244.
Categories of individuals covered by the system:
Those individuals with an approved need for access to the
computer resources and information maintained by the Health Care
Financing Administration.
Categories of records in the system:
The system contains name, work address, work phone number, an
assigned user identification (UserID) number, an associated password,
and the software system(s) that the individual is authorized to use.
Authority for maintenance of the system:
5 U.S.C. 552(e)(10)
Purpose(s):
This system is used for assigning, controlling, tracking, and
reporting authorized access to and use of HCFA's computerized
information and resources.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
1. To a congressional, from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
4. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof, or
(b) Any HHS employee in his or her official capacity, or
(c) Any HHS in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee, or
(d) The United States Government or any agency thereof when HHS
determines that the litigation is likely to affect HHS or any of its
components;
Is a party to litigation or has an interest in such litigation,
and, HCFA determines that the use of such records by the Department
of Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that each disclosure is compatible with the purpose for
which the records were collected.
3. To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining, or processing records in this
system, or for developing, modifying, and/or manipulating it with ADP
software. Data would also be available to users incidental to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications system containing or supporting
records in the system.
To the Social Security Administration for their assistance to the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained in magnetic media (e.g., magnetic tape
and computer diskettes) and in paper form.
Retrievability:
Magnetic records may be retrieved by name or UserId number. Paper
records are retrieved by UserID number.
Safeguards:
Physical safeguards are established in accordance with Department
standards and National Institute of Standards and Technology
guidelines (e.g., security codes will be used, limiting access to
authorized personnel). System securities are established in
accordance with HHS Information Resource Management (IRM) circular
10, Automated InformationSystems Security Program, and HCFA
Automated System (AIS) Guide, systems Security Policies. All HCFA
agency employees and contractor personnel will be notified of the
confidentiality of the records and of criminal sanctions for
unauthorized disclosure of the information.
Retention and disposal:
HCFA retains hardcopy for 3 years following expiration of an
individual's authorized use of HCFA's computerized information and
resources. When an individual is no longer authorized access to
HCFA's computer resources, their record is deleted from magnetic
media.
System manager(s) and address:
Director, Bureau of Data Management and Strategy, Health Care
Financing Administration, Room 1-A-1,Security Office, Park Building,
5325 Security Boulevard, Baltimore, Maryland 21207-5187.
Notification procedure:
An individual can determine if this system contains a record
about him or her and its contents by writing to the system manager at
the above address. When requesting notification, the individual
should provide his or her name, assigned USER ID number, and
signature. Further details of the procedure are contained in 45 CFR
5b.5.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. They may also
request an accounting of disclosures that have been made of their
records, if any. Further details of the procedure are contained in 45
CFR 5b.5(a)(2)).
Contesting record procedures:
Same as notification procedures. Requestors should reasonably
identify the record, specify the information they are contestiong,
and state the corrective action. The statement should also contain
the reasons for the correction with supporting information to show
how the record is inaccurate, incomplete, untimely, or irrelevant.
Further details ofthe procedure are contained in 45 CFR 5b.7.
Record source categories:
User identification (name, work address, work phone number) is
provided by HCFA by the individual. HCFA specifies the unique UserID
number and the software system(s) authorized for use by the
individual.
Systems exempted from certain provisions of the act:
None.
09-70-0066
System name:
Evaluation of, and External Quality Assurance for, the Community
Nursing Organization Demonstration.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare beneficiaries who receive home health care and certain
ambulatory care services from one of the four CNO project sites
(Carle Clinic, Mahomet, IL; Carondelet Health Care, Tucson, AZ;
Living at Home/Block Nurse Program, St. Paul, MN; Visiting Nurse
Service of New York, New York, NY) chosen to participate in the
demonstration.
Categories of records in the system:
The system will contain information concerning a patient's name,
Health Insurance Claim Number, demographic characteristics (e.g.,
sex, age), medical diagnoses and conditions, receipt of service,
health and functional status, and utilization of home health services
and certain ambulatory care services.
Authority for maintenance of the system:
Section 4079(c)(6) of the Omnibus Reconciliation Act of 1987
(Pub. L. 100-203).
Purpose(s)
To provide data necessary to test the feasibility of a capitated
nurse-case managed service delivery model and the effect it has on
patient care. The system will also provide data necessary to assess
and monitor the quality of home health care and selected ambulatory
care services rendered by providers participating in the Community
Nursing Organization Demonstration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' Disclosure may be made:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Records are retrieved by beneficiary name and health insurance
claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HCFA system. For computerized
records, safeguards have been established in accordance with
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program, HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Hardcopy data collection forms and magnetic media with
identifiers will be retained in secure storage areas. These records
will be retained for 1 year after the termination of the monitoring
contract. Records are maintaned with identifiers as long as needed
for program research analysis.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850. The telephone
number is 410-786-6501.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, age, and sex, and for verification purposes,
the subject individual's name (woman's maiden name, if applicable)
and social security number (SSN). Furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
expected to include: Data collected from the Medicare claims files;
Medicare Statistical Systems; CNO plans of care and related patient
records; supplemental patient intake forms prepared by the CNOs; and
results of quality assessments conducted by the contractor.
Systems exempted from certain provisions of the act:
None.
09-70-0067
System name:
End-Stage Renal Disease (ESRD) Managed Care Demonstration System,
HHS/HCFA/OSP.
Security classification:
None.
System location:
Health Care Financing Administration, Office of Information
Services, 7500 Security Boulevard, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Medicare ESRD beneficiaries enrolled in the ESRD Managed Care
Demonstration and Medicare ESRD beneficiaries in comparison groups.
Categories of records in the system:
Individual-level information on demographics, utilization of
specific health care services, cost and quality of those services,
clinical outcomes and effectiveness of care, and patient satisfaction
will be collected.
Authority for maintenance of the system:
Authority for maintenance of the system is section 2355 of the
Deficit Reduction Act of 1984, Pub. L. 98-369, as amended by section
4207(b)(4) of the Omnibus Budget Reconciliation Act (OBRA) of 1990,
Pub. L. 101-508, and as amended by section 13567(b) of OBRA 1993,
Pub. L. 103-66.
Purpose(s):
To collect and maintain information on beneficiaries enrolled in
the ESRD Managed Care Demonstration, and ESRD beneficiaries in
comparison groups, in order to monitor and evaluate the
demonstration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These routine uses specify additional circumstances under which
HCFA may release information from the ESRD Managed Care Demonstration
System without the consent of the individual to whom such information
pertains. Each proposed disclosure of information under these routine
uses will be evaluated to ensure that the disclosure is legally
permissible, including, but not limited to, ensuring that the purpose
of the disclosure is compatible with the purpose for which the
information was collected. Also, HCFA will require each prospective
recipient of such information to agree in writing to certain
conditions to ensure the continuing confidentiality and physical
safeguards of the information. More specifically, as a condition of
each disclosure under these routine uses, HCFA will, as necessary and
appropriate:
(a) Determine that no other Federal statute specifically
prohibits disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form,
(2) Is of sufficient importance to warrant the effect on, or the
risk to, the privacy of the individual(s) that additional exposure of
the record(s) might bring, and
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished.
(d) Require the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use, or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent of the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III--Security of Federal Automated Information Systems which sets
forth guidelines for security plans for automated information systems
in Federal agencies;
(2) Remove or destroy the information that allows subject
individual(s) to be identified at the earliest time at which removal
or destruction can be accomplished, consistent with the purpose of
the request;
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed; and
(4) Make no further uses or disclosure of the information,
except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions,
provided HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient
attests to an understanding of, and willingness to abide by the
foregoing provisions and any additional provisions that HCFA deems
appropriate in the particular circumstances; and
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
procedures for matching agreements as contained in 5 U.S.C. 552a(o)
must be followed.
Disclosure may be made:
1. To a Congressional office, from the record of an individual,
in response to an inquiry from the Congressional office made at the
request of that individual;
2. To the Bureau of Census for use in processing research and
statistical data directly related to the programs administered in
whole or in part by HCFA;
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity, where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States, or any agency thereof, where HHS
determines that the litigation is likely to affect HHS or any of its
components, is a party to litigation or has an interest in such
litigation, and HHS determines that the use of such records by the
Department of Justice, the tribunal, or the other party is relevant
and necessary to the litigation and would help in the effective
representation of the governmental party or interest, provided,
however, that in each case HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
4. To an individual or organization for a research,
demonstration, evaluation, or epidemiological project related to the
prevention of disease or disability, the restoration or maintenance
of health, or for purposes of determining, evaluating and/or
assessing cost, effectiveness, and/or the quality of health care
services provided.
5. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system, or for developing, modifying, and/or manipulating automated
information systems (ADP) software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for ADP or telecommunications systems
containing or supporting records in the system.
6. To a peer review organization or ESRD network for health care
quality improvement projects conducted in accordance with its
contract with HCFA.
7. To state Medicaid agencies pursuant to agreements with the
Department of Health and Human Services for determining Medicaid and
Medicare eligibility of recipients of assistance under titles IV,
XVIII, and XIX of the Social Security Act, and for the complete
administration of the Medicaid program.
8. To an agency of a state Government, or established by state
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the state.
9. To another Federal or state agency:
(a) To contribute to the accuracy of HCFA's proper payment of
Medicare health benefits, including release to the Social Security
Administration for its assistance in the implementation of HCFA's
Medicare and Medicaid programs, or
(b) As necessary to enable such agency to fulfill a requirement
of a Federal statute or regulation, or a state statute or regulation
that implements a program funded in whole or in part with Federal
funds.
10. To a HCFA contractor, including but not limited to, fiscal
intermediaries and carriers under title XVIII of the Social Security
Act, to administer some aspect of a HCFA-administered grant program,
which program is or could be affected by fraud or abuse, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to,
defending against, correcting, remedying, or otherwise combating such
fraud or abuse in such programs.
11. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to,
defending against, correcting, remedying, or otherwise combating such
fraud or abuse in a health benefits program funded in whole or in
part by Federal funds.
12. To any entity that makes payment for, or oversees
administration of, health services, for the purpose of preventing,
deterring, discovering, detecting, investigating, examining,
prosecuting, suing with respect to, defending against, correcting,
remedying, or otherwise combating such fraud or abuse against such
entity or the program or services administered by such entity,
provided:
(a) Such entity enters into an agreement with HCFA to share
knowledge and information regarding actual or potential fraudulent or
abusive practices or activities regarding the delivery or receipt of
health care services, or regarding securing payment or reimbursement
for health care services, or any practice or activity that, if
directed toward a HCFA-administered program, might reasonably be
construed as actually or potentially fraudulent or abusive;
(b) Such entity does, on a regular basis, or at such times as
HCFA may request, fully and freely share such knowledge and
information with HCFA, or as directed by HCFA, with HCFA's
contractors; and
(c) HCFA determines that it may reasonably conclude that the
knowledge or information it has received or is likely to receive from
such entity could lead to preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
fraud or abuse in the Medicare, Medicaid, or other health benefits
program administered by HCFA or funded in whole or in part by Federal
funds.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are stored on magnetic tapes and computer disks.
Retrievability:
The records are retrieved by health insurance claim number.
Safeguards:
Access is limited to authorized HCFA personnel and HCFA
contractor employees in the performance of their duties. HHS
contractors and collaborating researchers are required to comply with
the provisions of the Privacy Act, and are required to sign Assurance
of Confidentiality Forms (or Data Security Statements) that are kept
on file by the contractor. For computerized records, safeguards
established in accordance with Department standards and National
Institute of Standards and Technology guidelines (e.g., security
codes) will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular #10, Automated Information Systems
Security Program; and HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are maintained with identifiers as long as needed for
program research.
System manager(s) and address:
Director, Office of Strategic Planning (OSP), Health Care
Financing Administration, 7500 Security Boulevard, Baltimore,
Maryland 21244-1850.
Notification procedure:
The subject individual should write the system manager, who will
require the system name, health insurance claim number, and, for
verification purposes, name, address, date of birth, and sex to
ascertain whether or not the individual's record is in the system.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with the Department Regulation 45 CFR
5b.5(a)(2).)
Contesting record procedures:
Contact the system manager named above, and reasonably identify
the record and specify the information to be contested. State the
corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department Regulation 45 CFR 5b.7.)
Record source categories:
The identifying information contained in these records is
obtained from demonstration enrollees, and from the group health
plans operating the demonstration and their participating providers.
These data will be linked with HCFA administrative data, such as
claims and enrollment data.
Systems exempted from certain provisions of the act:
None.
09-70-0069
System name:
Links of Social Security Administration (SSA) and Health Care
Financing Administration (HCFA) Data (LOD), HHS/HCFA/OSP, 09-70-0069.
Security classification:
Level 3, Privacy Act Sensitive Data
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, and Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Samples of the United States population served by programs
administered by HCFA and SSA.
Categories of records in the system:
The system includes the following information for each: name,
social security number, Medicaid identification number, health
insurance claim number, eligibility for SSA and HCFA programs, and
benefit record information.
Authority for maintenance of the system:
Section 1875(a) of the Social Security Act [42 U.S.C. 1395ii(a)]
and section 1110 of the Social Security Act [42 U.S.C. 1310].
Purpose(s):
The primary purpose of this system of records is to provide
information that will be used to conduct research, perform policy
analysis, and improve program management for populations served by
both SSA and HCFA. Information in this system will support research,
evaluation, or epidemiological projects; special projects and
activities performed within the agency or by a contractor or
consultant; support constituent requests made to a congressional
representative; and support litigation involving the agency.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose,
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine use in this system meets the
compatibility requirement of the Privacy Act. We are proposing to
establish the following routine use disclosures of information, which
will be maintained in the system:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
3. To a member of congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has
(d) Agreed to represent the employee, or the United States
Government is,
a party to litigation or has an interest in such litigation, and
by careful review, HCFA determines that the records are both relevant
and necessary to the litigation.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer diskette and on magnetic storage media.
Retrievability:
Information can be retrieved by the social security number,
Medicaid identification number, health insurance claim number and by
name.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the LOD system. For computerized records,
safeguards have been established in accordance with HHS standards and
National Institute of Standards and Technology guidelines, e.g.,
security codes will be used, limiting access to authorized personnel.
System securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program; HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are maintained in a secure storage area with identifiers.
Records will be retained for 15 years.
System manager(s) and address:
Director, Office of Strategic Planning, HCFA, Room C3-20-11, 7500
Security Boulevard, Baltimore, Maryland 21244-1850. The telephone
number is 410-786-7932.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, Medicaid
identification number, health insurance claim number, address, date
of birth, sex, and for verification purposes, the subject
individual's name (woman's maiden name, if applicable), and social
security number (SSN). Furnishing the SSN is voluntary, but it may
make searching for a record easier and prevent delay.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system include
data collected from SSA systems of records, e.g., Supplemental
Security Record (09-60-0103), Master Beneficiary Record (09-60-0090),
Disability Determination Files (09-60-0044), and Social Security
Account Number Identification File (09-60-0058) and HCFA systems of
records, e.g., Medicaid Statistical Information System (09-70-6001),
Current Beneficiary Survey (09-70-6002), Common Working Files (09-70-
0526), National Claims History Files (09-70-0005) and Enrollment Data
Base (09-70-0502).
Systems exempted from certain provisions of the act:
None.
09-70-0501
System name:
Carrier Medicare Claim Records, HHS/HCFA/BPO.
Security classification:
None.
System location:
Carriers under contract to the Health Care Financing
Administration (HCFA) and the Social Security Administration. Direct
any inquiries regarding carrier locations to HCFA, Bureau of Program
Operations, Office of Contracting and Financial Management, Division
of Acquisition and Contracts, Contractor Operations Branch, Meadows
East Building, Room 332, 6325 Security Boulevard, Baltimore, Maryland
21207-5187.
Categories of individuals covered by the system:
Beneficiaries who have submitted claims for Supplementary Medical
Insurance (Medicare Part B), or individuals whose enrollment in an
employer group health benefits plan covers the beneficiary.
Categories of records in the system:
Request for Payment: Provider Billing for Patient services by
Physician; Prepayment Plan for Group Medicare Practice dealing
through a Carrier, Health Insurance Claim Form, Request for Medical
Payment, Patient's Request for Medicare Payment, Request for Medicare
Payment-Ambulance, Explanation of Benefits, Summary Payment Voucher,
Request for Claim Number Verification; Payment Record Transmittal;
Statement of Person Regarding Medicare Payment for Medical Services
Furnished Deceased Patient; Report of Prior Period of Entitlement;
itemized bills and other similar documents from beneficiaries
required to support payments to beneficiaries and to physicians and
other suppliers of Part B Medicare services; Medicare secondary payer
records containing other party liability insurance information
necessary for appropriate Medicare claim payment.
Authority for maintenance of the system:
Sections 1842, 1862(b) and 1874 of title XVIII of the Social
Security Act (42 U.S.C. 1395u, 1395y(b) and 1395kk).
Purpose(s):
To properly pay medical insurance benefits to or on behalf of
entitled beneficiaries.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) Claimants, their authorized representative or
representative's payees to the extent necessary to pursue claims made
under Title XVIII of the Social Security Act (Medicare).
(2) Third-party contacts (without the consent of the individuals
to whom the information pertains) in situations where the party to be
contacted has, or is expected to have information relating to the
individual's capability to manage his or her affairs or to his or her
eligibility for or entitlement to benefits under the Medicare program
when:
(a) The individual is unable to provide the information being
sought (an individual is considered to be unable to provide certain
types of information when any of the following conditions exist:
Individual is incapable or of questionable mental capability, cannot
read or write, cannot afford the cost of obtaining the information, a
language barrier exists, or the custodian of the information will
not, as a matter of policy, provide it to the individual), or
(b) The data are needed to establish the validity of evidence or
to verify the accuracy of information presented by the individual,
and it concerns one or more of the following; the individual's
eligibility to benefits under the Medicare program;: The amount of
reimbursement;: Any case in which the evidence is being reviewed as a
result of suspected abuse or fraud, concern for program integrity, or
for quality appraisal, or evaluation and measurement of system
activities.
(3) Third-party contacts where necessary to establish or verify
information provided by representative payees or payee applicants.
(4) The Treasury Department for investigating alleged theft,
forgery, or unlawful negotiation of Medicare reimbursement checks.
(5) The U.S. Postal Service for investigating alleged forgery or
theft of Medicare checks.
(6) The Department of Justice for investigating and prosecuting
violations of the Social Security Act to which criminal penalties
attach, or other criminal statutes as they pertain to the Social
Security Act programs, for representing the Secretary, and for
investigating issues of fraud by agency officers or employees, or
violation of civil rights.
(7) The Railroad Retirement Board for administering provisions of
the Railroad Retirement and Social Security Acts relating to railroad
employment.
(8) Peer Review Organizations and Quality Review Organizations in
connection with their review of claims, or in connection with studies
or other review activities, conducted pursuant to Part B of Title XI
of the Social Security Act.
(9) State Licensing Boards for review of unethical practices of
nonprofessional conduct.
(10) Providers and suppliers of services (and their authorized
billing agents) directly or dealing through fiscal intermediaries or
carriers, for administration of provisions of title XVIII.
(11) An individual or organization for a research, evaluation or
epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health if HCFA:
a. Determines that the use of disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained.
b. Determines that the purpose for which this disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form.
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished:
(c) Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety or
any individual.
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA.
(c) For disclosure to a properly identified person for the
purpose of audit related to the research project, if information that
would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(d) When required by law;
d. Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by these
provisions.
(12) State welfare departments pursuant to agreements with the
Department of Health and Human Services for administration of State
supplementation payments for determinations of eligibility for
Medicaid, for enrollment of welfare recipients for medical insurance
under section 1843 of the Social Security Act, for quality control
studies, for determining eligibility of recipients of assistance
under titles IV and XIX of the Social Security Act, and for the
complete administration of the Medicaid program.
(13) A congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
(14) State audit agencies in connection with the audit of
Medicare eligibility considerations. Disclosures of physicians'
customary charge data are made to State audit agencies in order to
ascertain the corrections of Title XIX charges and payments.
(15) The Department of Justice to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component therein; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice or HHS, (where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(16) Peer review groups, consisting of members of State, County,
or local medical societies or medical care foundations (physicians),
appointed by the medical societies or foundation at the request of
the carrier to assist in the resolution of questions of medical
necessity, utilization of particular procedures or practices, or
other utilization of services with respect to Medicare claims
submitted to the carrier.
(17) Physicians and other suppliers of services who are
attempting to validate individual items on which the amounts included
in the annual Physician-Supplier Payment List or similar publications
are based.
(18) Senior citizen volunteers working in intermediaries' and
carriers' offices to assist Medicare beneficiaries in response to
beneficiaries' requests for assistance.
(19) A contractor working with Medicare carriers/intermediaries
to identify and recover erroneous Medicare payments for which
workers' compensation programs are liable.
(20) State and other governmental Workers' Compensation Agencies
working with the Health Care Financing Administration to assure that
workers' compensation payments are made where Medicare has
erroneously paid and workers' compensation programs are liable.
(21) Insurance companies, self-insurers, Health Maintenance
Organizations, multiple employer trusts and other groups providing
protection against medical expenses of their enrollees. Information
to be disclosed shall be limited to Medicare entitlement data. In
order to receive the information the entity must agree to the
following conditions:
a. To certify that the individual on whom the information is
being provided is one of its insured;
b. To utilize the information solely for the purpose of
processing the identified individual's insurance claims; and
c. To safeguard the confidentiality of the data and to prevent
unauthorized access to it.
(22) To a contractor for the purpose of collating, analyzing,
aggregating or other wise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
(23) To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the State, if HCFA:
a. Determines that the use of disclosure does not violate legal
limitations under which the data were provided, collected or
obtained:
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individuals that additional exposure of the
record might bring, and;
(3) There is reasonable probability that the objectives for the
use would be accomplished; and
d. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization in HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions. The
recipient must agree to the following:
(a) Not to use the data for purposes that are not related to the
evaluation of cost, quality and effectiveness of care;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level when no data cells have ten or fewer
beneficiaries); and
(c) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
(24) To insurers, underwriters, third party administrators, self-
insurers, groups health plans, employers, health maintenance
organizations, health and welfare benefit funds, Federal agencies, a
State or local government or political subdivision of either (when
the organization has assumed the role of an insurer, underwriter, or
third party administrator, or in the case of a State that assumes the
liabilities of an insolvent insurer, through a State created
insolvent insurer pool or fund), multiple-employer trusts, no-fault,
medical, automobile insurers, workers' compensation carriers or
plans, liability insurers, and other groups providing protection
against medical expenses who are primary payers to Medicare in
accordance with 42 U.S.C. 1395y(b), or any entity having knowledge of
the occurrence of any event affecting (A) an individual's right to
any such benefit or payment, or (B) the initial or continued right to
any such benefit or payment (for example, a State Medicaid Agency,
State Workers' Compensation Board, or the Department of Motor
Vehicles), for the purpose of coordination of benefits with the
Medicare program and implementation of the Medicare Secondary Payer
provisions at 42 U.S.C. 1395y(b). The information HCFA may disclose
will be:
b Beneficiary Name.
b Beneficiary Address.
b Beneficiary Health Insurance Claim Number.
b Beneficiary Social Security Number.
b Beneficiary Sex.
b Beneficiary Date of Birth
b Amount of Medicare Conditional Payment
b Provider name and number
b Physician name and number
b Supplier name and number
b Dates of service
b Nature of Service
b Diagnosis.
To administer the Medicare Secondary Payer provisions at 42
U.S.C. 1395y(b)(2), (3), and (4) more effectively, HCFA would receive
(to the extent that it is available) and may disclose the following
types of information from insurers, underwriters, third party
administrators (TPAs), self-insured, etc.:
b Subscriber Name and Address.
b Subscriber Date of Birth.
b Subscriber Social Security Number.
b Dependent Name.
b Dependent Date of Birth.
b Dependent Social Security Number.
b Dependent Relationship to Subscriber.
b Insurer/Underwriter/TPA Name and Address.
b Insurer/Underwriter/TPA Group Number.
b Insurer/Underwriter/TPA Group Name.
b Prescription Drug Coverage.
b Policy Number.
b Effective Date of Coverage.
b Employer Name, Employer Identification Number (EIN) and
Address.
b Employment Status.
b Amounts of Payment.
To administer the Medicare Secondary Payer provision at 42 U.S.C.
1395y(b)(1) more effectively for entities such as Workers
Compensation carriers or boards, liability insurers, no-fault and
automobile medical policies or plans, HCFA would receive (to the
extent that it is available) and may disclose the following
information:
b Beneficiary's Name and Address.
b Beneficiary's Date of Birth.
b Beneficiary's Social Security Number.
b Name of Insured.
b Insurer Name and Address.
b Type of coverage; automobile medical, no-fault, liability
payment, or workers' compensation settlement.
b Insured's Policy Number.
b Effective Date of Coverage.
b Date of accident, injury or illness.
b Amount of payment under liability, no-fault, or automobile
medical policies, plans, and workers' compensation settlement.
b Employer Name and Address (Workers' Compensation only).
b Name of insured could be the driver of the car, a business, the
beneficiary (i.e., the name of the individual or entity which carries
the insurance policy or plan).
In order to receive this information the entity must agree to the
following conditions:
a. To utilize the information solely for the purpose of
coordination of benefits with the Medicare program and other third
party payers in accordance with 42 U.S.C. 1395y(b);
b. To safeguard the confidentiality of the data and to prevent
unauthorized access to it;
c. To prohibit the use of beneficiary-specific data for purposes
other than for the coordination of benefits among third party payers
and the Medicare program. This agreement would allow the entities to
use the information to determine cases where they or other third
party payers have primary responsibility for payment. Examples of
prohibited uses would include but are not limited to: Creation of a
mailing list, sale or transfer of data.
--To administer the MSP provisions more effectively, HCFA may
receive or disclose the following types of information from or to
entities including insurers, underwriters, third party administrators
(TPAs), and self-insured plans, concerning potentially affected
individuals:
b Subscriber Health Insurance Claim Number.
b Dependent Name.
b Funding arrangements of employer group health plans, for
example, contributory or non-contributory plan, self-insured, re-
insured, HMO, TPA insurance.
b Claims payment information, for example, the amount paid, the
date of payment, the name of the insurer or payer.
b Dates of employment including termination date, if appropriate.
b Number of full and/or part-time employees in the current and
preceding calendar years.
b Employment status of subscriber, for example full or part time,
self employed.
(25) To the Internal Revenue Service for the application of tax
penalties against employers and employee organizations that
contribute to Employer Group Health Plans or Large Group Health Plans
that are not in compliance with 42 U.S.C. 1395y(b).
(26) To servicing Fiscal Intermediary/Carrier banks, Automated
Clearing Houses, VANs and provider banks to the extent necessary to
transfer to providers electronic remittance advice of Medicare
payments, and with respect to provider banks, to the extent necessary
to provide account management services to providers using this
information.
(27) To the Social Security Administration for their assistance
in the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(28) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(29) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records maintained on paper and electronic media.
Retrievability:
System is indexed by health insurance claim number. The record is
prepared by the physician, supplier or other provider with
identifying information received from the beneficiary to establish
eligibility for Medicare and document and support payments to
physicians, suppliers or other providers by the carrier. The claim
data are forwarded to the Health Care Financing Administration,
Bureau of Data Management and Strategy, Baltimore, MD, where they are
used to update the Central Office Records.
Safeguards:
Unauthorized personnel are denied access to the records area.
Disclosure is limited. Physical safeguards related to the
transmission and reception of data between Rockville and Baltimore
are those requirements established in accordance with HHS standards
and National Institute of Standards and Technology guidelines (e.g.,
security codes will be used, limiting access to authorized
personnel). System securities are established in accordance with HHS
Information Resource Management (IRM) Circular #10, Automated
Information Systems Security Program, and HCFA's Automated
Information Systems (AIS) Guide, Systems Security Policies.
Retention and disposal:
Records are closed at the end of the calendar year in which paid,
held 2 additional years, transferred to Federal Records Center and
destroyed after another 2 years.
System manager(s) and address:
Health Care Financing Administration, Director, Bureau of Program
Operations, 6325 Security Boulevard, Baltimore, MD 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the most convenient social security office, the appropriate carrier,
the HCFA Regional Office, or to the system manager named above. The
individual should furnish his or her health insurance claim number
and the name as shown on social security records. An individual who
requests notification of or access to a medical record shall, at the
time the request is made, designate in writing a responsible
representative who will be willing to review the record and inform
the subject individual of its contents at the representative's
discretion.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the records contents being sought. These
procedures are in accordance with Department Regulations, 45 CFR
5b.5(a)(2).
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. These
procedures are in accordance with Department regulations, 45 CFR
5b.7.
Record source categories:
The data contained in these records is either furnished by the
individual or, in the case of some Medicare secondary payer
situations, through third party contacts. In most cases, the
identifying information is provided to the physician by the
individual. The physician then adds the medical information and
submits the bill to the carrier for payment.
Systems exempted from certain provisions of the act:
None.
09-70-0502
System name: Health Insurance Master Record, HHS/HCFA/BPO.
Security classification:
None.
System location:
Health Care Financing Administration Bureau of Data Management
and Strategy, 6325 Security Blvd., Baltimore, Md. 21207. Federal
Records Centers.
Categories of individuals covered by the system:
Individuals age 65 or over who have been, or currently are,
entitled to health insurance (Medicare) benefits under title XVIII of
the Social Security Act; individuals under age 65 who have been, or
currently are, entitled to such benefits on the basis of having been
entitled for not less than 24 months to disability benefits under
title II of the Act or under the Railroad Retirement Act and
individuals who have been, or currently are, entitled to such
benefits because they have end-stage renal disease; or individuals
whose enrollment in an employer group health benefits plan covers the
beneficiary.
Categories of records in the system:
The system contains information on enrollment, entitlement,
utilization, query and reply activity, health insurance bill and
payment record processing workers' compensation entitlement
information, and entitlement information from the Veterans'
Administration (VA), Health Insurance Master Record maintenance, and
Medicare secondary payer records containing other party liability
insurance information necessary for appropriate Medicare claim
payment.
Authority for maintenance of the system:
Section 1814, 1833 and 1862(b) of title XVIII of the Social
Security Act (42 U.S.C. 1396f, 1395l and 1395y(b)).
Purpose(s):
To maintain information on Medicare beneficiary eligibility and
costs in order to reply to inquiries from contractors and
intermediaries and to maintain utilization data for health insurance
bill and payment record processing.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) The Railroad Retirement Board for administering provisions of
the Railroad Retirement and Social Security Act relating to railroad
employment.
(2) State Welfare Department pursuant to agreements with the
Department of Health and Human Services for determining Medicaid and
Medicare eligibility for quality control studies, for determining
eligibility of recipients of assistance under title IV, XVIII, and
XIX of the Social Security Act, and for the complete administration
of the Medicaid program.
(3) State audit agencies for auditing State Medicaid eligibility
considerations.
(4) Providers and suppliers of services directly or dealing
through fiscal intermediaries or carriers for administration of title
XVIII.
(5) A congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(6) An individual or organization for a research, evaluation or
epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health if HCFA:
a. Determine that the use of disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the purpose of which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form.
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished:
c. Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual.
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA.
(c) For disclosure to a property identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(d) When required by law:
d. Secures a written statement attesting to the information
recipient(s) understanding of and willingness to abide by these
provisions.
(7) The Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(8) To a contractor when the Department contracts with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(9) State welfare agencies that require access to the two files
which are extracted from the Health Insurance Master Record. These
files are the Carrier Alphabetical State File (CASF) and Beneficiary
State File (BEST). Most State agencies require access to the CASF and
BEST files for improved administration of the Medicaid program.
Routine uses of the CASF and BEST files for State agencies are: (a)
Obtaining a beneficiary's correct health insurance claim number and
(b) screening of prepayment and post-payment Medicaid claims.
(10) Third-party contacts (without the consent of the individual
to whom the information pertains) in situations where the party to be
contacted has, or is expected to have information relating to the
individual's capability or manage his or her affairs or to his or her
eligibility for an entitlement to benefits under the Medicare program
when:
(a) The individual is unable to provide the information being
sought (an individual is considered to be unable to provide certain
types of information when any of the following conditions exist:
Individual is incapable or of questionable mental capability, cannot
read or write, cannot afford the cost of obtaining the information, a
language barrier exists, or the custodian of the information will
not, as a matter of policy, provide it to the individual): or
(b) The data are needed to establish the validity of evidence or
to verify the accuracy of information presented by the individual,
and it concerns one or more of the following: The individual's
eligibility to benefits under the Medicare program; the amount of
reimbursement; any case in which the evidence is being reviewed as a
result of suspected abuse or fraud, concern for program integrity, or
for quality appraisal, or evaluation and measurement of system
activities.
(11) Release information, without the beneficiary's
authorization, to insurance companies, self-insurers, Health
Maintenance Organizations, multiple employer trusts and other groups
providing protection against medical expenses of their enrollees.
Information to be disclosed shall be limited to Medicare entitlement
data. In order to receive this information the entity must agree to
the following conditions:
a. To certify that the individual about whom the information is
being provided is one of its insureds;
b. To utilize the information solely for the purpose of
processing the identified individual's insurance claims; and
c. To safeguard the confidentiality of the data and to prevent
unauthorized access to it.
(12) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors, incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
(13) To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the State, if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individuals that additional exposure of the
record might bring, and;
(3) There is reasonable probability that the objective for the
use would be accomplished; and
d. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except;
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subject to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of an willingness to abide by these provisions. The
recipient must agree to the following:
(1) Not to use the data for purposes that are not related to the
evaluation of cost, quality, and effectiveness of care;
(2) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level when no data cells have ten or fewer
beneficiaries); and
(3) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
(14) To a group health plan (i.e., health maintenance
organization (HMO), or a competitive medical plan (CMP)) with a
Medicare contract, or a Medicare-approved health care prepayment plan
(HCPP), directly or through a contractor on a case-by-case basis for
the purpose of determining the eligibility of a Medicare beneficiary
to enroll in the group health plan. Group health plans will have
access only to one record at a time and only through a CRT terminal.
A password must be entered to gain access to the file. Both the
beneficiary name and the Health Insurance Claim number must be
entered to access individual records within the file. The information
disclosed will be the minimum necessary to determine eligibility for
enrollment.
(15) To a contractor when HCFA contracts with a private firm for
the purpose of refining or otherwise processing data and disclosing
such data to group health plans consistent with routine use No. 14.
The contractor will be required to safeguard the confidentiality of
the data and prevent unauthorized use or disclosure.
(16) To insurers, underwriters, third party administrators, self-
insurers, group health plans, employers, health maintenance
organizations, health and welfare benefit funds, Federal agencies, a
State or local government or political subdivision of either (when
the organization has assumed the role of an insurer, underwriter, or
third party administrator, or in the case of a State that assumes the
liabilities of an insolvent insurer, through a State created
insolvent insurer pool or fund), multiple-employer trusts, no-fault,
medical, automobile insurers, workers' compensation carriers or
plans, liability insurers, and other groups providing protection
against medical expenses who are primary payers to Medicare in
accordance with 42 USC 1395y(b), or any entity having knowledge of
the occurrence of any event affecting (A) an individual's right to
any such benefit or payment, or (B) the initial or continued right to
any such benefit or payment (for example, a State Medicaid Agency,
State Workers' Compensation Board, or Department of Motor Vehicles)
for the purpose of coordination of benefits with the Medicare program
and implementation of the Medicare Secondary Payer provisions at 42
USC 1395y(b). The information HCFA may disclose will be:
b Beneficiary Name
b Beneficiary Address
b Beneficiary Health Insurance Claim Number
b Beneficiary Social Security Number
b Beneficiary Sex
b Beneficiary Date of Birth
b Amount of Medicare Conditional Payment
b Provider name and number
b Physician name and number
b Supplier name and number
b Dates of service
b Nature of service
b Diagnosis
To administer the Medicare Secondary payer provisions at 42 USC
1396y(b) (2), (3), (4) more effectively, HCFA would receive (to the
extent that it is available) and may disclose the following types of
information from insurers, underwriters, third party administrators,
self-insureds, etc.:
b Subscriber Name and Address
b Subscriber Date of Birth
b Subscriber Social Security Number
b Dependent Name
b Dependent Date of Birth
b Dependent Social Security Number
b Dependent Relationship to Subscriber
b Insurer/Underwriter/TPA Name and Address
b Insurer/Underwriter/TPA Group Number
b Insurer/Underwriter/TPA Group Name
b Prescription Drug Coverage
b Policy Number
b Effective Date of Coverage
b Employer Name, Employer Identification Number (EIN) and Address
b Employment Status
b Amounts of Payment
To administer the Medicare Secondary payer provision at 42 U.S.C.
1395y(b)(1) more effectively for entities such as Workers
Compensation carriers or boards, liability insurers, no-fault and
automobile medical policies or plans, HCFA would receive (to the
extent that it is available) and may disclose the following
information:
b Beneficiary's Name and Address
b Beneficiary's Date of Birth
b Beneficiary's Social Security Number*
b Name of Insured*
b Insurer Name and Address
b Type of coverage; automobile medical, no-fault, liability
payment, or workers' compensation settlement
b Insured's Policy Number
b Effective Date of Coverage
b Date of accident, injury or illness
b Amount of payment under liability, nofault, or automobile
medical policies, plans, and workers' compensation settlements
b Employer Name and Address (Workers' Compensation only)
b Name of insured could be the driver of the car, a business, the
beneficiary (i.e., the name of the individual or entity which carries
the insurance policy or plan).
In order to receive this information the entity must agree to the
following conditions:
a. To utilize the information solely for the purpose of
coordination of benefits with the Medicare program and other third
party payers in accordance with 42 U.S.C. 1395y(b);
b. To safeguard the confidentiality of the data and to prevent
unauthorized access to it;
c. To prohibit the use of beneficiary-specific data for purposes
other than for the coordination of benefits among third party payers
and the Medicare program. This agreement would allow the entities to
use the information to determine cases where they or other third
party payers have primary responsibility for payment or cases where
Medicare has primary responsibility for payment. Examples of
prohibited uses would include but are not limited to: Creation of a
mailing list, sale or transfer of data.
--To administer the MSP provisions more effectively, HCFA may
receive or disclose the following types of information from or to
entities including insurers, underwriters, third party administrators
(TPAs), and self-insured plans, concerning potentially affected
individuals:
b Subscriber Health Insurance Claim Number
b Dependent Name
b Funding arrangements of employer group health plans, for
example, contributory or non-contributory plan, self-insured, re-
insured, HMO, TPA insurance
b Claims payment information, for example, the amount paid, the
date of payment, the name of the insurer or payer
b Dates of employment including termination date, if appropriate
b Number of full and/or part-time employees in the current and
preceding calendar years
b Employment status of subscriber, for example full or part time,
self employed
(17) To the Internal Revenue Service for the application of tax
penalties against employers and employee organizations that
contribute to Employer Group Health Plans or Large Group Health Plans
that are not in compliance with 42 U.S.C. 1395y(b).
(18) Peer Review Organizations and Quality Review Organizations
in connection with their review of claims, or in connection with
studies or other review activities, conducted pursuant to part B of
title XI of the Social Security Act.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records maintained on paper, listings, microfilm, magnetic tape
disc and punchcards.
Retrievability:
System is sequence by health insurance claim number, and is used
to carry out the tasks of enrollment query/reply activity, and health
insurance bill and payment record processings. Copies of selected
parts of the records will be used by the Office of Statistics and
Data Management.
Safeguards:
Unauthorized personnel are denied access to the records areas.
Disclosure is limited to routine use. For computerized records
electronically transmitted between Central Office and field office
locations (including Medicare contractors) systems securities are
established in accordance with DHHS ADP Systems Manual. Part 6, ``ADP
Systems Security.'' Safeguards include a lock/unlock passwords
system, exclusive use of leased telephone lines, a terminal oriented
transaction matrix, and audit trail.
Retention and disposal:
Records are generally added to the file several months prior to
entitlement. After the death of a beneficiary, his or her records may
be placed in an inactive file following a period of no billing or
query activity. The current 5 years of Part B and current 5 spells of
Part A utilization data are maintained. All noncurrent data is
microfilmed prior to elimination from the system.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operations, Director, Division of Entitlement Requirements, 6325
Security Boulevard, Baltimore, MD 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the most conventional social security office, the appropriate carrier
or intermediary, the HCFA Regional Office, or the system manager
named above. The individual should furnish his or her health
insurance claim number and name as shown on Medicare records.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2).))
Contesting record procedures:
Contact the official at the address specified under notification
procedure above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. (These
procedures are in accordance with Department Regulations (45 CFR
5b.7).)
Record source categories:
The data contained in these records are furnished by the
individual, or in the case of some Medicare secondary payer
situations, through third party contacts. There are cases, however,
in which the identifying information is provided to the physician by
the individual; the physician then adds the medical information and
submits the bill to the carrier for payment. Updating information is
also obtained from the Master Beneficiary Record.
Systems exempted from certain provisions of the act:
None.
90-70-0503
System name: Intermediary Medicare Claims Records, HHS/HCFA/BPO.
Security classification:
None
System location:
Intermediaries under contract to the Health Care Financing
Administration and the Social Security Administration. Direct
inquiries for intermediary locations to: HCFA, Bureau of Program
Operations, Office of Contracting and Financial Management, Division
of Acquisition and Contracts, Contractor Operations Branch, Meadows
East Building, Room 332, 6325 Security Boulevard, Baltimore, Maryland
21207-5187.
Categories of individuals covered by the system:
Beneficiaries on whose behalf providers have submitted claims for
reimbursement on a reasonable cost basis under Medicare parts A and
B, or are eligible, or individuals whose enrollment in an employer
group health benefits plan covers the beneficiary.
Categories of records in the system:
Billing for Medical and Other Health Services: Uniform bill for
provider services or equivalent data in electronic format, and
Medicare Secondary Payer records containing other third party
liability insurance information necessary for appropriate Medicare
claims payment and other documents used to support payments to
beneficiaries and providers of services. These forms contain the
beneficiary's name, sex, health insurance claim number, address, data
of birth, medical record number, prior stay information, provider
name and address, physician's name, and/or identification number,
warranty information when pacemakers are implanted or explanted, date
of admission and discharge, other health insurance, diagnosis,
surgical procedures, and a statement of services rendered for related
charges and other data needed to substantiate claims.
The following elements are outpatient data provided to Medicare
intermediaries by rehabilitation agencies, skilled nursing
facilities, hospital outpatient departments, and home intravenous
drug providers and home health agencies that provide physical therapy
in addition to home health services:
b Outpatient's name
b HI number
b Admission data to provider
b Place treatment rendered
b Number of visits since start of care
b Diagnosis
b Diagnosis requiring treatment
b Onset of condition for which treatment is being sought
b Dates of previous therapy for same diagnosis
b Other therapy outpatient is currently receiving
b Observations
b Precautions and medical equipment
b Functional status immediately prior to this therapy
b Types of treatment--modalities
b Frequency of treatment
b Expected duration of treatment
b Rehabilitation potential
b Level of communication potential
b Average time per visits
b Goals
b Statement of problem at beginning of billing period
b Changes in problem at end of billing period
b Signature of therapist
b Certification and recertification by physician that services
are to be provided from an established plan of care
b Tests results
b Biopsy reports
b Methods of administration, e.g., pill vs. injection
b Physician's orders
b Procedure codes
b Changes
b Weekly progress notes
b National Drug Code (NDC)
Authority for maintenance of the system:
Sections 1816, 1862(b) and 1874 of Title XVIII of the Social
Security Act (42 U.S.C. 1395th, 1395y(b) and 1395kk).
Purpose(s):
To process and pay Medicare benefits to or on behalf of eligible
individuals.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) Claimants, their authorized representatives or representative
payees to the extent necessary to pursue claims made under title
XVIII of the Social Security Act (Medicare).
(2) Third-party contacts without the consent of the individual to
whom the information pertains in situations where the party to be
contacted has, or is expected to have information relating to the
individual's capability to manage his or her affairs or to his or her
eligibility for or entitlement to benefits under the Medicare program
when:
(a) The individual is unable to provide the information being
sought (an individual is considered to be unable to provide certain
types of information when any of the following conditions exist:
Individual is incapable or of questionable mental capability, cannot
read or write, cannot afford the cost of obtaining the information, a
language barrier exists, or the custodian of the information will
not, as a matter of policy provide to the individual), or
(b) The data are needed to establish the vadility of evidence or
to verify the accuracy of information presented by the individual,
and it concerns one or more of the following: The individual's
eligibility to benefits under the Medicare program; the amount of
reimbursement of any case in which the evidence is being reviewed as
a result of suspected abuse or fraud, concern for program integrity,
or for quality appraisal, or evaluation and measurement of systems
activities.
(3) Third-party contacts where necessary to establish or verify
information provided by representative payees or payee applicants.
(4) The Treasury Department for investigating alleged theft,
forgery, or unlawful negotiations of Medicare reimbursement checks.
(5) The U.S Postal Service for investigating alleged forgery or
theft of Medicare checks.
(6) The Department of Justice for investigating and prosecuting
violations of the Social Security Act to which criminal penalties
attach, or other criminal statutes as they pertain to Social Security
Act programs, for representing the Secretary, and for investigating
issues of fraud by agency officers or employees, or violation of
civil rights.
(7) The Railroad Retirement Board for administering provisions of
the Railroad Retirement and Social Security Acts relating to railroad
employment.
(8) Peer Review Organizations and Quality Review Organizations in
connection with their review of claims, or in connection with studies
or other review activities, conducted pursuant to Part B of Title XI
of the Social Security Act.
(9) State Licensing Boards for review of unethical practices or
nonprofessional conduct.
(10) Providers and suppliers of services (and their authorized
billing agents) directly or dealing through fiscal intermediaries or
carriers, for administration of provisions of title XVIII.
(11) An individual or organization for a research, evaluation, or
epidemiological project related to the prevention of disease or
disability, or maintenance of health if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained:
b. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form.
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished:
c. Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual.
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA.
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit.
(d) When required by law:
d. Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by the
provisions.
(12) State welfare departments pursuant to agreements with the
Department of Health and Human Services for administration of State
supplementation payments for determination of eligibility for
Medicaid, for enrollment of welfare recipients for medical insurance
under section 1843 of the Social Security Act, for quality control
studies, for determining eligibility of recipients of assistance
under titles IV and XIX of the Social Security Act, and for the
complete administration of the Medicaid program.
(13) A congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
(14) State audit agencies in connection with the audit of
Medicaid eligibility considerations.
(15) The Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee, or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the government party, provided, however, that in such case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(16) Senior citizen volunteers working in the intermediaries' and
carriers' offices to assist Medicare beneficiaries requests for
assistance.
(17) A contractor working with Medicare carriers/ intermediaries
to identify and recover erroneous Medicare payments for which
workers' compensation programs are liable.
(18) State and other governmental Workers' Compensation Agencies
working with the Health Care Financing Administration to assure that
workers' compensation payments are made where Medicare has
erroneously paid and workers' compensation programs are liable.
Insurance companies, self-insurers, Health Maintenance
Organizations, multiple employer trusts and other groups providing
protection against medical expenses of their enrollees. Information
to be disclosed shall be limited to Medicare entitlement data. In
order to receive this information the entity must agree to the
following conditions:
a. To certify that the individual about whom the information is
being provided is one of its insureds;
b. To utilize the information solely for the purpose of
processing the identified individual's insurance claims; and
c. To safeguard the confidentiality of the data and to prevent
unauthorized access to it.
(20) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
(21) To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the State, if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individuals that additional exposure of the
record might bring; and
(3) There is reasonable probability that the objective for the
use would be accomplished; and
d. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit; or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions. The
recipient must agree to the following:
(1) Not to use the data for purposes that are not related to the
evaluation of cost, quality, and effectiveness of care;
(2) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level when no data cells have ten or fewer
beneficiaries); and
(3) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
(22) To insurers, underwriters, third party administrators
(TPAs), self-insurers, group health plans, employers, health
maintenance organizations, health and welfare benefit funds. Federal
agencies, a State or local government or political subdivision of
either (when the organization has assumed the role of an insurer,
underwriter, or third party administrator, or in the case of a State
that assumes the liabilities of an insolvent insurer, through a State
created insolvent insurer pool or fund), multiple-employer trusts,
no-fault, medical, automobile insurers, workers' compensation
carriers or plans, liability insurers, and other groups providing
protection against medical expenses who are primary payers to
Medicare in accordance with 42 U.S.C. 1395y(b), or any entity having
knowledge of the occurrence of any event affecting (A) an
individual's right to any such benefit or payment, or (B) the initial
or continued right to any such benefit or payment (for example, a
State Medicaid Agency, State Workers' Compensation Board, or
Department of Motor Vehicles) for the purpose of coordination of
benefits with the Medicare program and implementation of the Medicare
Secondary Payer provisions at 42 U.S.C. 1395y(b). The information
HCFA may disclose will be:
b Beneficiary Name
b Beneficiary Address
b Beneficiary Health Insurance Claim Number
b Beneficiary Social Security Number
b Beneficiary Sex
b Beneficiary Date of Birth
b Amount of Medicare Conditional Payment
b Provider Name and number
b Physician Name and number
b Supplier Name and number
b Dates of Service
b Nature of Service
b Diagnosis
To administer the Medicare Secondary payer provisions at 42 USC
1395y(b) (2), (3), (4) more effectively, HCFA would receive (to the
extent that it is available) and may disclose the following types of
information from insurers, underwriters, third party administrators,
self-insureds, etc.:
b Subscriber Name and Address
b Subscriber Date of Birth
b Subscriber Social Security Number
b Dependent Name
b Dependent Date of Birth
b Dependent Social Security Number
b Dependent Relationship to Subscriber
b Insurer/Underwriter/TPA Name and Address
b Insurer/Underwriter/TPA Group Number
b Insurer/Underwriter/TPA Group Name
b Prescription Drug Coverage
b Policy Number
b Effective Date of Coverage
b Employer Name, Employer Identification Number (EIN) and
Address
b Employment Status
b Amounts of Payment
To administer the Medicare Secondary payer provision at 42 USC
12395(b)(1) more effectively for entities such as Workers
Compensation carriers or boards, liability insurers, no-fault and
automobile medical policies or plans, HCFA would receive (to the
extent that it is available) and may disclose the following
information:
b Beneficiary's Name and Address
b Beneficiary's Date of Birth
b Beneficiary's Social Security Number
b Name of Insured
b Insurer Name and Address
b Type of coverage; automobile medical, no-fault, liability
payment, or workers' compensation settlement.
b Insured's Policy Number
b Effective Date of Coverage
b Date of accident, injury or illness
b Amount of payment under liability, no-fault, or automobile
medical policies, plans, and workers compensation settlements.
b Employer Name and Address (Workers' Compensation only)
b Name of insured could be the driver of the car, a business,
the beneficiary (i.e., the name of the individual or entity which
carries the insurance policy or plan).
In order to receive this information the entity must agree to the
following conditions:
a. To utilize the information solely for the purpose of
coordination of benefits with the Medicare program and other third
party payers in accordance with 42 U.S.C. 1395y(b);
b. To safeguard the confidentiality of the data and to prevent
unauthorized access to it;
c. To prohibit the use of beneficiary-specific data for purposes
other than for the coordination of benefits among third party payers
and the Medicare program. This agreement would allow the entities to
use the information to determine cases where they or other third
party payers have primary responsibility for payment or cases where
Medicare has primary responsibility for payment. Examples of
prohibited uses would include but are not limited to: creation of a
mailing list, sale or transfer of data.
--To administer the MSP provisions more effectively, HCFA may
receive or disclose the following types of information from or to
entities including insurers, underwriters, TPAs, and self-insured
plans, concerning potentially affected individuals:
b Subscriber Health Insurance Claim Number
b Dependent Name
b Funding arrangements of employer group health plans, for
example, contributory or non-contributory plan, self-insured, re-
insured, HMO, TPA insurance
b Claims payment information, for example, the amount paid, the
date of payment, the name of the insurer or payer
b Dates of employment including termination date, if
appropriate
b Number of full and/or part-time employees in the current and
preceding calendar years
b Employment status of subscriber, for example full or part
time, self employed
(23) To the Internal Revenue Service for the application of tax
penalties against employers and employee organizations that
contribute to Employer Group Health Plans or Large Group Health Plans
that are not in compliance with 42 U.S.C. 1395y (b).
(24) To servicing Fiscal Intermediary/Carrier banks, Automated
Clearing Houses, VAN's and provider banks to the extent necessary to
transfer to providers electronic remittance advice of Medicare
payments, and with respect to provider banks, to the extent necessary
to provide account management services to providers using this
information.
(25)To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(26) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(27) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records maintained on paper forms and/or electronic media.
Retrievability:
The system is indexed by health insurance claim number. The
record is prepared by the hospital or other provider with identifying
information received from the beneficiary to establish eligibility
for Medicare and document and support payments to providers by the
intermediaries. The bill data are forwarded to the Health Care
Financing Administration, Bureau of Data Management and Strategy,
Baltimore, Md., where they are used to update the central office
records.
Safeguards:
Disclosure of records is limited. Physical safeguards are
established in accordance with Department standards and National
Institute of Standards and Technology guidelines (e.g., security
codes) will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS Information
Resource Management (IRM) Circular 10, Automated Information
Systems Security Program, and HCFA Automated Information Systems
(AIS) Guide, System Security Policies.
Retention and disposal:
Records are closed out at the end of the calendar year in which
paid, held 2 more years, transferred to the Federal Records Center
and destroyed after another 6 years.
System manager(s) and address:
Health Care Financing Administration, Director, Bureau of Program
Operations, 6325 Security Boulevard, Baltimore, MD 21207.
Notification procedure:
Inquiries and requests for systems records should be addressed to
the social security office nearest the requester's residence, the
appropriate intermediary, the HCFA Regional Office, or to the system
manager named above . The individual should furnish his or her health
insurance number and name as shown on social security records. An
individual who requests notification of or access to a medical record
shall, at the time the request is made, designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of its contents at the
representative's discretion.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the records contents being sought. These
procedures are in accordance with Department Regulations, 45 CFR
5b.5(a)(2).
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. These
procedures are in accordance with Department Regulations, 45 CFR
5b.5(a)(2).
Record source categories:
The identifying information contained in these records is
obtained by the provider from the individual or, in the case of some
Medicare secondary payer situations, through third party contacts.
The medical information is entered by the provider of medical
services.
Systems exempted from certain provisions of the act:
None.
09-70-0504
System name: Beneficiary Part A and B Uncollectible Overpayment
File, HHS/HCFA/BPO.
Security classification:
None.
System location:
Health Care Financing Administration, Director, Bureau of Program
Operations, 6325 Security Blvd., Baltimore, Maryland 21207.
Categories of individuals covered by the system:
The system contains the name of the beneficiary on whose account
an overpayment has been made and the name of the physician or
supplier to whom the overpayment was made.
Categories of records in the system:
The file includes completed Medicare claims forms which contain
patient's name, sex, claim number, address, date of birth, date of
treatment, diagnosis, and summary of treatment rendered as well as
other documents that were used in calculating the existence and
amount of overpayment.
Authority for maintenance of the system:
Section 1870 of the Social Security Act (42 U.S.C. 1395gg) and
Section 3 of the Federal Claims Collection Act of 1966, 30 U.S.C.
952.
Purpose(s):
To provide documentation and to control cases involving Medicare
beneficiary overpayments which are not collectible.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made: (1) To the Department of Justice when
civil litigation is involved, (2) to the Internal Revenue Service for
investigation of alleged tax fraud, (3) to Professional Standards
Review Organizations and State Licensing Boards for review of
unethical practices or non-professional conduct. (Further, HCFA may
request a credit report on certain physicians or suppliers from whom
repayment of an overpayment is requested.), (4) to a congressional
office from the record of an individual in response to an inquiry
from the congressional office made at the request of that individual;
and (5) in the event of litigation where the defendant is (a) the
Department, any components of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files maintained in file cabinets.
Retrievability:
The system is indexed by health insurance number.
Safeguards:
Only authorized personnel are permitted in the file area.
Retention and disposal:
The files are retained for 3 years.
System manager(s) and address:
Health Care Financing Administration, Director, Bureau of Program
Operations, 6325 Security Blvd., Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager named above and directed to the attention of the
Office of Standards and Performance Evaluation, Division of
Reimbursement, Recovery, and Reconsideration Evaluation,
Reconsideration Evaluation Branch.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2).))
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. (These
procedures are in accordance with Department Regulations (45 CFR
5b.7).)
Record source categories:
Data in these records is obtained from carrier or intermediary
billing records.
Systems exempted from certain provisions of the act:
None.
09-70-0505
System name: Supplemental Medical Insurance (SMI) and Premium
Accounting Collection and Enrollment System, HHS/HCFA/BPO.
Security classification:
None.
System location:
Health Care Financing Administration, Bureau of Data Management
and Strategy, HCFA Data Center, 7131 Rutherford Road, Baltimore,
Maryland 21244.
Categories of individuals covered by the system:
Health insurance beneficiaries whose supplementary medical
insurance benefit and/or hospital insurance (HI) benefit premiums are
paid by a State Medicaid agency, the U.S. Office of Personnel
Management (OPM), or a formal third party group (the latter defined
in 42 CFR 408.80 through 408.92).
Categories of records in the system:
Beneficiary's name, health insurance claim number, date of birth,
sex, amount of premium liability, date agency first became liable for
HI benefit or SMI benefit premiums, last month of agency premium
liability, agency identification numbers, U.S. Office of Personnel
Management annuity number.
Authority for maintenance of the system:
Sections 1818(e) and (g), 1840(d) and (e), and 1843 of Title
XVIII of the Social Security Act (42 U.S.C.1395i-2(e) and (g), and
1395v).
Purpose(s):
To process changes to HI/SMI premium payments by third parties
(such as State agencies, OPM, formal third party groups) on behalf of
Medicare beneficiaries; for billing third parties; and for enrolling
individuals for HI or SMI coverage under State buy-in agreements.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) State Medicaid agencies pursuant to agreements with the
Department of Health and Human Services for enrollment of Medicaid
recipients for medical insurance under section 1843 of the Social
Security Act.
(2) A congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(3) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(4) To the Office of Personnel Management in order to perform
monthly premium billing functions to identify annuitants for whom
premium collections must be initiated, and to periodically reconcile
third party master records
(5) To formal third party groups pursuant to agreements with the
Health Care Financing Administration to pay the Medicare premiums on
behalf of their members.
(6) To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
(7) To an individual or organization for a research, evaluation,
or epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health if HCFA:f
(a) Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
(b) Determines that the purpose for which the disclosure is to be
made:
1. Cannot be reasonably accomplished unless the record is
provided in individually identifiable form.
2. Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring; and
3. There is reasonable probability that the objective for the use
would be accomplished;
(c) Requires the information recipient to:
1. Establish reasonable administrative, technical, and physical
safeguards to prevent authorized use or disclosure of the record, and
2. Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information, and
3. Make no further use or disclosure of the record except:
a. In emergency circumstances affecting the health or safety of
an individual;
b. For use in another research project, under these same
conditions, and with written authorization of HCFA;
c. For disclosure to a properly identified person for the purpose
of an identified person for the purpose of an audit related to the
research project, if information that would enable research sibjects
to be identified is removed or destroyed at the earliest opportunity
consistent with the prupose of the audit; or
d. When required by law.
(d) Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by the
provisions.
(8) To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(9) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(10) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic media, microfilm.
Retrievability:
The system is indexed by health insurance claim number.
Safeguards:
Only authorized personnel have direct access to information in
the Third-Party Master Record and all personnel are advised that this
information is confidential. For computerized records, safeguards
established in accordance with Departmental standards and National
Institute of Standards and Technology guidelines (e.g. security
codes) will be used, limiting access to unauthorized personnel.
Systems securities are established in accordance with HHS Information
Resource Management (IRM) Circular 10, Automated Information
Systems Security Program, and HCFA Automated Information Systems
(AIS) Guide for Systems Security Policies.
Retention and disposal:
Tape records are retained for 90 days. Monthly microfilm records
are destroyed after 3 years.
System manager(s) and address:
Director, Bureau of Program Operations, Health Care Financing
Administration, 6325 Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager named above and directed to the attention of the
Office of Program Operations Procedures, Division of Appeals and
Communications. The individual should furnish his or her health
insurance claim number and name as shown on Medicare records.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (The access
procedures are in accordance with Health and Human Services (DHHS)
(45 CFR 5b.5(a)(2).))
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. (These
procedures are in accordance with Department Regulations (45 CFR
5b.7).)
Record source categories:
The identifying information contained in these records is
obtained from third-party agencies, the Social Security
Administration`s Master Beneficiary Record, and the Medicare
Enrollment Database.
Systems exempted from certain provisions of the Act:
None.
09-70-0508
System name: Reconsideration and Hearing Case Files (Part A)
Hospital Insurance Program, HHS/HCFA/BPO.
Security classification:
None.
System location:
Health Care Financing Administration, Bureau of Program
Operations, 6325 Security Blvd., Baltimore, Maryland 21207.
In addition, intermediaries under contract to the Health Care
Financing Administration and the Social Security Administration,
Office of Financial Operations, Division of Overpayment Prevention,
Beneficiary Debt Management Branch.
Categories of individuals covered by the system:
Individuals dissatisfied with an initial or reconsidered
determination as to the amount of benefits payable on the
beneficiary's behalf under the hospital insurance program who have
filed either an expressed or implied request for reconsideration.
Categories of records in the system:
Reconsideration development and case summary; Part A--review
action; complaint sheet; Request for Hearing; Request for
Reconsideration of Part A Health Insurance Benefits; and comparable
forms and evidence furnished by beneficiaries or their
representatives, intermediary action, correspondence, reconsideration
determination, Administrative Law Judges' decisions, original bills,
Appeals Council decisions and related correspondence.
Authority for maintenance of the system:
Sections 1812, 1814, 1816, and 1869 of Title XVIII of the Social
Security Act (42 U.S.C. 1395d, 1395f, 1395h, and 1395ff).
Purpose(s):
To maintain Part A reconsideration claims file history for
possible further appeal actions and for monitoring intermediary
performance on a sample basis.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made: (1) To a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(2) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(3) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications systems containing or supporting
records in the system.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records maintained in open-shelf file cabinets.
Retrievability:
The system is indexed by health insurance claim number.
Safeguards:
The file is closed to unauthorized personnel. Disclosure of
records is limited to routine uses.
Retention and disposal:
Records are placed in inactive file when final action is taken on
the case and closed out at the end of the calendar year in which
final action was taken. They are held 1 additional year, transferred
to the Washington National Records Center and destroyed after 5
years.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operations, Director, Division of Reimbursement, Recovery and
Reconsideration Evaluation, 6325 Security Blvd., Baltimore, Maryland
21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager named above. The individual should furnish his or
her health insurance claim number and name as shown on social
security records. The individual can obtain information on the
procedures for gaining access to and contesting records from the most
convenient social security office or from the system manager named
above.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2).))
Contesting record procedures:
Contact the system manager named above and reasonably identify
the record and specify the information to be contested. State the
corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR, 5b.7).)
Record source categories:
The information contained in these records is furnished by the
beneficiary, his or her representative, or other person requesting a
review of the claim and from the reviewing authority (the
supplementary health insurance carrier).
Systems exempted from certain provisions of the act:
None.
09-70-0512
System name: Review and Fair Hearing Case Files--Supplementary
Medical Insurance Program, HHS/HCFA/BPO.
Security classification:
None.
System location:
Carriers (see Appendix C, Section 4) and Federal Records Centers.
Categories of individuals covered by the system:
Beneficiary, physician, provider or other supplier of service who
is dissatisfied with the carrier's determination denying a request
for payment, or with the amount of the payment or with the length of
time being taken to process the claim for payment.
Categories of records in the system:
Claimants' requests for review, relevant written statement of
evidence, notice of adverse informal review decisions, requests for
hearings to protest adverse decisions, hearings proceedings, hearings
officers' final decisions and comparable papers.
Authority for maintenance of the system:
Sections 1812 and 1842 of Title XVIII of the Social Security Act
(42 U.S.C. 1395d and 1395u).
Purpose(s):
To maintain a file for reviewing determinations of Medical
insurance claims and related material.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
(1) To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(2) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(3)To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications systems containing or supporting
records in the system.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file cabinets.
Retrievability:
The records are indexed by health insurance claim number.
Safeguards:
Disclosure of records is limited to routine uses. The files are
closed to unauthorized personnel.
Retention and disposal:
Records are closed out at the end of the calendar year in which
the action (reconsideration, hearing, court review) is completed,
held 2 more years, transferred to Federal Records Center and
destroyed after another 6 years.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operations, Director, Division of Entitlement Requirements, 6325
Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for records should be directed to the most
convenient social security office or to the system manager named
above. The individual should furnish his or her health insurance
claim number and name as shown on social security records. An
individual who requests notification of or access to a medical/dental
record shall, at the time the request is made, designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of its contents at the
representative's discretion. (These notification and access
procedures are in accordance with Department Regulations (45 CFR
5b.6).)
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)).)
Contesting record procedures:
Contact the system manager named above, and reasonably identify
the record and specify the information to be contested. State the
corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department regulations (45 CFR 5b.7).)
Record source categories:
The information contained in these records is furnished by the
beneficiary requesting reconsideration or his or her authorized
representative and from the reviewing authority.
Systems exempted from certain provisions of the act:
None.
09-70-0513
System name:
Medicare Benefits Notices (MBN), HHS/HCFA/CBS.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850, and Medicare intermediaries
and carriers and agents at various locations.
Categories of individuals covered by the system:
All recipients of Medicare Part A and Part B services and
supplies.
Categories of records in the system:
The system includes the following information for each
beneficiary: Name; address; health insurance claims number (HIC);
dates of service; and the contractor assigned claim control number.
Authority for maintenance of the system:
Sections 205, 226, 1811, and 1832 of Title XVIII of the Social
Security Act (42 USC 405, 426, 1395c, and 1395k).
Purpose(s):
The primary purpose of the system of records is to provide an
explanation of Medicare claims processed and to advise beneficiaries
of supplemental insurance, deductible status, appeals information and
general Medicare information. Information retrieved from this system
of records will be used to support regulatory and policy functions
performed within the agency or by a contractor or consultant, support
constituent requests made to a congressional representative, and to
support litigation involving the agency related to this system of
records.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine use in this system meets the
compatibility requirement of the Privacy Act. We are proposing to
establish the following routine use disclosures of information that
will be maintained in the system:
1. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
2. To a Member of Congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
3. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer diskette and on magnetic storage media.
Retrievability:
Information can be retrieved by the beneficiary's health
insurance claims number or a contractor assigned claim control
number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the MBN system. For computerized records,
safeguards have been established in accordance with HHS standards and
National Institute of Standards and Technology guidelines, e.g.,
security codes will be used, limiting access to authorized personnel.
System securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program; HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are maintained in a secure storage area with identifiers.
Records are placed in an inactive status at the close of the calendar
year in which the benefit was paid, held two more years, transferred
to a federal records center and destroyed after another six years.
System manager(s) and address:
Director, Division of Contractor Customer Service Operations,
Center for Beneficiary Services, HCFA, C2-26-21, 7500 Security
Boulevard, Baltimore, Maryland, 21244-1850. The telephone number is
410-786-2133.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, date of birth and sex, and for verification
purposes, the subject individual's name (woman's maiden name, if
applicable) and social security number (SSN). Furnishing the SSN is
voluntary, but it may make searching for a record easier and prevent
delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
Sources of information contained in this records system are
provided by the beneficiary when applying for benefits or requesting
payment, the physician or provider of services when requesting
payment, and computations for amounts of payments and remaining
benefits provided by the carriers and intermediaries.
Systems exempted from certain provisions of the act:
None.
09-70-0516
System name: Medicare Physician/Supplier Master File, HHS/HCFA/
BPO.
Security classification:
None.
System location:
Carriers under contract to the Health Care Financing
Administration and the Social Security Administration. (See Appendix
C, Section 4.)
Categories of individuals covered by the system:
Physicians and suppliers who provide medical services or supplies
to Medicare beneficiaries.
Categories of records in the system:
A compilation of data designed to identify physicians, suppliers,
and other health care practitioners (name, UNPIN, practice location,
and specialty); historical charge data on which customary and
prevailing charges are based; and other data needed for computing
Medicare payments amounts.
Authority for maintenance of the system:
Sections 1833, 1835, 1842 and 1874 of Title XVIII of the Social
Security Act (42 U.S.C. 1395l, 1395n, 1395u, and 1395kk).
Purpose(s):
To determine health care reasonable charges and the geographical
area prevailing charges.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records from this system may be disclosed:
(1) to a provider, the claimant or a prospective claimant, the
name of a physician who has been found ineligible to submit claims
under section 1814(h) (Payment for Posthospital Extended Care
Services) for section 1814(i) (Payment for Posthospital Home Health
Services) to Title XVIII of the Social Security Act.
(2) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(3) Disclosure may be made to the Title XIX State agency or the
Title XIX fiscal agents of the customary and prevailing charge
screens and whatever other information is contained in the file and
would be required to determine ``reasonable charges'' as required
under section 103(i)(1) of the Social Security Act.
(4) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(5) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications system containing or supporting
records in the system.
(6)To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(7) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(8) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on magnetic tape, copy paper, disk,
mocrofilm, and hard copy paper.
Retrievability:
The records are retrieved by UPIN; by the practioner's/supplier's
Employer Identification Number or other tax reporting number; and by
the locally assigned billing number.
Safeguards:
Disclosure of records is limited to carrier personnel on a need-
to-know basis. However, the UPIN is releasable to physicians,
suppliers, third party billers, laboratories, and providers billing
Medicare to ensure that the UPIN is included on Medicare claim forms
and billings to identify the referring and/or ordering physicians.
The files are closed to unauthorized personnel. The determination
as to which personnel are authorized will vary slightly in different
carrier installations. All carriers have guards at the building
entrance to prevent intrusion by individuals not employees or not
having business with the carrier. One or more of the following
security measures are used within the building: Color coded
identification cards are used to establish the right of an employee
to be in a specific area; cipher locks are used to protect files and
computer areas; magnetic identification cards are used to gain access
to security sensitive areas; video monitoring of sensitive areas is
constant.
By law, HCFA is required to publish a directory containing the
names, UPINs, and billing addresses of all physicians providing
services for which part B Medicare payment may be made.
Retention and disposal:
Submitted charge records are closed out the first quarter
following the close of the previous fee screen year. Files are
retained indefinitely.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operation, Director, Division of Carrier Procedures, 6325 Security
Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for records information should be directed
to the carrier servicing the physician's or supplier's geographical
area. Individuals who want to determine if they have a record in this
system must provide their full name and address.
Record access procedures:
Same as notification procedures. Requesters should reasonably
specify the record contents being sought. (These access procedures
are in accordance with Department regulations (45 CFR 5b.5(a)(2).)
Contesting record procedures:
Contact the Systems Manager at the address specified above and
reasonably identify the record and specify the information to be
contested. State the corrective action sought and the reasons for the
correction with supporting justification. (These procedures are in
accordance with Department Regulations, 45 CFR 5b.7.)
Record source categories:
Information contained in these records is furnished in part by
the individual physicians or supplier and in part abstracted from
Medicare Part B billing records and from the ``Medicare Physician
Identification and Eligibility System (MPIES)'', HHS/HCFA/BPO, No.
09-70-0525.
Systems exempted from certain provisions of the act:
None.
09-70-0517
System name: Physician/Supplier 1099 File (Statement for
Recipients of Medical and Health Care Payments), HHS/HCFA/BPO.
Security classification:
None.
System location:
Carriers and intermediaries under contract to the Health Care
Financing Administration and the Social Security Administration (see
Appendix C, Section 3, and Section 4.)
Categories of individuals covered by the system:
Physician/suppliers to whom Medicare payments have been made by
carriers or intermediaries.
Categories of records in the system:
A record of total Medicare payments made to physicians and
suppliers during each calendar year. It contains the name, address
and social security number of the physician/provider number of
supplier EIN (employer identification number).
Authority for maintenance of the system:
26 U.S.C. 6041 (Internal Revenue Code).
Purpose(s):
For periodic reporting to the IRS.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to: (1) This record is disclosable to the
Internal Revenue Service in connection with the determination of the
individual's self-employment income. (2) Disclosure may be made to a
congressional office from the record of an individual in response to
an inquiry from the congressional office made at the request of that
individual. (3) To the Department of Justice, to a court or other
tribunal, or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected. (4) To a contractor for the purpose
of collating, analyzing, aggregating or otherwise refining or
processing records in this system for developing, modifying and/or
manipulating ADP software. Data would also be disclosed to
contractors incidential to consultation, programming, operation, user
assistance, or maintenance for an ADP or telecommunications systems
containing or supporting records in the system.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained on magnetic tape and paper.
Retrievability:
The system is indexed by physician/provider number and supplier
EIN (employer's identification numbers).
Safeguards:
Records are maintained in secure storage areas accessible only to
authorized personnel.
Retention and disposal:
The records are retained for 5 years.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operations, Director, Division of Carrier Procedures, 6325 Security
Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for systems records should be directed to
the intermediary or carrier who made Medicare payments to the
physician/supplier.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2).)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. (These
procedures are in accordance with Department Regulations (45 CFR
5b.7).)
Record source categories:
The record of total annual payments made to each physician/
supplier is derived from the individual Medicare bill payments.
Systems exempted from certain provisions of the act:
None.
09-70-0518
System name: Medicare Clinic Physician/Supplier Master File,
HHS/HCFA/BPO.
Security classification:
None
System location:
Carriers under contract to the Health Care Financing
Administration and the Social Security Administration. (See Appendix
C, Section 4.)
Categories of individuals covered by the system:
Physicians and suppliers in a clinic who provide medical services
or supplies to Medicare beneficiaries.
Categories of records in the system:
A compilation of all charges submitted by a clinic physician or
supplier for services or suppliers to (1) derive ``reasonable
charge'' information; (2) determine economic indexes; and (3) to
substantiate the basis for payment to beneficiaries, physicians
suppliers, and hospitals.
Authority for maintenance of the system:
Sections 1833, 1835, 1842 and 1874 of Title XVIII of the Social
Security Act (42 U.S.C. 1395l, 1395n, 1395u, and 1395kk).
Purpose(s):
To determine Medicare reimbursement rates from physician and
supplier charge patterns.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) Professional Standards Organizations and State Licensing
Boards for review of unethical practices or nonprofessional conduct;
(2) A HCFA contractor for research, evaluation, or
epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health if HCFA.
a. Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form,
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished;
c. Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
of health nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual.
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA,
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(d) When required by law;
d. Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by these
provisions.
(3) HCFA health insurance program review teams;
(4) A congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual;
(5) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected;
(6) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications systems containing or supporting
records in the system.
(7)To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(8) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(9) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on magnetic tape, microfilm, and hard copy
paper.
Retrievability:
The records are indexed for individual identification by clinic
physician provider numbers and supplier EIN (employer's
identification number). The records are prepared and updated daily by
carriers as a basis for determining reasonable charges and area
prevailing charges.
Safeguards:
Disclosure of records to carrier personnel is limited to a need-
to-know basis. The files are closed to unauthorized personnel. The
determination as to which personnel are authorized will vary slightly
in different carrier installations. All carriers have guards at the
building entrance to prevent intrusion by individuals not employees
or not having business with the carrier. One of more of the following
security measures are used within the building: Color coded
identification cards are used to establish the right of an employee
to be in a specific area; cipher locks are used to protect files and
computer areas; magnetic identification cards are used to gain access
to security sensitive areas; video monitoring of sensitive areas is
constant.
Retention and disposal:
Records are closed out the first quarter following the close of
the previous year. Files are retained indefinitely.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operations, Director, Division of Carrier Procedures, 6325 Security
Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for records information should be directed
to the carrier servicing the clinic physician's or supplier's
geographical area. Individuals who want to determine if they have a
record in this system must provide their full name and address.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2).)
Contesting record procedures:
Contact the official at the address specified under System
Manager above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. (These
procedures are in accordance with Department Regulations, 45 CFR
5b.7.)
Record source categories:
Information contained in these records is furnished in part by
the individual clinic physician or supplier and in part abstracted
from Medicare part B billing records.
Systems exempted from certain provisions of the act:
None.
09-70-0520
System name: End Stage Renal Disease (ESRD) Program Management
and Medical Information System (PMMIS), HHS/HCFA/BDMS.
Security classification:
None.
System location:
HCFA Data Center, Lyon Building, 7131 Rutherford Road,
Baltimore, Maryland 21207.
Categories of individuals covered by the system:
Persons with ESRD who receive Medicare benefits or ESRD patients
who are treated by Department of Veterans Affairs (DVA) health care
facilities.
Categories of records in the system:
The system includes records on beneficiaries/patients and on
providers of service.
Beneficiary/patient records include personal, medical, and
payment data taken from several nonreimbursement data collection
instruments and from Medicare bills. These records include individual
identifiers; demographic and enrollment data; and dialysis, kidney
transplant, and death information.
The provider of service records include the provider's name and
address; the Medicare identification number (or PMMIS identification
in the case of DVA health care facilities); types of renal services
available; certification and/or termination date; the Medicare fiscal
intermediary; and the ESRD network number.
Annual ESRD aggregate patient treatment survey data are included
for both Medicare and DVA health care facilities.
Authority for maintenance of the system:
Sections 226A, 1875, and 1881 of the Social Security Act (42
U.S.C. 426-1, 139511, and 1395rr.).
Purpose(s):
To meet and implement statutory requirements of Section 299I,
Pub. L. 92-603, which extended Medicare coverage to eligible persons
with ESRD; Pub. L. 95-292, which required the establishment of a
medical information system on the ESRD program; Pub. L. 99-509, which
mandated a national ESRD patient registry; to support State and local
ESRD programs and legislative requirements; and to support ESRD
research and public service programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
1. A congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of the individual.
2. Organizations deemed qualified by the Health Care Financing
Administration to carry out quality assessment, and/or medical audits
of utilization review.
3. The Department of Justice, to a court or other tribunal, or to
another party before such tribunal, when
a. HHS, or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
d. The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components;
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or the party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
4. An individual or organization for a research, demonstration,
evaluation, or epidemiologic project related to the prevention of
disease or disability, or the restoration or maintenance of health if
HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the research purpose for which the disclosure
is to be made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form, and
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished.
c. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the research
project, unless the recipient presents an adequate justification of a
research or health nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual, or
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA, or
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(d) When required by law;
d. Secures a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions.
5. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to the contractor incidental to
consultation, programming, operation, user assistance, or
maintenance, for ADP or telecommunications systems containing or
supporting records in the system.
6. To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the State, if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual(s) that additional exposure of the
record might bring, and;
(3) There is reasonable probability that the objective for the
use would be accomplished; and
d. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit; or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions. The
recipient must agree to the following:
(a) Not to use the data for purposes that are not related to the
evaluation of cost, quality, and effectiveness of care;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level when no data cells have ten or fewer
beneficiaries); and
(c) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
7.To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(8) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(9) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Electronic medium and selected hard copy backup.
Retrievability:
Data may be retrieved from beneficiary records by health
insurance claim number (HIC) or the DVA identification number, or by
individual name; and from the provider of service records by Medicare
identification number or, for DVA health care facilities, the PMMIS
facility identification number.
Safeguards:
Employees who maintain records in this system will be instructed
to grant access only to authorized users. Data stored in computers
will be accessed through the use of passwords, keywords, numbers, or
some combination thereof known only to the authorized personnel.
These passwords, keywords, or numbers will be changed in accordance
with HCFA systems security guidelines.
Privacy Act requirements will be specifically included in
contracts related to this system. The project officer and contract
officer will oversee compliance with these requirements. The
particular safeguards implemented will be developed in accordance
with the HHS, Information Resource Manual (IRM), Part 6, ``Systems
Security Policies'' (i.e., use of passwords), and the National Bureau
of Standards Federal Information Processing Standards.
Retention and disposal:
Hard copy is destroyed after 1 year by shredding. All other
information is maintained indefinitely.
System manager(s) and address:
Director, Bureau of Data Management and Strategy, Health Care
Financing Administration, Room 126, Security Office Park Building,
6325 Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
An individual requesting notice as to whether the system of
records contains information pertaining to him/her should write to
the System Manager, at the above address, indicating his/her full
name, current address (including ZIP CODE), and health insurance
claim number or DVA identification number.
Record access procedure:
Same as notification procedures. Requesters should reasonably
specify the record contents being sought. (These procedures are in
accordance with HHS Regulations (45 CFR 5b.5(a)(2).)
Contesting record procedures:
Records, or information in records, may be contested by writing
to the System Manager named above and reasonably identifying the
record, specifying the information to be contested, and stating the
reason for contesting the record (e.g., it is inaccurate, irrelevant,
incomplete, or not current). (These procedures are in accordance with
HHS Regulations (45 CFR 5b.7).)
Record source categories:
Information contained in these records is obtained from Medicare
ESRD medical evidence reports, kidney transplant reports, ESRD
beneficiary reimbursement method selection forms, ESRD death
notification forms, Medicare bills, HCFA Medicare Master Files, ESRD
facility surveys, ESRD facility certification notices, and the
Medicare/Medicaid Automated Certification System (MMACS).
Systems exempted from certain provisions of the act:
None.
09-70-0522
System name: Billing and Collection Master Record System, HHS/
HCFA/BPO.
Security classification:
None.
System location:
Bureau of Program Operations, HCFA, 6325 Security Blvd.,
Baltimore, Maryland 21207
Bureau of Data Management and Strategy, HCFA, 6325 Security
Blvd., Baltimore, Maryland 21207
Office of Claims and Payment Requirements, SSA, 6401 Security
Blvd., Baltimore, Maryland 21235.
Social Security Administration Program Service Centers
Division of International Operations (see Appendices A and B at
the end of the notices for the Social Security Administration)
Categories of individuals covered by the system:
This system contains records of all retirement, survivors,
disability, or health insurance beneficiaries entitled to hospital
insurance and/or supplementary medical insurance who are, or have
been, subject to direct billing for insurance premiums. This includes
individuals who: (1) Are currently being billed directly for
insurance premiums; and (2) are not currently in direct billing
status but have either a premium arrearage (or overpayment) of record
or were at one time in direct billing status. It does not contain a
record of any hospital or supplementary medical insurance enrollee
who has had premiums deducted from monthly benefits or paid through a
third party payer arrangement continuously from the initial month of
entitlement.
Categories of records in the system:
It contains identifying information as well as information
regarding entitlement to hospital or supplementary medical insurance,
current address information, individual records of premium, payments,
premium adjustments, refunds of excess payments, and current amounts
due.
Authority for maintenance of the system:
Sections 1840(e) and 1871 of the Social Security Act (42 U.S.C.
1395s(e) and 1395hh).
Purpose(s):
To provide a master record of billing and collection for all
retirement, survivors, disability, and health insurance beneficiaries
entitled to hospital insurance and/or supplementary medical insurance
who are, or have been, subject to direct billing for Medicare
insurance premiums. Monthly record updates are provided to the Social
Security Administration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made:
(1) To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(2) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(3) To a ``lock box'' contractor. An extract of this file (name,
address, claim numbers, premium liability, period of liability, and
termination date, when necessary) will be provided in order to (a)
print and release the Medicare premium bills, (b) process the
returned remittance in a secure ``lock box'' operation, and (c)
prepare a transaction tape for transmission to HCFA. (``Lock box'' is
a remittance process performed under security to assure non-access to
remittance information by unauthorized personnel or the public.)
(4) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications systems containing or supporting
records in the system.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Primary record storage is by magnetic tape and disk. Monthly
updates of the record are also provided to the Social Security
Administration in microform records.
Retrievability:
Magnetic tape, disk and microform records are indexed by social
security number, or claim account numbers, it is used to: (1)
Generate monthly and quarterly premium billing notices; (2) record
and process premium payments and adjustments; (3) refund excess
premium payments; (4) terminate hospital and/or supplementary medical
insurance coverage for non-payment of premiums; (5) reverse
termination actions; (6) maintain a history of premium payments,
adjustments, or other events which alter the billing status; and (7)
provide up-to-date premium and billing information to Health Care
Financing Administration and Social Security Administration clerical
and electronic operations. Information is used to respond to specific
beneficiary inquiries or to facilitate the proper adjustment of
social security benefit payments. Information is also accessed
electronically by social security benefit programs for the proper
adjustment of payment amounts.
Safeguards:
Magnetic tape, and disk records are protected through standard
security measures used for all of Social Security Administration's
computer records: Microform records are subject to the same rules and
security as all other information in Social Security Administration
relating to claims and beneficiary records: Limited access to Social
Security Administration offices; limited employee access to need to
know.
Retention and disposal:
Microfilm and tape records can routinely be sent to the Federal
Records Center after 2 years. However, since this record is updated
monthly, even though the physical records are released to the Federal
Records Center, current record will contain full history of all
transactions. An inactive tape file, i.e., a file containing the
records of cases where the enrollee has died, been in payment status
for 2 or more years, etc., is maintained in each program service
center. This file currently has no disposal schedule.
System manager(s) and address:
Health Care Financing Administration, Bureau of Program
Operations, Director, Division of Entitlement Requirements, 6325
Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
In order to ascertain whether or not this system contains
information about him/her, an individual should contact the most
convenient social security office and provide health insurance claim
number as shown on Medicare health insurance card.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. These access
procedures are in accordance with DHHS Regulations, 45 CFR part 5b.
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. These
procedures are in accordance with DHHS Regulations, 45 CFR part 5b.
Record source categories:
The identification and entitlement/termination information for
this system is extracted from Social Security Administration's Master
Beneficiary Record. All other information is compiled from the
individual's premium billing and payment histories.
Systems exempted from certain provisions of the act:
None.
09-70-0524
System name: Intern and Resident Information System, HHS/HCFA/
BPO.
Security classification:
None.
System location:
Health Care Financing Administration, 6325 Security Boulevard,
Baltimore, Maryland 21207 (Contact system manager for location of
computerized records.)
Categories of individuals covered by the system:
Interns and residents in programs approved under 42 CFR 413.85,
working in all areas of the hospital complex, or other freestanding
providers, as well as nonprovider settings on or after July 1, 1987.
Categories of records in the system:
The system will contain each intern's or resident's name, social
security number, name of medical, osteopathic, dental or podiatric
school graduated and date of graduation, type of residency program
and medical specialty, number of years completed in all types of
residency programs, foreign medical graduate status or certification
status, name of the entity (e.g., hospital, university, corporation)
paying salary, the portion of time spent working in either the
inpatient or outpatient areas of the hospital, the dates assigned to
the hospital and any hospital-based providers, the dates assigned to
other hospitals and any nonprovider settings for the academic year,
and whether or not the assignments are full or part time.
Authority for maintenance of the system:
Section 1886(h) of the Social Security Act, 42 U.S.C. section
1395 ww(h).
Purpose(s):
To ensure that no intern or resident is counted as more than one
full-time equivalent employee in the calculation of payments for
indirect medical education, and to determine the number of full-time
equivalent interns and residents needed to calculate payments for
direct graduate medical education.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made:
1. To providers and suppliers of services (and their authorized
billing agents) directly or dealing through fiscal intermediaries or
carriers, for administration of provisions of Title XVIII.
2. To third-party contacts where necessary to establish or verify
information provided on or by interns and residents.
3. To a contractor when the Department contracts with a private
firm for the purpose of collating, compiling, analyzing, aggregating,
or otherwise refining records in this system. Relevant records will
be disclosed to such a contractor, and the contractor shall be
required to maintain Privacy Act safeguards with respect to such
records.
4. To a congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
5. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
a. HHS or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity (when the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent the employee); or
d. The United States or any agency thereof (when HHS determines
that the litigation is likely to affect HHS or any of its
components), is a party to litigation or has interest in such
litigation, and HHS determines that the use of such records by the
Department of Justice, the tribunal, or the other party is relevant
and necessary to the litigation and would help in the effective
representation of the governmental party, provided, however, that in
each case, HHS determines that such disclosure is compatible with the
purpose for which the records were collected.
6. An individual or organization for research, demonstration, or
evaluation, if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the research purpose for which the disclosure
is to be made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form, and
(2) Is of sufficient importance to warrant the effect or risk on
the privacy of the individual that additional exposure of the record
might bring, and
(3) Demonstrates a reasonable probability that the objective for
the use would be accomplished.
c. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physcial
safeguards to prevent unauthorized use or disclosure of the record;
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the research
project, unless the recipient presents an adequate justification of a
research or health nature for retaining such information; and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual, or
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA, or
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(d) When required by law.
d. Secures a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions.
7. To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
8. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
9. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer diskette and magnetic tape.
Retrievability:
Information will be retrieved by the intern's or resident's name
and social security number.
Safeguards:
Unauthorized personnel are denied access to the records area. For
computerized records, safeguards established in accordance with
guidelines in the DHHS ADP Systems Manual, Part 6, ``Automated
Information System Security,'' (e.g., security codes, use of
passwords) will be used, limiting access to unauthorized personnel.
Retention and disposal:
Records are maintained in a secure storage area with identifiers.
Disposal occurs three years from the last action on the hospital's
cost report, and should be coordinated with disposal of the reports.
System manager(s) and address:
Director, Bureau of Program Operations, Health Care Financing
Administration, Meadows East Building, 6325 Security Boulevard,
Baltimore, Maryland 21207.
Notification procedure:
To determine if a record exists, write to the system manager at
the address indicated above and specify name and social security
number.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the System Manager named above, and reasonably identify
the record and specify the information to be contested. State the
reason for contesting the information (e.g., why it is inaccurate,
irrelevant, incomplete, or not current).
Record source categories:
Sources of information contained in this records system include
data collected from interns and residents as transmitted by the
providers.
Systems exempted from certain provisions of the act:
None.
09-70-0525
System name: Medicare Physician Identification and Eligibility
System (MPIES), HHS/HCFA/BPO.
Security classification:
None.
System location:
Health Care Financing Administration (HCFA) (Paper Media), 6325
Security Boulevard, Baltimore, Maryland 21207. (Contact system
manager for location of Magnetic Media computerized records.)
Medicare Carriers (See Appendix A).
Categories of individuals covered by the system:
All physicians, as defined by section 1861(r) of Title XVIII of
the Social Security Act who request and/or receive Medicare
reimbursement for their medical services.
Categories of records in the system:
The system contains a unique physician identification number
(UPIN) for each physician and information concerning a physician's
birth, residence, medical education, and eligibility information for
Medicare reimbursement.
Authority for maintenance of the system:
Section 9202(g) of Pub. L. 89-272; 1832(a)(2) (B)(i) and (F);
1833(a)(1)(C) and (G); 1842(a)(1), (b)(3)(B)(ii), (b)(3)(D),
(b)(7)(C), (b)(7)(D), (h)(1), (h)(4), (h)(5), and (J); 1861(q), (r),
(s)(1) and (aa)(1)(A); and 1862 of Title XVIII of the Social Security
Act.
Purpose(s):
To maintain unique identification of each physician requesting
and/or receiving Medicare reimbursement.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made to:
(1) A contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications system containing or supporting
records in the system.
(2) A congressional office from the record of an individual
physician in response to an inquiry from the congressional office at
the request of that individual physician.
(3) The Railroad Retirement Board for administering provisions of
the Railroad Retirement and Social Security Acts relating to railroad
employment.
(4) Peer Review Organizations and Quality Review Organizations in
connection with their review of claims, or in connection with studies
or other review activities, conducted pursuant to Part B of Title XI
of the Social Security Act.
(5) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) The Department of Health and Human Services (HHS), or any
component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her official capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components.
Is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the government party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(6) The Department of Justice for investigation and prosecuting
violations of the Social Security Act to which criminal penalties
attach, or other criminal statutes as they pertain to the Social
Security Act programs, for representing the Secretary, and for
investigating issues of fraud by agency officers or employees, or
violation of civil rights.
(7) State Licensing Boards for review of unethical practices or
nonprofessional conduct.
(8) To the American Medical Association (AMA), for the purpose of
attempting to identify medical doctors when the Registry is unable to
establish identity after matching carrier-submitted data to the data
extract provided by the AMA. The AMA would attempt to establish
medical doctor identity by matching the Registry's MPIES data to data
in the AMA Physician Masterfile.
The AMA agrees:
a. To use the Registry's MPIES data solely for an attempted match
as described above;
b. To make no copies of the MPIES data it receives from the
Registry, except for one back-up copy;
c. To return the MPIES data to the Registry upon completion of
its matching operation, and erase back-up copies of the MPIES data;
d. To establish appropriate administrative, technical, and
physical safeguards to prevent unauthorized use or disclosure of the
records; and,
e. To sign a written statement attesting to its understanding of
and willingness to abide by these provisions.
(9) To an individual or organization for research or evaluation,
if HCFA:
a. Determines that the proposed use does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the purpose for which the proposed use is to
be made:
(i) Cannot be reasonably accomplished unless the record is
provided in a form that identifies individuals,
(ii) Is of sufficient importance to warrant the effect on/or risk
to the privacy of the individual which such limited additional
exposure of the record might bring, and
(iii) There is a reasonable probability that the objective of the
use would be accomplished;
c. Requires the recipient of the information to:
(i) Establish appropriate administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(ii) Remove or destroy the information that enables the
individual to be identified at the earliest time at which removal or
destruction can be accomplished consistent with the purpose of the
project, unless the recipient receives written authorization from
HCFA that it is justified based on research objectives for retaining
such information, and
(iii) Make no further use of the record except:
(a) For use in another research project, under emergency
circumstance affecting the health or safety of any individual,
following written authorization of HCFA,
(b) For disclosure to an indentified person approved by HCFA for
the purpose of auditing the research project, if information that
would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(c) When further approved by HCFA;
d. Secures a written statement by the recipient of the
information attesting to the recipient's understanding of, and
willingness to abide by, these provisions.
(10) To the Social Security Administration for their assistance
in the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(11) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(12) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Records are retrieved alphabetically by the physicians' name or
by their UPIN.
Safeguards:
a. Authorized Users: Only agency employees and contractor
personnel whose duties require the use of information in the system.
In addition, such agency employees and contractor personnel are
advised that the information is confidential and of criminal
sanctions for unauthorized disclosure of information.
b. Physical Safeguards: Records are stored in locked files or
secured areas. Computer terminals are in secured areas.
c. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant regular access only to authorized
users. Data stored in computers are accessed through the use of
passwords known only to authorized personnel.
Contractors who maintain records in this system are instructed to
make no further disclosure of the records except as authorized by the
system manager and permitted by the Privacy Act. Privacy Act language
is included in contracts related to this system.
d. Implementation Guidelines: Safeguards implemented in
accordance with all guidelines required by the Department of Health
and Human Services. Safeguards for automated records have been
established in accordance with HHS ADP Systems Manual, Part 6, ``ADP
Systems Security.''
Retention and disposal:
Records are retained indefinitely, except in the instance of a
physician's death, in which case HCFA would retain such records for a
10 year period following the physician's death.
System manager(s) and address:
Director, Bureau of Program Operations, Health Care Financing
Administration, Room 300 Meadows East Building, 6325 Security
Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager at the address above. The requestor must specify
the physician's name, date of birth, and medical school.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Departmental Regulations (45 CFR 5b.5(a)(2).)
Contesting record procedures:
Contact the system manager named above, and reasonably identify
the record and specify the information to be contested. State the
reason for contesting it; e.g., why it is inaccurate, irrelevant,
incomplete or not current. (These procedures are in accordance with
Departmental Regulations (45 CFR 5b.7).)
Record source categories:
HCFA obtains the identifying information in this system from
carriers. Information in these records concerning physicians'
eligibility for Medicare reimbursement is obtained either directly or
through Medicare Regional Offices, contractors, and PROs; from the
Department of Justice; State or local judicial systems; medical
licensing and certification agencies or organizations; and medical
societies and associations.
Systems exempted from certain provisions of the act:
None.
Appendix A--Medicare Carriers
Medicare Coordinator, Blue Cross and Blue Shield of Alabama, 450
Riverchase Parkway East, Birmingham, Alabama 35298
Vice President for Medicare and Medical Services, Arkansas Blue
Cross and Blue Shield, Inc., 601 Gaines Street, Little Rock, Arkansas
72203
Medicare Coordinator, California Physicians Service, (d/b/a Blue
Shield of California), PO Box 7013, No. 2 Northpoint, San Francisco,
California 94120
Medicare Coordinator, Transamerica Occidental Life Insurance
Company, PO Box 54905 Terminal Annex, Los Angeles, California 90054
Assistant Vice President, Rocky Mountain Hospital and Medical
Service, (d/b/a Blue Cross and Blue Shield of Colorado), 700
Broadway, Denver, Colorado 80273
Medicare Administrator, Travelers Ins. Co., One Tower Square,
Hartford, Connecticut 06183
Medicare Administrator, Aetna Life & Casualty, 151 Farmington
Avenue, Hartford, Connecticut 06156
Medicare Coordinator, Blue Cross and Blue Shield of Florida,
Inc., PO Box 1798, Jacksonville, Florida 32231
Health Care Service Corporation, 233 North Michigan Avenue,
Chicago, Illinois 60601
Associated Insurance Companies, Inc. (d/b/a Blue Cross and Blue
Shield of Indiana), 8320 Craig Street, Suite 100, Indianapolis,
Indiana 46250-0453
Assistant Executive Director, Blue Shield of Iowa, Ruan Building,
636 Grand Avenue Station 28, Des Moines, Iowa 50309
Medicare Assistant, Blue Cross and Blue Shield of Kansas, Inc.,
PO Box 239, Topeka, Kansas 86601
Blue Cross and Blue Shield of Kentucky, Inc., 100 East Vine
Street, 6th Floor, Lexington, Kentucky 40517
Medicare Coordinator, Blue Cross and Blue Shield of Maryland,
Inc., 700 E. Joppa Road, Baltimore, Maryland 21204
Medicare Coordinator Part B, Blue Shield of Massachusetts, Inc.,
100 Summer Street, Boston, Massachusetts 02110
Assistant Vice President, Government Affairs Department, Blue
Cross and Blue Shield of Michigan, 600 Lafayette East, Detroit,
Michigan 48228
Blue Cross and Blue Shield of Minnesota, PO Box 64357, 3535 Blue
Cross Road, St. Paul, Minnesota 55164
Vice President Government Programs, Blue Cross and Blue Shield of
Kansas City, PO Box 169, Kansas City, Missouri 64141
Director, Medicare Administration, General American Life
Insurance Co., PO Box 505, St. Louis, Missouri 63166
Blue Cross and Blue Shield of Montana, Inc., PO Box 4309, 404
Fuller Avenue, Helena, Montana 59601
Medicare Coordinator, Prudential Insurance Co. of America, Tri-
City Office Drawer 471, Millville, New Jersey 08332
Director of Medicare Part B, Blue Shield of Western New York,
Inc., 298 Main Street, Buffalo, New York 14202
Medicare Coordinator, Group Health Insurance, Inc., 330 West 42nd
Street, New York, New York 10036
Medicare Coordinator, Empire Blue Cross and Blue Shield, 622
Third Avenue, New York, New York 10017
Medicare Coordinator, EQUICOR, Inc., 1285 Avenue of the Americas,
New York, New York 10019
Medicare Coordinator, Blue Cross and Blue Shield of North Dakota,
4510 13th Avenue, SW, Fargo, North Dakota 58121
Medicare System and Processing Division, Nationwide Mutual
Insurance Company, PO Box 16788, Columbus, Ohio 43216
Medicare Coordinator, Pennsylvania Blue Shield, PO Box 65, Camp
Hill, Pennsylvania 17011
Chief, Internal Operations, Sequros de Servico de Salud de Puerto
Rico, Inc., G.P.O. Box 3628, San Juan, Puerto Rico 00936-3628
Medicare Coordinator, Blue Cross and Blue Shield of Rhode Island,
444 Westminster Mall, Providence, Rhode Island 02901
Medicare Coordinator Blue Cross and Blue Shield of South
Carolina, Fontaine Business Center, 300 Arbor Lake Drive, Suite 1300,
Columbia, South Carolina 29223
Blue Cross and Blue Shield of Texas, Inc., 901 South Central
Expressway, PO Box 833815, Richardson, Texas 75083-3615
Manager, Part B, Blue Cross and Blue Shield of Utah, PO Box
30270, 2455 Parley's Way, Salt Lake City, Utah 84130
Assistant Administrator, Washington Physicians Service, 4th and
Battery Building, 2401 4th Avenue, 6th Floor, Seattle, Washington
98121
Director, Medicare Claims Department, Wisconsin Physicians'
Service Insurance, Corp., 1717 West Broadway, Monona, Wisconsin
53713.
09-70-0526
System name: Common Working File (CWF), HHS/HCFA/BPO.
Security classification:
None.
System location:
Contact system manager for location of records.
Categories of individuals covered by the system:
Medicare beneficiaries.
Categories of records in the system:
The system contains all information on Medicare Part A and Part B
beneficiary enrollment, entitlement, utilization, query and reply
activity, worker's compensation, Veterans Administration (VA)
entitlement, and Medicare secondary payer records containing other
party liability insurance information necessary for appropriate
Medicare claim payment. The categories of records are Health
Insurance Master Record, Party A intermediary Medicare Claims Record,
Part B Carrier Claims Record, Medicare Secondary Payer Record, Third
Party Liability Record, Medicaid Entitlement Record, Health
Maintenance Organizations Record, and Hospice Record.
Authority for maintenance of the system:
Section 1816 and 1874 of Title XVIII of the Social Security Act
(42 U.S.C. 1395h and 1395kk).
Purpose(s):
To properly pay medical insurance benefits to or on behalf of
entitled beneficiaries.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made to:
(1) Claimants, their authorized representatives or representative
payees to the extent necessary to pursue claims made under Title
XVIII of the Social Security Act (Medicare).
(2) Third-party contacts (without the consent of the individuals
to whom the information pertains) in situations where the party to be
contacted has, or is expected to have information relating to the
individual's capability to manage his or her affairs or to his or her
eligibility for or entitlement to benefits under the Medicare program
when:
(a) The individual is unable to provide the information being
sought (an individual is considered to be unable to provide certain
types of information when any of the following conditions exist:
Individual is incapable or of questionable mental capability, cannot
read or write, cannot afford the cost of obtaining the information, a
language barrier exists, or the custodian of the information will
not, as a matter of policy, provide it to the individual), or
(b) The data are needed to establish the validity of evidence or
to verify the accuracy of information presented by the individual,
and it concerns one or more of the following; the individual's
eligibility to benefits under the Medicare program; the amount of
reimbursement; any case in which the evidence is being reviewed as a
result of suspected abuse or fraud, concern for program integrity, or
for quality appraisal, or evaluation and measurement of system
activities.
(3) Third-party contact where necessary to establish or verify
information provided by representative payees or payee applicants.
(4) The Treasury Department for investigating alleged theft,
forgery, or unlawful negotiation of Medicare reimbursement checks.
(5) The U.S. Postal Service for investigating alleged forgery or
theft of Medicare checks.
(6) The Department of Justice for investigating and prosecuting
violations of the Social Security Act to which criminal penalties
attach, or other criminal statutes as they pertain to the Social
Security Act programs, for representing the Secretary, and for
investigating issues of fraud by agency officer or employees, or
violation of civil rights.
(7) The Railroad Retirement Board for administering provisions of
the Railroad Retirement and Social Security Acts relating to railroad
employment.
(8) Peer Review Organizations and Quality Review Organizations in
connection with their review claims, or in connection with studies of
other review activities, conducted pursuant to Part B of Title XI of
the Social Security Act.
(9) State Licensing Board for review of unethical practices or
nonprofessional conduct.
(10) Providers and suppliers of services (and their authorized
billing agents) directly or dealing through fiscal intermediaries of
carriers, for administration of provisions of title XVIII.
(11) An individual or organization for a research, evaluation, or
epidemiological project related to the prevention of disease or
disability; or the restoration or maintenance of health, if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
(b) Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form.
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished:
(c) Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purposes of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information, and
(3) Make no further use for disclosure of the record except for:
(a) In emergency circumstances affecting the health or safety of
any individual.
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA.
(c) For disclosure to a properly identified person for the
purpose of audit related to the research project, if information that
would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(d) When required by law:
Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by these
provisions.
(12) State welfare departments pursuant to agreements with the
Department of Health and Human Services for administration of State
supplementation payment for determination of eligibility for
Medicaid, for enrollment of welfare recipients for medical insurance
under section 1843 of the Social Security Act, for quality control
studies, for determining eligibility of recipients of assistance
under titles IV and XIX of the Social Security Act, and for the
complete administration of the Medicaid program.
(13) A congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of the individual.
(14) State audit agencies in connection with the audit of
Medicare eligibility considerations. Disclosures of physicians'
customary charge data are made to State audit agencies in order to
ascertain the correctness of title XIX charges and payments.
(15) The Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation, and HHS determines that the use of such
records by the Department of Justice, the tribunal, or the other
party is relevant and necessary to the litigation and would help in
the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
(16) Peer review groups, consisting of members of State, County,
or local medical societies or medical care foundations (physicians),
appointed by the medical society or foundation at the request of the
carrier to assist in the resolution of questions of medical
necessity, utilization of particular procedures or practices, or
overutilization of services with respect to Medicare claims submitted
to the carrier.
(17) Physicians and other suppliers of services who are
attempting to validate individual items on which the amounts included
in the annual Physician/Supplier Payment List or similar publications
are based.
(18) Senior citizen volunteers, working in intermediary's and
carrier's offices to assist Medicare beneficiaries in response to
beneficiarie's requests for assistance.
(19) A contractor working with Medicare carriers/intermediaries
to identify and recover erroneous Medicare payments for which
workers' compensation programs are liable.
(20) State and other governmental Workers' Compensation Agencies
working with the Health Care Financing Administration to coordinate
benefits payable under the Medicare program with benefits payable
under workers' compensation programs.
(21) Insurance companies, self-insurers, Health Maintenance
Organizations, multiple employer trusts and other groups providing
protection against medical expenses of their enrollees. Information
to be disclosed shall be limited to Medicare entitlement data. In
order to receive this information the entity must agree to the
following conditions:
(a) To certify that the individual on whom the information is
being provided is one of its insureds;
(b) To utilize the information solely for the purpose of
processing the identified individual's insurance claims; and
(c) To safeguard the confidentiality of the data and to prevent
unauthorized access to it.
(22) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Date would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
(23) To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the State, if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the data are
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individuals that additional exposure of the
record might bring, and;
(3) There is reasonable probability that the objective for the
use would be accomplished; and
d. Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization of HCFA:
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) When required by law; and
(4) Secure a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions. The
recipient must agree to the following:
(1) Not to use the data for purposes that are not related to the
evaluation of cost, quality, and effectiveness of care;
(2) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level when no data cells have ten or fewer
beneficiaries); and
(3) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
(24) To the Social Security Administration for their assistance
in the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(25) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(26) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic media (magnetic tape, disks, microfiche).
Retrievability:
Records are retrieved by the Health Insurance Claim Number.
Safeguards:
a. Authorized Users: Only agency employees and contractor
personnel whose duties require the use of information in the system.
In addition, such agency employees and contractor personnel are
advised that the information is confidential and of criminal
sanctions for unauthorized disclosure of information.
b. Physical Safeguards: Records are stored in locked files or
secured areas. Computer terminals are in secured areas.
c. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant regular access only to authorized
users. Data stored in computers are accessed through the use of
passwords known only to authorized personnel.
Contractors who maintain records in this system are instructed to
make no further disclosure of the records except as authorized by the
system manager and permitted by the Privacy Act. Privacy Act language
is included in contracts related to this system.
d. Implementation Guidelines: Safeguards implemented in
accordance with all guidelines required by the Department of Health
and Human Services (HHS). Safeguards for automated records have been
established in accordance with the HHS' Automated Data Processing
Manual, Part 6, ``ADP System Security''.
Retention and disposal:
Records are retained for an indefinite period of time dependent
on individual beneficiary coverage.
System manager(s) and address:
Director, Bureau of Program Operations, Health Care Financing
Administration, Room 300, Meadows East Building, 6325 Security
Boulevard, Baltimore, MD 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager at the address above. The requestor must specify
the Health Insurance Claim Number.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought. (The procedures are in
accordance with Departmental Regulations (45 CFR 5b.5(a)(2).)
Contesting record procedures:
Contact the system manager named above and identify the record
and specify the information to be contested. State the reason for
contesting it (e.g., why it is inaccurate, irrelevant, incomplete or
not current). (These procedures are in accordance with Departmental
Regulations (45 CFR 5b.7).)
Record source categories:
The data contained in these records is furnished by the
individual. In most cases, the identifying information is provided to
the physician by the individual. The record source categories are the
Health Insurance Master Record, Part A Intermediary Medical Claims
Record, Part B Carrier Medicare Claims Record, Medicare Secondary
Payer Record, Third Party Liability Record, Medicaid Entitlement
Record, Health Maintenance Organizations Record, and Hospice Record.
Systems exempted from certain provisions of the act:
None.
09-70-0527
System name: HCFA Utilization Review Investigatory Files, HHS/
HCFA/BPO.
Security classification:
None.
System location:
See appendix A.
Categories of individuals covered by the system:
Persons or entities alleged to have violated the provisions of
the Social Security Act related to the Medicare (Title XVIII) or
Medicaid (Title XIX) program or other criminal statutes as they
pertain to Social Security Act programs where substantial basis for
criminal prosecution exists, defendants in criminal prosecution
cases, or persons or entities alleged to have abused the Medicare or
Medicaid program. This last category of individuals would, for
example, include persons or entities alleged to have rendered
unnecessary services to medicare beneficiaries and/or Medicaid
recipients, overutilized services, engaged in improper billing
procedures, or breached the assignment agreement. Also included are
persons or entities chosen as subjects of a validation review.
Categories of records in the system:
Information maintained in each record includes the identity of
individual(s) chosen for validation review or the suspect of
utilization review, the area of service under validation study or the
nature of the alleged offense, documentation of the investigation
into the alleged offense (including identification of beneficiaries,
recipients and witnesses, statements, medical records, payment
records, or complaints from beneficiaries recipients and others,
correspondence and forms, documentation of complaints, and reports of
medical review committees or consultants (including professional
review organizations), and the disposition of the case by the HCFA
Regional Office, Office of the Inspector General, Medicaid State
agency or State Medicaid Fraud Control Unit, or the U.S. Attorney.
Authority for maintenance of the system:
Sections 205, 1106, 1107, 1815, 1816, 1833, 1842, 1872, 1874,
1876, 1877, and 1902 of the Social Security Act. (42 U.S.C. 405,
1306, 1307, 1395g, 1395h, 1395l, 1395u, 1395ii, 1395kk, 1395mm,
1395nn, and 1396a)
Purpose(s):
To determine if a violation of a provision of the Social Security
Act of related penal or civil provision of the United States Code has
been committed; to determine if HHS has made proper payments as
prescribed under sections 1815 and 1833 of the Security Act and
whether the Medicare or Medicaid programs have been abused; and to
coordinate Title XVIII and Title XIX investigations and prevent
duplication. HCFA discloses case file material to the HHS Office of
the Inspector General when a case is referred for full fraud
investigation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
HCFA uses material in this system as the basis for referral of
the case to the HHS Office of the Inspector General or the:
(1) Department of Justice for consideration of criminal
prosecution or civil action or to
(2) State or local licensing authorities (including State medical
review boards), professional review organizations, peer review
groups, medical consultants, or other professional associations for
possible administrative action.
(3) HCFA discloses such information to officers or employees of
State governments as well as the Civilian Health and Medical Program
of the Uniformed Services (CHAMPUS) program for use in conducting or
directing investigations of possible fraud or abuse against the Title
XVIII, XIX, or CHAMPUS programs, as well as State attorneys in
connection with State programs involving the Health Care Financing
Administration.
(4) HCFA also uses the material to determine the direction of
investigation of potential fraud or abuse situations which includes
contact with third parties for the purpose of establishing or
negating a violation.
(5) HCFA discloses cases involving fraudulent tax returns or
forger of Medicare checks to the:
(a) Treasury Department;
(b) To the postal authorities, and to appropriate law enforcement
agencies.
(6) HCFA may make disclosures to a congressional office from the
record of an individual in response to an inquiry which the
congressional office makes at the request of that individual.
(7) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when:
a. HHS, or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
d. The United States or any agency thereof where HHS determines
that litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determined that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(8) To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(9) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(10) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files maintained in locked file cabinets.
Retrievability:
The staff indexes and retrieves records by case number or by the
name of the subject of the investigation.
Safeguards:
The system is maintained in accordance with the requirements of
the DHHS ADP System Manual, Part 6, ``Systems Security.'' HCFA keeps
the file cabinets locked in a room that is locked after office hours.
No one has access to the files room except HCFA Regional Office staff
and other authorized personnel on a need to know basis.
Retention and disposal:
HCFA places the records in an inactive file after final action on
the case. It closes out the inactive file at the end of the calendar
year in which final action was taken, holds it 2 additional years,
transfers it to the Federal Records Center, who destroys it after 3
additional years.
System manager(s) and address:
Director, Bureau of Program Operations, Health Care Financing
Administration, 6325 Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
An individual can determine if this system contains a record
pertaining to an active abuse investigation or a closed fraud or
abuse investigation of which the individual is/was a subject by
requesting such information in writing. He or she should direct
inquiries to HCFA, Bureau of Program Operations, Office of Program
Validation, 6325 Security Boulevard, Baltimore, MD 21207 or the
appropriate HCFA Regional Office (see app. C.2).
Under 5 U.S.C. 552a(k)(2), case files on active fraud
investigation cannot determine if this system contains a record
pertaining to an active fraud investigation of which the individual
is a subject.
These notifications procedures are in accordance with Department
regulations (45 CFR 5b.5).
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents they seek. As with the
notification procedure above, case files on active fraud
investigations are exempt from access by the individuals who are the
subjects of the investigations pursuant to 5 U.S.C. 552a(k)(2).
However, access to information which is a matter of public record or
documents which the individual furnished will be permitted. These
access procedures are in accordance with Department regulations (45
CFR 5b.5(a)(2).)
Contesting record procedures:
Contact the appropriate official at the address specified under
notification procedures above, reasonably identify the record and
specify the information to be contested. State the corrective action
sought and the reason for the correction with supporting
justification. (These procedures are in accordance with Department
regulations--45 CFR 5b.7).)
Record source categories:
The information contained in this record systems is the result of
a criminal or program abuse investigation and may be derived from
such sources as the suspect, beneficiaries, witnesses, professional
review organizations, professional or peer view committees, medical
consultants, Title XIX State agencies or State Medicaid Fraud Control
Units, Social Security Administration, Health Care Financing
Administration, carrier or intermediary employees with a knowledge of
the case.
Systems exempted from certain provisions of the act:
HHS claims exemption of certain records (case files on active
fraud investigations) in this system from the notification and access
procedures under 5 U.S.C. 552a(k)(2) inasmuch as these records are
investigatory materials complied for program (law) enforcement in
anticipation of a criminal or administrative proceedings. (See
Department Regulations (45 CFR 5b.11))
A. Health Insurance Claims
Medicare records are maintained at the HCFA Central Office (see
section 1 below for the address). Health insurance records of the
Medicare progarm can also be accessed through a representative of the
HCFA Regional Office (see section 2 below for addresses). Medicare
claims records are also maintained by private insurance organizations
who share in administering provisions of the health insurance
program. These private insurance organizations, referred to as
carriers and intermediaries, are under contract to the Health Care
Financing Administration and the Social Security Administration to
perform specific tasks in the Medicare program. See section 3 below
for addresses for intermediaries and section 4 addresses for
carriers.
1. Central Office Addresses:
Bureau of Program Operations, HCFA, 6325 Security Boulevard,
Baltimore, Maryland 21207. Office Hours: 8:15-4:45.
Bureau of Data Management and Strategy, HCFA. Office of Health
Program Systems, Room 1705, Equitable Building, 6325 Security
Boulevard, Baltimore, Maryland 21207. Office Hours: 8:15-4:45
2. HCFA Regional Office Addresses:
BOSTON REGION--Connecticut, Maine, Massachusetts, New Hampshire,
Rhode Island, Vermont
John F. Kennedy Federal Building, Room 1211; Boston,
Massachusetts 02203. Office Hours: 8:30-5:00
NEW YORK REGION--New Jersey, New York, Puerto Rico, Virgin
Islands
26 Federal Plaza--Room 715, New York, New York 10007, Office
Hours: 8:30-5:00
PHILADELPHIA REGION--Delaware, District of Columbia, Maryland,
Pennsylvania, Virginia, West Virginia
PO Box 8460, Philadelphia, Pennsylvania 19101. Office Hours:
8:30-5:00
ATLANTA REGION--Alabama, North Carolina, South Carolina, Florida,
Georgia, Kentucky, Mississippi, Tennessee
101 Marietta Street, Suite 702, Atlanta, Georgia 30223, Office
Hours 8:00-4:30
CHICAGO REGION--Illinois, Indiana, Michigan, Minnesota, Ohio,
Wisconsin
Suite A--824, Chicago, Illinois 60604. Office Hours: 8:15-4:45
DALLAS REGION--Arkansas, Louisiana, New Mexico, Oklahoma, Texas
1200 Main Tower Building, Dallas, Texas. Office Hours: 8:00-4:30
KANSAS CITY REGION--Iowa, Kansas, Missouri, Nebraska
New Federal Office Building, 601 East 12th Street--Room 436,
Kansas City, Missouri 64106. Office Hours: 8:00-4:45
DENVER REGION--Colorado, Montana, North Dakota, South Dakota,
Utah, Wyoming
Federal Office Building, 1961 Stout St--Room 1185, Denver,
Colorado 80294. Office Hours: 8:00-4:30
SAN FRANCISCO REGION--American Samoa, Arizona, California, Guam,
Hawaii, Nevada
Federal Office Building, 10 Van Ness Avenue, 20th Floor, San
Francisco, California 94102. Office Hours: 8:00-4:30
SEATTLE REGION--Alaska, Idaho, Oregon, Washington
1321 Second Avenue--Room 615, Mail Stop 211, Seattle, Washington
98101. Office Hours 8:00-4:30
3. Intermediary Addresses (Hospital Insurance):
Medicare Coordinate, Blue Cross/Blue Shield of Alabama, 450
Riverchase Parkway East. Birmingham, Alabama 35298
Medicare Coordinator, Blue Cross of Arizona, Inc., PO Box 13466,
Phoenix, Arizona 85002
Medicare Coordinator, Arkansas Blue Cross/Blue Shield, Inc., 601
Gaines Street, Little Rock, Arkansas 72203
Medicare Coordinator, Blue Cross of Southern California, PO Box
70000, Van Nuys, California 91470
Medicare Coordinator, Blue Cross of Northern California, 1950
Franklin Street, Oakland, California 94659
Medicare Coordinator, Kasier Foundation Health Plan, Inc., 1956
Webster Street, Room 310A Oakland, California 94612
Medicare Coordinator, Rocky Mountain Hospital and Medical
Service, 700 Broadway, Denver, Colorado 80203
Medicare Administrator, Aetna Life & Casualty, 151 Farmington
Avenue, Hartford, Connecticut 06156
Medicare Coordinator, Blue Cross/Blue Shield Connecticut, 370
Bassett Rd., North Haven, Connecticut 06473
Medicare Administrator, Travelers Ins. Co., One Tower Square,
Hartford, Connecticut 06115
Triage, Inc., 719 Middle Street, Bristol Connecticut 06019
Medicare Coordinator, Blue Cross/Blue Shield of Delaware, Inc.,
201 West 14th Street, Wilmington, Delaware 19899
Medicare Coordinator, Group Hospitalization, Inc., 550 12th
Street, SW., Washington, DC 20024
Medicare Coordinator, Blue Cross of Florida, Inc., PO Box 1789,
Jacksonville, Florida 32201
Medicare Coordinator, Blue Cross of Georgia/Columbus, PO Box
7368, Columbus, Georgia 31908
Medicare Coordinator, Blue Cross of Georgia/Atlanta, PO Box 4445,
Atlanta, Georgia 30302
Medicare Coordinator, Hawaii Medical Service Association, PO Box
860, Honolulu, Hawaii 96808
Medicare Coordinator, Blue Cross of Idaho, Inc., PO Box 7480,
Boise, Idaho 83707
Medicare Coordinator, Health Care Service Corp., 233 North
Michigan Avenue, Chicago, Illinois 60601
Medicare Coordinator, Mutual Hospital Insurance, Inc., 120 West
Market Street, Indianapolis, Indiana 46204
Medicare Coordinator, Blue Cross of Iowa, Ruan Building, 636
Grant Avenue, Station 28, Des Moines, Iowa 50307
Medicare Coordinator, Blue Cross of Western Iowa and S. Dakota,
Third and Pierce Street, Sioux City, Iowa 51102
Medicare Administrator, Kansas Hospital Service Association,
Inc., P.O. Box 239, Topeka, Kansas 66601
Medicare Coordinator, Blue Cross and Blue Shield of Kentucky,
Inc., 9901 Linn Station Road, Louisville, Kentucky 40223
Medicare Coordinator, Louisiana Health Service and Indemnity
Company, 2718A Wooddale Blvd., Baton Rouge, Louisiana 70805
Medicare Coordinator, Associated Hospital Service of Maine, 110
Free Street, Portland, Maine 04101
Medicare Coordinator, Maryland Blue Cross, Inc., 700 East Joppa
Road, Baltimore, Maryland 21204
Medicare Coordinator, Part A, Blue Cross of Mass., Inc., 100
Summer Street, Boston, Massachusetts 02106
Medicare Coordinator, Blue Cross of Michigan, 600 Lafayette East,
Detroit, Michigan 48226
Medicare Coordinator, Blue Cross of Minnesota, 3535 Blue Cross
Road, St. Paul, Minnesota 55765
Medicare Coordinator, Blue Cross of Miss., PO Box 1043, Jackson,
Mississippi 39205
Medicare Coordinator, Blue Cross Hospital Service of Missouri,
4444 Forest Park Boulevard, St. Louis, Missouri 63108
Medicare Coordinator, Blue Cross of Montana, PO Box 5017, Great
Falls, Montana 59403
Medicare Coordinator, Mutual of Omaha Ins. Co., Box 456 Downtown
Station, Omaha, Nebraska 68101
Medicare Coordinator, Blue Cross of Nebraska, PO Box 3248, Main
Post Office Station, Omaha, Nebraska 68103
Medicare Coordinator, New Hampshire Vermont Health Service, 2
Pillsbury Street, Concord, New Hampshire 03306
Medicare Coordinator, Hospital Service Plan of New Jersey, 33
Washington Street, Newark, New Jersey 07102
Medicare Coordinator, Prudential Ins. Co. of America, Drawer 471,
Millville, New Jersey 08332
Medicare Coordinator, New Mexico Blue Cross Inc., 12800 Indian
School Rd., NE, Albuquerque, New Mexico 87112
Medicare Coordinator, B/C-B/S of New York, 622 Third Avenue, New
York, New York 10017
Medicare Coordinator, North Carolina B/C-B/S. PO Box 2291,
Durham, North Carolina 27702
Medicare Coordinator, Blue Cross of North Dakota, 4510 13th
Avenue, SW, Fargo, North Dakota 58121
Medicare Coordinator, B/C of N.W. Ohio, PO Box 943, Toledo, Ohio
43601
Medicare Coordinator, B/C of N.E. Ohio, 2066 East Ninth Street,
Cleveland, Ohio 44115
Medicare Coordinator, Hospital Care Corporation, 1851 William
Howard Taft Road, Cincinnati, Ohio 45206
Medicare Coordinator, Nationwide Mutual Insurance Co., PO Box
1625, Columbus, Ohio 43216
Medicare Coordinator, B/C of Central Ohio, PO Box 16526,
Columbus, Ohio 43216
Medicare Coordinator, Blue Cross of Oklahoma, 1215 South Boulder,
Tulsa, Oklahoma 74119
Medicare Coordinator, Northwest Hospital Service, PO Box 1271,
Portland, Oregon 97201
Medicare Coordinator, Blue Cross of Greater Philadelphia, 1333
Chestnut Street, Philadelphia, Pennsylvania 19107
Medicare Coordinator, Blue Cross of Western Pennsylvania, One
Smithfield Street, Pittsburgh, Pennsylvania 15222
Medicare Coordinator, B/C of N.E. Pennsylvania, 70 North Main
Street, Wilkes-Barre, Pennsylvania 18711
Medicare Coordinator, Hospital Service Plan of Lehigh Valley,
1221 Hamilton Street, Allentown, Pennsylvania 18102
Medicare Coordinator, Capital Blue Cross, 100 Pine Street,
Harrisburg, Pennsylvania 17101
Cooperative de Seguros de Vida de Puerto Rico, G.P.O. Box 3428,
San Juan, Puerto Rico 00936
Blue Cross of Rhode Island, 444 Westminster Mall, Providence,
Rhode Island 02901
Medicare Coordinator, Blue Cross of S.C. Columbia, South Carolina
29219
Medicare Coordinator, Blue Cross of Tennessee, Blue Cross Bldg.,
Chattanooga, Tennessee 37402
Medicare Coordinator, Group Hospital Service, Inc., PO Box 22146,
Dallas, Texas 75222
Medicare Coordinator, B/C of Utah, PO Box 30270, Medicare A, Salt
Lake City, Utah 84130
Medicare Coordinator, B/C of S.W. Virginia, PO Box 13047, 3959
Electric Rd., Roanoke, Virginia 24045
Medicare Coordinator, Blue Cross of Virginia, PO Box 27401,
Richmond, Virginia 23261
Medicare Coordinator, B/C of Washington/Alaska, Inc., 15700
Dayton Avenue, North, PO Box 327, Seattle, Washington 89111
Medicare Coordinator, Parkersburg Hosp. Serv., Inc., PO Box 1948,
Parkersburg, West Virginia 26101
Medicare Coordinator, Blue Cross Hospital Service Inc., PO Box
1353, City Center, West Charleston, West Virginia 25325
Medicare Coordinator, Blue Cross of Northern West Virginia Inc.,
20th and Chapline Streets, Wheeling, West Virginia 26003
Medicare Coordinator, Blue Cross/Blue Shield United at Wisconsin,
Milwaukee, Wisconsin 53201
Medicare Coordinator, Blue Cross/Blue Shield of Wyoming, PO Box
2266, Cheyenne, Wyoming 82000
Health Care Financing Administration, Bureau of Program
Operations, Office of Prepaid Operations Staff, 6325 Security
Boulevard, Baltimore, Maryland 21207
Railroad Retirement Board, 844 Rush Street, Chicago, Illinois
60611
Medicare Carriers
Medicare Coordinator, Blue Cross and Blue Shield of Alabama, 450
Riverchase Parkway East, Birmingham, Alabama 35298
Vice President for Medicare and Medical Services, Arkansas Blue
Cross and Blue Shield, Inc., 601 Gaines Street, Little Rock, Arkansas
72203
Medicare Coordinator, California Physicians Service, (d/b/a Blue
Shield of California), PO Box 7013, No. 2 Northpoint, San Francisco,
California 94120
Medicare Coordinator, Transamerica Occidental Life Insurance
Company, PO Box 54905 Terminal Annex, Los Angeles, California 90054
Assistant Vice President, Rocky Mountain Hospital and Medical
Service, (d/b/a Blue Cross and Blue Shield of Colorado), 700
Broadway, Denver, Colorado 80273
Medicare Administrator, Travelers Ins. Co., One Tower Square,
Hartford, Connecticut 06183
Medicare Administrator, Aetna Life & Casualty, 151 Farmington
Avenue, Hartford, Connecticut 06156
Medicare Coordinator, Blue Cross and Blue Shield of Florida,
Inc., PO Box 1798, Jacksonville, Florida 32231
Health Care Service Corporation, 233 North Michigan Avenue,
Chicago, Illinois 60601
Associated Insurance Companies, Inc., (d/b/a Blue Cross and Blue
Shield of Indiana), 8320 Craig Street, Suite 100, Indianapolis,
Indiana 46250-0453
Assistant Executive Director, Blue Shield of Iowa, Ruan Building,
636 Grand Avenue, Station 28, Des Moines, Iowa 50309
Medicare Assistant, Blue Cross and Blue Shield of Kansas, Inc.,
PO Box 239, Topeka, Kansas 66601
Blue Cross and Blue Shield of Kentucky, Inc., 100 East Vine
Street, 6th Floor, Lexington, Kentucky 40517
Medicare Coordinator, Blue Cross and Blue Shield of Maryland,
Inc., 700 E. Joppa Road, Baltimore, Maryland 21204
Medicare Coordinator Part B, Blue Shield of Massachusetts, Inc.,
100 Summer Street, Boston, Massachusetts 02110
Assistant Vice President Government, Affairs Department, Blue
Cross and Blue Shield of Michigan, 600 Lafayette East, Detroit,
Michigan 48226
Blue Cross and Blue Shield of Minnesota, PO Box 64357, 3535 Blue
Cross Road, St. Paul, Minnesota 55164
Vice President Government Programs, Blue Cross and Blue Shield of
Kansas City, PO Box 169, Kansas City, Missouri 64141
Director, Medicare Administration, General American Life
Insurance Co., PO Box 505, St. Louis, Missouri 63168
Blue Cross and Blue Shield of Montana, Inc., PO Box 4309, 404
Fuller Avenue, Helena, Montana 59601
Medicare Coordinator, Prudential Insurance Co. of America, Tri-
City Office, Drawer 471, Millville, New Jersey 08332
Director of Medicare Part B, Blue Shield of Western New York,
Inc., 298 Main Street, Buffalo, New York 14202
Medicare Coordinator, Group Health Insurance, Inc., 330 West 42nd
Street, New York, New York 10036
Medicare Coordinator, Empire Blue Cross and Blue Shield, 622
Third Avenue, New York, New York 10017
Medicare Coordinator, EQUICOR, Inc., 1285 Avenue of the Americas,
New York, New York 10019
Medicare Coordinator, Blue Cross and Blue Shield of North Dakota,
4510 13th Avenue, SW, Fargo, North Dakota 58121
Medicare System and Processing Division, Nationwide Mutual
Insurance Company, PO Box 16788, Columbus, Ohio 43216
Medicare Coordinator, Pennsylvania Blue Shield, PO Box 65, Camp
Hill, Pennsylvania 17011
Chief, Internal Operations, Sequros de Servicio de Salud de
Puerto Rico, Inc., G.P.O. Box 3628, San Juan, Puerto Rico 00936-3628
Medicare Coordinator, Blue Cross and Blue Shield of Rhode Island,
444 Westminster Mall, Providence, Rhode Island 02901
Medicare Coordinator, Blue Cross and Blue Shield of South
Carolina, Fontaine Business Center, 300 Arbor Lake Drive, Suite 1300,
Columbia, South Carolina 29223
Blue Cross and Blue Shield of Texas, Inc., 901 South Central
Expressway, PO Box 833815, Richardson, Texas 75083-3815
Manager, Part B, Blue Cross and Blue Shield of Utah, PO Box
30270, 2455 Parley's Way, Salt Lake City, Utah 84130
Assistant Administrator, Washington Physicians Service, 4th and
Battery Building, 2401 4th Avenue, 6th Floor, Seattle, Washington
98121
Director, Medicare Claims Department, Wisconsin Physicians'
Service Insurance, Corp., 1717 West Broadway, Monona, Wisconsin 53713
09-70-0530
System name: Medicare Supplier Identification File, HHS/HCFA/
BPO.
Security classification:
None.
System location:
Carriers under contract to the HCFA will maintain the records.
Contract System Manager for location of system of records. In
addition, records for suppliers of DMEPOS will be collected and
retained at a national level at a contractor to be selected later.
The HCFA Data Center may also retain an electronic file of this
system of records.
Categories of individuals covered by the system:
Information on owners, managing employees, and subcontractors of
suppliers of DMEPOS, ambulance companies, imaging technology
companies, and independent physiological laboratories which provide
services or supplies to Medicare beneficiaries will be collected.
Categories of records in the system:
This collection of data will identify individuals who are owners,
managing employees, or subcontractors in companies which supply
DMEPOS, ambulance companies, imaging technology companies, and
independent physiological laboratories. This collection will maintain
information on the owners, managing employees, and subcontractors;
i.e., names of the individuals, business location, unique physician
identification number (UPIN) or social security number, specialty
code, employer identification number, and type of billing.
Authority for maintenance of the system:
Sections 1124, 1124A, 1126, and 1833(e) the Act.
Purpose(s):
The system will identify supplier businesses which are eligible
to receive Medicare payments for items and services furnished to
Medicare beneficiaries as well as owners, managing employees, and
subcontractors in those suppliers. The system will facilitiate the
identification of business owners who have been sanctioned by the OIG
and/or have questionable business practices within the Medicare
program. The system will also identify those owners and managing
employees whose businesses carriers' audits and reviews cite as
employing billing practices which could breach Medicare standards.
The carriers will be able to review questionable claims before
payment; this process has been found to be more efficient than
postpayment reviews.
Routine uses of records maintained in the system, including
categories of users and the purposes of such records:
Disclosure may be made:
1. To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
2. To a Medicaid State agency or its fiscal agent to assist in
enforcing Medicare and Medicaid sanctions;
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) (HHS), or any component thereof; or
(b) Any HHS employee in his or her individual official capacity;
or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or,
(d) The United States ir agency thereof where HHS determines that
the litigation is likely to affect HHS or any of its components;
is party to litigation or has an interest in such litigation, and
HHS has determined that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation to the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
4. To a contractor for the purposes of collating, analyzing,
aggregating or otherwise refining or processing records in this
system of for developing, modifying and/or manipulating automated
data processing (ADP) software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for an ADP or telecommunications system
containing or supporting records in the system.
5. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
6. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on magnetic media, e.g., tape, electronic
imaging, disk, microfilm, and hard copy paper.
Retrievability:
The records are retrievable by business name, owner's name,
owner's social security number of UPIN, managing employee's name,
employer identification number or other tax reporting number,
business address, and carrier assigned billing numbers.
Safeguards:
Access is limited to authorized personnel and HCFA contractor
employees in the performance of their duties. HHS contractors are
required to comply with the provisions of the Privacy Act, and are
required to sign Assurance of Confidentiality Forms (or Data Security
Statements) that are kept on file by the contractor.
The carriers will maintain all records in secure areas accessible
only to authorized employes and will notify all employees having
access to records of the criminal sanctions for unauthorized
disclosure of information on individuals. For computerized records,
the carriers will initiate ADP system security procedures required by
the HHS Information Resources Manual, Circular #10, Automated
Information Systems Security Programs, (e.g., use of passwords) and
the National Institute of Standards and Technology Federal
Information Processing Standards. Similar standards will be provided
if any records are transferred by HCFA central office.
Suppliers complete the form to apply for a billing number in the
Medicare program, to update information on the initial request, and
to reenroll as Medicare requires every 3 years. The paper copies and/
or microfilm or electronically imaged copies are kept indefinitely.
The magnetic media file which is used in the day-to-day operations is
updated as required for updates, deactivation, or reenrollment.
Although records may be deactivated when the supplier ceases to bill
Medicare, the carriers will keep all records indefinitely.
System manager(s) and address:
Director, Bureau of Program Operations, Health Care Financing
Administration, 6325 Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for records information for suppliers of
DMEPOS should be directed to the carrier which will maintain the
national file (This carrier will be names no earlier than October
1992) or, for other types of suppliers, to the carrier servicing the
supplier's geographic area. If an individual wishes to determine if
he or she is included in a record in the system, that person must
provide the business name of the supplier, employer identification
number, and the business address. Information on individuals within
the system will be released only to authorized individuals.
Record access procedures:
Same as notification procedures. Requestors should reasonably
specify the record contents being sought. (These access procedures
are in accordance with Department regulation (45 CFR 5.b.2(a)(2).)
Contesting record procedures:
Contact the Systems Manager at the addesss specified above and
reasonably identify the record and specify the information to be
contested. State the corrective action sought and the reasons for the
contest; and give any supporting justification. (These procedures are
in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
Information contained in these records is received from the
application which the suppliers complete to obtain Medicare billing
numbers.
Systems exempted from certain provisions of the act:
None.
09-70-0531
System name:
National Emphysema Treatment Trial (NETT) System, HHS/HCFA/CHPP.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
The system of records will contain information about Medicare
beneficiaries with emphysema enrolled in the randomized phase of the
trial, as well as referring and servicing physicians.
Categories of records in the system:
This system of records will contain information about Medicare
utilization and frequency of specific health care services, the
provider and provider's speciality, provider's location or sites of
services, cost of surgery, medical or pulmonary rehabilitation,
extra-site therapy, medical services necessary for treatment, and
self-administered drug therapy. The system will also contain the
beneficiary's name, address, date of birth, sex, health insurance
claim number (HIC), telephone number, marital status, clinical
outcomes, and morbidity and mortality rates.
Authority for maintenance of the system:
Authority for maintenance of the system is given under section
1862 (a)(1)(A) of the Social Security Act (the Act), and 42 U.S.C.
1395.
Purpose(s):
The primary purpose of the system of records is to maintain data
that will allow HCFA to collect and provide secure data on
participants in the randomized phase of the study, pay claims, and to
monitor and evaluate the clinical trial. Information retrieved from
this system of records will also be disclosed to: support regulatory,
reimbursement and policy functions performed within the agency or by
a contractor or consultant, another federal or state agency to enable
such agency to administer a Federal health benefits program, or to
enable such agency to fulfill a requirement of a Federal statute or
regulation that implements a health benefits program funded in whole
or in part with Federal funds, support research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects, support constituent requests made to a
congressional representative, support litigation involving the
agency, and, combat fraud and abuse in certain health benefits
programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine use in this system meets the
compatibility requirement of the Privacy Act. We are proposing to
establish the following routine use disclosures of information which
will be maintained in the system:
1. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
2. To another federal or state agency:
(1) To contribute to the accuracy of HCFA's proper payment of
Medicare benefits, and/or
(2) To enable such agency to administer a federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a federal statute or regulation that implements a
health benefits program funded in whole or in part with Federal
funds.
3. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
4. To a member of congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
5. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government
is a party to litigation or has an interest in such litigation,
and by careful review, HCFA determines that the records are both
relevant and necessary to the litigation.
6. To HCFA contractors, including but not necessarily limited to
fiscal intermediaries and carriers under title XVIII of the Social
Security Act; to administer some aspect of a HCFA-administered health
benefits program, or to a grantee of a HCFA-administered grant
program, which program is or could be affected by fraud and abuse,
for the purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to,
defending against, correcting, remedying, or otherwise combating such
fraud and abuse in such programs.
7. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to,
defending against, correcting, remedying, or otherwise combating such
fraud and abuse in health benefits program funded in whole or in part
by Federal funds.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are stored in file folders, magnetic tapes and
computer disks.
Retrievability:
The Medicare and Medicaid records are retrieved by health
insurance claim number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the NETT system. For computerized
records, safeguards have been established in accordance with HHS
standards and National Institute of Standards and Technology
guidelines, e.g., security codes will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular �10,
Automated Information Systems Security Program, HCFA Automated
Information Systems (AIS) Guide, Systems Securities Policies, and OMB
Circular No. A-130 (revised), Appendix III.
Retention and disposal:
HCFA will retain identifiable data for a total period of fifteen
(15) years from the date the information was last updated.
System manager(s) and address:
HCFA, Director, Center for Health Plans and Providers, Program
Analysis and Performance Measurement Group, 7500 Security Blvd.,
Baltimore, Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, date of birth, sex, and for verification
purposes, the subject individual's name (woman's maiden name, if
applicable), and social security number (SSN). Furnishing the SSN is
voluntary, but it may make searching for a record easier and prevent
delay.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
The NETT will use Medicare enrollment records, Medicare
beneficiaries or proxies, and medical providers (such as physicians,
medical facilities, home health care providers) for a sample of
enrollees.
Systems exempted from certain provisions of the act:
None.
09-70-0532
System name:
Provider Enrollment, Chain, and Ownership System (PECOS), HHS/
CMS/OFM.
Security classification:
Level Three Privacy Act Sensitive.
System location:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
PECOS will collect information provided by the applicant related
to identity, qualifications, practice locations, ownership, billing
arrangements, reassignment of benefits, surety and bond data,
clearinghouses submitting electronic claims, and related
organizations. PECOS will also maintain information on business
[[Page 51965]]
owners, chain home offices and provider/chain associations, managing/
directing employees, partners, authorized and delegated
representatives, supervising physicians of the supplier, staffing
companies, ambulance crew members, and/or interpreting physicians and
related technicians. Managing/directing employees include general
managers, business managers, administrators, directors, and other
individuals who exercise operational or managerial control over the
provider/supplier.
Categories of records in the system:
This system of records will contain the names, social security
numbers (SSN), and employer identification numbers (EIN) for each
disclosing entity, owners, as well as managing/directing employees,
with 5 percent or more ownership or control interest. Managing/
directing employees include general manager, business managers,
administrators, directors, and other individuals who exercise
operational or managerial control over the provider/supplier. The
system will also contain the Unique Provider Identification Number,
demographic data, professional data, past and present business
history as well as information regarding any exclusions, sanctions,
and felonious behavior.
Authority for maintenance of the system:
Authority for maintenance of the system is given under sections
1102(a) (Title 42 United States Code (U.S.C.) section 1302(a)), 1128
(42 U.S.C. 1320a-70), 1814(a) (U.S.C. 1395f(a)(1), 1815(a) (42 U.S.C.
1395g(a)), 1833(e) (42 U.S.C. 1395(e), 1871 (42 U.S.C. 1395hh), and
1886(d)(5)(F), (42 U.S.C. 1395ww(d)(5)(F) of the Social Security Act;
1842(r) (42 U.S.C. 9202(g)); sec. 1124(a)(1) (42 U.S.C. 1320a-
3(a)(1), and section 1124A (42 U.S.C. 1320a-3a), 4313, as amended, of
the Balanced Budget Act of 1997; and section 31001(I) (31 U.S.C.
7701) of the Debt Collection Improvement Act of 1996 (Pub. L. 104-
134), as amended.
Purpose(s):
The primary purpose of the SOR is to: (1) Collect information for
an applying provider/supplier and record the associations between the
applicant and those who have an ownership or control interest in the
entity; (2) permit informed enrollment decisions to be made based on
past and present business history, any reported exclusions, sanctions
and felonious behavior at their location or in multiple contractor
jurisdictions; and, (3) ensure that correct payments are made under
the Medicare program. Information retrieved from this SOR will also
be disclosed to: (1) support regulatory, reimbursement, and policy
functions performed within the Agency or by a contractor or
consultant; (2) another Federal or state agency, agency of a state
government, an agency established by state law, or its fiscal agent;
(3) support constituent requests made to a congressional
representative; (4) support litigation involving the Agency; and (5)
combat fraud and abuse in certain health benefits programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These routine uses specify circumstances, in addition to those
provided by statute in the Privacy Act of 1974, under which CMS may
release information from the PECOS without the consent of the
individual to whom such information pertains. Each proposed
disclosure of information under these routine uses will be evaluated
to ensure that the disclosure is legally permissible, including but
not limited to ensuring that the purpose of the disclosure is
compatible with the purpose for which the information was collected.
In addition, our policy will be to prohibit release of non-
identifiable data, except pursuant to one of the routine uses, if
there is a possibility that an individual can be identified through
implicit deduction based on small cell sizes (instances where the
patient population is so small that individuals who are familiar with
the enrollees could, because of the small size, use this information
to deduce the identity of the beneficiary). We are proposing to
establish the following routine use disclosures of information
maintained in the system:
1. To agency contractors, or consultants that have been engaged
by the agency to assist in accomplishment of a CMS function relating
to the purposes for this system of records and who need to have
access to the records in order to assist CMS.
2. To another Federal or state agency, agency of a state
government, an agency established by state law, or its fiscal agent
to:
(a) Contribute to the accuracy of CMS's proper payment of
Medicare benefits,
(b) Enable such agency to administer a Federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a Federal statute or regulation that implements a
health benefits program funded in whole or in part with Federal
funds, and/or
(c) Assist with other activities within the state.
3. To a Member of Congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court, or adjudicatory
body when:
(a) The Agency or any component thereof, or
(b) An employee of the Agency in his or her official capacity,
(c) An employee of the Agency in his or her individual capacity
where DOJ has agreed to represent the employee, or
(d) Where the United States Government is a party to litigation
or has an interest in such litigation, and by careful review, CMS
determines that the records are both relevant and necessary to the
litigation.
5. To a CMS contractor (including, but not limited to FIs and
carriers) that assists in the administration of a CMS-administered
health benefits program, or to a grantee of a CMS-administered grant
program, when disclosure is deemed reasonably necessary by CMS to
prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program.
6. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
Federal funds, when disclosure is deemed reasonably necessary by CMS
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on paper and magnetic media.
Retrievability:
The records are retrieved by the Internal Provider Control
Number, SSN, EIN, or other CMS assigned provider numbers.
Safeguards:
CMS has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system
[[Page 51966]]
have been trained in the Privacy Act and systems security
requirements. Employees who maintain records in the system are
instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, CMS has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the PECOS system. For computerized
records, safeguards have been established in accordance with the
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. Systems
securities are established in accordance with HHS, Information
Resource Management Circular �10, Automated Information Systems
Security Program, CMS Automated Information Systems Guide, Systems
Securities Policies, and OMB Circular No. A-130 (revised) Appendix
III.
Retention and disposal:
CMS will retain identifiable data for a total period of 15 years
from the date the information was collected.
System manager(s) and address:
Director, Division of Provider/Supplier Enrollment, Office of
Financial Management, CMS, 7500 Security Boulevard, Baltimore,
Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, SSN, EIN, and for
verification purposes, the subject individual's name (woman's maiden
name, if applicable).
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
Information contained in this system is received from the Form(s)
HCFA 855A, ``Application for Health Care Providers that will Bill
Medicare Fiscal Intermediaries, HCFA 855B, ``Application for Health
Care Providers that will Bill Medicare Carriers,'' HCFA 855I,
``Application for Individual Health Care Practitioners,'' HCFA 855R,
``Application for Reassignment of Medicare Benefits,'' and HCFA 855S,
``Durable Medial Equipment, Prosthetics, Orthotics, and Suppliers
Application.''
Systems exempted from certain provisions of the act:
None.
09-70-0535
System name:
Medicare Choices Helpline (HELPLINE), HHS/HCFA/CBS.
Security classification:
Level 3, Privacy Act Sensitive.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
All beneficiaries and callers to the call center who require a
written response.
Categories of records in the system:
This system contains the beneficiary's name and/or caller's name,
social security number, Health Insurance Claim (HIC) number, phone
number, and background information relating to Medicare or Medicaid
related issues.
Authority for maintenance of the system:
41 CFR Chapter 101-20.302, Conduct on Federal Property, OMB
Circular A-123, Internal Control Systems and Pub. L. 105-3, the
Balanced Budget Act of 1997.
Purpose(s):
The primary purpose of the system of records is to provide
general information to beneficiaries and future beneficiaries so that
they can make informed decisions on their Medicare options.
Information retrieved from this system of records will also be
used to support regulatory and policy functions performed within the
agency or by a contractor or consultant; constituent requests made to
a congressional representative; and litigation involving the agency
related to this system of records.
Routine uses of records maintained in the system, including
Categories or Users and the purposes of such uses:
The Privacy Act permits us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine use in this system meets the
compatibility requirement of the Privacy Act. HCFA is proposing to
disclose information from this system of records under the following
routine uses. These routine uses are discussed in detail in the
attached Preamble.
1. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
2. To a Member of Congress or to a congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
3. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof; or
(b) Any employee of the agency in his or her official capacity;
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee; or
(d) The United States Government; is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information is maintained on paper, computer diskette and on
magnetic storage media.
Retrievability:
The records are retrieved by name and identification number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HELPLINE system. For computerized
records, safeguards have been established in accordance with HHS
standards and National Institute of Standards and Technology
guidelines; e.g., security codes will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular 10,
Automated Information Systems Security Program; HCFA Automated
Information Systems (AIS) Guide, Systems Securities Policies; and OMB
Circular No. A-130 (revised) Appendix III.
Retention and disposal:
HCFA will retain HELPLINE data for a total retention of seven (7)
years after the date of the response to the inquiry.
System manager(s) and address:
Director, Center for Beneficiary Services, Division of Call
Center Operations, Customer Teleservice Operations Group, Center for
Beneficiary Services, HCFA, 7500 Security Boulevard, C2-26-20,
Baltimore, Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, and for verification purposes, the subject individual's
name (woman's maiden name, if applicable), social security number
(SSN) (furnishing the SSN is voluntary, but it may make searching for
a record easier and prevent delay), address, date of birth, and sex.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
Sources of information contained in this records system include
data collected from HELPLINE calls to the 1-800 Medicare Choices
Helpline.
Systems exempted from certain provisions of the act:
None.
09-70-0536
System name:
Medicare Beneficiary Database, HHS/CMS/CBS.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850, and at various other remote
locations (See Appendix A).
[[Page 63398]]
Categories of individuals covered by the system:
Individuals age 65 or over who have been, or currently are,
entitled to health insurance (Medicare) benefits under Title XVIII of
the Social Security Act or under provisions of the Railroad
Retirement Act; individuals under age 65 who have been, or currently
are, entitled to such benefits on the basis of having been entitled
for not less than 24 months to disability benefits under title II of
the Act or under the Railroad Retirement Act; individuals who have
been, or currently are, entitled to such benefits because they have
end-stage renal disease; individuals age 64 and 8 months or over who
are likely to become entitled to health insurance (Medicare) benefits
upon attaining age 65, and individuals under age 65 who have at least
21 months of disability benefits who are likely to become entitled to
Medicare upon the 25th month of entitlement to such benefits and
those populations that are dually eligible for both Medicare and
Medicaid (Title XIX of the Social Security Act).
Categories of records in the system:
The data elements include, but are not limited to, standard data
for identification such as health insurance claim number (HICN),
social security number (SSN), sex, race/ethnicity, date of birth,
geographic location, Medicare enrollment and entitlement information,
Medicare Secondary Payer data necessary for appropriate Medicare
claim payment, hospice election, plan elections and enrollment, End
Stage Renal Disease (ESRD) entitlement, historic and current listing
of residences, and Medicaid eligibility and Managed Care
institutional status.
Authority for maintenance of the system:
Authority for maintenance of the system is given under sections
226, 226A, 1811, 1818, 1818A, 1831, 1833(a)(1)(A), 1836, 1837, 1838,
1843, 1866, 1876, 1881, and 1902(a)(6) of the Social Security Act and
Title 42 United States Code (U.S.C.) 426, 1395(a)(1)(A), 1395c,
1395cc, 1395i-2, 1395i-2a, 1395j, 1395l, 1395mm, 1395o, 1395p, 1395q,
1395rr, 1395v, and 1396(a).
Purpose(s):
The primary purpose of this system of records is to provide the
Centers for Medicare & Medicaid Services (CMS) with a singular,
authoritative, database of comprehensive data on people with
Medicare. The development and operation of the MBD would establish
within CMS, a singular, national source of comprehensive beneficiary
information. This information would be consistent throughout the
Medicare Program, providing key benefits to CMS's operation,
administrative and customer service goals. The MBD will combine and
house beneficiary centric data that resides currently within CMS
databases such as the EDB, MSIS and GHP. It becomes the authoritative
database for approved agency contractors who need specific types of
data to support and implement business processes, based upon a
beneficiary's health insurance needs. Although the MBD does not
replace any of these systems at this time, the MBD does provide the
most current and reliable information for contractors to make timely
decisions about payment and service delivery elections. Information
retrieved from this system of records will also be disclosed to: (1)
Support regulatory, reimbursement, and policy functions performed
within the agency or by a contractor or consultant, (2) another
federal or state agency, agency of a state government, an agency
established by state law, or its fiscal agent, (3) providers and
suppliers of services for administration of Title XVIII, (4) third
parties where the contact is expected to have information relating to
the individual's capacity to manage his or her own affairs, (5) Peer
Review Organizations, (6) other insurers for processing individual
insurance claims, (7) facilitate research on the quality and
effectiveness of care provided, as well as payment related projects,
(8) support constituent requests made to a congressional
representative, (9) support litigation involving the agency, and (10)
combat fraud and abuse in certain health benefits programs.
Routine uses of records maintained in the system, including
categories or users and the purposes of such uses:
These routine uses specify circumstances, in addition to those
provided by statute in the Privacy Act of 1974, under which CMS may
release information from the MBD without the consent of the
individual to whom such information pertains. Each proposed
disclosure of information under these routine uses will be evaluated
to ensure that the disclosure is legally permissible, including but
not limited to ensuring that the purpose of the disclosure is
compatible with the purpose for which the information was collected.
In addition, our policy will be to prohibit release even of non-
identifiable data, except pursuant to one of the routine uses, if
there is a possibility that an individual can be identified through
implicit deduction based on small cell sizes (instances where the
patient population is so small that individuals who are familiar with
the enrollees could, because of the small size, use this information
to deduce the identity of the beneficiary). We are proposing to
establish the following routine use disclosures of information
maintained in the system:
1. To agency contractors, or consultants who have been engaged by
the agency to assist in accomplishment of a CMS function relating to
the purposes for this system of records and who need to have access
to the records in order to assist CMS.
2. To another federal or state agency, agency of a state
government, an agency established by state law, or its fiscal agent
to:
a. Contribute to the accuracy of CMS's proper payment of Medicare
benefits,
b. Enable such agency to administer a federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a federal statute or regulation that implements a
health benefits program funded in whole or in part with federal
funds, and/or
c. To assist federal/state Medicaid programs within the state.
3. To providers and suppliers of services directly or through
fiscal intermediaries or carriers for the administration of Title
XVIII of the Social Security Act.
4. To third party contacts in situations where the party to be
contacted has, or is expected to have information relating to the
individual's capacity to manage his or her affairs or to his or her
eligibility for, or an entitlement to, benefits under the Medicare
program and,
a. The individual is unable to provide the information being
sought (an individual is considered to be unable to provide certain
types of information when any of the following conditions exists: the
individual is confined to a mental institution, a court of competent
jurisdiction has appointed a guardian to manage the affairs of that
individual, a court of competent jurisdiction has declared the
individual to be mentally incompetent, or the individual's attending
physician has certified that the individual is not sufficiently
mentally competent to manage his or her own affairs or to provide the
information being sought, the individual cannot read or write, cannot
afford the cost of obtaining the information, a language barrier
exist, or the custodian of the information will not, as a matter of
policy, provide it to the individual), or
b. The data are needed to establish the validity of evidence or
to verify the accuracy of information presented by the individual,
and it concerns one or more of the following: The individual's
entitlement to benefits under the Medicare program, the amount of
reimbursement, and in cases in which the evidence is being reviewed
as a result of suspected fraud and abuse, program integrity, quality
appraisal, or evaluation and measurement of activities.
5. To Peer Review Organizations (PRO) in connection with review
of claims, or in connection with studies or other review activities,
conducted pursuant to Part B of Title XI of the Social Security Act
and in performing affirmative outreach activities to individuals for
the purpose of establishing and maintaining their entitlement to
Medicare benefits or health insurance plans.
6. To insurance companies, third party administrators (TPA),
employers, self-insurers, managed care organizations, other
supplemental insurers, non-coordinating insurers, multiple employer
trusts, group health plans (i.e., health maintenance organizations
(HMO), Cost Plans, or a Medicare-approved health care prepayment plan
(HCPP), Programs for All Inclusive Care for the Elderly, Medicare +
Choice Organizations (i.e. Coordinated Care Plans (CCPs), Religious
Based Fraternal Plans Private Fee For Service (PFFS), Medical Savings
Accounts (MSAs), Demonstrations) directly or through a contractor.
Information to be disclosed shall be limited to Medicare enrollment
data. In order to receive the information, they must agree to:
a. Certify that the individual about whom the information is
being provided is one of its insured or employees;
b. Utilize the information solely for the purpose of processing
the individual's insurance claims; and
c. Safeguard the confidentiality of the data and prevent
unauthorized access.
7. To an individual or organization for a research project or to
support an evaluation project related to the prevention of disease or
disability, the restoration or maintenance of health, or payment
related projects.
8. To a Member of Congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
9. To the Department of Justice (DOJ), court or adjudicatory body
when:
a. The agency or any component thereof, or
b. Any employee of the agency in his or her official capacity, or
c. Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
d. The United States Government, is a party to litigation or has
an interest in such litigation, and by careful review, CMS determines
that the records are both relevant and necessary to the litigation.
10. To a CMS contractor (including, but not limited to fiscal
intermediaries and carriers) that assists in the administration of a
CMS-administered health benefits program, or to a grantee of a CMS-
administered grant program, when disclosure is deemed reasonably
necessary by CMS to prevent, deter, discover, detect, investigate,
examine, prosecute, sue with respect to, defend against, correct,
remedy, or otherwise combat fraud or abuse in such programs.
11. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in, a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by CMS
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic media.
Retrievability:
All Medicare records are accessible by Health Insurance Claim
Number, and SSN search. This system supports both on-line and batch
access.
Safeguards:
CMS has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, CMS has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the MBD system. For computerized records,
safeguards have been established in accordance with the Department of
Health and Human Services (HHS) standards and National Institute of
Standards and Technology guidelines, e.g., security codes will be
used, limiting access to authorized personnel. System securities are
established in accordance with HHS, Information Resource Management
(IRM) Circular No. 10, ``Automated Information Systems Security
Program;'' CMS's ``IT Systems Securities Policies, Standards, and
Guidelines Handbook;'' OMB Circular No. A-130 (revised), Appendix
III.
Retention and disposal:
Records are maintained in the active files for a period of 15
years. The records are then retired to archival files maintained at
the Health Care Data Center.
System manager(s) and address:
Acting Director, Center for Medicare Choices & Deputy Director
for Beneficiary Education in the Center for Beneficiary Choices, CMS,
7500 Security Boulevard, C5-18-27, Baltimore, Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, address, date of birth, and sex, and for verification
purposes, the subject individual's name (woman's maiden name, if
applicable), and social security number (SSN). Furnishing the SSN is
voluntary, but it may make searching for a record easier and prevent
delay.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with department regulation 45 CFR 5b.7).
Record source categories:
The data contained in this system of records are extracted from
other CMS systems of records: Enrollment Database, Group Health Plan,
and the Medicaid Statistical Information System.
Systems exempted from certain provisions of the act:
None.
Appendix A. Health Insurance Records
Medicare records are maintained at the CMS Central Office (see
section 1 below for the address). Health Insurance Records of the
Medicare program can also be accessed through a representative of the
CMS Regional Office (see section 2 below for addresses). Medicare
records are also maintained by private insurance organizations that
share in administering provisions of the health insurance programs.
These private insurance organizations, referred to as Managed Care
Organizations, are under contract to the Centers for Medicare &
Medicaid Services and the Social Security Administration to perform
specific task in the Medicare program (see section three below for
information on MCOs).
1. Central Office Address: CMS Data Center, 7500 Security
Boulevard, North Building, First Floor, Baltimore, Maryland 21244-
1850.
2. CMS Regional Offices: BOSTON REGION--Connecticut, Maine,
Massachusetts, New Hampshire, Rhode Island, Vermont. John F. Kennedy
Federal Building, Room 1211, Boston, Massachusetts 02203. Office
Hours: 8:30 a.m.-5 p.m.
NEW YORK REGION--New Jersey, New York, Puerto Rico, Virgin
Islands. 26 Federal Plaza, Room 715, New York, New York 10007, Office
Hours: 8:30 a.m.-5 p.m.
PHILADELPHIA REGION--Delaware, District of Columbia, Maryland,
Pennsylvania, Virginia, West Virginia. Post Office Box 8460,
Philadelphia, Pennsylvania 19101. Office Hours: 8:30 a.m.-5 p.m.
ATLANTA REGION--Alabama, North Carolina, South Carolina, Florida,
Georgia, Kentucky, Mississippi, Tennessee. 101 Marietta Street, Suite
702, Atlanta, Georgia 30223, Office Hours: 8:30 a.m.-4:30 p.m.
CHICAGO REGION--Illinois, Indiana, Michigan, Minnesota, Ohio,
Wisconsin. Suite A--824, Chicago, Illinois 60604. Office Hours: 8
a.m.-4:45 p.m.
DALLAS REGION--Arkansas, Louisiana, New Mexico, Oklahoma, Texas,
1200 Main Tower Building, Dallas, Texas. Office Hours: 8 a.m.-4:30
p.m.
KANSAS CITY REGION--Iowa, Kansas, Missouri, Nebraska. New Federal
Office Building, 601 East 12th Street, Room 436, Kansas City,
Missouri 64106. Office Hours: 8 a.m.-4:45 p.m.
DENVER REGION--Colorado, Montana, North Dakota, South Dakota,
Utah, Wyoming. Federal Office Building, 1961 Stout Street, Room 1185,
Denver, Colorado 80294. Office Hours: 8 a.m.-4:30 p.m.
SAN FRANCISCO REGION--American Samoa, Arizona, California, Guam,
Hawaii, Nevada. Federal Office Building, 10 Van Ness Avenue, 20th
Floor, San Francisco, California 94102. Office Hours: 8 a.m.-4:30
p.m.
SEATTLE REGION--Alaska, Idaho, Oregon, Washington. 1321 Second
Avenue, Room 615, Mail Stop 211, Seattle, Washington 98101. Office
Hours 8 a.m.-4:30 p.m.
3. Managed Care Organizations: Monthly report of Managed Care
Organizations is available at www.cms.gov.
09-70-1511
System name: Physical Therapists In Independent Practice
(Individuals), HHS/HCFA/HSQB.
Security classification:
None.
System location:
HCFA Data Center in Central Office at Lyons Building, 7131
Rutherford Rd., Baltimore, Maryland and DHHS ten Regional Offices
(See Appendix A).
Categories of individuals covered by the system:
Physical Therapists in Independent Practice (PTIPs) who furnish
outpatient physical therapy services and who have an individual
practitioner status as approved under 42 CFR 405.1731.
Categories of records in the system:
The system contains information about a therapist's name,
identification number, address and survey and certification
information.
Authority for maintenance of the system:
Section 1861(p) and 1864 of the Social Security Act (42 U.S.C.
1395 x(p) and 1395(aa) Implementing regulation: 42 CFR 405.1730-
405.1737.
Purpose(s):
To provide information of PTIPs as to the quality, quantity and
availability of health care related services in the United States
rendered by PTIPs. It serves as a unique source of program related
and health management information on all PTIPs in the nation who
participate in the Medicare/Medicaid programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To providers and suppliers of services (and their authorized
billing agents) directly or dealing through fiscal intermediaries or
carriers, for administration of provisions of title XVIII and title
XIX.
2. To the private sector in the health care industry requesting
information generally relating to PTIPs without disclosing the
identity of any individuals and as approved by HCFA that disclosure
is compatible with the purpose for which the records were collected.
3. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications sytems containing or supporting records
in the system.
4. To a congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
5. To a beneficiary who has the need to know the quality of care
rendered by a particular PTIP.
6. To other government agencies requesting information generally
relating to PTIPs without disclosing the identity of any individuals
and as approved by HCFA that disclosure is compatible with the
purpose for which the records were collected.
7. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
7. To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
8. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
9. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper, magnetic tape and direct access storage device.
Retrievability:
Information will be retrieved by the PTIP's identification
number, name, address or survey and certification information.
Safeguards:
a. Authorized Users: Only agency employees and contractor
personnel whose duties require the use of information in the system.
In addition, such agency employees and contractor personnel are
advised that the information is confidential and of criminal
sanctions for unauthorized disclosure of information.
bPhysical Safeguards: Records are stored in locked files or
secured areas. Computer terminals are in secured areas.
c. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant regular access only to authorized
users. Data stored in computers are accessed through the use of
passwords known only to authorized personnel.
Contractors who maintain records in this system are instructed to
make no further disclosure of the records except as authorized by the
system manager and permitted by the Privacy Act. Privacy Act language
is included in contracts related to this system.
d. Implementation guidelines: Safeguards implemented in
accordance with all guidelines required by the Department of Health
and Human Services. Safeguards for automated records have been
established in accordance with the Department of HHS' Automated Data
Processing Manual, ``Part 6, ADP System Security.''
Retention and disposal:
Paper copies of the records are maintained in a secure storage
area with identifiers. Purging of paper copies occurs three years
from the last completed survey. Computerized records are maintained
for a period of the last four surveys.
System manager(s) and address:
Director, Division of Data and Program Analysis, Health Standards
and Quality Bureau, Health Care Financing Administration, 2-D-2
Meadows East Building, 6325 Security Boulevard, Baltimore, Maryland
21207.
Notification procedure:
To determine if a record exists, write to the system manager at
the address indicated above and specify name or identification
number.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Departmental Regulations (45 CFR 5b.5(a)(2).)
Contesting record procedures:
Contact the System Manager named above, and reasonably identify
the record(s) and specify the information to be contested. State the
reason for contesting it (e.g., why it is inaccurate, irrelevant,
incomplete, or not current). (These procedures are in accordance with
Departmental Regulations (45 CFR 5b.7).)
Record source categories:
Sources of information contained in this record system include
data collected from PTIPs with an individual practitioner status as
surveyed and collected by the State agency and transmitted to the
regional office and Baltimore.
Systems exempted from certain provisions of the act:
None.
Appendix A--Regional Office Addresses
BOSTON REGION--Connecticut, Maine, Massachusetts, New
Hampshire, Rhode Island, Vermont
Room 1309
JFK Federal Building
Boston, Massachusetts 02203
NEW YORK REGION--New Jersey, New York, Pureto Rico, Virgin
Islands
Room 3811
26 Federal Plaza
New York, New York 10278
PHILADELPHIA REGION--Delaware, District of Columbia, Maryland,
Pennsylvania, Virginia, West Virginia
3535 Market Street
PO Box 7760
Philadelphia, Pennsylvania 19101
ATLANTA REGION--Alabama, Florida, Georgia, Kentucky,
Mississippi, North Carolina, South Carolina, Tennessee
Suite 701
101 Marietta Tower
Atlanta, Georgia 30323
CHICAGO REGION--Illinois, Indiana, Michigan, Minnesota, Ohio,
Wisconsin
Suite A-835
175 W. Jackson Boulevard
Chicago, Illinois 60604
DALLAS REGION--Arkansas, Louisiana, New Mexico, Oklahoma, Texas
Room 2400
1200 Main Tower Building
Dallas, Texas 75202
KANSAS CITY REGION--Iowa, Kansas, Missouri, Nebraska
New Federal Office Building
Room 235
601 East 12th Street
Kansas City, Missouri 64106
DENVER REGION--Colorado, Montana, North Dakota, South Dakota,
Utah, Wyoming
Federal Building
Room 574
1961 Stout Street
Denver, Colorado 80294
SAN FRANCISCO REGION--American Samoa, Arizona, California,
Guam, Hawaii, Nevada
14th Floor
100 Van Ness Avenue
San Francisco, California 94102
SEATTLE REGION--Alaska, Idaho, Oregon, Washington
Mail Stop 502
2901 Third Avenue
Seattle, Washington 98121.
09-70-1512
System name: PRO Data Management Information System (PDMIS),
HHS/HCFA/HSQB.
Security classification:
None.
System location:
Health Care Financing Administration, Health Standards and
Quality Bureau, Office of Peer Review, Division of Systems
Management, 2nd Floor, Meadows East Building, 6325 Security
Boulevard, Baltimore, Maryland 21207-5187.
Health Care Financing Administration, Regional Offices, See
appendix A.
Categories of individuals covered by the system:
Medicare beneficiaries and provider/practitioners within a PRO
area (state).
Categories of records in the system:
1. Pro Identifier (PRO ID)--A unique identifier (alpha/numeric)
assigned to the PRO for identification and reporting purposes.
2. Record Type--Identifies the type of record being submitted
(e.g., new, replacement or cancellation record).
3. Provider Identifier (Provider ID)--The actual Medicare
provider number assigned to the facility for Medicare billing
purposes.
4. Health Insurance Claim Number--The Medicare beneficiary's
unique Medicare Health Insurance Claim (HIC) Number.
5. Admission/Service Date--The date of admission to the provider
if inpatient or the date of service if an outpatient in a hospital or
an ancillary service center (ASC).
6. Discharge Date--If inpatient, the date of discharge from the
provider.
7. Basis for Selection--The originating category of required
review from which the case was selected by the PRO.
8. Review Selection and Completion Dates--The date the record was
selected and the date medical review of the case was completed.
9. Completed Review Results--
--Admission review data (utilization)
--Diagnosis Related Group (DRG) validation data (coding)
--Generic screen data (quality of care)
--Discharge review data (premature discharges)
--Coverage review data
--Waiver of liability data
--Invasive procedure review data
--Prospective payment system (PPS) outlier review data
--Intervening care data
--Beneficiary complaint issues
--Reconsideration and appeals of initial denial determinations
--PRO initiated adjustment data
--Review of hospital initiated notices of non-coverage
10. Review Type--Indicates whether the review was performed on a
pre-admission, pre-discharge, prepayment or retrospective basis.
11. Unique Physician Identification Number (UPIN)--The unique
identifier assigned to a physician/practitioner for Medicare billing
purposes.
12. Interventions--The number/type of interventions taken in
response to identified quality, utilization and/or coding problems.
13. Cost Data--The amount and type (nurse, physician,
administrative, etc.) of hours/dollars expended to administer the
Peer Review Program in the PRO area.
Authority for maintenance of the system:
This system is maintained under the authority of the following
provisions of the Social Security Act: section 1866(a)(1) (E) and
(F), section 1876(i)(7), and part B of title XI.
Purpose(s):
This system will be used to collect data on the selection and
subsequent medical review of required areas of review of care
provided to Medicare beneficiaries in the acute hospital setting,
specialty hospitals, and hospital units exempt from the PPS, swing
beds, hospital outpatient areas, ambulatory surgical centers,
emergency rooms and HMO clinics and facilities. The system will allow
for PRO generation and submission to HCFA of a unique record with all
applicable review information relevant to PRO contractor performance
and data analysis. The HIC, UPIN and provider numbers are utilized
because they represent the only unique constant identifiers available
to allow for identification and tracking of a particular record. The
HIC number will also eliminate the probability of double counting
records when determining the number of reviews performed for PRO
payment purposes, and identifying erroneous record submissions.
Additionally, this system will allow for project officer and SuperPRO
selection of samples for re-review to validate the accuracy of
contractor performance. (SuperPRO is an organization under contract
with HCFA to make recommendations on the accuracy and quality of PRO
medical review determinations.)
Routine uses of records maintained in the system, including
categories of users and purposes of such uses:
Disclosures may be made:
1. To a congressional office in response to an inquiry from that
office at the request of the subject individual.
2. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components;
is a party to litigation or has an interest in such litigation,
and that the use of such records by the Department of Justice, the
tribunal, or the party is relevant and necessary to the litigation
and would help in the effective representation of the governmental
party, provided that in each case HHS determines that such disclosure
is compatible with the purpose of which the records were collected.
3. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for automated data processing or telecommunications systems
containing or supporting records in the system.
4. To a third party where:
(a) HCFA needs information from the third party to verify
information relating to program integrity, qualify of care, and
evaluation and measurement of system activities.
(b) The party to whom disclosure is to be made has, or is
reasonably expected to have such information, and disclosure is
needed in order to obtain the information; and
(c) HCFA determines that the purpose of disclosure is compatible
with the purposes for which the records were collected.
5. To a PRO, SuperPRO, an individual or group for research and/or
evaluation purposes with regard to payment or provision of health
care services or an entity under contract with HCFA or HHS acting in
a manner consistent with maintaining the integrity of the Medicare
program if HCFA determines that disclosure of beneficiary,
practitioner or provider-specific information is necessary or
relevant to an authorized research/evaluation project or for an
official investigation or litigation regarding a specific case, and
if HCFA determines:
(a) That the use or disclosure of information does not violate
legal limitations under which the record was provided, collected, or
obtained; and
(b) That the purpose for which disclosure is to be made:
(1) Is compatible with the purposes for which the records were
collected;
(2) Cannot be reasonably accomplished unless the record is
provided in individual identifiable form; and
(3) Is of sufficient importance to warrant any effect on the
privacy of the individual that disclosure of the record might bring;
and
(c) That adequate safeguards have been instituted so as to
protect the confidentiality of the data and prevent unauthorized
access to it; and
(d) That the appropriate procedures, format, and media will be
used for the data disclosure process.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of records in the system:
Storage:
The records are maintained at the system location site in
magnetic media (e.g., magnetic tape and computer discs).
Retrievability:
The data in this system are retrieved by PRO ID, HIC number, UPIN
and Provider ID.
Safeguards:
Safeguards for automated records have been established in
accordance with the HHS' Information Resources Management Manual,
``Part 6, Automated Information Systems Security.'' This includes
maintaining the records in a secure enclosure. Access to specific
records is limited to those who have a need for them in the
performance of their official duties.
Retention and disposal:
Records are maintained on-line in the system from the date of
receipt through the length of their PRO contract). After this period,
the records will be stored on magnetic media in a secured location.
System manager(s) and address:
Director, Office of Peer Review, Health Standards and Quality
Bureau, Health Care Financing Administration, 2-D-2 Meadows East
Building, 6323 Security Boulevard, Baltimore, Maryland 21207-5187.
Notification procedures:
To determine if your record exists, write to the system manager
at the address indicated above or to the appropriate regional office
(see appendix A), and specify HIC Number, UPIN and/or Provider ID.
Notification procedures are governed by 5 U.S.C. 552a(d)(1) and (f)
(1), (2) and (3) and by 45 CFR 5b.5 and 5b.6.
Record access procedures:
Same as notification procedures. Requesters should reasonably
specify the information in the records being sought. You may also
request an accounting of disclosures that have been made of your
records, if any. Record access procedures are governed by 5 U.S.C.
552a(d)(1) and (f) (2) and (3) and by 45 CFR 5b.5 and 5b.6.
Contesting record procedures:
Contact the system manager named in Paragraph 5 above, identify
the relevant record, specify the information to be corrected or
amended, and state the corrective action sought and the reasons for
requesting the correction or amendment. Include information to show
how the record is inaccurate, incomplete, untimely, irrelevant, or
otherwise in need of correction or amendment. Correction/amendment
procedures are governed by 5 USC 552a(d)(2) and by 45 CFR 5b.7.
An individual who disagrees with a refusal to correct or amend
his record may appeal the refusal by writing to the Director, Health
Standards and Quality Bureau, 6300 Security Boulevard, Baltimore,
Maryland 21207-5187. Appeal rights and procedures are governed by 5
U.S.C. 552a(d)(3), (4) and (5), and by 45 CFR 5b.8.
Record source categories:
These records will be generated by the PRO from data received
from HCFA, the servicing fiscal intermediary or carrier responsible
for the processing of Medicare hospital bills and from data generated
by the PRO itself as a result of performing medical reviews. Other
sources of data include Medicare beneficiaries, congressional
offices, Medicare providers, Office of Inspector General, etc. The
electronic record will only include information to be compiled in the
data base (e.g., PROs identifier, HIC, admission/service and
discharge dates, review selection and results.)
Systems exempted from certain provisions of the act:
None.
Appendix A--Health Care Financing Administration Regional Offices
I. Boston, Project Officer, Peer Review Organization, Room 1309,
John F. Kennedy Federal Building, Boston, Massachusetts 02203-0003.
II. New York, Project Officer, Peer Review Organization, Room
3811, 26 Federal Plaza, New York, New York 10278-0063.
III. Philadelphia, Project Officer, Peer Review Organization,
Room 3100, PO Box 7760, Philadelphia, Pennsylvania 19101-7760.
IV. Atlanta, Project Officer, Peer Review Organization, Suite
701, 101 Marietta Street, Atlanta, Georgia 30323-2711.
V. Chicago, Project Officer, Peer Review Organization, 14th-16th
Floors, 105 W. Adams Street, Chicago, Illinois 60603-6201.
VI. Dallas, Project Officer, Peer Review Organization, Room 2000,
1200 Main Tower Building, Dallas, Texas 75202-4305.
VII. Kansas, Project Officer, Peer Review Organization, New
Federal Office Building, Room 235, 601 East 12th Street, Kansas City,
Missouri 64106-2808.
VIII. Denver, Project Officer, Peer Review Organization, Federal
Office Building, Room 1185, 1961 Stout Street, Denver, Colorado
80294-3538.
IX. San Francisco, Project Officer, Peer Review Organization, 4th
and 5th Floors, 75 Hawthorne Street, San Francisco, California 94105-
3903.
X. Seattle, Project Officer, Peer Review Organization, Mail Stop
RX 40, 2201 Sixth Avenue, Seattle, Washington 98121-2500.
09-70-1516
System name: Uniform Clinical Data Set (UCDS), HHS/HCFA/HSQB.
Security classification:
None.
System location:
Health Care Financing Administration (HCFA), Bureau of Data
Management and Strategy, Office of Computer Operations, HCFA Data
Center, Lyon Building, 7131 Rutherford Road, Baltimore, Maryland
21207.
Categories of individuals covered by the system:
A record will be generated for acute care hospital stay of a
Medicare beneficiary which is randomly selected for review by a
Utilization and Quality Control Peer Review Organization (PRO).
Categories of records in the system:
A single record for each case reviewed using the UCDS automated
system will be maintained. Each record contains data in five general
categories--(1) management information, (2) sociodemographic data on
the beneficiary, (3) clinical characteristics of the beneficiary at
admission, (4) processes of care during the stay and (5) outcomes/
status at discharge. Examples of the data collected in each of these
categories follow:
b Management Information--Peer Review Organization Identifier
(PROID), hospital identifier, the beneficiary's hospital medical
record number, his Health Insurance Claim (HIC) number, admission and
discharge dates, discharge disposition code, attending physician
identifier, date of birth, date of death (when death occurred in the
institution) and sex.
b Sociodemographic Data--Admission caregiver, patient race,
occupational status, insurance source, and current ambulatory care.
b Clinical Condition at Admission--Height, weight, and vital
signs, medication history such as current medications at admission,
history of drug/dye allergy or poisoning, history of radiation
exposure, and medications administered in emergency room; history of
permanent anatomic changes such as major organ removal, amputation of
major limb, organ transplant, and congenital organ absence; history
and physical including chronic diseases and/or conditions and
evidence of current diseases and/or conditions; results of certain
diagnostic tests conducted prior to admission.
b Processes of Care--Principal and secondary diagnoses;
laboratory findings; results of selected diagnostic tests such as x-
ray, CT scan, EKG, cardiac catheterization, EEG, pulmonary function,
etc.; endoscopic procedures; operative episodes including the date of
operation, anesthetic type, anesthetic risk, vascular access lines,
surgical wound classification, adverse intraoperative occurrences,
and tissue findings; noninvasive treatment interventions such as
blood products, inhalation therapy, professional services; medication
therapy, and delivery systems for medications; hospital course
including special care unit days, total number of special case unit
episodes, ``do not resuscitate'' order and date, adverse occurrences,
trauma suffered in hospital, infections, and prolonged stay.
b Outcome/Disacharge Status--Discharge vital signs; discharge
exam finding; discharge tests; discharge planning including
activities of daily living, caregiver, follow-up plans, discharge
therapies, discharge medications, and discharge diagnoses.
Authority for maintenance of the system:
This system is established under the authority of section
1866(a)(1)(F) of the Social Security Act, which requires hospitals
participating in the Medicare program to have an agreement with a PRO
for the latter to review various aspects of the hospital's
activities; section 1154(a) of the Social Security Act, which
requires the Utilization and Quality Control Peer Review
Organizations (PROs), under contract to the Secretary, to review the
care provided by physicians and other health care practitioners under
Medicare; section 1862(g) of the Social Security Act, which requires
the Secretary to enter into contracts with PROs to assist in making
certain types of determinations in the Medicare program and section
1874 (a) and (b) of the Social Security Act, which authorize the
Secretary to administer the Medicare program through contracts with
others, including contracts for procuring data as may be necessary in
carrying out functions under the Medicare statute and regulations at
45 CFR part 5b.
Purpose(s):
To collect a standard set of data about each hospitalization
selected for UCDS review in order to make PRO review more consistent
from State to State. To provide for the collection of data which can
be used to monitor the care provided by the Medicare program in a
more uniform way.
Routine use of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To a congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
2. To an individual or organization for a research, evaluation or
epidemiological project related to studying the effectiveness of
health care or to the improvement of the quality of health care if
HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
(b) Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished.
(c) Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information; and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the heath or safety of
any individual;
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit; or
(d) When required by law.
(d) Secures a written statement attesting to the information
recipient(s) understanding of an willingness to abide by these
provisions.
3. The Department of Justice, to a court or other tribunal, or to
another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its conponents,
or is a party to litigation, or has an interest in such litigation,
and HHS determines that the sue of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
4. To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in or
refining processes associated with the operation of this system or
for developing, modifying and/or manipulating ADP software. Data will
also be disclosed to contractors incidental to consultation,
programming, operation, user assistance, or maintenance for ADP or
telecommunications systems containing or supporting records in the
system. The contractor shall be required to maintain Privacy Act
safeguards with respect to such records.
5. To a third party where:
(a) HCFA needs information from the third party to verify
information relating to program integrity, quality of care, and
evaluation and measurement of system activities;
(b) The party to whom disclosure is to be made has, or is
reasonably expected to have such information, and disclosure is
needed in order to obtain the information; and
(c) HCFA determines that the purpose of disclosure is compatible
with the purposes for which the records were collected.
6. To a Utilization and Quality Control Peer Review Organization
or an entity under contract to HCFA or the Department acting in a
manner consistent with maintaining the integrity of the Medicare
program if HCFA determines that disclosure of beneficiary specific
information is necessary or relevant to an official investigation or
litigation regarding a specific care, and if HCFA determines:
(a) That the use or disclosure of information does not violate
legal limitations under which the record was provided, collected, or
obtained; and
(b) That the purpose for which disclosure is to be made:
(1) Is compatible with the purposes for which the records were
collected;
(2) Cannot be reasonably accomplished unless the record is
provided in individual identifiable form; and
(3) Is of sufficient importance to warrant any effect on the
privacy of the individual that disclosure of the record might bring.
(c) That adequate safeguards have been instituted so as to
protect the confidentiality of the data and prevent unauthorized
access to it; and
(d) That the appropriate procedures, format, and media will be
used for the data disclosure process.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained at the system location site in
magnetic media (e.g., magnetic tape and computer disks).
Retrievability:
At a minimum, the data in the system are retrieved by the PRO
identifier, the Health Insurance Claim (HIC) number (which is derived
from the Social Security number) and the provider identifier. Data
could be retrieved by other identifiers such as the attending
physician identifier, the principal diagnosis, age, sex, etc.
Safeguards:
Safeguards for automated records have been established in
accordance with the Department of HHS' Information Resources
Management Manual, ``Part 6, Automated Information Sysems Security.''
This includes maintaining the records in a secure enclosure. Access
to specific records is limited to those who have a need for them in
the performance of their official duties.
Retention and disposal:
Records are maintained in the system with identifiers as long as
needed for program research.
System manager(s) and address:
Director, Health Standards and Quality Bureau, Health Care
Financing Administration, Room 2-D-2 Meadows East Building, 6325
Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
To determine if a record exists, the individual should write to
the system manager at the address indicated above and specify his or
her HIC number.
Record access procedure:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought. (These access procedures
are in accordance with Department Regulations (45 CFR 5b.5(a)(2)).)
Contesting record procedure:
Contact the system manager named above and reasonably identify
the record and specify the information to be contested, and state the
corrective action sould and your reasons for requesting the
correction, along with information to show how the record is
inaccurate, incomplete, untimely, irrelevant, or otherwise in need of
correction. (These procedures are in accordance with Department
Regulations (45 CFR 5b.7).)
Record source categories:
These records will be generated by the PRO as a result of its
review of the medical record associated with selected inpatient
hospital stays of Medicare beneficiaries. The data source will be the
medical record of that stay provided by the institution.
Systems exempted from certain provisions of the act:
None.
09-70-1516
System name:
Long Term Care Minimum Data Set (LTC MDS), HHS/HCFA/CMSO.
Security classification:
None.
System location:
HCFA Data Center, 7500 Security Boulevard, Baltimore, Maryland
21244-1850.
HCFA contractors and agents at various locations.
Categories of individuals covered by the system:
Residents in all LTC facilities that are Medicare and/or Medicaid
certified, including private pay individuals.
Categories of records in the system:
Individual-level demographic and identifying data as well as
clinical status data.
Authority for maintenance of the system:
Sections 1102(a), 1819(f), 1919(f), 1819(b)(3)(A), 1919(b)(3)(A),
and 1864 of the Social Security Act.
Purpose(s):
To aid in the administration of the survey and certification of
Medicare/Medicaid LTC facilities and to study the effectiveness and
quality of care given in those facilities. This system will also
support regulatory, reimbursement, policy, and research functions,
and enable regulators to provide long term care facility staff with
outcome data for providers' internal quality improvement activities.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These routine uses specify additional circumstances under which
HCFA may release information from the LTC MDS system without the
consent of the individual to whom such information pertains. Each
proposed disclosure of information under these routine uses will be
evaluated to ensure that the disclosure is legally permissible,
including but not limited to ensuring that the purpose of the
disclosure is compatible with the purpose for which the information
was collected. Also, HCFA will require each prospective recipient of
such information to agree in writing to certain conditions to ensure
the continuing confidentiality and physical safeguards of the
information. More specifically, as a condition of each disclosure
under these routine uses, HCFA will, as necessary and appropriate:
(a) Determine that no other Federal statute specifically
prohibits disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect on or the
risk to the privacy of the individual(s) that additional exposure of
the record(s) might bring; and
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished;
(d) Require the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use, or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent to the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III, Security of Federal Automated Information Systems which sets
forth guidelines for security plans for automated information systems
in Federal agencies.
(2) Remove or destroy the information that allows subject
individual(s) to be identified at the earliest time at which removal
or destruction can be accomplished, consistent with the purpose of
the request;
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed; and
(4) Make no further use or disclosure of the information except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions,
provided HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient
attests to an understanding of, and willingness to abide by, the
foregoing provisions and any additional provisions that HCFA deems
appropriate in the particular circumstance; and
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
instructions regarding preparation and transmission of a matching
agreement as stated in 5 U.S.C. 552a(o) must be followed.
Disclosure may be made:
1. To a Congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual.
2. To the Bureau of Census for use in processing research and
statistical data directly related to the administration of Agency
programs.
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof;
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components;
is party to litigation or has an interest to such litigation, and HHS
determines that the use of such records by the Department of Justice,
the tribunal, or the other party is relevant and necessary to the
litigation and would help in the effective presentation of the
governmental party or interest, provided, however, that in each case
HHS determines that such disclosure is compatible with the purpose
for which the records were collected.
4. To an individual or organization for a research, evaluation,
or epidemiological project related to the prevention of disease or
disability, or the restoration or maintenance of health.
5. To a HCFA contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this
system or for developing, modifying, and/or manipulating automated
data processing (ADP) software. Data could also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for ADP or telecommunications systems
containing or supporting records in the system.
6. To an agency of a state government, or established by state
law, for purposes of determining, evaluating, and/or assessing
overall or aggregate cost, effectiveness, and/or quality of health
care services provided in the state; or for the purpose of
administration of federal-state health care programs within the
state. Data will be released to the state only on those individuals
who are either residents in long term care facilities within the
state or are legal residents of the state irrespective of the
location of the LTC facility wherein they are residents. In effect,
only data collected by the state for HCFA may be released for this
purpose.
7. To another Federal agency (1) To contribute to the accuracy of
HCFA's proper payment of Medicare health benefits, and/or (2) to
enable such agency to administer a Federal health benefits program,
or as necessary to enable such agency to fulfill a requirement of a
Federal statute or regulation that implements a health benefits
program funded in whole or in part with Federal funds.
8. To a HCFA contractor to perform Title XI or Title XVIII (of
the Social Security Act) functions. Records from the LTC MDS may be
released to a Peer Review Organization (PRO), or other HCFA
contractor respectively, for performing medical review functions
under these provisions of the law.
9. To a HCFA contractor, including but not limited to, fiscal
intermediaries and carriers under Title XVIII of the Social Security
Act, to administer some aspect of a HCFA-administered health benefits
program, or to a grantee of a HCFA-administered grant program, which
program is or could be affected by fraud or abuse, for the purpose of
preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in
such programs.
10. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to,
defending against, correcting, remedying, or otherwise combating such
fraud or abuse in such programs.
11. To any entity that makes payment for or oversees
administration of health care services, for the purpose of
preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating fraud or abuse against
such entity or the program or services administered by such entity,
provided:
(i) Such entity enters into an agreement with HCFA to share
knowledge and information regarding actual or potential fraudulent or
abusive practices or activities regarding the delivery or receipt of
health care services, or regarding securing payment or reimbursement
for health care services, or any practice or activity that, if
directed toward a HCFA-administered program, might reasonably be
construed as actually or potentially fraudulent or abusive;
(ii) Such entity does, on a regular basis, or at such times as
HCFA may request, fully and freely share such knowledge and
information with HCFA, or as directed by HCFA, with HCFA's
contractors; and
(iii) HCFA determines that it may reasonably conclude that the
knowledge or information it has received or is likely to receive from
such entity could lead to preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
fraud or abuse in the Medicare, Medicaid, or other health benefits
program administered by HCFA or funded in whole or in part by Federal
funds.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of records in the system:
Storage:
All records are stored on magnetic media.
Retrievability:
All records are retrieved by Social Security Number or Health
Insurance Claim Number or by state-assigned Medicaid number.
Safeguards:
For computerized records, safeguards established in accordance
with Department standards and National Institute of Standards and
Technology guidelines (e.g., security codes) will be used, limiting
access to authorized personnel. System securities are established in
accordance with HHS, Information Resource Management (IRM) Circular
10, Automated Information Systems (AIS) Guide, Systems
Security Policies, and OMB Circular No. A-130 (revised), Appendix
III.
Retention and disposal:
Records are maintained with identifiers as long as needed for
program research.
System manager(s) and address:
Director, Center for Medicaid and State Operations, 7500 Security
Boulevard, Baltimore, Maryland, 21244-1850.
Notification procedure:
To determine whether the individual's record is in the system,
the subject individual should write to the system manager and furnish
the following information: Name of system; health insurance claim
number; and for verification purposes, the subject individual's name
(woman's maiden name, if applicable), social security number,
address, date of birth, and sex.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Individuals in the system should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with the Department regulations 45 CFR
5b.5.)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulations 45 CFR 5b.7.)
Record source categories:
LTC Resident Assessment Instrument which includes the minimum
data set and resident assessment protocols.
Systems exempted from certain provisions of the act:
None.
09-70-1518
System name:
Inpatient Rehabilitation Facilities Patient Assessment Instrument
(IRF PAI), HHS/CMS/CMSO.
Security classification:
Level 3, Privacy Act Sensitive.
System location:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850 and CMS contractors and agents
at various locations.
Categories of individuals covered by the system:
The system of records will contain clinical assessment
information (IRF-PAI records) for all Medicare Part A fee-for-service
patients receiving the services of a Medicare approved Inpatient
Rehabilitation Facility (IRF). Information will be retained in the
system of records only for those individuals whose payments come from
Medicare.
Categories of records in the system:
This system of records will contain individual-level demographic
and identifying data, as well as clinical status data for patients
with the payment source of traditional Medicare Part A fee-for-
service and Medicare+Choice Enrollees.
Authority for maintenance of the system:
Sec. 1886 (j) (2) (D) of the Social Security Act authorizes the
Secretary to collect the data necessary to establish and administer
the payments system
Purpose(s):
The primary purpose of the IRF system of records is to support
the IRF prospective payment system (PPS) for payment of the IRF
Medicare Part A fee-for-services furnished by the IRF to Medicare
beneficiaries. Other purposes for the system of records are to: (1)
Help validate and refine the Medicare IRF-PPS; (2) study and help
ensure the quality of care provided by IRFs; (3) enable CMS and its
agents to provide IRFs with data for their own quality assurance and,
(4) ultimately, quality improvement activities; (5) support agencies
of the State government, deeming organizations or accrediting
agencies to determine, evaluate and assess overall effectiveness and
quality of IRF services provided in the State; (6) provide
information to consumers to allow them to make better informed
selections of providers; (7) support regulatory and policy functions
performed within the IRF or by a contractor or consultant; (8)
support constituent requests made to a Congressional representative;
(9) support litigation involving the facility; and (10) support
research on the utilization and quality of inpatient rehabilitation
services; as well as, evaluation, or epidemiological projects related
to the prevention of disease or disability, or the restoration or
maintenance of health for understanding and improving payment
systems.
Routine uses of records maintained in the system, including
categories or users and the purposes of such uses:
These routine uses specify circumstances, in addition to those
provided by statute in the Privacy Act of 1974, under which CMS may
release information from the IRF-PAI without the consent of the
individual to whom such information pertains. Each proposed
disclosure of information under these routine uses will be evaluated
to ensure that the disclosure is legally permissible, including but
not limited to ensuring that the purpose of the disclosure is
compatible with the purpose for which the information was collected.
In addition, our policy will be to prohibit release even of non-
identifiable data, except pursuant to one of the routine uses, if
there is a possibility that an individual can be identified through
implicit deduction based on small cell sizes (instances where the
patient population is so small that individuals who are familiar with
the enrollees could, because of the small size, use this information
to deduce the identity of the beneficiary). Be advised, this System
of Records contains Protected Health Information as defined by the
Department of Health and Human Services' regulation ``Standards for
Privacy of Individually Identifiable Health Information'' (45 CFR
parts 160 and 164, 65 FR 8462 as amended by 66 FR 12434). Disclosures
of Protected Health Information authorized by these routine uses may
only be made if, and as, permitted or required by the ``Standards for
Privacy of Individually Identifiable Health Information.''
1. To agency contractors or consultants who have been contracted
by the agency to assist in the performance of a service related to
this system of records and who need to have access to the records in
order to perform the activity.
2. To a Peer Review Organization (PRO) in order to assist the PRO
to perform Title XI and Title XVIII functions relating to assessing
and improving IRF quality of care. PROs will work with IRFs to
implement quality improvement programs, provide consultation to CMS,
its contractors, and to State agencies.
3. To another Federal or State agency:
a. To contribute to the accuracy of CMS's proper payment of
Medicare benefits,
b. To enable such agency to administer a Federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a Federal statute or regulation that implements a
health benefits program funded in whole or in part with Federal
funds, or
c. To improve the state survey process for investigation of
complaints related to health and safety or quality of care and to
implement a more outcome oriented survey and certification program.
4. To an individual or organization for research on the
utilization of inpatient rehabilitation services as well as
evaluation or epidemiological projects related to the prevention of
disease or disability, or the restoration or maintenance of health
epidemiological, or for understanding and improving payment projects.
5. To a member of Congress or to a congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
6. To the Department of Justice (DOJ), court or adjudicatory body
when:
a. The agency or any component thereof; or
b. Any employee of the agency in his or her official capacity; or
c. Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee; or
d. The United States Government; is a party to litigation or has
an interest in such litigation, and by careful review, CMS determines
that the records are both relevant and necessary to the litigation
and the use of such records by the DOJ, court or adjudicatory body is
compatible with the purpose for which the agency collected the
records.
7. To a CMS contractor (including, but not necessarily limited to
fiscal intermediaries and carriers) that assists in the
administration of a CMS-administered health benefits program, or to a
grantee of a CMS-administered grant program, when disclosure is
deemed reasonably necessary by CMS to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against, correct, remedy, or otherwise combat fraud or abuse in such
program.
8. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any State or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in, a health benefits program funded in whole or in part by
Federal funds, when disclosure is deemed reasonably necessary by CMS
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such programs.
9. To a national accrediting organization that has been approved
for deeming authority for Medicare requirements for inpatient
rehabilitation services (i.e., the Joint Commission for the
Accreditation of Healthcare Organizations, the American Osteopathic
Association and the Commission on Accreditation of Rehabilitation
Facilities). Data will be released to these organizations only for
those facilities that participate in Medicare by virtue of their
accreditation status.
10. To insurance companies, third party administrators (TPA),
employers, self-insurers, managed care organizations, other
supplemental insurers, non-coordinating insurers, multiple employer
trusts, group health plans (i.e., health maintenance organizations
(HMO) or a competitive medical plan (CMP)) with a Medicare contract,
or a Medicare-approved health care prepayment plan (HCPP), directly
or through a contractor, and other groups providing protection for
their enrollees. Information to be disclosed shall be limited to
Medicare entitlement data. In order to receive the information, they
must agree to:
a. Certify that the individual about whom the information is
being provided is one of its insured or employees, or is insured and/
or employed by another entity for whom they serve as a third party
administrator;
b. Utilize the information solely for the purpose of processing
the individual's insurance claims; and
c. Safeguard the confidentiality of the data and prevent
unauthorized access
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic media.
Retrievability:
The Medicare records are retrieved by health insurance claim
(HIC) number, social security number.
Safeguards:
CMS has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, CMS has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the CMS system. For computerized records,
safeguards have been established in accordance with HHS standards and
National Institute of Standards and Technology guidelines; e.g.,
security codes will be used, limiting access to authorized personnel.
System securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program; CMS Information Systems Security, Standards
Guidelines Handbook and OMB Circular No. A-130 (revised) Appendix
III.
Retention and disposal:
CMS will retain identifiable IRF-PAI data for a total period of
15 years.
System manager(s) and address:
Health Care Financing Administration, Center for Medicaid and
State Operations, Director, Survey and Certification Group, 7500
Security Boulevard, S2-12-25, Baltimore, Maryland 2124-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, and for verification purposes, the subject individual's
name (woman's maiden name, if applicable), address, age, and sex, and
social security number (SSN) (furnishing the SSN is voluntary, but it
may make searching for a record easier and prevent delay).
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification
[[Page 56687]]
Procedures above. Requestors should also reasonably specify the
record contents being sought. (These procedures are in accordance
with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
Inpatient Rehabilitation Facilities--Patient Assessment
Instrument.
Systems exempted from certain provisions of the act:
None.
09-70-2003
System name: Completion of State Medicaid Quality Control (MQC)
Reviews, HHS/HCFA/MB.
Security classification:
None.
System location:
HCFA central office or regional offices. (See Attachment A). A
contractor site will be determined when and if the contract is
executed. Contact the systems manager for the location of the
contractor.
Categories of individuals covered by the system:
Sampled Medicaid beneficiaries in the District of Columbia and
all States.
Categories of records in the system:
Documents (e.g., resource, income payment relating to the
eligibility, and payment status of Medicaid beneficiaries).
Authority for maintenance of the system:
Section 1903(u) of the Social Security Act (42 USC 1396b(u)) was
enacted by section 133 of the Tax Equity and Fiscal Responsibility
Act of 1982 (TEFRA), Pub.L. 97-248.
Implementing regulation 42 CFR 431.804(c)(6) (48 FR 54224,
December 1, 1983).
Purpose(s):
To complete State MQC sample reviews for any State that fails to
complete: (1) A timely and valid MQC sample, or (2) individual
reviews required to make a projection of their error rate or
determine their actual error rate.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To the contractor which will use this information to conduct
the reviews.
2. To the State Medicaid agency which refused to complete the
sample.
3. To collateral contacts to verify client eligibility.
Collateral contacts are contacts with third parties that include but
are not limited to contacts with private individuals, banks,
insurance companies, nursing homes, private businesses, Federal
agencies and any entity that can provide information necessary to
derive at a definitive eligibility decision and determine the payment
status of the beneficiary.
4. To a congressional office, from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
5. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States of any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
6. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications systems containing or supporting
records in the system.
7. To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
8. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
9. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary name, social
security number or other unique identifier by HCFA or the State.
Safeguards:
HCFA and/or the contractor will maintain all records in secure
storage areas accessible only to authorized employees and will notify
all employees having access to records of criminal sanctions for
unauthorized disclosure of information on individuals. For
computerized records, if required, HCFA and/or the contractor will
initiate automated data processing (ADP) system security procedures
required by DHHS ADP Systems Manual, Part 6, ADP Systems Security
(e.g., use of passwords), and the National Bureau of Standards
Federal Information Processing Standards.
Retention and disposal:
Hard copy records will be maintained. Disposal occurs three years
from the last action on the case.
System manager(s) and address:
Director, Bureau of Quality Control, Health Care Financing
Administration, Room 200, East High Rise Building, 6325 Security
Boulevard, Baltimore, Maryland 21207.
Notification procedure:
To determine if a record exists write to the System Manager at
the address indicated above. Specify name, address, and State.
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the System Manager named above and reasonably identify
the record and specify the information to be contested. State the
reason for contesting it (e.g., why it is inaccurate, irrelevant,
incomplete, or not current).
Record source categories:
Data is collected from the beneficiary and collateral contacts.
Collateral contacts are contacts with third parties that include but
are not limited to contacts with private individuals, banks,
insurance companies, nursing homes, private businesses, Federal
agencies, and any other entity that can provide information necessary
to arrive at a definitive eligibility decision and determine the
payment status of the beneficiary.
Systems exempted from certain provisions of the act:
None.
Appendix A--Central and Regional Office Addresses
1. Central Office Address: Bureau of Quality Control, HCFA,
6325 Security Boulevard, Baltimore, Maryland 21207.
2.HCFA Regional Office Addresses:
BOSTON REGION--Connecticut, Maine, Massachusetts, New
Hampshire, Rhode Island, Vermont
John F. Kennedy Federal Building, Room 1309, Boston,
Massachusetts 02203
NEW YORK REGION--New Jersey, New York, Puerto Rico, Virgin
Islands
26 Federal Plaza, Room 38-130, New York, New York 10007
PHILADELPHIA REGION--Delaware, District of Columbia, Maryland,
Pennsylvania, Virginia, West Virginia
P.O. Box 7760, Philadelphia, Pennsylvania 19101
ATLANTA REGION--Alabama, North Carolina, South Carolina,
Florida, Georgia, Kentucky, Mississippi, Tennessee
101 Marietta Street, Suite 602, Atlanta, Georgia 30223
CHICAGO REGION--Illinois, Indiana, Michigan, Minnesota, Ohio,
Wisconsin
Suite A-835, Chicago, Illinois 60604
DALLAS REGION--Arkansas, Louisiana, New Mexico, Oklahoma, Texas
1200 Main Tower Building, Room 2400, Dallas, Texas 75202
KANSAS CITY REGION--Iowa, Kansas, Missouri, Nebraska
New Federal Office Building, Room 235, 601 East 12th Street,
Kansas City, Missouri 64106
DENVER REGION--Colorado, Montana, North Dakota, South Dakota,
Utah, Wyoming
Federal Office Building, 5th Floor, 1961 Stout Street, Denver,
Colorado 80294
SAN FRANCISCO REGION--American Samoa, Arizona, California,
Guam, Hawaii, Nevada
Federal Office Building, 100 Van Ness Avenue, 20th Floor, San
Francisco, California 94102
SEATTLE REGION--Alaska, Idaho, Oregon, Washington
2901 Third Avenue, Mail Stop 406, Seattle, Washington, 98121.
09-70-2006
System name: Income and Eligibility Verification for Medicaid
Eligibility Quality Control (MEQC) Reviews, HHS/HCFA/MB.
Security classification:
None.
System location:
HCFA Central Office, Medicaid Bureau, Room 273, East High Rise,
6325 Security Boulevard, Baltimore, Maryland 21207.
Categories of individuals covered by the system:
Approximately 27,000 Medicaid recipients in the MEQC subsample
per year.
Categories of records in the system:
Recipient name, Social Security Number, name of State, and
Federal MEQC review number.
Authority for maintenance of the system:
Section 1903(u) of the Social Security Act (42 USC 1396b(u)).
Regulations 42 CFR 431.800, and 431.804.
Purpose(s):
To use other Federal and State agencies as necessary (e.g.,
Internal Revenue Service (IRS)) to identify sources of income and
resources of Medicaid recipients to establish the accuracy of
eligibility determinations and the proper amount of beneficiary
liability.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To other Federal agencies (e.g., Internal Revenue Service) to
obtain income/resource data for the purpose of determining correct
Medicaid eligibility.
2. To a State Medicaid agency which will use the information in
its eligibility decisions.
3. To a congressional office, from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
4. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating Automatic
Data Processing (ADP) software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for an ADP or telecommunications system
containing or supporting records in the system.
5. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
a. HHS, or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
d. The United States or any agency thereof, where HHS determines
that the litigation is likely to affect HHS or any of its components;
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
6. To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and assessing cost,
effectiveness, and the quality of health care services provided in
the State, if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the data are
provided in an individually identifiable form;
(2) Is of sufficient importance to warrant the effect and risk to
the privacy interests of the individual that additional exposure of
the record might bring, and;
(3) There is reasonable probability that the objective for the
use would be accomplished; and
d. Requires the receiver to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use of disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization of HCFA;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) When required by law; and
(4) Secure a written statement attesting to the receiver's
understanding of and willingness to abide by these provisions. The
receiver must agree to the following:
(a) Not to use the data for purposes that are not related to the
evaluation of cost, quality and effectiveness of care;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level at which no data cells have ten or fewer
beneficiaries); and
(c) To submit a copy of any aggregation of the data intended for
publication to HCFA for approval prior to publication.
7. To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
8. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
9. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Storage will be on paper and magnetic tape.
Retrievability:
Information will be retrieved by beneficiary social security
number which is the unique identifier used by HCFA for this system of
records, beneficiary name, and the Federal MEQC review number.
Safeguards:
HCFA will maintain all return information in accordance with
Federal requirements as necessary (e.g., the provisions of the
Internal Revenue Code section 6103(p)(4)). The records will be
accessible only to authorized employees. HCFA will notify all
employees having access to records of criminal sanctions for
unauthorized disclosure of information on individuals. All authorized
staff will have computer system security clearance by use of an
identification code and a password to access data. Access to the
return data will be restricted (via the Resource Access Control
Facility on the HCFA mainframe), to only those Medicaid Bureau
employees associated with the matching program on a ``need to know''
basis. All computer records will be safeguarded in accordance with
the provisions of the HHS Information Resource Management Manual,
Part 6, ADP Systems Security, including use of passwords, and the
National Bureau of Standards Federal Information Processing
Standards.
Retention and disposal:
Hard copy records will be maintained indefinitely. Magnetic tapes
will be disposed of after the MEQC error rates are produced for the
appropriate MEQC review period involved.
System manager(s) and address:
Director, Medicaid Bureau, Health Care Financing Administration,
Room 200, East High Rise Building, 6325 Security Boulevard,
Baltimore, Maryland 21207.
Notification procedure:
To determine if a record exists concerning you, write to the
System Manager at the address indicated above. Specify your name,
social security number, address, and State.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the System Manager named above and reasonably identify
the record and specify the information to be contested. State the
reason for contesting it (e.g., why it is inaccurate, irrelevant,
incomplete or not current).
Record source categories:
Income/resource data requested from other Federal agencies (e.g.,
IRS), and/or State agencies as necessary.
Systems exempted from certain provisions of the act:
None.
09-70-3001
System name:
Record of Individuals Authorized Entry to HCFA Buildings via a
Card Key Access System (RICKS), HHS/HCFA/OICS.
Security classification:
Level Three Privacy Act Sensitive Data.
System location:
HCFA, 7500 Security Boulevard, North Building, First Floor
(magnetic media), and South Building, Lower Level (paper), Baltimore,
Maryland 21244-1850.
Categories of individuals covered by the system:
The identified individual includes Federal employees; contractors
and consultants; and Government Services Administration employees and
contract guards working in HCFA's central office complex at 7500
Security Boulevard, Baltimore, Maryland.
Categories of records in the system:
This system contains the name of the employees or the other
authorized individual, assigned card key number, and building/secure
area. The system also contains the date and time of actual or
attempted entry to secured areas.
Authority for maintenance of the system:
Authority for maintenance of this system is given under Title 41
Code of Federal Regulations (CFR) Chapter 101-20.302, ``Conduct on
Federal Property,'' Title 5 United States Code (U.S.C.) 552a(e)(10),
and Office of Management and Budget Circular A-123, ``Internal
Control Systems.
Purpose(s):
The primary purpose of the system of records is to issue and
control United States Government card keys to all HCFA employees and
other authorized individuals who require access into certain
designated or secured areas. Information retrieved from this system
of records will be used to: support regulatory and policy functions
performed within the agency or by a contractor or consultant, assist
other Federal agencies to conduct activities related to this system,
support constituent requests made to a congressional representative,
and support litigation involving the agency.
Routine uses of records maintained in the system, including
Categories or Users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine use in this system meets the
compatibility requirement of the Privacy Act. We are proposing to
establish the following routine use disclosures of information which
will be maintained in the system:
1. To agency contractors, or consultants who have been engaged by
the agency to assist in accomplishment of a HCFA function relating to
the purposes for this system of records and who need to have access
to the records in order to assist HCFA.
2. To another Federal agency engaged by the agency to assist in
the performance of a service related to this system of records and
who need to have access to the records in order to perform the
activity.
3. To a Member of Congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
4. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
[[Page 15268]]
(d) The United States Government, is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records by the DOJ, court or
adjudicatory body is compatible with the purpose for which the agency
collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on paper and magnetic disk.
Retrievability:
Magnetic media records are retrieved by the name of the employees
or other authorized individual and/or card key number. Paper records
are retrieved alphabetically by name.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the RICKS system. For computerized
records, safeguards have been established in accordance with HHS
standards and National Institute of Standards and Technology
guidelines, e.g., security codes will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource ManagementCircular �10, Automated
Information Systems Security Program, HCFA Automated Information
Systems Guide, Systems Securities Policies, and OMB Circular No. A-
130 (revised), Appendix III.
Retention and disposal:
Records are retained for up to 3 years following expiration of an
individual's authority to enter secured areas. When an individual is
no longer authorized, information is deleted from magnetic media
immediately.
System manager(s) and address:
Director, Division of Facilities Management Services,
Administrative Services Group, Office of Internal Customer Support,
Health Care Financing Administration, 7500 Security Boulevard, SLL-
11-08, Baltimore, Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, assigned card key
number, and building/secure area, and for verification purposes, the
subject individual's name (woman's maiden name, if applicable), and
social security number (SSN). Furnishing the SSN is voluntary, but it
may make searching for a record easier and prevent delay.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
HCFA obtains information in this system from the individuals who
submit a request for access to a secure building or area.
Systems exempted from certain provisions of the act:
None.
09-70-3002
System name: Health Care Financing Administration (HCFA)
Employee Building Pass Files, HHS/HCFA/OBA.
Security classification:
None.
System location:
Health Care Financing Administration, 1-P-4 East Low Rise
Building, 6325 Security Boulevard, Baltimore, Maryland 21207.
Categories of individuals covered by the system:
All HCFA employees and non-HCFA employees who require continuous
access to buildings, e.g., the Health and Human Services Building in
Washington, D.C., the Social Security Administration complex.
Categories of records in the system:
This system contains the employees' name, social security number,
identification card number, work location, phone number, position
title and grade, supervisor's name and telephone number.
Note: Records will not be retrieved by the social security
number.
Authority for maintenance of the system:
Section 486(c) of Title 40, U.S.C.
41 CFR Chapter 101-20.302 (46 FR 3524, January 15, 1981)
Purpose(s):
To ensure that Federal employees and other authorized personnel
receive United States Government Identification.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To the Federal Protective Service if investigating a crime.
2. To management officials inquiring about an individual's
authorization to enter Federal occupied buildings.
3. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidential to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications systems containing or supporting
records in the system.
4. To a congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
5. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information is maintained on paper forms.
Retrievability:
Records are retrieved by the employees' name and identification
number.
Safeguards:
The records are stored in locked files. Access to the records is
limited to those employees who have a need for them in the
performance of their duties.
Retention and disposal:
Records are retained for 90 days following resignation or
expiration of contract (contracts) and then are shredded.
System manager(s) and address:
Director, Division of General Services, Office of Administrative
Services, Office of Management and Budget, Health Care Financing
Administration, 578 East High Rise Building, 6325 Security Boulevard,
Baltimore, Maryland 21207.
Notification procedure:
To determine if a record exists, write to the system manager at
the address indicated above and specify name and/or identification
number.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. You may also
request an accounting of disclosures that have been made of your
records, if any.
Contesting record procedures:
Contact the system manager named above and reasonably identify
the record and specify the information to be contested, and state the
corrective action sought and your reasons for requesting the
correction, along with information to show how the record is
inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
HCFA obtains information in this system from the individuals who
are covered by the system.
Systems exempted from certain provisions of the act:
None.
09-70-3004
System name:
Record of Individuals Allowed Regular and Special Parking
Privileges at the Health Care Financing Administration (HCFA)
Building (PRKG), HHS/HCFA/OICS.
Security classification:
Level Three, Privacy Act Sensitive Data
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, and
the Office of Internal Customer Support, South Building, Lower Level,
Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
All Federal employees who require parking privileges at HCFA
buildings.
Categories of records in the system:
This system contains the collected information on all Federal
employees at HCFA buildings, i.e., name, social security number,
parking permit number, telephone number, work location, position,
title and grade, supervisor's name and telephone number and
background information relating to medical or specific parking needs.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s) :
The primary purpose of the system of records is to issue parking
permits for the HCFA complex at 7500 Security Boulevard, Baltimore,
Maryland. Information retrieved from this system of records will also
be used to support regulatory and policy activities performed within
the agency or by a contractor or consultant; support constituent
requests made to a Congressional representative; and to support
litigation involving the agency related to this system of records.
Routine uses of records maintained in the system, including
Categories or Users and the purposes of such uses:
The Privacy Act permits disclosure of information without an
individual's consent if the information is to be used for a purpose,
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use''. We are proposing to disclose information from this system of
records under the following routine uses. These routine uses are
discussed in detail in the attached Preamble.
1. To agency contractors, or consultants who have been engaged by
the agency to assist in the performance of a service related to this
system of records and who need to have access to the records in order
to perform the activity.
2. To a member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
3. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information is maintained on paper, computer diskette and on
magnetic storage media.
Retrievability:
Name and parking permit identification number are used to
retrieve the records.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the PRKG system. For computerized
records, safeguards have been established in accordance with HHS
standards and National Institute of Standards and Technology
guidelines; e.g., security codes will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular �10,
Automated Information Systems Security Program; HCFA Automated
Information Systems (AIS) Guide, Systems Securities Policies; and OMB
Circular No. A-130 (revised), Appendix III.
Retention and disposal:
All records are destroyed one year after parking privileges are
terminated.
System manager(s) and address:
Director, Division of Facilities Management Services,
Administrative Services Group, Office of Internal Customer Support,
HCFA, 7500 Security Boulevard, Baltimore, Maryland, 21244-1850.
Notification procedure:
For purposes of access, the subject individual should write to
the system manager who will require the system name, parking permit
number, and for verification purposes, the subject individual's name
(woman's maiden name, if applicable), address, date of birth, sex,
and social security number (SSN) (furnishing the SSN is voluntary,
but it may make searching for a record easier and prevent delay).
Record access procedures:
For purposes of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
Sources of information contained in this records system are
received from the individual requesting parking privileges on HCFA
Form 182 04/99.
Systems exempted from certain provisions of the act:
None.
09-70-4001
System name: Group Health Plan System, HHS/HCFA/OPHCOO.
Security classification:
None.
System location:
Health Care Financing Administration, Bureau of Data Management
and Strategy, Division of Capitation Systems, 6325 Security
Boulevard, Baltimore, Maryland 21207-5187
Categories of individuals covered by the system:
Recipients of Part A (Hospital Insurance) and Part B
(supplementary medical) Medicare services enrolled in a group health
plan.
Categories of individuals covered by the system:
The system contains information about a beneficiary's health
insurance entitlement and supplementary medical benefits usage.
Contact System Manager for location of Contractor(s).
Authority for maintenance of the system:
Sections 1833(a)(1)(A), 1866 and 1876 of Title XVIII of the
Social Security Act (42 U.S.C. 1395(a)(1)(A), 1395cc, and 1395mm).
Purpose(s):
To maintain a master file of Group Health Plan members for
accounting control; to expedite the exchange of data with the Group
Health Plans; and to control the posting of pro-rata amounts to the
Part B deductible of currently enrolled Group Health Plan members.
Group Health Plan include the following: Health Maintenance
Organizations (HMO), Competitive Medical Plans (CMP), and Health Care
Prepayment Plans (HCPP).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made:
(1) To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(2) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when (a) HHS, or any
component thereof; or (b) Any HHS employee in his or her official
capacity; or (c) Any HHS employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) The United States or
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, the tribunal, or the
other party is relevant and necessary to the litigation and would
help in the effective representation of the governmental party,
provided, however, that in each case; HHS determines that such
disclosure is compatible with the purpose for which the records were
collected.
(3) To an individual or organizations for a research evaluation,
or epidemiologic project related to the prevention of disease or
disability, or the restoration or maintenance of health if HCFA:
a. Determines that the use or disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained;
b. Determines that the purpose; for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form.
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring, and
(3) There is reasonable probability that the objective for the
use would be accomplished;
c. Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project,
unless the recipient presents an adequate justification of a research
or health nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual.
(b) For use in another research project, under these same
conditions, and with written authorization of HCFA.
(c) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit or
(d) When required by law;
d. Secures a written statement attesting to the information
recipient's understanding of a willingness to abide by the
provisions.
(4) To providers and suppliers of services directly or dealing
through contractors, fiscal intermediaries or carriers for
administration of Title XVIII. Providers and suppliers:
a. Will have access only through a CRT terminal.
b. Will have access to only one record at a time.
c. Must enter both beneficiary name and Health Insurance Claim
Number to access a record.
d. Must have a claim for services for the beneficiary.
e. Must enter a password in order to get access to the file.
(5) To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications system containing or supporting records
in the system.
(6) To a contractor when the Department contracts with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records. The
contractor must agree:
a. Not to publish or otherwise disclose data in a form in which
beneficiaries could be identified (except to plans, providers,
suppliers, carriers, and intermediaries as authorized by HCFA), and,
b. To safeguard the confidentiality of the data and to prevent
unauthorized access to it.
(7) To a Medicaid State Agency to coordinate the delivery of
medical care and to determine proper payment responsibilities when
certain conditions, as provided below, are met before the release of
data.
(a) HCFA receives in writing a request for a copy of the monthly
Group Health Plan System from the Director of the state Medicaid
agency on the agency's letterhead. The request must state that the
data is needed to identify dual eligible Medicaid/Medicare HMO
members for coordination of medical care and payments.
(b) The request must state that the confidentiality of the data
will be maintained and that the data will be used only for the stated
purposes. (c) The agency must establish reasonable administrative,
technical and physical safeguards to prevent unauthorized use or
disclosure of any of the data on the Group Health Plan System file.
(8) To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
(9) To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
(10) To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic tape and microfilm.
Retrievability:
The system is indexed by health insurance claim number.
Safeguards:
Only authorized personnel have direct access to information in
the Group Health Plan systems. In addition, Groups Health Plan
personnel are advised that information is confidential.
Offices containing records are locked when not in use. Computer
terminals are in secured areas. All buildings are locked at night.
Employees who maintain records in this system are instructed to
grant access only to authorized users. Data stored in computers are
accessed through the use of passwords/keywords/numbers known only to
the authorized personnel. These passwords are changed as needed.
Contractor(s) who maintain records in this system are instructed to
make no further disclosures of the records except as authorized by
the system manager in accordance with the Privacy Act. Privacy Act
requirements are specifically included in contracts related to this
system. The project officer and contract officer oversee compliance
with these requirements.
The particular safeguards implemented are developed in accordance
with Part 6, ``ADP Systems Security,'' of the HHS ADP Systems Manual
and the National Bureau of Standards Federal Information Process
Standards.
Retention and disposal:
Health insurance materials used to support the accuracy of the
charge per service billed by the plan are retained for 3 years, then
destroyed.
System manager(s) and address:
Health Care Financing Administration, Director, Office of Prepaid
Health Care Operations and Oversight, 6325 Security Boulevard,
Baltimore, Maryland 21207-5187
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager named above and directed to the attention of the
Office of Financial Management. The individuals should furnish his or
her health insurance claim number as shown on social security
records.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2).))
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reasons for the correction with supporting justification. (These
procedures are in accordance with Department Regulations (45 CFR
5b.7).)
Record source categories:
The identifying information contained in these records is
obtained from the group health plans (which obtained the data from
the individual concerned, and the Health Insurance Master record.)
Systems exempted from certain provisions of the act:
None.
APPENDIX--HEALTH CARE FINANCING ADMINISTRATION, REGIONAL OFFICES
I. Boston
HMO Coordinator, Room 1309, JFK Federal Building, Boston,
Massachusetts 02203
II. New York
HMO Coordinator, Room 3811, 26 Federal Plaza, New York, New York
10278
III. Philadelphia
HMO Coordinator, 3535 Market Street, P.O. Box 7760, Philadelphia,
Pennsylvania 19101
IV. Atlanta
HMO Coordinator, Suite 701, 101 Marietta Tower, Atlanta, Georgia
30323
V. Chicago
HMO Coordinator, Suite A-835, 175 W. Jackson Boulevard, Chicago,
Illinois 60604
VI. Dallas
HMO Coordinator, Room 2000, 1200 Main Tower Building, Dallas,
Texas 75202
VII. Kansas City
HMO Coordinator, New Federal Office Building, Room 235, 601 East
12th Street, Kansas City, Missouri 64106
VIII . Denver
HMO Coordinator,
Federal Building,
Room 574,
1961 Stout Street,
Denver, Colorado 80294
IX. San Francisco
HMO Coordinator,
14th Floor,
100 Van Ness Avenue,
San Francisco, California 94102
X. Seattle
HMO Coordinator, Mail Stop 502, 2901 Third Avenue, Seattle,
Washington 98121
09-70-4003
System name: Medicare HMO/CMP Beneficiary Reconsideration System
(MBRS), HHS/HCFA/OPHCOO.
System location:
Health Care Financing Administration, Office of Prepaid Health
Care, Room 4360 HHS Cohen Building, Washington, DC 20201.
Contractor (to be selected).
Categories of individuals covered by the system:
Any Medicare beneficiary who is or has been enrolled in a health
maintenance organization (HMO) or competitive medical plan (CMP) and
who has requested a reconsideration appeal by HCFA, or any persons
who act on behalf of these beneficiaries.
Categories of records in the system:
Information in the record includes the following:
1. Beneficiary Name and/or Name of Beneficiary Representative and
Addresses.
2. Health Insurance Claim (HIC) Number.
3. Health Plan Name and Address.
4. Health Plan Number.
5. Beneficiary Medical Records and Statement of Facts.
6. Claims Data: Date Claim Received by Health Plan, Date(s) of
Service.
7. Routine Items: Beneficiary Enrollment Form and Disenrollment
Request, Verification of Enrollment HMO Status, Date Reconsideration
Request Submitted to HCFA, Date(s) of Determination(s) by Plan and
HCFA.
Authority for maintenance of the system:
This system is established under the authority of Section 1876 of
the Social Security Act (42 U.S.C. 1395mm).
Purpose(s):
To keep account of reconsiderations requested by or on behalf of
Medicare HMO/CMP enrollees and to promote the effectiveness and
integrity of the Medicare HMO/CMP program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To a Congressional office in response to an inquiry from that
office at the request of the subject individual.
2. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components:
is a party to litigation or has an interest in such litigation,
and the use of such records by the Department of Justice, the
tribunal, or the other party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided that in each case HHS determines that
such disclosure is compatible with the purpose for which the records
were collected.
3. To a Contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
4. To a third party where:
(a) HCFA needs information from the third party to verify
information presented by the beneficiary or beneficiary
representative relating to the beneficiary's entitlement to benefits,
the amount of reimbursement, or a similar question;
(b) The individual is unable to provide the information sought by
HCFA, i.e., there is a reasonable basis to conclude that the
individual is of questionable mental capability, cannot read or
write, cannot communicate due to a language barrier, or lacks access
to information, or that some similar circumstance exists;
(c) The party to whom disclosure is to be made has, or is
reasonably expected to have, information to assist the individual and
disclosure is needed in order to obtain this information; and
(d) HCFA determines that the purpose of disclosure is compatible
with the purposes for which the records were collected.
5. To a State Insurance Commissioner or other state regulator
with similar authority, Peer Review Organization (PRO), Quality
Review Organization (QRO), or an entity under contract to HCFA or the
Department acting in a manner consistent with maintaining the
integrity of the Medicare program, if HCFA determines that disclosure
of beneficiary--specific information is necessary or relevant to an
official investigation or litigation regarding a specific case, and
if HCFA determines:
(a) That the use or disclosure of information does not violate
legal limitations under which the record was provided, collected, or
obtained;
(b) That the purpose for which disclosure is to be made:
(1) Is compatible with the purposes for which the records were
collected;
(2) Cannot be reasonably accomplished unless the record is
provided in individual identifiable form; and
(3) Is of sufficient importance to warrant any effect on the
privacy of the individual that disclosure of the record might bring;
(c) That adequate safeguards have been instituted so as to
protect the confidentiality of the data and prevent unauthorized
access to it; and
(d) That the appropriate procedures, format, and media will be
used for the data disclosure process.
6. To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
7. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
8. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained at each of the system location sites
in magnetic media (e.g., magnetic tape and computer discs) and in
paper form.
Retrievability:
The data in this system are retrieved by beneficiary name, health
insurance claim (HIC) number, health plan, or record number.
Safeguards:
Safeguards for automated records have been established in
accordance with the Department of HHS' Information Resources
Management Manual, ``Part 6, Automated Information Systems
Security''. This includes maintaining the records in a secure
enclosure.
Access to specific records is limited to those who have a need
for them in the performance of their official duties.
Paper records are maintained in locked files in buildings which
are secured after normal business hours.
Retention and disposal:
Records are maintained on-line in the system from the date of
inquiry until two years after the final response is released.
System manager(s) and address:
Project Officer, Medicare HMO/CMP Beneficiary Reconsideration
System, Office of Prepaid Health Care, Health Care Financing
Administration, Room 4360, HHS Cohen Building, 330 Independence
Avenue, SW, Washington, DC 20201
Notification procedure:
To determine if a record exists, write to the system manager at
the address indicated above or to the HMO Coordinator at the
appropriate regional office (see Appendix A), and specify beneficiary
name, HIC number, and health plan.
Record access procedures:
Same as notification procedures. Requestors should reasonably
specify the information in the records being sought. You may also
request an accounting of disclosures that have been made of your
records, if any. These procedures are in accordance with Departmental
Regulations (45 CFR 5b.5(a)(2)).
Contesting record procedures:
Contact the system manager named above and reasonably identify
the record and specify the information to be contested, state the
corrective action sought and your reasons for requesting the
corrections, along with information to show how the record is
inaccurate, incomplete, untimely, irrelevant, or otherwise in need of
correction. These procedures are in accordance with Departmental
Regulations (45 CFR 5b.7).
Record source categories:
The identifying information contained in these records is
obtained from the reconsideration requests made by or on behalf of
Medicare beneficiaries and from inquiries from the following sources:
Congressional office, the Health Plan, HCFA Central Office, Social
Security Administration, providers; Medicare Intermediary/Carrier,
State Insurance Commissioner/State Regulator, Disenrollment Survey,
and all others. The paper record includes the original incoming
reconsideration request or inquiry, any supporting documentation
obtained during the investigation process, and the final response.
The magnetic tape record or computer disc record will only
include information to be compiled in data base (e.g., name, dates
associated with the reconsideration request or inquiry resolution,
type of inquiry) and will not include any descriptive data items.
Systems exempted from certain provisions of the act:
None.
Appendix A.--Health Care Financing Administration, Regional Offices
I BOSTON, HMO Coordinator, Room 1309, JFK Federal Building,
Boston, Massachusetts 02203
II NEW YORK, HMO Coordinator, Room 3811, 26 Federal Plaza, New
York, New York 10278
III PHILADELPHIA, HMO Coordinator, 3535 Market Street, PO Box
7760, Philadelphia, Pennsylvania 19101
IV ATLANTA, HMO Coordinator, Suite 701, 101 Marietta Tower,
Atlanta, Georgia 30323
V CHICAGO, HMO Coordinator, Suite A-835, 175 W. Jackson
Boulevard, Chicago, Illinois 60604
VI DALLAS, HMO Coordinator, Room 2000, 1200 Main Tower Building,
Dallas, Texas 75202
VII KANSAS CITY, HMO Coordinator, New Federal Office Building,
Room 235, 601 East 12th Street, Kansas City, Missouri 64106
VIII DENVER, HMO Coordinator, Federal Building, Room 574, 1961
Stout Street, Denver, Colorado 80294
IX SAN FRANCISCO, HMO Coordinator, 14th Floor, 100 Van Ness
Avenue, San Francisco, California 94102
X SEATTLE, HMO Coordinator, Mail Stop 502, 2901 Third Avenue,
Seattle, Washington 98121
09-70-4004
System name:
Health Plan Management System (HPMS), HHS/HCFA/CHPP.
Security classification:
None.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
Recipients of Medicare Part A (Hospital Insurance) and Part B
(supplementary medical insurance) services who are enrolled in
Medicare health plans.
Authority for maintenance of the system:
Authority for maintenance of the system is given under section
1875 of the Social Security Act (42 U.S.C. 1395ll), entitled Studies
and Recommendations; section 1121 of the Social Security Act (42
U.S.C. 1121), entitled Uniform Reporting System for Health Services
Facilities and Organizations; and section 1876 of the Social Security
Act (42 U.S.C. 1395mm), entitled Payments to Health Maintenance
Organizations and Competitive Medical Plans.
Purpose(s):
To collect and maintain information on Medicare beneficiaries
enrolled in Medicare Health Plans in order to develop and disseminate
information required by the Balanced Budget Act of 1997 that will
inform beneficiaries and the public of indicators of health plan
performance to help beneficiaries choose among health plans, support
quality improvement activities within the plans, monitor and evaluate
care provided by health plans; provide guidance to program management
and policies, and provide a research data base for HCFA and other
researchers.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These routine uses specify additional circumstances under which
HCFA may release information from the Health Plan Management System
without the consent of the individual to whom such information
pertains. Each proposed disclosure of information under these routine
uses will be evaluated to ensure that the disclosure is legally
permissible, including but not limited to ensuring that the purpose
of the disclosure is compatible with the purpose for which the
information was collected. Also, HCFA will require each prospective
recipient of such information to agree in writing to certain
conditions to ensure the continuing confidentiality and security,
including physical safeguards of the information. More specifically,
as a condition of each disclosure under these routine uses, HCFA
will, as necessary and appropriate:
(a) Determine that no other Federal statute specifically
prohibits disclosure of the information;
(b) Determine that the use or disclosure does not violate legal
limitations under which the information was provided, collected, or
obtained;
(c) Determine that the purpose for which the disclosure is to be
made;
(1) Cannot reasonably be accomplished unless the information is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect on or the
risk to the privacy of the individual(s) that additional exposure of
the record(s) might bring; and
(3) There is a reasonable probability that the purpose of the
disclosure will be accomplished;
(d) Require the recipient of the information to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized access, use or disclosure of the
record or any part thereof. The physical safeguards shall provide a
level of security that is at least the equivalent of the level of
security contemplated in OMB Circular No. A-130 (revised), Appendix
III, Security of Federal Automated Information Systems which sets
forth guidelines for security plans for automated information systems
in Federal agencies;
(2) Remove or destroy the information that allows the subject
individual(s) to be identified at the earliest time at which removal
or destruction can be accomplished consistent with the purpose of the
request;
(3) Refrain from using or disclosing the information for any
purpose other than the stated purpose under which the information was
disclosed, and
(4) Make no further uses or disclosure of the information except:
(i) To prevent or address an emergency directly affecting the
health or safety of an individual;
(ii) For use on another project under the same conditions,
provided HCFA has authorized the additional use(s) in writing; or
(iii) When required by law;
(e) Secure a written statement or agreement from the prospective
recipient of the information whereby the prospective recipient
attests to an understanding of and willingness to abide by the
foregoing provisions and any additional provisions that HCFA deems
appropriate in the particular circumstances; and
(f) Determine whether the disclosure constitutes a computer
``matching program'' as defined in 5 U.S.C. 552a(a)(8). If the
disclosure is determined to be a computer ``matching program,'' the
procedures for matching agreements as contained in 5 U.S.C. 552a(o)
must be followed.
Disclosure may be made:
1. To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
2. To the Bureau of Census for use in processing research and
statistical data directly related to the administration of programs
under the Social Security Act.
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party or interest provided, however, that in each
case HHS determines that such disclosure is compatible with the
purpose for which the records were collected.
4. To an individual or organization for a research,
demonstration, evaluation, epidemiological or health care quality
improvement project related to the prevention of disease or
disability, or the restoration or maintenance of health.
5. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating automated
information systems (AIS) software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for AIS or telecommunications systems
containing or supporting records in the system.
6. To a Peer Review Organization for health care quality
improvement projects conducted in accordance with its contract with
HCFA.
7. To state Medicaid agencies pursuant to agreements with the
Department of Health and Human Services for determining Medicaid and
Medicare eligibility of recipients of assistance under titles IV,
XVIII, and XIX of the Social Security Act, and for the complete
administration of the Medicaid program.
8. To an agency of a state Government, or established by state
law, for purposes of determining, evaluating and/or assessing cost,
effectiveness, and/or the quality of health care services provided in
the state.
9. To another Federal or state (1) To contribute to the accuracy
of HCFA's proper payment of Medicare health benefits, or (2) as
necessary to enable such agency to fulfill a requirement of a Federal
statute or regulation, or a state statute or regulation that
implements a health benefits program funded in whole or in part with
Federal funds.
10. To other Federal agencies or states to support the
administration of other Federal or state health care programs, if
funded in whole or in part by Federal funds.
11. To the Social Security Administration for its assistance in
the implementation of HCFA's Medicare and Medicaid programs.
12. To a HCFA Contractor, including but not limited to fiscal
intermediaries and carriers under title XVIII of the Social Security
Act, to administer some aspect of a HCFA-administered health benefits
program, or to a grantee of a HCFA-administered grant program, which
program is or could be affected by fraud or abuse, for the purpose of
preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating such fraud or abuse in
such programs.
13. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States, including any state or local government agency, for the
purpose of preventing, deterring, discovering, detecting,
investigating, examining, prosecuting, suing with respect to,
defending against, correcting, remedying, or otherwise combating such
fraud or abuse in such health benefits programs funded in whole or in
part by Federal funds.
14. To any entity that makes payment for or oversees
administration of health care services, for the purpose of
preventing, deterring, discovering, detecting, investigating,
examining, prosecuting, suing with respect to, defending against,
correcting, remedying, or otherwise combating fraud or abuse against
such entity or the program or services administered by such entity,
provided:
(i) Such entity enters into an agreement with HCFA to share
knowledge and information regarding actual or potential fraudulent or
abusive practices or activities regarding the delivery or receipt of
health care services, or regarding securing payment or reimbursement
for health care services, or any practice or activity that, if
directed toward a HCFA-administered program, might reasonably be
construed as actually or potentially fraudulent or abusive;
(ii) Such entity does, on a regular basis, or at such times as
HCFA may request, fully and freely share such knowledge and
information with HCFA, or as directed by HCFA, with HCFA's
contractors; and
(iii) HCFA determines that it may reasonably conclude that the
knowledge or information it has received or is likely to receive from
such entity could lead to preventing, deterring, discovering,
detecting, investigating, examining, prosecuting, suing with respect
to, defending against, correcting, remedying, or otherwise combating
fraud or abuse in the Medicare, Medicaid or other health benefits
program administered by HCFA or funded in whole or in part by Federal
funds.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored in file folders, magnetic tapes, or
computer disks.
Retrievability:
The records are retrieved by health insurance claim number.
Safeguards:
For computerized records, safeguards established in accordance
with Department standards and National Institute of Standards and
Technology guidelines (e.g., security codes) will be used, limiting
access to authorized personnel. System securities are established in
accordance with HHS, Information Resource Management (IRM) Circular
10, Automated Information Systems Security Program; and HCFA
Automated Information Systems (AIS) Guide, Systems Securities
Policies, and OMB Circular No. A-130 (revised), Appendix III.
Retention and disposal:
The records are maintained with identifiers as long as needed for
program research.
System manager(s) and address:
Director, Center for Health Plans and Providers, Health Care
Financing Administration, 7500 Security Boulevard, Baltimore,
Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write the
system manager, who will require the system name, health insurance
claim number, and, for verification purposes, name, address, date of
birth, and sex to ascertain whether or not the individual's record is
in the system.
Record access procedure:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with the Department regulations 45 CFR
5b.5(a)(2).)
Contesting record procedures:
Contact the system manager named above, and reasonably identify
the record and specify the information to be contested. State the
corrective action sought and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department regulation 45 CFR 5b.7.)
Record source categories:
The identifying information contained in these records is
obtained from the health plans (which obtained the data from the
individual concerned) or the individuals themselves. Also, these data
will be linked with HCFA administrative data, such as claims and
enrollment data.
Systems exempted from certain provisions of the act:
None.
09-70-5001
System name: Medicare Hearings and Appeals System (MHAS), HHS/
HCFA/AAO.
Security classification:
None.
System location:
Health Care Financing Administration, 6325 Security Boulevard
(Paper Media), Baltimore, Maryland 21207. (Contact system manager for
location of Magnetic Media computerized records.)
Categories of individuals covered by the system:
All individuals who request a hearing by an administrative law
judge (ALJ) or appeal an ALJ decision on cases administered by HCFA
pursuant to Titles XI, XVIII, and XIX of the Social Security Act, as
amended.
Categories of records in the system:
The system contains information concerning Medicare beneficiaries
and physicians and other persons involved in furnishing services to
Health Insurance beneficiaries. Information on beneficiaries may
include: Name, address, SSN, medical services, equipment, and
supplies for which Medicare reimbursement is requested, and material
used to determine amount of benefits allowable under Medicare.
Information on physicians and other persons may include: Name,
address, specialty, identification number, medical services for which
Medicare reimbursement is requested, material used to determine
amount of benefits allowable under Medicare, and material used to
determine whether a sanction or suspension is warranted.
Authority for maintenance of the system:
Sections 205, 1155, 1156, 1869, and 1872 of the Social Security
Act, as amended.
Purpose(s):
The Hearing and Appeals File contains information used in
processing the claimant's Request for Hearing or Appeal; information
for the conduct of the hearing or appeal; information the
Administrative Law Judge uses to reach a decision; and information to
reply to future correspondence.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made to: (1) A contractor for the purpose of
collating, analyzing, aggregating or otherwise refining or processing
records in this system or for developing, modifying and/or
manipulating ADP software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for an ADP or telecommunications system
containing or supporting records in the system.
(2) A congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
(3) To the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(4) The Department of Justice for investigation and prosecuting
violations of the Social Security Act to which criminal penalties
attach, or other criminal statutes as they pertain to the Social
Security Act programs, for representing the Secretary, and for
investigating issues of fraud by agency officers or employees, or
violation of civil rights.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper and magnetic media.
Retrievability:
Records are normally retrieved numerically by the docket control
number. However, records will be cross-referenced by the
beneficiary's social security number, physician's or other
individual's identification number, and alphabetically by name, in
order to associate correspondence.
Safeguards:
a. Authorized Users: Only agency employees and contractor
personnel whose duties require the use of information in the system.
In addition, such agency employees and contractor personnel are
advised that the information is confidential and of criminal
sanctions for unauthorized disclosure of information.
b. Physical Safeguards: Records are stored in locked files or
secured areas. Computer terminals are in secured areas.
c. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant regular access only to authorized
users. Data stored in computers are accessed through the use of
passwords known only to authorized personnel.
Contractors who maintain records in this system are instructed to
make no further disclosure of the records except as authorized by the
system manager and permitted by the Privacy Act. Privacy Act language
is included in contracts related to this system.
d. Implementation Guidelines: Safeguards are implemented in
accordance with all guidelines required by the Department of Health
and Human Services. Safeguards for automated records have been
established in accordance with the Department of HHS' Automated Data
Processing Manual, ``Part 6, ADP System Security.''
Retention and disposal:
Records are retained for 10 years after the last action on the
record.
System manager(s) and address:
Associate Administrator/Office of Associate Administrator of
Operations, Health Care Financing Administration, Room 742, East High
Rise, 6325 Security Boulevard, Baltimore, Maryland 21207.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager at the address above. The requestor must specify
the case control number or the claimant's name and health insurance
claim number or provider number.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Departmental Regulations, 45 CFR 5b.7.)
Contesting record procedures:
Contact the system manager named above, and reasonably identify
the record and specify the information to be contested. State the
reason for contesting it (e.g., why it is inaccurate, irrelevant,
incomplete or not current). (These procedures are in accordance with
Departmental Regulations, 45 CFR 5b.7.)
Record source categories:
HCFA obtains the identifying information in this system from the
request for a Medicare hearing or appeal. Information in these
records are obtained from Medicare carrier or intermediary, or Peer
Review Organization records.
Systems exempted from certain provisions of the act:
None.
09-70-6001
System name:
Medicaid Statistical Information System (MSIS).
Security classification:
None.
System location:
Health Care Financing Administration, 6325 Security Boulevard,
Baltimore, Maryland 21207-5187. (Contact system manager for location
of computerized records.)
Categories of individuals covered by the system:
Persons enrolled in Medicaid in participating States.
Categories of records in the system:
Medicaid enrollment records, paid health care claims records, and
drug data.
Authority for maintenance of the system:
Section 1902(a)(6) of the Social Security Act (42 U.S.C.
1396a(a)(6)).
Purpose(s):
1. To establish an accurate and timely database on the Medicaid
program for the purpose of Federal administration of the Medicaid
program by collecting from State programs standardized enrollment and
paid claims data that will be reported, verified, and maintained on
an ongoing basis.
2. To establish a single source of Medicaid data at the Federal
level for maintaining a single, accurate, and comprehensive Medicaid
database that can be analyzed to produce statistical reports; to
support research of important policy, of quality and effectiveness of
care, and of epidemiological issues; to support actuarial
forecasting; to support statistical profiling; and to support the
detection of fraud, abuse, and waste in regard to the Medicaid
program.
3. To eliminate the need for special data collection efforts to
support special studies.
4. To reduce the State reporting burden by eliminating redundant
reporting and the need to prepare complex, time-consuming summary
information.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made:
1. To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this
system, or for developing, modifying and/or manipulating it with ADP
software. Data would also be available to a contractor incidental to
consultation, programming, operation, user assistance, or maintenance
for an ADP or telecommunications system containing or supporting
records in the system.
2. To the congressional office of an individual, in response to
an inquiry from that congressional office at the request of the
individual involved.
3. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her capacity where the Department
of Justice (or HHS, where it is authorized to do so) has agreed to
represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components;
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
4. To an individual or organization for a research, evaluation,
or epidemiological project related to the prevention of disease or
disability, the restoration or maintenance of health, or the study of
the costs of providing health care, if HCFA:
(a) Determines that the use of disclosure does not violate legal
limitations under which the record was provided, collected, or
obtained.
(b) Determines that the purpose for which the disclosure is to be
made:
(1) Cannot be reasonably accomplished unless the record is
provided in individually identifiable form;
(2) Is of sufficient importance to warrant the effect and/or risk
on the privacy of the individual that additional exposure of the
record might bring; and
(3) There is reasonable probability that the objective for the
use would be accomplished.
(c) Requires the information recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and guards to prevent unauthorized use or disclosure of the record,
and
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the project unless
the recipient presents an adequate justification of a research or
health nature for retaining such information, and
(3) Make no further use or disclosure of the record except:
a. In emergency circumstances affecting the health or safety of
any individual;
b. For use in another research project, under these same
conditions, and with written authorization of HCFA;
c. For disclosure to a properly identified person for the purpose
of an audit related to the research project, if information that
would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit; or
d. When required by law.
(d) Secures a written statement attesting to the information
recipient's understanding of and willingness to abide by these
provisions.
5. To employees of a State government for the purposes of
investigating potential fraud, abuse, or waste related to the
Medicaid program, for research relating to the Medicaid program, or
for management and/or administration of the Medicaid program.
6. To another Federal agency; (1) to contribute to the accuracy
of HCFA's proper payment of Medicaid health benefits, and/or (2) to
enable such agency to administer a Federal health benefits program,
or as necessary to enable such agency to fulfill a requirement of a
Federal statute or regulation, if HCFA:
(a) Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
(b) Determines that the purpose for which the disclosure is to be
made cannot reasonably be accomplished unless the data are provided
in individually identifiable form;
(c) Requires the recipient to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Make no further use or disclosure of the record except:
(a.) In emergency circumstances affecting the health or safety of
any individual;
(b.) For use on another project under the same conditions, and
with written authorization from HCFA; and
(c.) When required by law;
(3) Secure a written statement attesting to the recipient's
understanding of, and willingness to abide by the following
provisions:
(a.) Not to use the data for purposes that are not related to the
subject project;
(b.) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that persons could be identified
(i.e., the data to be published must not be person-specific and must
be aggregated to a level where no data cells have 10 or fewer
persons); and
(c.) Not to publish any aggregation of the data without HCFA's
approval.
7. To the Social Security Administration for their assistance in
the implementation of HCFA's administration of the Medicare and
Medicaid programs.
8. To a HCFA contractor (including, but not necessarily limited
to fiscal intermediaries and carriers) that assists in the
administration of a HCFA-administered health benefits program, or to
a grantee of a HCFA-administered grant program, when disclosure is
deemed reasonably necessary by HCFA to prevent, deter, discover,
detect, investigate, examine, prosecute, sue with respect to, defend
against correct, remedy, or otherwise combat fraud or abuse in such
program; and
9. To another federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in a health benefits program funded in whole or in part by
federal funds, when disclosure is deemed reasonably necessary by HCFA
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such program, subjected to certain
conditions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored in hard copy and/or on magnetic media
Retrievability:
Records may be retrieved by the MSIS identification number (which
may be either a State-assigned identifier or a social security
number).
Safeguards:
For computerized records, safeguards are established in
accordance with department standards and National Institute of
Standards and Technology guidelines (e.g., security codes) will be
used, limiting access to authorized personnel. System security
safeguards are established in accordance with HHS, Information
Resource Management (IRM) Circular #10, Automated Information Systems
Security Program; and the HCFA Administrative Issuance System (AIS)
Guide for Systems Security Policies.
Retention and disposal:
Records are maintained with identifiers as long as needed for
program research.
System manager(s) and address:
Director, Bureau of Data Management and Strategy, Health Care
Financing Administration, Room 1-A-11 Security Office Park Building,
6325 Security Boulevard, Baltimore, Maryland 21207-5187.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager at the address above. the requester must specify
the State, Medicaid Identifier number, date of birth, and/or social
security number (SSN). Divulgence of the requester's SSN is
voluntary, unless the requester's record cannot be located without
their SSN.
Record access procedures:
Same as notification procedures. Individuals in the system should
also reasonably specify the record contents being sought. (These
access procedures are in accordance with the Department regulations
(45 CFR 5b.5.).
Contesting record procedures:
Contact the system manager named above, reasonably identify the
record (provide State, Medicaid identifier number, date of birth, and
social security number), and specify the information to be contested.
State the reason for contesting it; e.g., why the information is
inaccurate, irrelevant, incomplete or not current. (These procedures
are in accordance with Departmental Regulations (45 CFR 5b.7).)
Record source categories:
HCFA obtains the identifying information in this system from
State Medicaid Agencies. Almost all information in the proposed
system is derived from States' Medicaid Management Information
Systems. Drug data is obtained from the National Drug Data File.
Systems exempted from certain provisions of the act:
None.
09-70-6002
System name:
Medicare Current Beneficiary Survey (MCBS) System, HHS/HCFA/OSP.
Security classification:
Level Three Privacy Act Sensitive.
System location:
HCFA Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850.
Categories of individuals covered by the system:
The system contains a random sampling of individuals enrolled for
hospital insurance (Part A) and/or supplemental medical benefits
(Part B) under the Medicare program.
Categories of records in the system:
Information contained in this system include the name of the
beneficiary, health insurance claim number (HIC) number, age, sex,
race, education, military service history, income, marital status,
medical utilization and cost, prescription drug usage and cost data,
health and functional status, health insurance coverage, medical
condition status, household composition and medical provider names.
Authority for maintenance of the system:
Authority for the maintenance of this system of records is given
under of section 1875 of the Social Security Act (42 United States
Code (USC) 1395ll), entitled, ``Studies and Recommendations.''
Purpose(s):
The primary purpose of the system of records is to maintain a
research database for HCFA and other researchers that is capable of
producing data sets suitable for both longitudinal and cross-
sectional analysis to be used to: (1) Produce projections for current
programs and proposed program changes, (2) produce national level
estimates of health care expenditures by the aged and disabled, and
(3) provide a research database that can be used to provide guidance
to program management and policies. Information in this system will
also be used to: Support research of policy issues, quality and
effectiveness of care, and of epidemiological projects, support
regulatory and policy functions performed within the agency or by a
contractor or consultant, other federal agencies, support constituent
requests made to a congressional representative, and support
litigation involving the agency related to this system of records.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
which is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The proposed routine use in this system meets the
compatibility requirement of the Privacy Act. We are proposing to
modify the following routine use disclosures of information which
will be maintained in the system:
1. To an individual or organization for research, evaluation, or
epidemiological projects related to the prevention of disease or
disability, or the restoration or maintenance of health, and for
payment related projects.
2. To agency contractors, or consultants who have been engaged by
the agency to assist in accomplishment of a HCFA function relating to
the purposes for this system of records and who need to have access
to the records in order to assist HCFA.
3. To another federal agency to enable such agency to administer
a federal health benefits program, or as necessary to enable such
agency to fulfill a requirement of a federal statute or regulation
that implements a health benefits program funded in whole or in part
with federal funds.
4. To a Member of Congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
5. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof, or
(b) Any employee of the agency in his or her official capacity,
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee, or
(d) The United States Government is a party to litigation or has
an interest in such litigation, and by careful review, HCFA
determines that the records are both relevant and necessary to the
litigation and that the use of such records is deemed by the agency
to be for a purpose that is compatible with the purposes for which
the agency collected the records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer diskette and on magnetic storage media.
Retrievability:
Information can be retrieved by the name, and HIC of the
beneficiary.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
[[Page 15500]]
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the MCBS system. For computerized
records, safeguards have been established in accordance with the
Department of Health and Human Services (HHS) standards and National
Institute of Standards and Technology guidelines, e.g., security
codes will be used, limiting access to authorized personnel. System
securities are established in accordance with HHS, Information
Resource Management (IRM) Circular �10, Automated Information Systems
Security Program; HCFA Automated Information Systems (AIS) Guide,
Systems Securities Policies, and OMB Circular No. A-130 (revised),
Appendix III.
Retention and disposal:
Records are maintained in a secure storage area with identifiers.
Disposal occurs ten years after the final action of the research
project is completed.
System manager(s) and address:
Director, Systems, Office of Strategic Planning, HCFA, 7500
Security Boulevard, Baltimore, Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, HIC, date of birth,
and sex, and for verification purposes, the subject individual's name
(woman's maiden name, if applicable), and SSN. Furnishing the SSN is
voluntary, but it may make searching for a record easier and prevent
delay.
Record access procedures:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7).
Record source categories:
HCFA obtains the identifying information contained in this
records system from Medicare enrollment records, Medicare bill
records, Medicare provider records, Medicare beneficiaries and or
their representatives, and Medicare carriers and intermediaries.
Systems exempted from certain provisions of the act:
None.
09-70-9001
System name: Health Care Financing Administration (HCFA)
Correspondence and Assignment Tracking and Control System (CATCS),
HHS/HCFA/OEO.
Security classification:
None.
System locations:
Office of Executive Operations, Health Care Financing
Administration, Room 789 East High Rise Building, 6325 Security
Boulevard, Baltimore, Maryland 21207.
Office of Executive Operations, Health Care Financing
Administration, Room 309G, Hubert H. Humphrey Building, 200
Independence Avenue, SW., Washington, DC 20201.
Categories of individuals covered by the system:
Any beneficiary; any person who writes on behalf of
beneficiaries; the public; other government agencies; contractors;
and members of the Congress.
Categories of records in the system:
Information in the system includes the following:
1. Name of Beneficiary
2. Beneficiary social security number or railroad retirement
number
3. Name of correspondent other than a beneficiary
4. Bureau/office to which case is assigned
5. Correspondence control number
6. Date of initial entry and any subsequent updating
7. Subject of request
8. Location of case
9. Due date
10. Type(s) of information required
11. Cross reference
12. Incoming correspondence and response
Authority for maintenance of the system:
42 CFR 401.101-401.148 and section 1106(a) of the Social Security
Act, 42 U.S.C. 1306(a).
Purpose(s):
This system is used to track, control, and respond to
correspondence from the public, other government agencies,
contractors, and members of the Congress.
Routine uses of records maintained in the system, including
categories of users and purposes of such uses:
Disclosures may be made:
1. To a congressional office from the record of an individual in
response to an inquiry from the congressional office at the request
of that individual.
2. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating ADP software.
Data would also be disclosed to contractors incidental to
consultation, programming, operation, user assistance, or maintenance
for ADP or telecommunications systems containing or supporting
records in the system.
4. To the Railroad Retirement Board for administering provisions
of the Railroad Retirement and Social Security Act relating to
railroad employment.
5. Third-party contacts (without the consent of the individual to
whom the information pertains) in situations where the party to be
contacted has, or is reasonably expected to have information relating
to the individual's capability to manage his or her eligibility for
an entitlement to benefits under the Medicare or Medicaid program
when:
(a) The individual is unable to provide the information being
sought (an individual is considered to be unable to provide certain
types of information when any of the following conditions exist:
There is a reasonable basis to conclude that the individual is of
questionable mental capability, cannot read or write, cannot afford
the cost of obtaining the information, a language barrier exists, or
the custodian of the information will not, as a matter of policy,
provide it to the individual,) or,
(b) The data are needed to establish the validity of evidence or
to verify the accuracy of information presented by the individual,
and they concern one or more of the following: The individual's
eligibility to benefits under the Medicare program; the amount of
reimbursement; any case in which the evidence is being reviewed as a
result of suspected abuse or fraud, concern for program integrity, or
for quality appraisal; or evaluation and measurement of system
activities.
To the Social Security Administration for their assistance in the
implementation of HCFA's administration of the Medicare and Medicaid
programs.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of records in the system:
Storage:
The records are maintained in magnetic media (e.g., magnetic tape
and computer discs) and in paper form.
Retrievability:
The data in this system are retrieved by name, social security
number, or correspondence control number.
Safeguards:
Safeguards for automated records have been established in
accordance with the HHS Information Resource Management Manual, Part
6, ADP Systems Security. This includes maintaining the records in a
secure enclosure.
Access to specific records is limited to those who have a need
for them in the performance of their official duties.
Paper records are maintained in locked files or in buildings
which are secured after normal business hours.
All HCFA agency employees and contractor personnel will be
notified of the confidentiality of the records and of criminal
sanctions for unauthorized disclosure of the information.
Retention and disposal:
Records are maintained on-line in the system for 2 years. After a
2-year period, records are transferred to an archive file and
destroyed three years later.
System manager(s) and address:
Director, Executive Secretariat, Office of Executive Operations,
Health Care Financing Administration, Room 309G, Hubert H. Humphrey
Building, 200 Independence Avenue, SW, Washington, DC 20201
Notification procedures:
To determine if a record exists, write to the system manager at
the address indicated above and specify name or social security
number.
Record access procedures:
Same as notification procedures. Requestors should reasonably
specify the records content being sought. You may also request an
accounting of disclosures that have been made of your records, if
any. These procedures are in accordance with Departmental Regulations
45 CFR 5b.5(a)(2).
Contesting records procedure:
Contact the system manager named above and reasonably identify
the record and specify the information to be contested, and state the
corrective action sought and your reasons for requesting the
correction, along with information to show how the record is
inaccurate, incomplete, untimely, or irrelevant. These procedures are
in accordance with Departmental Regulations 45 CFR 5b.7.
Record source categories:
Incoming correspondence and responses to such correspondence.
Systems exempted from certain provisions of the act:
None.
09-70-9002
System name:
Home Health Agency Outcome and Assessment Information Set (HHA
OASIS).
Security classification:
Level Three Privacy Act Sensitive.
System location:
CMS Data Center, 7500 Security Boulevard, North Building, First
Floor, Baltimore, Maryland 21244-1850. CMS contractors and agents at
various locations.
Categories of individuals covered by the system:
The system of records (SOR) will contain clinical assessment
information (OASIS) for all patients receiving the services of a
Medicare and/or Medicaid approved HHA, except prepartum and
postpartum patients, patients under 18 years of age, and patients
receiving other than personal care or health care services; i.e.,
housekeeping services and chore services. Identifiable information
will be maintained in the SOR only for those individuals whose
payments come from Medicare or Medicaid.
Categories of records in the system:
This SOR will contain individual-level demographic and
identifying data, as well as clinical status data for patients with
the payment sources of Medicare traditional fee for service, Medicaid
traditional fee for service, Medicare HMO/managed care or Medicaid
HMO/managed care.
Authority for maintenance of the system:
Sections 1102(a), 1154, 1861(m), 1861(o), 1861(z), 1863, 1864,
1865, 1866, 1871, 1891, and 1902 of the Social Security Act (the Act)
authorize the Administrator of CMS to require HHAs participating in
the Medicare and Medicaid programs to complete a standard, valid,
patient assessment data set; i.e., the OASIS, as part of their
comprehensive assessments and updates when evaluating adult, non-
maternity patients as required by section 484.55 of the Conditions of
Participation.
Purpose(s):
The primary purposes of the SOR are to: (1) Study and help ensure
the quality of care provided by home health agencies (HHA); (2) aid
in administration of the survey and certification of Medicare/
Medicaid HHAs; (3) enable regulators to provide HHAs with data for
their internal quality improvement activities; (4) support agencies
of the state government to determine, evaluate and assess overall
effectiveness and quality of HHA services provided in the state; (5)
provide for the validation, and refinements of the Medicare
Prospective Payment System; (6) aid in the administration of Federal
and state HHA programs within the state; and (7) monitor the
continuity of care for patients who reside temporarily outside of the
state. Information maintained in this system will also be disclosed
to: (1) Support regulatory, reimbursement, and policy functions
performed within the Agency or by a contractor or consultant; (2)
assist another Federal and/or state agency, agency of a state
government, an agency established by state law, or its fiscal agent,
for evaluating and monitoring the quality of home health care and
contribute to the accuracy of health insurance operations; (3)
support research, evaluation, or epidemiological projects related to
the prevention of disease or disability, or the restoration or
maintenance of health, and for payment related projects; (4) support
the functions of Peer Review Organizations (PRO); (5) support the
functions of national accrediting organizations; (6) support
litigation involving the Agency; (7) support constituent requests
made to a Congressional representative; and (8) combat fraud and
abuse in certain health care programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These routine uses specify circumstances, in addition to those
provided by statute in the Privacy Act of 1974, under which CMS may
release information from the OASIS without the consent of the
individual to whom such information pertains. Each proposed
disclosure of information under these routine uses will be evaluated
to ensure that the disclosure is legally permissible, including but
not limited to ensuring that the purpose of the disclosure is
compatible with the purpose for which the information was collected.
In addition, our policy will be to prohibit release even of non-
identifiable data, except pursuant to one of the routine uses, if
there is a possibility that an individual can be identified through
implicit deduction based on small cell sizes (instances where the
patient population is so small that individuals who are familiar with
the enrollees could, because of the small size, use this information
to deduce the identity of the beneficiary).
This SOR contains Protected Health Information as defined by HHS
regulation ``Standards for Privacy of Individually Identifiable
Health Information'' (45 CFR parts 160 and 164, 65 Federal Register
(FR) 82462 (12-28-00), as amended by 66 FR 12434 (2-26-01)).
Disclosures of Protected Health Information authorized by these
routine uses may only be made if, and as permitted or required by
this HHS regulation ``Standards for Privacy of Individually
Identifiable Health Information.'' We are proposing to establish or
modify the following routine use disclosures of information
maintained in the system:
1. To Agency contractors, or consultants who have been contracted
by the Agency to assist in accomplishment of a CMS function relating
to the purposes for this system and who need to have access to the
records in order to assist CMS.
2. To another Federal or state agency, agency of a state
government, an agency established by state law, or its fiscal agent,
for evaluating and monitoring the quality of home health care and
contribute to the accuracy of health insurance operations to:
a. Contribute to the accuracy of CMS's proper payment of Medicare
benefits,
b. Enable such agency to administer a Federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a Federal statute or regulation that implements a
health benefits program funded in whole or in part with Federal
funds, and/or
c. Assist Federal/state Medicaid programs within the state.
3. To an individual or organization for a research, evaluation,
or epidemiological project related to the prevention of disease or
disability, the restoration or maintenance of health, or payment
related projects.
4. To Peer Review Organizations (PRO) in order to assist the PRO
to perform Title XI and Title XVIII functions relating to assessing
and improving HHA quality of care.
5. To national accrediting organizations with approval for
deeming authority for Medicare requirements for home health services
(i.e., the Joint Commission on Accreditation of Healthcare
Organizations, or the Community Health Accreditation Program).
Information will be released to these organizations only for those
facilities that they accredit, and that participate in the Medicare
program by virtue of their accreditation (deemed) status.
6. To the Department of Justice (DOJ), court, or adjudicatory
body when:
a. The Agency or any component thereof; or
b. Any employee of the Agency in his or her official capacity; or
c. Any employee of the Agency in his or her individual capacity
where the DOJ has agreed to represent the employee; or
d. The United States Government; is a party to litigation or has
an interest in such litigation, and by careful review, CMS determines
that the records are both relevant and necessary to the litigation.
7. To a Member of Congress or to a congressional staff member in
response to an inquiry of the congressional office made at the
written request of the constituent about whom the record is
maintained.
8. To a CMS contractor (including, but not limited to Fiscal
Intermediaries and carriers) that assists in the administration of a
CMS-administered health benefits program, or to a grantee of a CMS-
administered grant program, when disclosure is deemed reasonably
necessary by CMS to prevent, deter, discover, detect, investigate,
examine, prosecute, sue with respect to, defend against, correct,
remedy, or otherwise combat fraud or abuse in such programs.
9. To another Federal agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States (including any state or local governmental agency), that
administers, or that has the authority to investigate potential fraud
or abuse in, a health benefits program funded in whole or in part by
Federal funds, when disclosure is deemed reasonably necessary by CMS
to prevent, deter, discover, detect, investigate, examine, prosecute,
sue with respect to, defend against, correct, remedy, or otherwise
combat fraud or abuse in such programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
All records are stored on magnetic media.
Retrievability:
The Medicare and Medicaid records are retrieved by health
insurance claim number, social security number (SSN) or by state
assigned Medicaid number.
Safeguards:
CMS has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements. Employees who maintain records in the system
are instructed not to release any data until the intended recipient
agrees to implement appropriate administrative, technical,
procedural, and physical safeguards sufficient to protect the
confidentiality of the data and to prevent unauthorized access to the
data.
In addition, CMS has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the HHA OASIS system. For computerized
records, safeguards have been established in accordance with HHS
standards and National Institute of Standards and Technology
guidelines; e.g., security codes will be used, limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management Circular �10, Automated
Information Systems Security Program; CMS's Information System
Security Policy and Program Handbook; and OMB Circular No. A-130
(revised) Appendix III.
Retention and disposal:
CMS and the repository of the National Archive and Records
Administration will retain identifiable OASIS assessment data for a
total period not to exceed fifteen (15) years.
System manager(s) and address:
Director, Center for Medicaid and State Operations, CMS, 7500
Security Boulevard, Baltimore, Maryland, 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, health insurance
claim number, and for verification purposes, the subject individual's
name (woman's maiden name, if applicable), SSN (furnishing the SSN is
voluntary, but it may make searching for a record easier and prevent
delay), address, date of birth, and sex.
Record access procedure:
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2)).
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
The Outcome and Assessment Information Set.
Systems exempted from certain provisions of the act:
None.
09-70-9005
System name:
Complaints Against Health Insurance Issuers and Health Plans
(CAHII), HHS/HCFA/CMSO.
Security classification:
Level 3, Privacy Act Sensitive Data.
System location:
7500 Security Boulevard, South Building, Third Floor, Baltimore,
Maryland 21244-1850. Portions of the system of records will be
maintained at various HCFA regional offices.
Categories of individuals covered by the system:
Consumers who contact HCFA with complaints that their health
insurance issuer or health plan is violating Title I of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA), the
Mental Health Parity Act of 1996 (MHPA), the Newborns' and Mothers'
Health Protection Act of 1996 (NMHPA), and the Women's Health and
Cancer Rights Act of 1998 (WHCRA); as well as consumers who contact
HCFA with inquiries about the consumer protections offered by one or
more of these Acts.
Categories of records in the system:
This system will contain the consumer's name, social security
number or health plan ID number, address, phone number, the name and
address of their health insurance issuer or health plan, the nature
of their complaint or inquiry, and any relevant medical or other
information necessary to resolve their complaint against their health
insurance issuer or health plan.
Authority for maintenance of the system:
Section 2722 of the PHS Act (42 U.S.C. 300gg-22) and section 2761
(42 U.S.C. 300gg-61).
Purpose(s):
The primary purpose of the system of records is to enable HCFA to
collect, retrieve and act on information obtained when consumers
contact HCFA and inform the agency that their health insurance issuer
and/or health plan has violated Title I of HIPAA, MHPA, NMHPA, or
WHCRA. Consumers will direct these complaints to HCFA's central
office, and to HCFA's regional offices. Relevant information about
each complaint is documented on paper at each HCFA location that
receives complaints. The system of records will be maintained at
several locations. HCFA will use information retrieved from this
system of records to enforce these four Acts by assisting individuals
in securing their rights under them. HCFA also will use information
retrieved from this system of records to identify any patterns of
violations that will help HCFA determine whether targeted outreach
and education efforts are needed.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The Privacy Act permits us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The routine uses in this system meet the compatibility
requirement of the Privacy Act.
1. To agency contractors, or consultants who have been engaged by
the agency to assist in accomplishment of an HCFA function relating
to the purposes for this system of records and who need to have
access to the records in order to assist the HCFA.
2. To a Member of Congress or to a congressional staff member in
response to an inquiry of the Congressional Office made at the
written request of the constituent about whom the record is
maintained.
3. To the Department of Justice (DOJ), court or adjudicatory body
when:
(a) The agency or any component thereof; or
(b) Any employee of the agency in his or her official capacity;
or
(c) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee; or
(d) The United States Government;
Is a party to litigation or has an interest in such litigation,
and by careful review, HCFA determines that the records are both
relevant and necessary to the litigation.
4. To a health insurance issuer and/or health plan, that has been
named in a complaint and is believed to be in violation of relevant
portions of the PHS Act.
5. To another Federal or State agency:
(a) To refer a complaint or inquiry with respect to Title I of
HIPAA, MHPA, NMHPA or WHCRA or
(b) To enable such agency to administer a Federal health benefits
program, or as necessary to enable such agency to fulfill a
requirement of a Federal statute or regulation that implements a
health benefits program funded in whole or in part with Federal
funds.
6. To third party contacts when the party to be contacted has, or
is expected to have, information relating to the individual's
complaint against a health insurance issuer and/or health plan, when:
(a) The individual is unable to provide the information being
sought. An individual is considered unable to provide certain types
of information when:
(1) He or she is incapable or of questionable mental capability;
(2) He or she cannot read or write;
(3) He or she has a hearing impairment, and is contacting HCFA by
telephone through a telecommunications relay system operator;
(4) He or she cannot afford the cost of obtaining the
information;
(5) A language barrier exists; or
(6) The custodian of the information will not, as a matter of
policy, provide it to the individual; or
(b) The data are needed to establish the validity of evidence or
to verify the accuracy of information presented by the individual
concerning his or her complaint against a health insurance issuer
and/or health plan; or HCFA is reviewing the information as a result
of suspected violation of the PHS Act.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information is maintained on paper.
Retrievability:
The records are retrieved by name and social security number.
Safeguards:
HCFA has safeguards for authorized users and monitors such users
to ensure against excessive or unauthorized use. Personnel having
access to the system have been trained in the Privacy Act and systems
security requirements.
In addition, HCFA has physical safeguards in place to reduce the
exposure of computer equipment and thus achieve an optimum level of
protection and security for the CAHII system. Safeguards have been
established in accordance with HHS standards and National Institute
of Standards and Technology guidelines; e.g., limiting access to
authorized personnel. System securities are established in accordance
with HHS, Information Resource Management (IRM) Circular �10,
Automated Information Systems Security Program; HCFA Automated
Information Systems (AIS) Guide, Systems Securities Policies; and OMB
Circular No. A-130 (revised) Appendix III.
Retention and disposal:
HCFA will retain CAHII data for a total period of seven (7) years
after resolution of the inquiry/complaint.
System manager(s) and address:
Director, Private Health Insurance Group, HCFA, 7500 Security
Boulevard, Baltimore, Maryland 21244-1850.
Notification procedure:
For purpose of access, the subject individual should write to the
system manager who will require the system name, the subject
individual's name, social security number (SSN) (furnishing the SSN
is voluntary, but it may make searching for a record easier and
prevent delay), address, date of birth, and sex.
Record access procedure:L
For purpose of access, use the same procedures outlined in
Notification Procedures above. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual should contact the system manager named
above, and reasonably identify the record and specify the information
to be contested. State the corrective action sought and the reasons
for the correction with supporting justification. (These procedures
are in accordance with Department regulation 45 CFR 5b.7.)
Record source categories:
Sources of information contained in this records system include
data collected from the individuals themselves, and information
collected from their health insurance issuer or health plan.
Systems exempted from certain provisions of the act:
None.
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Human Development Services
System Name and System Number:
09-80-0009--ACYE Mailing List,HHS/HDS/ACYF.
09-80-0020--HDS Publications Distribution Mailing List, HHS/
HDS/OPA.
09-80-100--Records Maintained on Individuals for Program
Evaluation Purposes Under Contracts, HHS/HDS.
09-80-0201--Income and Eligibility Verification for Aid to
Families with Dependent Children Quality Control (AFDC-QC) Reviews,
HHS/ACF/OFA.
09-80-0202--Federal Case Registry of Child Support Orders
(FCR), HHS/OCSE.
09-80-0009
System name: ACYF Mailing List, HHS/HDS/ACYF.
Security classification:
None.
System location:
Administration for Children, Youth & Families, Room 5130, Donohoe
Building, 400 6th Street, SW, Washington, DC 20201.
Categories of individuals covered by the system:
Head Start grantees.
Categories of records in the system:
Mailing key contains grantees' names and addresses only.
Authority for maintenance of the system:
Omnibus Budget Reconciliation Act of 1981 (Pub. L. 97-35).
Purpose(s):
To assist ACYF in carrying out its responsibilities to grantees
under the Act.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual
(2) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer tape.
Retrievability:
Indexed by code using letters and numbers; used for
correspondence, to distribute program information. Addresses will be
retrieved by matching of identifier codes with the grantees' names.
Safeguards:
Access by authorized personnel only.
Retention and disposal:
List is continually updated. Information is kept as long as
accurate.
System manager(s) and address:
Director, Head Start Bureau, ACYF, PO Box 1182, Washington, DC
20013.
Notification procedure:
Any inquiry regarding these systems of records should be in
writing and should be addressed to the System Manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought.
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
the reason(s) for the correction with supporting justification.
Record source categories:
Source of information is directly from grantees.
Systems exempted from certain provisions of the act:
None.
09-80-0020
System name: HDS Publications Distribution Mailing List, HHS/
HDS/OPA.
Security classification:
None.
System location:
Room 358G, Hubert Humphrey Bldg., Washington, DC 20201
Categories of individuals covered by the system:
State and local governmental units, organizations, individuals
and grantees who ask to receive HDS publications.
Categories of records in the system:
Name, title, address interest in HDS programs, addressee's field
of activity, type of organization, scope of organization, whether
provide information or services or both, and media affiliation, if
applicable.
Authority for maintenance of the system:
Titles IV-B, IV-E, and XX of the Social Security Act;
Developmental Disabilities Assistance and Bill of Rights Act, Pub. L.
94-103, as amended by Pub. L. 95-602; Title VIII of Pub. L. 93-644,
as amended, Native American Programs; Pub. L. 95-266, The Child Abuse
Prevention and Treatment Act; Children's Bureau Act of 1912; Pub. L.
93-644, as amended, Headstart--Follow Through Act; Pub. L. 97-35,
Omnibus Budget Reconciliation Act; 42 U.S.C. 5701, Runaway and
Homeless Youth Act; and Older Americans Act of 1965, as amended.
Purpose(s):
To assist HDS programs in carrying out their responsibilities to
disseminate program information.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a Congressional office from the
record of an individual in response to a verified inquiry from the
Congressional office made at the written request of that individual.
2. Disclosure may be made to the Department of Justice, to a
court or other tribunal, or to another party before such tribunal,
when:
(a) HHS or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the tribunal, or other party is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, andf disposing of records in the system:
Storage:
Computer tape.
Retrievability:
Addresses will be retrieved by name, interest in HDS programs,
field of activity, type of organization or level of government, scope
of organization, whether the addresses provide information or
services or both, or type of media.
Safeguards:
1. Authorized Uses: Only authorized personnel within the
Department may access the HUD mailing list.
2. Physical Safeguards: Computer tapes are stored in locked files
in secured areas. Computer terminals are in secured areas.
3. Procedural Safeguards: Employees who maintain the tapes in
this system are instructed to grant regular access only to authorized
users. Data stored in computers are accessed through the use of
passwords/keywords known to authorized personnel. These passwords/
keywords are changed frequently.
4. Implementation Guidelines: Part 6, 'Automated Information
System Security` of the HHS Information Resources Management Manual.
Retention and disposal:
List is annually circularized as required by the Joint Committee
on Printing and those not responding are dropped from the list.
System manager(s) and address:
Director, Division of Publication and Graphic Services, Office of
Public Affairs, HDS, 329D, Hubert Humphrey Bldg., Washington, DC
20201.
Notification procedures:
Any inquiries regarding this system of records should be in
writing and should be addresses to the System Manager.
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above, and reasonably identify the record and specify the
information to be contested. State the corrective action sought and
your reason(s) for requesting the correction with supporting evidence
to justify it.
Systems exempted from certain provisions of the act:
None.
09-80-0100
System name: Records Maintained on Individuals for Program
Evaluation Purposes Under Contract, HHS/HDS.
Security classification:
None.
System location:
Hubert H. Humphrey Building, Room 306-E, 200 Independence Avenue,
SW, Washington, DC 20201.
Independent contractors of HDS and collaborating Federal and
State local government agencies.
Write to the system manager at the address below for the address
of current locations.
Categories of individuals covered by the system:
Persons who are the subjects in various HDS program evaluation
projects under contracts administered by HDS.
Categories of records in the system:
Information about evaluation project participants including their
identities, addresses, occupations, professions, school or job
performances, health status, and test scores.
Authority for maintenance of the system:
Authority is provided by Titles IV-B, IV-E and XX of the Social
Security Act, as amended; Developmentally Disabled Assistance and
Bill of Rights Act, Pub. L. 94-103 (1975), as amended; Native
American Programs Act of 1974, Pub. L. 93-644, Title VIII, as
amended; Child Abuse Prevention and Treatment and Adoption Reform Act
of 1978, Pub. L. 95-266; Head Start--Follow Through Act, Pub. L. 93-
644 (1975), as amended; Runaway Youth Act, Pub. L. 93-415, Title III
(1974); and Older Americans Act of 1965, Pub. L. 89-73, as amended.
Purpose(s):
To enable HDS to determine the effectiveness of certain programs
it administers by having HDS contractors perform evaluation studies
of various HDS programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) HDS contractors in order to perform the program evaluation
studies for which the records are maintained. These contractors are
required to comply with the requirements of the Privacy Act with
respect to the records.
(2) HDS contractors engaged in program evaluation support
activities such as collating, analyzing, aggregating or otherwise
refining records in this system. These contractors will be required
to comply with the requirements of the Privacy Act with respect to
the records.
(3) A Congressional office from the record of an individual in
response to an inquiry which the Congressional office made at the
written request of that individual.
(4) The Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determine that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, microfilms, charts, graphs, computer tapes, disks,
and punch cards.
Retrievability:
By name, Social Security Number when supplied voluntarily in
addition to some other alternative system of retrieval, or other
identifying number or symbol.
Safeguards:
Measures to prevent unauthorized disclosures are required as
appropriate for each contractor location and for the particular
records maintained under each contract. Each contractor implements
personnel, physical and procedural safeguards such as the following:
(1) Authorized users: Records maintained in this system are
accessible to only contractors compiling or using the information
necessary to perform the program evaluation activities for which the
system is designed.
(2) Physical safeguards: Records are kept in limited access
areas. Offices and record storage locations are locked during off-
duty hours. Input data for computer files is coded to preclude easy
identification of individuals. Information on individual identities
is kept separate from data used for analysis.
(3) Procedural and technical safeguards: Access to manual files
is available only to authorized personnel, as described above. Access
to computer files is controlled through security codes known only to
authorized users. Names and other information sufficient for easy
identification of individuals are not included in data files used for
analysis. These files are indexed by code number or symbols. Code
numbers or symbols and complete identifying information in the
individual are linked only if there is a specific need, such as for
data verification and follow up.
Contractors maintaining records in this system are instructed to
make no further disclosure of the records except as authorized by the
system manager and permitted by the Privacy Act. Privacy Act
requirements are specifically included in all contracts for program
evaluation activities supported by this system. The system manager is
the Director, Office of Policy Coordination and Review, HDS. HDS
project officers responsible for overseeing performances of HDS
contractors will also oversee compliance with these Privacy Act
requirements.
The particular safeguards implemented at each site are developed
in accordance with 45 CFR part 5b, Chapter 45-13, ``Safeguarding
Records Contained in Systems of Records'', of the HHS General
Administration Manual, and Part 6 ADP Systems Security, of the HHS
ADP Systems Manual and the National Bureau of Standards, Federal
Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Contractors are to retain records as long as necessary to
accomplish the purpose for which the records were kept. Disposal
methods include erasing computer tapes and disks, burning hard
copies, shredding or any other method which effectively obliterates
that data contained in the records.
System manager(s) and address:
Director, Office of Policy, Planning and Legislation, OHDS,
Hubert H. Humphrey Building, Room 306-E, 200 Independence Avenue, SW,
Washington, DC 20201, Telephone (202) 245-7027.
Notification procedure:
To determine if a file exists, write to the system manager and
provide the following information:
a. System name: Records Maintained on Individuals for Program
Evaluation Purposes Under Contracts, HHS, HDS;
b. The requester's complete name at the time of program
participation;
c. Facility used by (if applicable), and home address of, the
requester at the time of participation; and
d. In some cases, where records are retrieved by an identifying
number, it may be necessary to provide that number. A requester may
be asked to voluntarily disclose his or her Social Security Number
(SSN) in which case statutory authority for SSN solicitations will be
provided to the requester. The SSN will only be used to retrieve any
records that may be retained on the requester. Should a requester
refuse to disclose his or her SSN then the system will be designed to
ensure that his or her records will still be retrievable by some
alternative means.
The requester must also verify his or her indentity by: Providing
one piece of tangible identification (e.g., driver's license,
passport, etc.); or submitting a notarized request; or providing a
written certification that the requester is who he or she claims to
be and understands that the knowing and willful request for or
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Privacy Act, subject to a
maximum fine of five thousand dollars.
A parent or guardian who requests notification of, or access to,
the record of a minor or legal incompetent must verify his or her
relationship to the minor or incompetent person in the manner
prescribed by 45 CFR 5b.5(b)(2)(iii), in addition to verifying his or
her own identity.
Record access procedures:
Write to the system manager and provide the same information as
required under the notification procedures above. Requesters should
also reasonable specify the record content being sought. Requesters
may ask for a list of accounting of the disclosures which have been
made of their records.
Contesting record procedures:
Write to the system manager at the address specified above and
reasonable identify the record and specify the information to be
contested. State the corrective action and the reasons for the
correction, and provide supporting justification to show that the
record is inaccurate, incomplete, irrelevant, untimely, or
unnecessary. Refusals to correct a record may be appealed in writing
to the Assistant Secretary for Human Development Services, pursuant
to 45 CFR 5b.8(a)(iv).
Record source categories:
The data contained in these records is furnished by the
individual and third party contacts having specific knowledge about
the individual that is needed to complete the program evaluation.
Systems exempted from certain provisions of the act:
None.
09-80-0201
System name: Income and Eligibility Verification for Aid to
Families with Dependent Children Quality Control (AFDC-QC)
Reviews, HHS/ACF/OFA.
Security classification:
None.
System location:
ACF Computer Facilities, National Computer Center, Social
Security Administration, 6201 Security Boulevard, Room 2-k-11,
Baltimore, Maryland 21235.
Categories of individuals covered by the system:
Approximately 48,000 AFDC recipients in the AFDC-QC subsample per
year.
Categories of records in the system:
Recipient name, address, Social Security Number, name of State,
State and Federal AFDC-QC case review number, and financial
information concerning AFDC recipient income and resources.
Authority for maintenance of the system:
Section 408 of the Social Security Act (42 U.S.C. 608).
Regulations at 45 CFR 205.40-205.43.
Purpose(s):
To use other Federal and State agencies as necessary (e.g.,
Internal Revenue Service (IRS)) to identify sources of income and
resources of AFDC recipients to establish the accuracy of AFDC
eligibility determinations and payment amounts.
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
Disclosures may be made:
1. To other Federal agencies (e.g., Internal Revenue Service) to
obtain income/resource data for the purpose of determining correct
AFDC eligibility and payment.
2. To a State agency administering the AFDC program which will
use the information in its eligibility and payment decisions.
3. To a congressional office, from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
4. To a contractor for the purpose of collating, analyzing,
aggregating or otherwise refining or processing records in this
system or for developing, modifying and/or manipulating Automatic
Data Processing (ADP) software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance of a ADP or telecommunications system
containing or supporting records in the system.
5. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when one of the following is a
party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the tribunal, or other party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected:
a. HHS, or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
d. The United States or any agency thereof, where HHS determines
that the litigation is likely to affect HHS or any of its components.
6. To an agency of a State Government, or established by State
law, for purposes of determining, evaluating and assessing cost,
effectiveness, and the quality of the AFDC program in the State, if
ACF:
a. Determines that the use or disclosure does not violate legal
limitations under which the data were provided, collected, or
obtained;
b. Establishes that the data are exempt from disclosure under the
State and/or local Freedom of Information Act;
c. Determines that the purpose for which the disclosure is to be
made:
(1) Cannot reasonably be accomplished unless the data are
provided in an individually identifiable form;
(2) Is of sufficient importance to warrant the effect and risk to
the privacy interests of the individual that additional exposure of
the record might bring, and;
(3) There is reasonable probability that the objective for the
use would be accomplished; and
d. Requires the receiver to:
(1) Establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record;
(2) Remove or destroy the information that allows the individual
to be identified at the earliest time at which removal or destruction
can be accomplished consistent with the purpose of the request,
unless the recipient presents an adequate justification for retaining
such information;
(3) Make no further use or disclosure of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual;
(b) For use in another project under the same conditions, and
with written authorization of ACF;
(c) For disclosure to a properly identified person for the
purpose of an audit related to the project, if information that would
enable project subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) When required by law; and
(4) Secure a written statement attesting to the receiver's
understanding of and willingness to abide by these provisions. The
receiver must agree to the following:
(a) Not to use the data for purposes that are not related to the
evaluation of cost, quality and effectiveness of the AFDC program;
(b) Not to publish or otherwise disclose the data in a form
raising unacceptable possibilities that beneficiaries could be
identified (i.e., the data must not be beneficiary-specific and must
be aggregated to a level at which no data cells have ten or fewer
beneficiaries); and
(c) To submit a copy of any aggregation of the data intended for
publication to ACF for approval prior to publication.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Storage will be on paper and magnetic media.
Retrievability:
Information will be retrieved by beneficiary social security
number which is the unique identifier used by ACF for this system of
records, beneficiary name, and the State and Federal AFDC-QC case
number.
Safeguards:
ACF will maintain all return information in accordance with
Federal requirements as necessary (e.g., the provisions of the
Internal Revenue Code section 6103(p)(4)). The records will be
accessible only to authorized employees. ACF will notify all
employees having access to records of criminal sanctions for
unauthorized disclosure of information on individuals. All authorized
staff will have computer system security clearance by use of an
identification code and a password to access data. Access to the
return data will be restricted (via security software packages on ACF
computer facilities that are housed within the National Computer
Center), to only those ACF employees who are associated with
implementing and maintaining the system of records on a ``need to
know'' basis. All computer records will be safeguarded in accordance
with the provisions of the HHS Information Resource Management
Manual, Part 6, ADP Systems Security, including use of passwords, and
the National Bureau of Standards Federal Information Processing
Standards.
Retention and disposal:
Hard copy records will be maintained indefinitely. Magnetic media
will be disposed of after the AFDC-QC payment error rates are
produced for the appropriate AFDC-QC review period involved.
System manager(s) and address:
Director, Division of Quality Control, Office of Family
Assistance, Administration for Children and Families, Aerospace
Building--5th Floor, 370 L'Enfant Promenade SW, Washington, DC 20447.
Notification procedure:
To determine if a record concerning yourself exists, write to the
System Manager at the address indicated above. The requester must
also verify his or her identity by providing either a notarization of
the request or a written certification that the requester is who he
or she claims to be. The request must include: (a) Full name, (b)
social security number, and (c) address. The requester must also
understand that the knowing and willful request for acquisition of a
record pertaining to an individual under false pretenses is a
criminal offense under the Act, subject to a five thousand dollar
fine.
Record access procedure:
Write to the System Manager specified above to gain access to
records and provide the same information as is required under the
Notification Procedures. Requesters should also reasonably specify
the record contents being sought. Individuals may also request an
accounting of disclosure of their records, if any.
Contesting record procedures:
Contact the System Manager specified above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and your reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely or irrelevant. The right to
contest records is limited to information which is incomplete,
irrelevant, inaccurate, or untimely (obsolete).
Record source categories:
Income/resource data requested from other Federal agencies (e.g.,
IRS) and/or State agencies as necessary.
Systems exempted from certain provisions of the Privacy Act:
None.
09-80-0202
System name:
Federal Case Registry of Child Support Orders (FCR), HHS, OCSE.
Security classification:
None.
System location:
Office of Child Support Enforcement, 370 L'Enfant Promenade, SW.,
4th Floor East, Washington, DC 20447;
Social Security Administration, 6200 Security Boulevard,
Baltimore, Maryland 21235.
Categories of individuals covered by the system:
Records will be maintained with respect to all cases or orders
submitted by States to the Federal Case Registry. The cases and
orders which States will submit to the FCR include each case in which
services are being provided by the State under the State plan
approved by Title IV-D of the Act, and each support order established
or modified in the State on or after October 1, 1998.
Categories of records in the system:
The FCR system of records will include records that contain the
following information: Names (including alternative names); social
security numbers (including alternative numbers); birth dates;
participant type (custodial party, noncustodial parent, putative
father, child); sex; case type (IV-D, non-IV-D); indication of an
order; family violence indicator (domestic violence or child abuse);
locate request type (reason for locate); locate source (source which
State wishes to check for data); State Federal Information Processing
Standard code; county code; State case identification number; and
State member identification number.
Authority for maintenance of the system:
Sections 452 and 453 of the Social Security Act (42 U.S.C. 652
and 653) required the Secretary of HHS to establish and conduct the
Federal Parent Locator Service, a computerized national location
network which provides address and social security number information
to State and local CSE agencies.
Purpose(s):
The primary purpose of the FCR will be to improve States'
abilities to locate parents and collect child support. The FCR will
consist of State case registry information, and will contain
abstracts of case and order information with respect to each case and
order in each State Case Registry. At least every two business days,
the FCR will be matched against the National Directory of New Hires
(NDNH), another component of the Federal Parent Locator Service, to
determine if a newly hired employee included in the NDNH is a
participant in a child support case anywhere in the country. Within
two business days after a comparison reveals a match with respect to
an individual, the Service will report the match as well as the
information regarding the individual's current employment and other
pertinent information to the State agency or agencies responsible for
the case. The Service will also alert States when other States have
registered the same individuals on the FCR.
The new system of records will include a Family Violence (FV)
indicator in the FCR to prevent disclosure of the records of any
person a State associates with FV. When a State notifies the FCR that
there is reasonable evidence of domestic violence or child abuse, and
that disclosure could be harmful to the party or the child, the FCR
will not disclose any information from the records. In this instance,
the FCR will return a notice indicating that ``Disclosure is
Prohibited.'' A FV designation can only be removed by the State that
placed the designation, and the designation may be placed by more
than one State on the same person. However, information from the
records containing a FV designation may be disclosed by court order
pursuant to section 453(b)(2)(B) of the Act (42 U.S.C. 653(b)(2)(B)).
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
The routine uses proposed for this system are compatible with the
stated purpose of the system. Information from the Federal Case
Registry may be disclosed to the following entities: (1) Under
section 453(c)(1) of the Act (42 U.S.C. 653(c)(1)), to agents and
attorney of a State which has in effect an approved plan under Title
IV-A of the Act who have duty or authority to collect child and
spousal support; (2) Under section 453(c)(2) of the Act (42 U.S.C
653(c)(2)), to a Court or its agent which has authority to issue an
order against a noncustodial parent for child support or to serve as
the initiating court in an action to seek a child support order
against a noncustodial parent; (3) Under section 453(c)(3) of the Act
(42 U.S.C. 653(c)(3)), to a resident parent, legal guardian, or
attorney or agent of a child not receiving TANF benefits; (4) Under
section 453(c)(4) of the Act (42 U.S.C. 653(c)(4)), to a State agency
administering a child welfare program operated under a State plan
pursuant to subchapter 1 of Title IV-B of the Act or a State plan
pursuant to subchapter 2 of Title IV-B of the Act, or to a State
agency that is administering a program operated under a State plan
pursuant to Title IV-E of the Act; (5) Under section 653(j)(1)(B) of
the Act (42 U.S.C. 653(j)(1)(B)), to the Social Security
Administration for verification of name, social security number, and
birth dates; and employer identification number; (6) Under section
453(j)(2)(B) of the Act (42 U.S.C. 653(j)(2)(B)), to State agencies
responsible for paternity establishment or child support cases; (7)
Under section 453(j)(3)(B) of the Act (42 U.S.C 653(j)(3)(B)), to
State agencies for the purpose of assisting States to carry out their
responsibilities under programs operated under Title IV-D and IV-A of
the Act; (8) Under section 463(d)(2)(A) of the Act (42 U.S.C.
663(d)(2)(A)), to agents or attorneys of States who have the duty or
authority to enforce child custody or visitation determinations; (9)
Under section 453(d)(2)(B) of the Act (42 U.S.C. 663(d)(2)(B)), to a
Court or its agent with the jurisdiction to make or enforce a child
custody or visitation determination; (10) Under section 463(d)(2)(C)
of the Act (42 U.S.C. 663(d)(2)(C)), to agents or attorney of the
U.S. or of a State who have the authority or duty to investigate,
enforce, or prosecute the unlawful taking or restraint of a child;
(11) Under section 463(e) of the Act (42 U.S.C. 663(e)), to the U.S.
Central Authority for the purpose of locating any parent or child on
behalf of an applicant to the Central Authority; (12) Pursuant to
Pub. L. 105-34, Title X, sections 1090(a)(2) and (4), to the
Secretary of Treasury for the purpose of administering sections of
Title 26 which grant tax benefits based on support or residence of
children; (13) Where permitted by law, to researchers for the purpose
of conducting research consistent with the pertinent statutory
authority.
Disclosures to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The Secretary of Health and Human Services house the FCR in the
Social Security Administration's National Computer Center in
Baltimore, Maryland. A Direct Access Storage Data (DASD) unit will be
used for storage. FCR records will be maintained on disc and computer
tape, and hard copy.
Retrievability:
System records can be accessed by either a State assigned case
identification number or Social Security Number.
Safeguards:
1. Authorized Users: Data stored on computer files are accessed
by passwords known only to persons who are responsible for
implementing the FCR. Access to information in the FCR system is
limited to approved users whose official duties require access to
this information.
2. Physical Safeguards: Rooms where records are stored will be
locked when not in use. During regular business hours rooms will be
unlocked but controlled by on-site personnel.
3. Procedural and Technical Safeguards: A password is required to
access the terminal and a data set name restricts the release of the
data to only approved users. All users of the FCR system are required
to have in effect safeguards, applicable to all confidential
information that are designed to protect the privacy rights of the
parties; they must also have safeguards against any unapproved use or
disclosure of information contained in the FCR.
Retention and disposal:
(1) Records pertaining to a child will be deleted from the FCR
when a State dissociates the last custodial parent, non-custodial
parent, or putative father from the case or order, and no child
included in the case or order is associated with any other FCR case
or order; (2) Records containing a Family Violence Indicator will be
removed from the FCR when the State that initiated the indicator
requests that the record be removed from the FCR or when the State
closes the last case or order including the person connected to an
indicator; (3) Records of information provided by the FCR to
authorized users will be maintained only long enough to communicate
the information to the appropriate State or Federal agent.
Thereafter, the information provided will be destroyed; (4) Records
pertaining to disclosures (including information provided by States,
Federal agencies contacted, and an indication of the type(s) of
information returned), will be stored on a history tape and in hard
copy for two years and then destroyed; and (5) Any record relating or
potentially relating to a fraud or abuse investigation or a pending
or ongoing legal action including a class action, will be retained
until conclusion of the investigation or legal action. This exception
will protect information relevant to a pending case from being
prematurely destroyed.
System manager(s) and address:
Director, Program Operations Division, Office of Child Support
Enforcement, Department of Health and Human Services, 370 L'Enfant
Promenade, SW., 4th Floor, Washington, DC 20447.
Notification procedure:
To determine if a record exists, write to the System Manager
listed above. The requester must provide his or her full name and
address. Additional information, such as Social Security Number, date
of birth or mother's maiden name, may be requested by the system
manager in order to distinguish between individuals having the same
or similar names.
Record access procedures:
Individuals may have access to their records by making a written
request, addressed to the System Manager specified above. The
envelope containing the written request must be marked ``Privacy Act
Request'' or ``Freedom of Information Act Request'' or both, in the
bottom left-hand corner. The letter requesting access to FCR records
must state the following: (1) That the request is being made under
the Privacy Act; Freedom of Information Act, or both, (2) the name,
address, and signature of the requester; and (3) a detailed
description of the record contents they are seeking.
Contesting record procedure:
Individuals may request an amendment of a record which is not
accurate, relevant, timely, or complete by writing to the System
Manager at the address specified above. The envelope containing the
written request must be marked ``Privacy Act Amendment Request'' or
``Freedom of Information Act Request'' or both, in the bottom left-
hand corner. The letter requesting an amendment to FCR records must
state the following: (1) That the request to amend the record is
being made under the Privacy Act; Freedom of Information Act, or
both, (2) the individual's name, address, and signature; (3) a
description of the contested information; (4) the reason why the
information should be amended; and (5) documentation to show that the
information is inaccurate, irrelevant, untimely, or incomplete.
Individuals who are contesting records must also be able to prove
their identity.
Record source categories:
Information is obtained from departments, agencies, or
instrumentalities of the United States or any State.
System exempted from certain provisions of the act:
None.
Health Resources and Services Administration
Table of Contents
09-15-0002 Record of Patients' Personal Valuables and
Monies, HHS/HRSA/BPHC.
09-15-0003 Contract Physicians and Consultants, HHS/
HRSA/BPHC.
09-15-0004 Federal Employee Occupational Health Data
System, HHS/HRSA/BPHC.
09-15-0007 Patients Medical Records System PHS
Hospitals/Clinics, HHS/HRSA/BPHC.
09-15-0028 PHS Clinical Affiliation Trainee Records,
HHS/HRSA/BPHC.
09-15-0037 Public Health Service (PHS) and National
Health Service Corps (NHSC) Scholarship/Loan Repayment
Participant Records System, HHS/HRSA/BPHC.
09-15-0038 Disability Claims of the Nursing Student
Loan Program, HHS/HRSA/BHPr.
09-15-0039 Disability Claims in the Health Professions
Student Loan Program, HHS/HRSA/BHPr.
09-15-0042 Physician Shortage Area Scholarship Program,
HHS/HRSA/BPHC.
09-15-0044 Health Educational Assistance Loan Program
(HEAL) Loan Control Master File, HHS/HRSA/BHPr.
09-15-0046 Health Professions Planning and Evaluation,
HHS/HRSA/OA.
09-15-0054 National Practitioner Data Bank for Adverse
Information on Physicians and Other Health Care
Practitioners, HHS/HRSA/BHPr.
09-15-0055 Organ Procurement and Transplantation
Network (OPTN) Data System, HHS/HRSA/BHRD.
09-15-0056 National Vaccine Injury Compensation
Program, HHS/HRSA/BHPr.
09-15-0058 Faculty Loan Repayment Program, HHS/HRSA/
BHPr.
09-15-0059 Health Resources and Services Administration
Correspondence Control System, HHS/HRSA/OA.
09-15-0060 Minority/Disadvantaged Health Professions
Program, HHS/HRSA/BHPr.
09-15-0061 Ricky Ray Hemophilia Relief Fund Act of
1998, HHS/HRSA/BHPr.
09-15-0002
System name: Record of Patients' Personal Valuables and Monies,
HHS/HRSA/BPHC.
Security classification:
None.
System location:
Cahsier's Office, Gillis W. Long Hansen's Disease Center,
Carville, Louisiana 70721.
Categories of individuals covered by the system:
Individuals admitted to the Gillis W. Long Hansen's Disease
Center (GWLHDC).
Categories of records in the system:
Information regarding personal valuables such as watches or
rings, and monies checked in by the patients for safe-keeping.
Authority for maintenance of the system:
Section 321 of the Public Health Service Act, as amended (42
U.S.C. 248), Hospitals, Medical Examinations, and Medical Care.
Purpose(s):
The purpose of the system is to provide for the safekeeping of
patients' valuables. Records may also be used by the HHS Audit Agency
for audit purposes.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. The Department may disclose information from this system of
records to the Department of Justice, or to a court or other
tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Valuables and monies are sealed in an envelope and filed in a
locked safe.
Retrievability:
Name and hospital record number.
Safeguards:
1. Authorized Users: GWLHDC personnel responsible for the
security of valuables and monies. GWLHDC cashiers, nurses, and
physicians.
2. Physical Safeguards: All documents are protected during lunch
hours and nonworking hours in locked file cabinets or locked storage
areas.
3. Procedural Safeguards: All users of personal information in
connection with the performance of their jobs protect information
from public view and from unauthorized personnel entering an
unsupervised office. Access to records is strictly limited to those
staff members trained in accordance with the DHHS Chapter 45-13 and
Chapter PHS.hf: 45-13 of the General Administration Manual.
Retention and disposal:
Number of years held: Until audited by HHS Audit Agency. How
destroyed: Incinerator or shredding.
System manager(s) and address:
Chief, Medical Record Department, Gillis W. Long Hansen's Disease
Center, Carville, Louisiana 70721.
Notification procedure:
Write to the Cashier's Office, Gillis W. Long Hansen's Disease
Center, Carville, Louisiana 70721. Individual must provide positive
identification such as driver's license, passport, voter registration
card, union card, or a written certification verifying his or her
identity. Requesters should also reasonably specify the record
contents being sought.
Record access procedures:
Same as notification procedures.
Contesting record procedures:
Write to the official at the address specified in the
notification procedures above, and reasonably identify the record,
specify the information to be contested, and state the corrective
action sought, with supporting justification.
Record source categories:
Patient and admission record.
Systems exempted from certain provisions of the act:
None.
09-15-0003
System name: Contract Physicians and Consultants, HHS/HRSA/BPHC.
Security classification:
None.
System location:
Gillis W. Long Hansen's Disease Center, Carville, LA 70721.
Categories of individuals covered by the system:
Medical and allied health professionals (e.g., physicians,
nurses, physical therapists, and dentists) who have contracted with
the Bureau of Primary Health Care to provide services to
beneficiaries.
Categories of records in the system:
Duplicate of original contract and personal data qualifications.
Original contracts developed by the Gillis W. Long Hansen's Disease
Center.
Authority for maintenance of the system:
Section 320 of the Public Health Service Act, as amended (43
U.S.C. 225), Receipt, Apprehension, Treatment and Release of Lepers;
section 321 of the Public Health Service Act, as amended (42 U.S.C.
248), Hospitals, Medical Examinations, and Medical Care; and section
326 of the Public Health Service Act, as amended (42 U.S.C. 253),
Services to Coast Guard, Coast and Geodetic Survey, and Public Health
Service.
Purpose(s):
To monitor contract negotiations and compliance, to review
credentials, and to collect statistical data required to manage the
program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether Federal, State or local, charged
with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation or order issued pursuant thereto.
3. Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 provides that the
agency will disclose personal records relevant to the organization's
mission, records in this system of records may be disclosed to such
organization.
4. The Department may disclose information from this system of
records to the Department of Justice, or to a court or other
tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Disclosure may be made to State Boards of Medical Examiners and
to equivalent State licensing boards of professional review actions
which adversely affect the clinical privileges of health care
professionals who either:
(1) Are or were employed by the Federal Government;
(2) Provide or have provided health care service under a fee-for-
service contract with the Federal Government; or
(3) Provide or have provided health care services on behalf of
the Federal Government as a volunteer or as a visiting fellow.
Boards of Medical Examiners and equivalent State licensing boards
are required by the Health Care Quality Improvement Act of 1986 and
by the Medicare and Medicaid Patient and Program Protection Act of
1987 to report this informaiton to the National Practitioner Data
Bank.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Name and contract number.
Safeguards:
1. Authorized Users: PHS medical and financial management staff
and contracting personnel.
2. Physical Safeguards: All documents are protected during lunch
hours and nonworking hours in locked file cabinets or locked storage
areas.
3. Procedural Safeguards: All users of personal information in
connection with the performance of their jobs protect information
from public view and from unauthorized personnel entering an
unsupervised office. Access to records is strictly limited to those
staff members trained in accordance with DHHS Chapter 45-13 and
Chapter PHS.hf: 45-13 of the General Administration Manual.
Retention and disposal:
Duplicate contracts: Held 1-3 years dependent upon renewal.
Destroyed by shredding.
Original Contracts: 1. Transactions of more than 10,000: Destroy
6 years and 3 months after final payment. 2. Transactions of 10,000
or less: Destroy 3 years after final payment.
System manager(s) and address:
General Services Officer, Gillis W. Long Hansen's Disease Center,
Carville, LA 70721.
Notification procedure:
To determine if a record exists, write to the System Manager at
the address above. The individual must provide positive
identification, such as driver's license, passport, voter
registration card, or written certification verifying his or her
identity. Requesters should also reasonably specify the record
contents being sought.
Record access procedures:
Same as notification procedures.
Contesting record procedures:
Write to the System Manager at the address specified above, and
reasonably identify the record, specify the information to be
contested, and state the corrective action sought, with supporting
justification.
Record source categories:
Medical, allied health professionals and dentists.
Systems exempted from certain provisions of the act:
None.
09-15-0004
System name: Federal Employees Occupational Health Data System,
HHS/HRSA/BPHC.
Security classification:
None.
System location:
Division of Federal Occupational Health, Bureau of Primary Health
Care, 3rd Floor, West Tower Building, 4350 East West Highway,
Bethesda, Maryland, MAILING ADDRESS: 3rd Floor, West Tower Building,
4350 East West Highway, Rockville, MD 20857.
Categories of individuals covered by the system:
Federal employees provided occupational health services in PHS/
Division of Federal Occupational Health (DFOH) service provision
sites.
Categories of records in the system:
Medical records documents are maintained at service provision
sites. Health services data organized and presented for Agency
billing and program planning purposes are maintained in the automated
Program Operations Information System (POIS).
Authority for maintenance of the system:
Title V (5 U.S.C. 7901), Health Service to Employees, and OMB
Circular No. A-72).
Purpose(s):
The system is designed to provide occupational health record data
for clinical and program operations, analysis, planning and
evaluation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. U.S. Department of Labor, Office of Workers' Compensation
Programs (OWCP), may be given access to files of those persons
claiming compensation benefits due to personal injury while on the
job.
2. Certain records may be disclosed to medical laboratories,
medical consultants, or computer processing facilities under service
contract agreement. Recipients are required to maintain adequate
safeguards with respect to such records.
3. In the event of a change in sponsorship of a PHS/DFOH service
provision site or in case of mass transfer of employees covered by a
PHS/DFOH service provision site to one served by a nondepartmental
organization, the occupational health records will be transferred to
the custodianship of the new organization.
4. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
5. In the event of litigation where the defendant is:
(a) The Department, any component of the Department, or any
employee of the Department in his or her official capacity;
(b) The United States where the Department determines that the
claim, if successful, is likely to directly affect the operations of
the Department or any of its components; or
(c) Any Department employee in his or her individual capacity
where the Justice Department has agreed to represent such employee,
for example, in defending a claim against the Public Health Service
based upon an individual's mental or physical condition and alleged
to have arisen because of activities of the Public Health Service in
connection with such individual.
Disclosure may be made to the Department of Justice to enable
that Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Individual employee medical documents in locked files. Magnetic
tape and disc storage of automated Agency billing and program
planning and evaluation data.
Retrievability:
Name and Social Security numbers, which are supplied on a
voluntary basis, are used for retrieval.
Safeguards:
1. Authorized users: DFOH personnel, service provision site
physicians, nurses, and other allied health professionals with a need
to know.
2. Physical safeguards: Magnetic tapes, discs, and other computer
equipment and computerized data are stored in areas where fire and
life safety codes and security requirements are strictly enforced.
All documents are protected during lunch hours and nonworking hours
in locked file cabinets or locked storage areas.
3. Procedural safeguards: A user verification and validation code
is required to access POIS computer software and internal programming
enables file and data element specific access control on a user
specific basis. All users of personal information in connection with
the performance of their jobs protect information from public view
and from unauthorized personnel entering an unsupervised office.
Access to automated records is strictly limited to those staff
members trained in accordance with the DFOH POIS user's manual.
Contractors are required to maintain confidentiality safeguards with
respect to these records. These safeguards are in accordance with
DHHS Chapter 45-13 and supplementary Chapter PHS.hf: 45-13 of the
General Administration Manual.
Retention and disposal:
Number of years held: Automated records are retained permanently.
System manager(s) and address:
Director, Division of Federal Occupational Health, Bureau of
Primary Health Care, Health Resources and Services Administration,
3rd Floor, West Tower Building, 4350 East West Highway, Bethesda,
Maryland. MAILING ADDRESS: 3rd Floor, West Tower Building, 4350 East
West Highway, Rockville, MD 20857.
Notification procedures:
To determine if a record exists, write to the System Manager at
the address above. Individuals must provide positive identification,
such as a driver's license, passport, voter registration card, union
card, or a written certification verifying his or her identity.
Individuals must provide treatment locations and approximate date of
treatment. Requestors should also reasonably specify the record
contents being sought. An individual who requests access to a
medical/dental record shall, at the time the request is made,
designate in writing a responsible representative who will be willing
to review the record and inform the subject individual of its content
at the representative's discretion.
Record access procedures:
Same as notification procedures.
Contesting record procedures:
Contact the System Manager at the above address and reasonably
identify the record, specify the information being contested, and
state the corrective action sought, with supporting justification.
Record source categories:
Information is obtained from the Federal employee, occupational
health services provision contractors, health service provider notes,
DOL, OWCP and personnel officers of beneficiary Departments and
Agencies.
Systems exempted for certain provisions of the act:
None.
09-15-0007
System name: Patients Medical Record System PHS Hospitals/
Clinics, HHS/HRSA/BPHC.
Security classification:
None.
System location:
See Appendixes 1 and 2.
Data are also occasionally located at medical laboratories,
medical consultants, or computer processing firm sites. A list of
sites where individually identifiable data is currently located is
available upon request to the System Manager.
Appendix 1
A. Public Health Service Facilities
Director, Public Health Service Health Data Center, 5445 Point
Clair Road, Carville, Louisiana 70721-9607.
B. Successor Organizations
Director, Johns Hopkins Medical Service, 3100 Wyman Park Drive,
Baltimore, Maryland 21211.
Administrator, Lutheran Medical Center, 2609 Franklin Boulevard,
Cleveland, Ohio 44114.
Administrator, Martins Point Health Center, 331 Veranda Street,
Portland, Maine 04103.
Director, Pacific Medical Center, 1200 12th Avenue South,
Seattle, Washington 98144.
Appendix 2--Federal Records Centers
Federal Archives and Records Center, 380 Trapelo Road, Waltham,
Massachusetts 02454-6399. Area served: Maine, Vermont, New Hampshire,
Massachusetts, Connecticut, and Rhode Island.
Federal Records Center, Central Plains Region, 200 Space Center
Drive, Lee's Summit, Missouri 64064-1182. Area served: New York, New
Jersey, Puerto Rico, the Virgin Islands, and the Panama Canal Zone.
Federal Archives and Records Center, 14700 Townsend Road,
Philadelphia, Pennsylvania 19154-1096. Area served: Delaware and
Pennsylvania east of Lancaster.
Washington National Records Center, 4205 Suitland Road, Suitland,
Maryland 20746-8001. Area served: District of Columbia, Maryland,
Virginia, and West Virginia.
Federal Archives and Records Center, GSA, 1557 St. Joseph Avenue,
East Point, Georgia 30344-2593. Area served: North Carolina, South
Carolina, Tennessee, Mississippi, Alabama, Georgia, Florida, and
Kentucky.
Federal Archives and Records Center, 7358 South Pulaski Road,
Chicago, Illinois 60629-5898. Area served: Illinois, Wisconsin, and
Minnesota.
Federal Records Center, 3150 Springbro Road, Dayton, Ohio 45439-
1882. Area served: Indiana, Michigan, and Ohio.
National Personnel Records Center (Civilian Personnel Records),
111 Winnebago Street, St. Louis, Missouri 63118-4199. Area served:
Greater St. Louis Area.
Federal Archives and Records Center, Post Office Box 6216, Fort
Worth, Texas 76115-0216. Area served: Texas, Oklahoma, Arkansas,
Louisiana, and New Mexico.
Federal Archives and Records Center, 1000 Commodore Drive, San
Bruno, California 94066-2350. Area served: Nevada (except Clark
County), California (except Southern California), and American Samoa.
Federal Archives and Records Center, Post Office Box 6719, Laguna
Niguel, California 92607-6719. Area served: Clark County, Nevada;
Southern California (Counties of San Luis Obispo, Kern, San
Bernadino, Santa Barbara, Ventura, Los Angeles, Riverside, Orange,
Imperial, Inyo, and San Diego); and Arizona.
Federal Archives and Records Center, 6125 Sand Point Way,
Seattle, Washington 98115-7999. Area served: Washington, Oregon,
Idaho, Alaska, Hawaii, and Pacific Ocean area (except American
Samoa).
Categories of individuals covered by the system:
Individuals examined and/or treated at former Public Health
Service Hospitals and Clinics and the Gillis W. Long Hansen's Disease
Center, Carville, Louisiana.
Categories of records in the system:
Medical examination, diagnostic and treatment data; information
for proof of eligibility; social data such as address and birthdate;
disease registers, such as Hansen's disease and tumor and surgical
procedure registers; treatment logs, summaries and correspondence.
Authority for maintenance of the system:
Section 320 of the Public Health Service Act, as amended (42
U.S.C. 255), Receipt, Apprehension, Treatment and Release of Lepers;
section 321 of the Public Health Service Act, as amended (42 U.S.C.
248), Hospitals, Medical Examinations, and Medical Care; and section
326 of the Public Health Service Act, as amended (42 U.S.C. 253),
Service to Coast Guard, Coast and Geodetic Survey, and Public Health
Service.
Purpose(s):
The purposes of this system are:
1. To serve as a basis for planning patient care and for
continuity in the evaluation of the patient's condition and treatment
to furnish documentary evidence of the course of the patient's
medical evaluation, treatment and change in condition during the
hospital stay, ambulatory care or emergency visit, or while being
followed in a facility-based home care program;
2. To document communications between the responsible
practitioner and any other health professional's contribution to the
patient's care and treatment in order to assist in protecting the
legal interests of the patient, the hospital or clinic, and
responsible practitioners;
3. To provide data for use in facility management, continuing
education, Department initiatives, quality assurance activities and
research at the Gillis W. Long Hansen's Disease Center, Carville,
Louisiana.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to:
(1) Any community health organization, government agency, private
physician and/or company which has requested or arranged for an
examination, treatment or care of an individual.
(2) Army, Navy, Air Force to report results of examination/
treatment of their uniformed service personnel.
(3) Department of Transportation to report results of
examination/treatment of their uniformed services personnel found to
be suffering from conditions that render them hazardous to themselves
or to others.
(4) Department of Commerce to report results of examination/
treatment of uniformed services and other personnel of that ageny.
(5) Immigration and Naturalization Service to report results of
examination/treatment of aliens examined and treated for and in
behalf of that agency.
(6) Bureau of Prisons (BP) to report results of examination and
treatment of patients examined and/or treated for and on behalf of
the BP.
(7) Federal, state or private health benefit plans for billing
purposes.
(8) U.S. Department of Labor, Office of Workers' Compensation
Programs for persons claiming compensation benefits due to personal
injury while employed by the Government.
(9) Organizations such as Joint Commission on Accreditation of
Hospitals for accreditation of hospitals and clinics, and American
Medical Association for accreditation of resident training programs.
Medical records are used to document quality of service by health
care providers.
(10) Health professions students serving an affiliation at the
institution and their parent education program; students provide
patient care and use medical records in performance of their duties.
(11) Nonagency physicians providing continuing care to current
and former PHS beneficiaries, laboratories performing tests for the
continuing care of these patients, and successor organizations
providing health care in former PHS hospitals and clinics.
(12) Veterans Administration to assist uniformed service
personnel, retirees and veterans to obtain medical care or benefits.
(13) Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
(14) Disclosure may be made to a private firm for the purpose of
collating, analyzing, aggregating or otherwise refining records in
this system. The contractor is required to maintain Privacy Act
safeguards with respect to such records.
(15) A record may be disclosed for a research purpose, when the
Department: (a) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (b) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (c) has required the recipient
to--(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and (2) remove or destroy the information that identifies the
individual at the earliest time at which removal or destruction can
be accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except--(A) in
emergency circumstances affecting the health or safety of any
individual, (B) for use in another research project, under these same
conditions, and with written authorization of the Department, (C) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(D) when required by law; (d) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
(16) Organizations deemed qualified by the Secretary to carry out
quality assessment, medical audits or utilization review.
(17) Information regarding the commission of crimes or the
reporting or occurrence of communicable diseases, tumors, child
abuse, births, deaths, alcohol or drug abuse, etc. as may be required
by health providers and facilities, by state law, or regulation of
the department of health or other agency of the state or its
subdivision in which the facility is located. Disclosure may be made
to organizations as specified by the state law or regulation such as
birth and deaths to vital statistics agencies and crimes to law
enforcement agencies. Disclosure of the contents of records which
pertain to patient identity, diagnosis, prognosis or treatment of
alcohol or drug abuse is restricted under the provisions of the
Confidentiality of Alcohol and Drug Abuse Patient Records Regulations
42 CFR part 2 as authorized by 21 U.S.C. 1175 and 42 U.S.C. 4582, as
amended by Pub. L. 93-283. To the extent possible, identical
restrictions are applied to the disclosure of the contents of records
pertaining to individuals with other programs who are participating
in employee counseling programs.
(18) In the event of litigation where the defendant is
(a) The Department, any component of the Department, or any
employee of the Department in his or her official capacity;
(b) The United States where the Department determines that the
claim, if successful, is likely to directly affect the operations of
the Department or any of its components; or
(c) Any Department employee in his or her individual capacity
where the Justice Department has agreed to represent such employee,
for example in defending a claim against the Public Health Service
based upon an individual's mental or physical condition and alleged
to have arisen because of activities of the Public Health Service in
connection with such individual.
Disclosure may be made to the Department of Justice to enable
that Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
(19) To organizations or individuals with agreements to provide
photocopying or medical record data abstracting services.
(a) PHS may inform the sexual and/or needle-sharing partner(s) of
a subject individual who is infected with the human immunodeficiency
virus (HIV) of their exposure to HIV, under the following
circumstances:
(1) The information has been obtained in the course of clinical
activities at PHS facilities carried out by PHS personnel or
contractors;
(2) The PHS employee or contractor has made reasonable efforts to
counsel and encourage the subject individual to provide the
information to the individual's sexual or needle-sharing partner(s);
(3) The PHS employee or contractor determines that the subject
individual is unlikely to provide the information to the sexual or
needle-sharing partner(s) or that the provision of such information
cannot reasonably be verified; and
(4) The notification of the partner(s) is made, whenever
possible, by the subject individual's physician or by a professional
counselor and shall follow standard counseling practices.
(b) PHS may disclose information to State or local public health
departments, to assist in the notification of the subject
individual's sexual and/or needle-sharing partner(s), or in the
verification that the subject individual has, notified such sexual or
needle-sharing partner(s).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, magnetic tape, disk or laser optical media, punch
cards, and microfilm.
Retrievability:
Indexed by name, register number, number control register,
disease and operation, and uniformed services service number (which
is the Social Security number (SSN)). Those records indexed by SSN
are retrieved in accordance with section 7(a)(2)(B) of the Privacy
Act.
Safeguards:
1. Authorized Users: Health care practitioners, and other allied
health personnel, medical and allied health students and
administrative personnel for determination of eligibility for care
and facility management; qualified research personnel with approved
protocol; PHS Commissioned Personnel Operations Division; and PHS
Claims Officer.
2. Physical Safeguards: Magnetic tapes, discs, other computer
equipment and other forms of personal data are stored in areas where
fire and life safety codes are strictly enforced. Twenty-four-hour,
7-day security guards perform random checks on the physical security
of the data. All documents are protected during lunch hours and
nonworking hours in locked file cabinets or locked storage areas.
3. Procedural Safeguards: A password is required to access the
terminal and a data set name controls the release of data only to
authorized users. All users of personal information in connection
with the performance of their jobs protect information from public
view and from unauthorized personnel entering an unsupervised office.
Access to records is strictly limited to those staff members trained
in accordance with Privacy Act safeguards. The contractor is required
to maintain confidentiality safeguards with respect to these records.
These safeguards are in accordance with DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual, and Part 6 of the DHHS Information Resources Management
Manual. The Memorandums of Agreement between the successor
organizations and the Public Health Service require the successor
organizations to comply with the Privacy Act. PHS and HHS guidelines
have been provided to each successor organization.
Retention and disposal:
1. Former PHS Hospitals/Clinics: Destroyed 50 years after date of
last treatment, inactive medical records for active duty uniformed
service personnel and nonuniformed service personnel.
2. Gillis W. Long Hansen's Disease Center: Retained at facility-
not transferred to a Federal Records Center. Destroyed, as
appropriate, after 50 years, or when no longer needed for research
purposes, as determined by the project leader or principal
investigator.
System manager(s) and address:
Director, PHS Health Data Center, Gillis W. Long Hansen's Disease
Center, Carville, LA 70721.
Notification procedure:
To determine the existence of a record, write to the facility
where treatment was rendered if listed in Appendix 1. (Note that the
facility may now be operated under a different name by the successor
organization.) If the facility is not listed, write to: Public Health
Service Data Center, Gillis W. Long Hansen's Disease Center,
Carville, LA 70721. If requesting records by mail, a written
certification verifying identity must be provided. If appearing in
person at the Gillis W. Long Hansen's Disease Center, Carville, La,
positive identification such as a driver's license, passport, or
voter's registration card must be provided. An individual who
requests access to a medical/dental record shall designate in
writing, at the time the request is made, a responsible
representative who will be willing to review the record and inform
the subject individual of its contents at the representative's
discretion. Finally, a parent or guardian who requests notification
of access to a child's/incompetent person's record shall designate a
family physician or other health professional (other than a family
member) to whom the record, if any, will be sent. The parent or
guardian must verify relationship to the child/incompetent person as
well as his/her own identity.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought.
Contesting record procedures:
Contact the official at the address specified in the notification
procedures above, and reasonably identify the record, specify the
information to be contested, and state the corrective action sought,
with supporting justification.
Record source categories:
Individual, health care personnel, other hospitals and
physicians, employers, social agencies, maritime unions, shipping
companies.
Systems exempted from certain provisions of the act:
None.
Appendix 1
A. Public Health Service Facilities
Director, Gillis W. Long Hansen's Disease Center, Carville,
Louisiana 70721.
Director, Public Health Service Health Data Center, Gillis W.
Long Hansen's Disease Center, Carville, Louisiana 70721.
B. Successor Organizations
Director, John Hopkins Medical Service, 3100 Wyman Park Drive,
Baltimore, MD 21211.
Director, Brighton Marine Public Health Center, 77 Warren Street,
Boston, MA 02135.
Administrator, Lutheran Medical Center, 2609 Franklin Blvd.,
Cleveland, OH 44114.
Director, Hospital of St. John, 2050 Space Park Drive, Nassau
Bay, TX 77058.
Administrator, Martins Point Health Center, 331 Veranda Street,
Portland, ME 04103.
Officer-in-Charge, U.S. Army St. Louis Outpatient Clinic, 1520
Market Street, St. Louis, MO 63103.
Director, Pacific Medical Center, 1200 12th Avenue South,
Seattle, WA 98144.
Director, Bayley Seton Hospital, Bay Street and Vanderbilt
Avenue, Staten Island, NY 10304.
Appendix 2--Federal Records Centers
Areas Served
Maine, Vermont, New Hampshire, Massachusetts, Connecticut, and
Rhode Island:
Federal Archives & Records Center, 380 Trapelo Road, Waltham,
Massachusetts 02154.
New York, New Jersey, Puerto Rico, the Virgin Islands, and the
Panama Canal Zone:
Federal Archives & Records Center, Military Ocean Terminal, Bldg.
22, Bayonne, NJ 07002.
Delaware and Pennsylvania east of Lancaster:
Federal Archives and Records Center, 5000 Wissahickon Avenue,
Philadelphia, PA 19144.
District of Columbia, Maryland, Virginia, and West Virginia:
Washington National Records Center, Washington, DC 20409.
North Carolina, South Carolina, Tennessee, Mississippi, Alabama,
Georgia, Florida and Kentucky:
Federal Archives & Records Center, GSA, 1557 St. Joseph Avenue,
East Point, GA 30344.
Illinois, Wisconsin and Minnesota:
Federal Archives and Records Center, GSA, 7358 South Pulaski
Road, Chicago, IL 60629.
Indiana, Michigan, and Ohio:
Federal Records Center, 3150 Springboro Road, Dayton, Ohio 45439.
Greater St. Louis Area:
National Personnel Records Center, (Civilian Personnel Records),
111 Winnebago Street, St. Louis, MO 63118.
Texas, Oklahoma, Arkansas, Louisiana, and New Mexico:
Federal Archives & Records Center, PO Box 6216, Ft. Worth, TX
76115.
Nevada (except Clark County), California (except Southern
California), and American Samoa:
Federal Archives & Records Center, 1000 Commodore Drive, San
Bruno, CA 94066.
Clark County, Nevada; Southern California (Counties of San Luis
Obispo, Kern, San Bernadino, Santa Barbara, Ventura, Los Angeles,
Riverside, Orange, Imperial, Inyo, and San Diego), and Arizona:
Federal Archives & Records Center, PO Box 6719, Laguna Niguel, CA
92677.
Washington, Oregon, Idaho, Alaska, Hawaii, and Pacific Ocean Area
(except American Samoa):
Federal Archives & Records Center, 6125 Sand Point Way, Seattle,
WA 98115.
09-15-0028
System name: PHS Clinical Affiliation Trainee Records, HHS/HRSA/
BPHC.
Security classification:
None.
System location:
Gillis W. Long Hansen's Disease Center, Carville, Louisiana
70721.
Categories of individuals covered by the system:
Students in PHS training programs or serving clinical affiliation
in Gillis W. Long Hansen's Disease Center.
Categories of records in the system:
Transcripts of past education, application for training, training
program staff and clinical supervisor evaluations and progress
reports, course grades and evidence of completion of training
requirements.
Authority for maintenance of the system:
Section 320 of the Public Health Service Act, as amended (42
U.S.C. 255), Receipt, Apprehension, Treatment and Release of Lepers;
section 321 of the Public Health Service Act, as amended (42 U.S.C.
248), Hospitals, Medical Examinations, and Medical Care; and section
327A of the Public Health Service Act, as amended (42 U.S.C. 254),
Sharing of Medical Care Facilities and Resources.
Purpose(s):
To provide communication between educational and supervisory
staff for evaluation of trainees.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made:
1. To Educational Program staff of affiliated college/university
to provide reports of student trainee's progress in training;
2. To representatives of medical/allied health training program
accreditation of PHS Training Programs;
3. To prospective employers for professional reference;
4. To professional boards or associations to certify the
student's progress in or completion of training as required for
professional license, registration certification, etc.
5. To a congressional office from the record of an individual in
response to a verified inquiry from the congressional office made at
the written request of that individual.
6. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Alphabetically by last name.
Safeguards:
1. Authorized Users: Director of Education at the Gillis W. Long
Hansen's Disease Center, work and staff supervisors and
administrative personnel.
2. Physical Safeguards: All documents are protected during lunch
hours and nonworking hours in locked file cabinets and locked storage
areas.
3. Procedural Safeguards: All users of personal information in
connection with the performance of their jobs protect information
from public view and from unauthorized personnel entering an
unsupervised office.
Access to records is strictly limited to those staff members
trained in accordance with DHHS Chapter 45-13 and Chapter PHS.hf: 45-
13 of the General Administration Manual.
Retention and disposal:
Number of years held: 10 years, then destroyed by shredding.
System manager(s) and address:
Chief, Personnel Office, Gillis W. Long Hansen's Disease Center,
Carville, Louisiana 70721.
Notification procedure:
The individual should contact the Director, Gillis W. Long
Hansen's Disease Center, Carville, Louisiana 70721, and provide name,
date of birth and approximate dates of training to allow positive
identification of the record.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought.
Contesting record procedures:
Contact the facility mentioned at the address specified in the
notification procedures above, and reasonably identify the record,
specify the information to be contested, and state corrective action
sought, with supporting justification.
Record source categories:
Individual, clinical supervisors, instructors, training program
staff and administrative personnel of facility and affiliated
college/university.
Systems exempted from certain provisions of the act:
None.
09-15-0037
System name: Public Health Service (PHS) and National Health
Service Corps (NHSC) Scholarship/Loan Repayment Participants
Records System, HHS/HRSA/BPHC.
Security classification:
None.
System location:
Division of Scholarships and Loan Repayments, Bureau of Primary
Health Care, Health Resources and Services Administration (HRSA),
10th Floor, West Tower Building, 4350 East West Highway, Bethesda,
Maryland
Division of National Health Service Corps, Bureau of Primary
Health Care, Health Resources and Services Administration, 8th Floor,
West Tower Building, 4350 East West Highway, Bethesda, Maryland
Parklawn Computer Center, 5600 Fishers Lane, Room 2A-53,
Rockville, Maryland 20857.
Washington National Records Center, 4205 Suitland Road, Suitland,
Maryland 20409.
PHS Health Data Center, Gillis W. Long Hansen's Disease Center,
Carville, Louisiana 70721.
Records are also located at contractor sites. A list of
contractor sites where individually identifiable data are currently
located is available upon request to the Policy-Coordinating Official
at that individual's address shown in the ``System Manager(s) and
Address'' section of this notice.
Partial records are also located at Department of Health and
Human Services (HHS) regional offices. A list of regional offices
where individually identifiable data are currently located is
available upon request to the Policy-Coordinating Official.
Categories of individuals covered by the system:
Individuals who have applied for, who have been approved to
receive, who are receiving, and who have received funds under the
PHS/NHSC and Native Hawaiian Health Scholarship Programs, NHSC Loan
Repayment Program, the Nursing Education Loan Repayment Agreement
Program, and the Nursing Student Education Direct Loan Program;
individuals who have volunteered for service in the NHSC; scholarship
recipients who are fulfilling their PHS/NHSC and/or Native Hawaiian
Health scholarship obligations; loan repayment recipients; and
individuals who include an interest in employment in or an assignment
to a medical facility located in a health professional shortage area
or a medically underserved population area, including public and
Federal medical facilities, such as community health centers, Indian
Health Service (IHS) medical facilities, and other federally
sponsored public health centers.
Categories of records in the system:
Contains name, Social Security number, scholarship and loan
repayment application and associated forms, employment data,
professional performance and credentialing history of licensed health
professionals; preference for site-selection; personal, professional,
and demographic background information; progress reports (which
include related data, correspondence, and professional performance
information consisting of continuing education, performance awards,
and adverse or disciplinary actions); financial loan data, payroll
forms, deferment and placement data; and repayment/delinquent/default
status information.
Authority for maintenance of the system:
Section 333 of the Public Health Service Act, as amended (42
U.S.C. 254f), Assignment of Corps Personnel;
Section 338 of the Public Health Service Act, as amended (42
U.S.C. 254), Scholarship Program and Loan Repayment Program;
Section 836(h) of the Public Health Service Act, as amended (42
U.S.C. 297b) Nursing Education Loan Repayment Agreements for
Registered Nurses entering employment at certain health facilities.
Section 847 of the Public Health Service Act, as amended (42
U.S.C. 297n) Nursing Student Education Direct Loan Program with
respect to service in certain health care facilities in underserved
areas.
Section 338K of the Public Health Service Act (42 U.S. Code 254s)
Native Hawaiian Health Scholarship Program.
Section 202 of Title II of Pub. L. 92-157 (42 U.S.C. 3505d),
National Health Manpower Clearinghouse;
Debt Collection Act of 1982, Pub. L. 97-365 (5 U.S.C. 5514note);
Section 4 of the Debt Collection Act of 1982, Pub. L. 97-365 (5
U.S.C. 5514 note), Requirement That Applicant Furnish Taxpayer
Identifying Number; and
Section 215(a) of the Public Health Service Act, as amended (42
U.S.C. 216(a)), for PHS commissioned officers, and 5 U.S.C. 3301 for
civil service employees, both of which authorize verification of an
individual's suitability for employment.
Purpose(s):
The purposes of this system of records are as follows:
1. The PHS/NHSC and Native Hawaiian Health Scholarship Programs
(a) To monitor scholarship-related activities, such as payment
tracking, deferment of service obligation, default, placement, and
claims determination;
(b) To select and match PHS/NHSC and Native Hawaiian Health
scholarship recipients, NHSC volunteers, and other individuals for
assignment to or employment with a health care facility serving a
health professional shortage area, including other public and
federally sponsored health care delivery programs, such as community
health centers;
(c) To monitor services provided by PHS/NHSC and Native Hawaiian
health providers;
(d) To maintain records on and to verify individuals' credentials
and educational background, previous and current professional
employment data and performance history information to verify that
all claimed background and employment data are valid and all claimed
credentials are current and in good standing; and
(e) To assist BPHC officials in the collection of overdue debts
owed under PHS/NHSC and Native Hawaiian Health scholarship programs.
2. The NHSC and Nursing Education Loan Repayment Agreement
Programs, and the Nursing Student Education Direct Loan Program
(a) To monitor loan repayment related activities, such as service
obligations, default and claims determinations;
(b) To assure PHS/NHSC loan repayment recipients match to a
health care facility serving high priority health professional
shortage areas or populations, including other public and federally
sponsored health care delivery programs, such as community health
centers;
(c) To monitor services provided by NHSC health providers;
(d) To maintain records on and to verify individuals' credentials
and educational background;
(e) To assist BPHC officials in the collection of overdue debts
owed under the NHSC and Nursing Education Loan Repayment Agreement
Programs, and the Nursing Student Education Direct Loan Program.
Records in this system are also used by HHS regional offices and
the IHS for the purpose of negotiating site assignment, and by the
PHS for the purpose of recruiting health professionals for PHS
programs.
Records may be transferred to System No. 09-15-0045, ``Health
Resources and Service Administration Loan Repayment/Debt Management
Records System, HHS/HRSA/OA,'' for debt collection purposes when BPHC
officials are unable to collect overdue debts owed under the PHS and
NHSC scholarship programs, the NHSC Loan Repayment Program, the
Nursing Education Loan Repayment Agreement Program, and the Nursing
Student Education Direct Loan Program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The HRSA may disclose to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. The Department may disclose information from this system of
records to the Department of Justice, or to a court or other tribunal
when:
(a) HHS, or any component thereof, or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State, or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
4. The HRSA may disclose records consisting of names,
disciplines, current mailing addresses, and dates of graduation of
scholarship recipients to designated coordinators at each school of
medicine, osteopathy, and dentistry participating in the scholarship
program for the purpose of guiding and informing these recipients
about the nature of their forthcoming professional service obligation
in health professional shortage areas or populations.
5. The HRSA may disclose records consisting of name of
scholarship or loan repayment recipient, professional school he/she
is attending, and the date of graduation to health professions
associations and other interested health professions groups which
have responsibility for coordinating funds paid to students from
Federal and other sources.
6. The HRSA may disclose records to Department contractors and
subcontractors for the purpose of collecting, compiling, aggregating,
analyzing, or refining records in the system. Contractors maintain,
and are also required to ensure that subcontractors maintain, Privacy
Act safeguards with respect to such records.
7. The HRSA may disclose records to Department contractors and
subcontractors for the purpose of recruiting, screening, and matching
health professionals for assignment to our employment in a health
care facility serving health professional shortage areas or
populations, including other federally sponsored programs, such as
IHS medical facility sites and community health centers. In addition,
Department contractors and subcontractors: (1) May disclose
biographic data and information supplied by potential applicants (a)
to reference listed on application and associated forms for the
purpose of evaluating the applicant's professional qualifications,
experience, and suitability, and (b) to a State or local government
medical licensing board and/or to the Federation of State Medical
Boards or a similar nongovernment entity for the purpose of verifying
that all claimed background and employment data are valid and all
claimed credentials are current and in good standing; (2) may
disclose biographic data and information supplied by references
listed on application and associated forms to other references for
the purpose of inquiring into the applicant's professional
qualifications and suitability; and (3) may disclose professional
suitability evaluation information to NHSC officials; prospective
employers, or to site representatives, for the purpose of appraising
the applicant's professional qualifications and suitability for site
assignment or employment. Contractors maintain, and are also required
to ensure that subcontractors maintain, Privacy Act safeguards with
respect to such records.
8. The HRSA may disclose records consisting of name, Social
Security number, employment history, educational data, accreditation,
licensing, and professional qualification data to a State or local
government medical licensing board and/or to the Federation of State
Medical Boards or a similar nongovernment entity which maintains
records concerning an individual's employment history or concerning
the issuance, retention or revocation of licenses or registrations
necessary to practice a health professional occupation or speciality.
The purposes of this disclosure are: (1) To enable HRSA to obtain
information relevant to a decision concerning a health professional's
accomplishments, professional and personal background qualifications,
and experience to determine the individual's suitability for
employment, retention, or termination as a health services provider
in a health care facility serving a health professional shortage area
or a population, and (2) to inform medical licensing boards or the
appropriate nongovernment entities about the health care practices of
a practicing, terminated, resigned, or retired health services
provider whose professional health care activity so significantly
failed to conform to generally accepted standards of professional
medical practice as to raise reasonable concern for the health and
safety of private sector patients.
9. The HRSA may disclose information from this system of records
to private parties, such as present and former employers, references
listed on application and associated forms, other references, and
educational institutions. The purpose of such disclosures is to
evaluate an individual's professional accomplishments, performance,
and credentials and educational background, and to determine if an
applicant is suitable for employment in/assignment to a health care
facility serving health professional shortage areas or populations.
10. The HRSA may disclose information from this system of records
to a consumer reporting agency (credit bureau) to obtain a commercial
credit report for the following purposes:
(a) To establish creditworthiness of a scholarship applicant; and
(b) To assess and verify ability of a debtor to repay debts owed
to the Federal Government.
Disclosures are limited to the individual's name, address, Social
Security number and other information necessary to identify him/her;
the funding being sought or amount and status of the debt; and the
program under which the application or claim is being processed.
11. The HRSA will disclose from this system of records a
delinquent debtor's name, address, Social Security number, and other
information necessary to identify him/her; the amount, status, and
history of the claim, and the agency or program under which the claim
arose, as follows:
(a) To another Federal agency so that agency can effect a salary
offset for debts owed by Federal employees; if the claim arose under
the Social Security Act, the employee must have agreed in writing to
the salary offset.
(b) To another Federal agency so that agency can effect an
authorized administrative offset; i.e., withhold money, other than
Federal salaries, payable to or held on behalf of debtors.
(c) To the Treasury Department, Internal Revenue Service (IRS),
to request a debtor's current mailing address to locate him/her for
purposes of either collecting or compromising a debt, or to have a
commercial credit report prepared.
12. The HRSA may disclose information from this system of records
to another agency that has asked the Department to effect a salary or
administrative offset to help collect a debt owed to the United
States. Disclosure is limited to the individual's name, address,
Social Security number, and other information necessary to identify
the individual, to information about the money payable to or held for
the individual, and to other information concerning the offset.
13. The HRSA may disclose to the Treasury Department, IRS,
information about an individual applying for a loan under any loan
program authorized by the Public Health Service Act to find out
whether the loan applicant has a delinquent tax account. This
disclosure is for the sole purpose of determining the applicant's
creditworthiness and is limited to the individual's name, address,
Social Security number, other information necessary to identify him/
her, and the program for which the information is being obtained.
14. The HRSA will report to the Treasury Department, IRS, as
taxable income, the written-off amount of a debt owed by an
individual to the Federal Government when a debt becomes partly or
wholly uncollectible--either because the time period for collection
under the statute of limitations has expired, or because the
Government agrees with the individual to forgive or compromise the
debt.
15. The HRSA will disclose to debt collection agents, other
Federal agencies, and other third parties who are authorized to
collect a Federal debt, information necessary to identify a
delinquent debtor. Disclosure will be limited to the debtor's name,
address, Social Security number, and other information necessary to
identify him/her; the amount, status, and history of the claim, and
the agency or program under which the claim arose.
16. The HRSA will disclose information from this system of
records to any third party that may have information about a
delinquent debtor's current address, such as a U.S. Post Office, a
State motor vehicle administration, a professional organization, an
alumni association, etc., for the purpose of obtaining the debtor's
current address. This disclosure will be strictly limited to
information necessary to identify the individual, without any
reference to the reason for the agency's need for obtaining the
current address.
17. The HRSA may disclose information from this system of records
to other Federal agencies that also provide scholarship funding at
the request of these Federal agencies in conjunction with a matching
program conducted by these Federal agencies to detect or curtail
fraud and abuse in Federal scholarship programs, and to collect
delinquent loans or benefit payments owed to the Federal Government.
18. The HRSA will disclose from this system of records to the
Department of Treasury, IRS: (1) A delinquent debtor's name, address,
Social Security number, and other information necessary to identify
the debtor; (2) the amount of the debt; and (3) the program under
which the debt arose, so that the IRS can offset against the debt any
income tax refunds which may be due to the debtor.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 158a(f) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purposes of
these disclosures are: (1) To provide an incentive for debtors to
repay delinquent Federal Government debts by making these debts part
of their credit records, and (2) to enable HRSA to improve the
quality of loan and scholarship decisions by taking into account the
financial reliability of applicants. Disclosure of records will be
limited to the individual's name, Social Security number, and other
information necessary to establish the identity of the individual,
the amount, status, and history of the claim, and the agency or
program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, computer tape, and discs.
Retrievability:
Name, Social Security numbers, or other identifying numbers or
characteristics.
Safeguards:
1. Authorized Users: Access is limited to authorized personnel in
the performance of their duties. Authorized personnel include: System
managers and their staff, NHSC headquarters and Regional Office
officials, financial and fiscal management personnel, computer
personnel, and NHSC contractors--all of whom are responsible for
administering the scholarship and loan repayment programs.
2. Physical Safeguards: Magnetic tapes, discs, other computer
equipment, and other forms of personal data are stored in areas where
fire and life safety codes are strictly enforced. All automated and
nonautomated documents are protected during lunch hours and
nonworking hours in locked file cabinets or locked storage areas. The
ADP remote stations are locked during nonstandard working hours.
Twenty-four hour, seven-day security guards perform random checks on
the physical security of the data and the storage areas. Backup files
are maintained in an off-site facility with controlled entrances and
exists.
3. Procedural Safeguards: A password is required to access the
terminal and a data set name controls the release of data to
authorized users only. All users of personal information in
connection with the performance of their jobs (see Authorized Users,
above) protect information from public view and from unauthorized
personnel entering an unsupervised office. Codes by which automated
files may be accessed are changed periodically. This procedure also
includes deletion of access codes when employees leave. New employees
are briefed and the guard office is notified of all staff members
authorized to be in secured areas during nonstandard working hours.
This list is revised as employees are increased or leave.
Access to records is strictly limited to those staff members
trained in accordance with the Privacy Act and ADP security
procedures. Contractors are required to maintain, and are also
required to ensure that subcontractors maintain, confidentiality
safeguards with respect to these records. Contractors and
subcontractors are instructed to make no further disclosure of the
records except as authorized by the System Manager and permitted by
the Privacy Act. All individuals who have access to these records
receive the appropriate ADP security clearances. The BPHC personnel
make site visits to ADP facilities for the purpose of ensuring that
ADP security procedures continue to be met. Privacy Act and ADP
system security requirements are specifically included in contracts.
System Managers oversee compliance with these requirements.
Retention and disposal:
Applications of individuals not selected for participation in a
scholarship program are retained for six months, then destroyed by
shredding. Applications, contracts, and other records of NHSC
scholarship recipients are retained through the completion or other
disposition of the scholarship service obligation, then sent to the
Federal Records Center for an additional 15-year retention period and
destroyed in accordance with Federal Records Center disposal
standards. Automated historical tapes are sent to a Federal Records
Center and the initial records are destroyed in accordance with the
HRSA Records Control Schedule.
System manager(s) and address:
Policy-Coordinating Official: Director, Bureau of Primary Health
Care (BPHC), Health Resources and Services Administration (HRSA),
11th Floor, West Tower Building, 4350 East West Highway, Rockville,
MD 20857.
Scholarship Applicants/Recipients: Director, Division of
Scholarships and Loan Repayments, BPHC, HRSA, 10th Floor, West Tower
Building, 4350 East West Highway, Rockville, MD 20857.
Placement/Assignment: Director, Division of National Health
Service Corps, BPHC, HRSA, 8th Floor, West Tower Building, 4350 East
West Highway, Rockville, MD 20857.
Notification procedures:
To find out if the system contains records about you, contact the
Policy-Coordinating Official. The Policy-Coordinating Official will
then refer the requester to the appropriate System Manager or
Regional Office.
Requests in person: A subject individual who appears in person at
a specific location seeking access to or disclosure of records
relating to him/her shall provide his/her name, current address,
Social Security number or other identifying numbers, dates of
enrollment in the scholarship program, and at least one piece of
tangible identification, such as driver's license, passport, or voter
registration card. Identification papers with current photographs are
preferred but not required. If a subject individual has no
identification but is personally known to an agency employee, such
employee shall make a written record verifying the subject
individual's identity. Where the subject individual has no
identification papers, the responsible agency official shall require
that the subject individual certify in writing that he/she is the
individual who he/she claims to be and that he/she understands that
the knowing and willful request or acquisition of a record concerning
an individual under false pretenses is a criminal offense subject to
a $5,000 fine.
Requests by mail: A written request must contain the name and
address of the requester, Social Security number or other identifying
numbers, and his/her signature which is either notarized to verify
his/her identity or includes a written certification that the
requester is the person he/she claims to be and that he/she
understands that the knowing and willful request or acquisition of
records pertaining to an individual under false pretenses is a
criminal offense subject to a $5,000 fine. In addition, the following
information is needed: Dates of enrollment in the scholarship program
and current enrollment status, such as pending application approval,
deferment of service obligation, or shortage area placement.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should also provide a
reasonable description of the record being sought.
Requesters may also request an accounting of disclosures that
have been made of their records, if any.
Contesting record procedures:
Contact the Policy-Coordinating Official, provide a reasonable
description of the record, specify the information being contested,
the corrective action sought, and the reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
Individuals whose records are contained in the system;
educational institutions attended; internship and/or residency
training progress reports; NHSC Professional Training Information
Questionnaires; NHSC Private Practice Option Agreements; Bureau of
Health Professions Area Resources File tapes; PHS Division of
Commissioned Personnel and U.S. Office of Personnel Management
personnel records; health professional associations; DHHS
contractors/subcontractors; consumer reporting agencies/credit
bureaus; other Federal agencies, including but not limited to the
Department of the Treasury, IRS, and the U.S. Postal Service; State
or local government medical licensing boards and/or the Federation of
State Medical Boards or a similar nongovernment entity; and third
parties who provide references concerning the subject individual.
Systems exempted from certain provisions of the act:
None.
09-15-0038
System name: Disability Claims of the Nursing Student Loan
Program, HHS/HRSA/BPHC.
Security classification:
None.
System location:
Division of Student Assistance, Bureau of Health Professions,
Health Resources and Services Administration, 5600 Fishers Lane, Room
8-34, Rockville, MD 20857.
Washington National Records Center, 4204 Suitland Road, Suitland,
MD 20409.
Categories of individuals covered by the system:
Applicants for cancellation of nursing student loans due to
disability.
Categories of records in the system:
Letter requests claiming disability, correspondence, payment
determinations and medical records or reports.
Authority for maintenance of the system:
Section 836 of the Public Health Service Act, as amended (42
U.S.C. 297b), Nursing Student Loan Provisions.
Purpose(s):
To determine the eligibility of applicants who request loan
cancellation due to total and permanent disability.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. In the event of litigation where the defendant is
(a) The Department, any component of the Department, or any
employee of the Department in his or her official capacity;
(b) The United States where the Department determines that the
claim, if successful, is likely to directly affect the operations of
the Department or any of its components; or
(c) Any Department employee in his or her individual capacity
where the Justice Department has agreed to represent such employee,
for example in defending a claim against the Public Health Service
based upon an individual's mental or physical condition and alleged
to have arisen because of activities of the Public Health Service in
connection with such individual, disclosure may be made to the
Department of Justice to enable that Department to present an
effective defense, provided that such disclosure is compatible with
the purpose for which the records were collected.
3. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with enforcing or
implementinq the statute or rule, regulation or order issued pursuant
thereto.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders. Medical records and reports are temporarily held
during medical evaluation and then returned to and retained by
nursing schools upon final determination of claim validity.
Retrievability:
Name of individual.
Safeguards:
1. Authorized users: Access to Borrower's Files is limited to
only those individuals within the Department having a substantiated
need for information. These individuals must have available proof of
employment.
2. Physical safeguards: File folders, medical records, reports
and other forms of personal data are stored in areas where files are
locked or rooms locked during off duty hours.
3. Procedural safeguards: All users of personal information in
connection with the performance of their job protect information from
public view and from unauthorized personnel entering an unsupervised
office. Access to records is strictly limited to those staff members
training in accordance with the Privacy Act.
4. Implementation guidelines: HHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual.
Retention and disposal:
Records will be retained for 6 years after phase out of loan
program; 1 year on site and 5 years at the Federal Records Center.
Records are disposed of in accordance with the Records Control
Schedule of the Health Resources and Services Administration. Contact
the System Manager for the disposal standards.
System manager(s) and address:
Associate Division Director, Office for Campus Based Programs,
Division of Student Assistance, Bureau of Health Professions, Health
Resources and Services Administration, 5600 Fishers Lane, Room 8-34,
Rockville, MD 20857.
Notification procedure:
Request must be made to the System Manager. An individual who
requests notification of, or access to, a medical record shall at the
time the request is made, designate in writing a responsible
representative who will be willing to review the record and inform
the subject individual of its contents at the representative's
discretion.
Requests in person: A subject individual who appears in person at
a specific location seeking access or disclosure of records relating
to him/her shall provide his/her name, current address, and at least
one piece of tangible identification such as driver's license,
passport, voter registration card, or union card. Identification
papers with current photographs are preferred but not required.
Additional identification may be requested when there is a request
for access to records which contain an apparent discrepancy between
information contained in the record and that provided by the
individual requesting access to the record. No verification of
identity shall be required where the record is one which is required
to be disclosed under the Freedom of Information Act.
Requests by mail: Requests for information and/or access to
records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired. Written requests must contain the name and address of the
requester, his/her date of birth and at least one piece of
information which is also contained in the subject record, and his/
her signature for comparison purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Contact the Systems Manager and give a reasonable description of
the record. An individual who requests access of a medical record
shall at the time the request is made, designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of its contents at the
representative's discretion.
Contesting record procedures:
Contact the System Manager and reasonably identify the record,
specify the information being contested, and state corrective action
sought with supporting justification. The right to contest records is
limited to information which is incomplete, irrelevant, incorrect, or
untimely (obsolete).
Record source categories:
Individual claimants.
Systems exempted from certain provisions of the act:
None.
09-15-0039
System name: Disability Claims in the Health Professions Student
Loan Program, HHS/HRSA/BHPr.
Security classification:
None.
System location:
Division of Student Assistance, Bureau of Health Professions,
Health Resources and Services Administration, 5600 Fishers Lane, Room
8-34, Rockville, MD 20857.
Washington National Records Center, 4205 Suitland Road, Suitland,
MD. 20409.
Categories of individuals covered by the system:
Applicants for cancellation of health professions student loans
due to disability. These health professions are included: Medicine,
dentistry, osteopathy, optometry, pharmacy, podiatry, veterinary
medicine.
Categories of records in the system:
Letter requests claiming disability, correspondence, payment
determinations and medical records or reports.
Authority for maintenance of the system:
Section 722(d) of the Public Health Service Act, as amended (42
U.S.C. 292r), Health Prefessions Student Loan Program provisions.
Purpose(s):
To determine the eligibility of applicants who request loan
cancellation due to total and permanent disability.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
records of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. In the event of litigation where the defendant is
(a) The Department, any component of the Department, or any
employee of the Department in his or her official capacity;
(b) The United States where the Department determines that the
claim, if successful, is likely to directly affect the operations of
the Department or any of its components; or
(c) Any Department employee in his or her individual capacity
where the Justice Department has agreed to represent such employee,
for example in defending a claim against the Public Health Service
based upon an individual's mental or physical condition and alleged
to have arisen because of activities of the Public Health Service in
connection with such individual, disclosure may be made to the
Department of Justice to enable that Department to present an
effective defense, provided that such disclosure is compatible with
the purpose for which the records were collected.
3. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders. Medical records and reports are temporarily held
during medical evaluation and then returned to and retained by health
professions schools upon final determination of claim validity.
Retrievability:
Name of individual.
Safeguards:
1. Authorized users: Access to Borrower's Files is limited to
only those individuals within the Department having a substantiated
need for information. These individuals must have available proof of
employment.
2. Physical safeguards: File folders, medical records, report and
other forms of personal data are stored in areas where files are
locked or rooms locked during off duty hours.
3. Procedural safeguards: All users of personal information in
connection with the performance of their jobs protect information
from public view and from unauthorized personnel entering an
unsupervised office. Access to records is strictly limited to those
staff members trained in accordance with the Privacy Act.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS. hf: 45-13 of the General Administration
Manual.
Retention and disposal:
Records will be retained for 6 years after phaseout of loan
program; 1 year on site and 5 years at the Federal Records Center.
Records are disposed of in accordance with the Records Controls
Schedule of the Health Resources and Services Administration. Contact
the Systems Manager for the disposal standard.
System manager(s) and address:
Chief, Student and Institutional Support Branch/Division of
Student Assistance, Bureau of Health Professions, Health Resources
and Services Administration, Room 8-34, Parklawn Building, 5600
Fishers Lane, Rockville, MD 20857.
Notification procedure:
Requests must be made to the System Manager. An individual who
requests notification of, or access to, a medical record shall at the
time the request is made, designate in writing a responsible
representative who will be willing to review the record and inform
the subject individual or its contents at the representative's
discretion.
Requests in person: A subject individual who appears in person at
a specific location seeking access or disclosure of records relating
to him/her shall provide his/her name, current address, and at least
one piece of tangible identification such as driver's license,
passport, voter registration card, or union card. Identification
papers with current photographs are preferred but not required.
Additional identification may be requested when there is a request
for access to records which contain an apparent discrepancy between
information contained in the record and that provided by the
individual requesting access to the record. No vertification of
identity shall be required where the record is one which is required
to be disclosed under the Freedom of Information Act.
Request by mail: Requests for information and/or access to
records received by mail contain information providing the identity
of the writer and a reasonable description of the record desired.
Written requests must contain the name and address of the requester,
his/her date of birth and at least one piece of information which is
also contained in the subject record, and his/her signature for
comparison purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Contact the System Manager and give a reasonable description of
the record. An individual who requests access of a medical/dental
record shall at the time the request is made, designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of its contents at the
representative's discretion.
Contesting record procedures:
Contact the System Manager giving a reasonable description of the
record, specify the information you want to contest and state the
corrective action sought with supporting justification. The right to
contest records is limited to information which is incomplete,
irrelevant, or untimely (obsolete).
Record source categories:
Individual claimants.
Systems exempted from certain provisions of the act:
None.
09-15-0042
System name: Physician Shortage Area Scholarship Program, HHS/
HRS/BPHC.
Security classification:
None.
System location:
Division of Scholarships and Loan Repayments, Bureau of Primary
Health Care, Health Resources and Services Administration, 10th
Floor, West Tower Building, 4350 East West Highway, Bethesda,
Maryland.
Parklawn Computer Center, 5600 Fishers Lane, Room 2A-53,
Rockville, MD 20857.
Washington National Records Center, 4205 Suitland Road, Suitland,
MD 20409.
PHS Health Data Center, Gillis W. Long Hansen's Disease Center,
Carville, LA 70721.
Categories of individuals covered by the system:
Applicants for the recipients of Physician Shortage Area grants
in the field of medicine and osteopathy.
Categories of records in the system:
Grant applications, awards, and correspondence.
Authority for maintenance of the system:
Section 409(b) of the Health Professions Educational Assistance
Act of 1976, (42 U.S.C. 259g).
Purpose(s):
To select award recipients, and to monitor their payments, their
continued eligibility, and their placement in health manpower
shortage areas in fulfillment of their service obligations.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is revelant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute or rule,
regulation or order issued pursuant thereto.
Disclosure may be made to State Boards of Medical Examiners and
to equivalent State licensing boards of professional review actions
which adversely affect the clinical privileges of health care
professionals who either:
(1) Are or were employed by the Federal Government;
(2) Provide or have provided health care service under a fee-for-
service contract with the Federal Government; or
(3) Provide or have provided health care services on behalf of
the Federal Government as a volunteer or as a visiting fellow.
Boards of Medical Examiners and equivalent State licensing boards
are required by the Health Care Quality Improvement Act of 1986 and
by the Medicare and Medicaid Patient and Program Protection Act of
1987 to report this information to the National Practitioner Data
Bank.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 158a(f)) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purposes of
this disclosure are: (1) To provide an incentive for debtors to repay
delinquent Federal Government debts by making these debts of their
credit records, and (2) to enable HRSA to improve the quality of loan
and scholarship decisions by taking into account the financial
reliability of applicants. Disclosure of records will be limited to
the individual's name, Social Security number (SSN), and other
information necessary to establish the identity of the individual,
the amount, status, and history of the claim, and the agency or
program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders and magnetic tape.
Retrievability:
Name or program ID number.
Safeguards:
1. Authorized users:Administrative and staff personnel of the
Division of Scholarships and Loan Repayments and other components of
the Bureau of Primary Health Care who have responsibility for
implementing the Program.
2. Physical safeguards: Magnetic tapes, disks, other computer
equipment, and other forms of personal data are stored in areas where
fire and life safety codes are strictly enforced. Twenty-four hour,
7-day security guards perform random checks on the physical security
of the data. All documents are protected during lunch hours and
nonworking hours in locked file cabinets or locked storage areas.
3. Procedural safeguards: A password is required to access the
terminal and a data set name controls the release of data to only
authorized users. All users of personal information in connection
with the performance of their jobs protect information from public
view and from unauthorized personnel entering an unsupervised office.
Access to records is strictly limited to those staff members trained
in accordance with the Privacy Act.
Implementation guidelines: DHHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual; and the
DHHS Information Resources Management Manual, Part 6, ``ADP Systems
Security.''
Retention and disposal:
Applications, contracts and other records of selectees to the
program are retained through the completion or other disposition of
the scholarship service obligation. The records are then sent to the
Federal Records Center for a seven year retention period and then
disposed of in accordance with the Health Resources and Services
Administration Records Control Schedule.
System manager(s) and address:
Director, Division of Scholarships and Loan Repayments, Bureau of
Primary Health Care, Health Resources and Services Administration,
10th Floor, West Tower Building, 4350 East West Highway, Bethesda,
Maryland. MAILING ADDRESS: 10th Floor, West Tower Building, 4350 East
West Highway, Bethesda, Maryland. MAILING ADDRESS: 10th Floor, West
Tower Building, 4350 East West Highway, Rockville, MD 20857.
Notification procedure:
To determine if a record exists, write to the System Manager.
Individual must provide positive identification, such as driver's
license, passport, voter's registration card, union card, or a
written certification verifying his or her identity. Requestors
should also reasonably specify the record contents being sought.
Record access procedures:
Same as Notification Procedures.
Contesting record procedures:
Contact the System Manager giving a reasonable description of the
record, specify the information you want to contest, and state the
corrective action sought, with supporting justification.
Record source categories:
Applicant and applicant's health professions school.
Systems exempted from certain provisions of the act:
None.
09-15-0044
System name: Health Education Assistance Loan Program (HEAL)
Loan Control Master File, HHS/HRSA/BHPr.
Security classification:
None.
System location:
Division of Student Assistance, Bureau of Health Professions,
Health Resources and Services Administration, 5600 Fishers Lane, Room
8-37, Rockville, MD 20857.
Records are also located at contractor sites. A list of
contractor sites where individually-identifiable data are currently
located is available upon request to the System Manager.
Washington National Records Center, 4205 Suitland Road, Suitland,
MD 20409.
Categories of individuals covered by the system:
Recipients of Health Education Assistance Loans.
Categories of records in the system:
Contains name, social security number or other identifying
number, birthdate, demographic background, educational status, loan
location and status, and financial information about the individual
for whom the record is maintained. Contains lender and school
identification.
Authority for maintenance of the system:
Sections 701 and 702 of the Public Health Service Act, as amended
(42 U.S.C. 292), which authorize the establishment of a Federal
program of student loan insurance;
Section 715 of the Public Health Service Act, as amended (42
U.S.C. 292n), which directs the Secretary to require institutions to
provide information for each student who has a loan;
Debt Collection Act of 1982 (5 U.S.C. 5514 note); and
Section 222 of the Health Professions Training Assistant Act of
1985 (50 U.S.C. App. 462 note), which provides for a study on
compliance with the Selective Service Act;
Purpose(s):
The purpose of this system is to (1) identify students
participating in the HEAL Program; (2) monitor the loan status of
HEAL recipients, which includes the collection of overdue debts owed
under the HEAL Program; and (3) to compile and generate managerial
and statistical reports.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to Federal, State, or local agencies,
to private parties such as relatives, present and former employers,
business and personal aasociates, educational and financial
institutions, and collection agencies. The purpose of such
disclosures is to verify the identity of the loan applicant, to
determine program eligibility and benefits, to enforce the conditions
or terms of the loan, to counsel the borrower in repayment efforts,
to investigate possible fraud and abuse, to verify compliance with
program regulations, and to locate delinquent borrowers through
preclaims assistance. Information may be disclosed to educational or
financial institutions to assist them in loan management.
2. Disclosure may be made to a Congressional office from the
record of an individual in response to an inquiry from the
Congressional office made at the request of that individual.
3. The Department of Health and Human Services (HHS) may disclose
information fom this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmentaI party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
4. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with enforcing or
implementing the statute or any rule, regulation or order issued
pursuant thereto.
5. HRSA will disclose from this system of records a delinquent
debtor's name, address, Social Security number, and other information
necessary to identify him/her; the amount, status, and history of the
claim, and the agency or program under which the claim arose, as
follows:
a. To another Federal agency so that agency can effect a salary
offset for debts owed by Federal employees; if the claim arose under
the Social Security Act, the employee must have agreed in writing to
the salary offset.
b. To another Federal agency so that agency can effect an
authorized administrative offset; i.e., withhold money payable to or
held on behalf of debtors other than Federal employees.
c. To the Treasury Department, Internal Revenue Service (IRS), to
request a debtor's current mailing address to locate him/her for
purposes of either collecting or compromising a debt, or to have a
commercial credit report prepared.
6. Records may be disclosed to the General Accounting Office and
to the Office of Management and Budget for auditing financial
obligations to determine compliance with programmatic, statutory, and
regulatory provisions.
7. HRSA may disclose information from this system of records to a
consumer reporting agency (credit bureau) to obtain a commercial
credit report for the following purposes:
a. To establish creditworthiness of a loan applicant; and
b. To assess and verify the ability of a debtor to repay debts
owed to the Federal Government.
Disclosures are limited to the individual's name, address, Social
Security number and other information necessary to identify him/her;
the funding being sought or amount and status of the debt; and the
program under which the application or claim is being processed.
8. HRSA may disclose to the Treasury Department, Internal Revenue
Service (IRS), information about an individual applying for a loan
under any loan program authorized by the Public Health Service Act to
find out whether the loan applicant has a delinquent tax account.
This disclosure is for the sole purpose of determining the
applicant's creditworthiness and is limited to the individual's name,
address, Social Security number; other information necessary to
identify him/her, and the program for which the information is being
obtained.
9. HRSA will report to the Treasury Department, Internal Revenue
Service (IRS), as taxable income, the written-off amount of a debt
owed by an individual to the Federal Government when a debt becomes
partly or wholly uncollectable--either because the time period for
collection under the statute of limitations has expired, or because
the Government agrees with the individual to forgive or compromise
the debt.
10. HRSA will disclose to debt collection agents, other Federal
agencies, and other third parties who are authorized to collect a
Federal debt, information necessary to identify a delinquent debtor.
Disclosure will be limited to the debtor's name, address, Social
Security number, and other information necessary to identify him/her;
the amount, status, and history of the claim, and the agency or
program under which the claim arose.
11. HRSA will disclose information from this system of records to
any third party that may have information about a delinquent debtor's
current address, such as a U.S. post office, a consumer reporting
agency (credit bureau), a State motor vehicle administration, a
professional organization, an alumni association, etc., for the
purpose of obtaining the debtor's current address. This disclosure
will be limited to information necessary to identify the individual.
12. Records may be disclosed to the Director, Selective Service,
for the purpose of determining if draft eligible students
participating in the HEAL program are registrants of the Military
Selective Service System. Disclosure will be limited to the eligible
student's name and other information necessary to determine if the
individual is a registrant of the Military Selective Service System.
The purpose of this disclosure will result in aggregate data which
HEAL program managers will use to determine if health professions
schools are engaged in a pattern or practice of not complying with
the Military Selective Service Act.
13. Records may be disclosed to Department contractors and
subcontractors for the purpose of assisting HEAL program managers in
collating, compiling, aggregating, or analyzing records used in
administering the HEAL program. Contractors maintain, and are also
required to ensure that subcontractors maintain, Privacy Act
safeguards with respect to the records.
14. HRSA may disclose from this system of records to the
Department of Treasury, Internal Revenue Service (IRS): (1) A
delinquent debtor's name, address, Social Security number, and other
necessary information to identify the debtor; (2) the amount of the
debt; and (3) the program under which the debt arose, so that the IRS
can offset against the debt any income tax refunds which may be due
to the debtor.
15. HRSA may disclose the complete loan file of defaulted HEAL
recipients to potential purchasers of HEAL loans to enable them to
value and price the loans, and to actual purchasers to enable them to
collect the defaulted loans. The purpose of this disclosure will be
to facilitate the sale and collection of defaulted HEAL loans.
Potential purchasers are required to maintain Privacy Act safeguards
with respect to the records.
16. In accordance with the directive in 42 U.S.C. 292(c)(1), the
names of HEAL borrowers who are in default will be published in the
Federal Register by city and State along with the amounts of their
HEAL debts. The individual's address also may be published if the
address is a matter of public record as a result of legal proceedings
having been filed concerning the individual's HEAL debt.
17. In accordance with the directive in 42 U.S.C. 292h(c)(2),
disclosure may be made to relevant Federal agencies, schools, school
associations, professional and specialty associations, State
licensing boards, hospitals with which a HEAL defaulter may be
associated and other similar organizations, of a HEAL defaulter's
name, home and business addresses, Social Security number, and the
amount, status and history of the debt.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 158a(f)) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purposes of
these disclosures are: (1) To provide an incentive for debtors to
repay delinquent Federal Government debts by making these debts part
of their credit records, and (2) to enable HRSA to improve the
quality of loan and scholarship decisions by taking into account the
financial reliability of applicants. Disclosure of records will be
limited to the individual's name, Social Security number (SSN), and
other information necessary to establish the identity of the
individual, the amount, status, and history of the claim, and the
agency or program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, magnetic tape, and disc
packs.
Retrievability:
Social Security Number or other identifying number.
Safeguards:
1. Authorized users: Access is limited to authorized HEAL
personnel and contractors responsible for administering the HEAL
program. Authorized personnel include HEAL employees and officials,
financial and fiscal management personnel, computer personnel, and
program managers who have responsibilities for implementing the HEAL
program.
2. Physical safeguards: Magnetic tapes, disc packs, computer
equipment and other forms of personal data are stored in areas where
fire and life safety codes are strictly enforced. All documents are
protected during lunch hours and nonworking hours in locked file
cabinets or locked storage areas. Twenty-four hour, seven-day
security guards perform random checks on the physical security of the
records storage areas.
3. Procedural safeguards: A password is required to access the
terminal and a data set name controls the release of data to only
authorized users. All users of personal information in connection
with the performance of their jobs protect information from public
view and from unauthorized personnel entering an unsupervised office.
Access to records is strictly limited to those staff members
trained in accordance with the Privacy Act and ADP security
procedures. Contractors are required to maintain, and are also
required to ensure that subcontractors maintain, confidentiality
safeguards with respect to these records. Contractors and
subcontractors are instructed to make no further disclosure of the
records except as authorized by the System Manager and permitted by
the Privacy Act. All individuals who have access to these records
receive the appropriate ADP security clearances. HEAL personnel make
site visits to ADP facilities for the purpose of ensuring that ADP
security procedures continue to be met. Privacy Act and ADP system
security requirements are specifically included in contracts. The
HRSA project directors, project officers, and the System Manager
oversee compliance with these requirements.
4. Implementing guidelines: The safeguards described above were
established in accordance with DHHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General Administration Manual; and the
DHHS Information Resources Management Manual, Part 6, ``ADP Systems
Security.''
Retention and disposal:
Records will be retained for 5 years after the loan is repaid (1
year on site and 4 years at the Federal Records Center). Stored
computer data is retained for aggregate purposes and then destroyed.
System manager(s) and address:
Associate Director, Health Education Assistance Loan Program,
Division of Student Assistance, Bureau of Health Professions, Health
Resources and Services Administration, 5600 Fishers Lane, Room 8-37,
Rockville, MD 20857.
Notification procedure:
To find out if the system contains records about you contact the
System Manager.
Requests in person: A subject individual who appears in person at
a specific location seeking access or disclosure of records relating
to him/her shall provide his/her name, current address, and at least
one piece of tangible identification such as driver's license,
passport, voter registration card, or union card. Identification
papers with current photographs are preferred but not required.
Additional identification may be requested when there is a request
for access to records which contain an apparent discrepancy between
information contained in the record and that provided by the
individual requesting access to the record. No verification of
identity shall be required where the record is one which is required
to be disclosed under the Freedom of Information Act.
Requests by mail: Written requests for information and/or access
to records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired.
Written requests must contain the name and address of the
requester, his/her date of birth and at least one piece of
information which is also contained in the subject record, and his/
her signature for comparison purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should also provide a
reasonable description of the record being sought.
Requesters may also request an accounting of disclosures that
have been made of their records, if any.
Contesting record procedures:
Contact the System Manager, provide a reasonable description of
the record, specify the information being contested, the corrective
action sought, and the reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Individual loan recipients, HEAL schools, lenders, and holders of
HEAL loans and their agents.
Systems exempted from certain provisions of the act:
None.
09-15-0046
System name: Health Professions Planning and Evaluation, HHS/
HRSA/OA.
Security classification:
None.
System location:
This system of records is an umbrella system comprising separate
sets of records located either in the organizations responsible for
conducting evaluations or at the sites of programs or activities
under evaluation. Locations include the Health Resources and Services
Administration (HRSA) facilities in Rockville, Maryland, or
facilities of contractors of HRSA. Write to the System Manager for a
list of current locations.
Categories of individuals covered by the system:
Health professionals and students in the various health
professions. Physicians, dentists, pharmacists, optometrists,
podiatrists, veterinarians, public health personnel, audiologists,
speech pathologists, health care administration personnel, nurses,
allied health personnel, medical technologists, chiropractors,
clinical psychologists, and other health personnel may be included.
Categories of records in the system:
Name, address, health profession, education history, academic
grades, employment history, nationality, race, ethnicity, economic
background, and sex. The specific data items collected and maintained
are determined by the needs of the individual project.
Authority for maintenance of the system:
Authority is found in the following sections of the Public Health
Service Act; Title III, Part D, Primary Health Care, (42 U.S.C.
245b); Title VII, Health Research and Training Facilities and
Training of Professional Health Personnel, (42 U.S.C. 292); Title
VIII, Nurse Education, (42 U.S.C. 296k); and Title XXVI,(42 U.S.C.
300ff-11); section 241 (42 U.S.C. 238); and section 301 (42 U.S.C.
241).
Authority is also found in section 401 of the Health Care Quality
Improvement Act of 1986 (42 U.S.C. 11101 note).
Purpose(s):
The Health Resources and Services Administration uses various
records in this system to identify problems in the health care
training and delivery systems to plan programs to correct those
problems, and to evaluate the effectiveness of the resultant
programs. The agency assesses the current supply of health
professionals and predicts the supply needs of the future. The agency
determines nationwide requirements as well as the needs of specific
areas.
The agency also collects data on the educational system which
supplies health professionals and on specific health education
programs. The data are used to develop and test new methods of
training and utilizing health professionals.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. A record may be disclosed for a research purpose, when the
Department:
(a) Has determined that the use or disclosure does not violate
legal or policy limitations under which the record was provided,
collected, or obtained;
(b) Has determined that the research purpose (1) cannot be
reasonably accomplished unless the record is provided in individually
identifiable form, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring;
(c) Has required the recipient to--(1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, (2) remove or destroy
the information that identifies the individual at the earliest time
at which removal or destruction can be accomplished consistent with
the purpose of the research project, unless the recipient has
presented adequate justification of a research or health nature for
retaining such information, and (3) make no further use or disclosure
of the record except--(A) in emergency circumstances affecting the
health or safety of any individual, (B) for use in another research
project, under these same conditions, and with written authorization
of the Department, (C) for disclosure to a properly identified person
for the purpose of an audit related to the research project, if
information that would enable research subjects to be identified is
removed or destroyed at the earliest opportunity consistent with the
purpose of the audit, or (D) when required by law; and
(d) Has secured a written statement attesting to the recipient's
understanding of, and willingness to abide by these provisions.
3. Disclosure may be made to HHS contractors and their staff, in
order to accomplish any of the purposes of the system of records. The
recipients are required to protect such records from improper
disclosure and to maintain Privacy Act safeguards.
4. The Department may disclose information from this system of
records to the Department of Justice, or to a court or other
tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, magnetic tape, card files, microfilm, microfiche,
and disk storage. The needs of each project determine the types of
storage actually used.
Retrievability:
By name. In some instances an assigned number may be used to
retrieve records.
Safeguards:
Locked building, locked rooms, locked file cabinets, personnel
screening, locked computer rooms and computer tape vault, guard
service, password protection of automated records and limited access
to only authorized personnel may be used. Particular safeguards are
selected as appropriate to the type of records included in each
project. Authorized personnel are generally limited to contractor
personnel directly involved in data collection, compilation, and
analysis. (Safeguards are in accordance with Part 6, ADP Systems
Security, of the Department's Information Resources Management
Manual, with Chapter 45-13, Safeguarding Records Contained in Systems
of Records, of the Department's General Administration Manual, and
with supplementary Chapter PHS.hf: 45-13.)
Retention and disposal:
The contractor removes personal identifiers and destroys the
records when they are no longer needed, as appropriate to the
specific project. (Records may be retired to a Federal Records Center
and subsequently disposed of in accordance with the Records Control
Schedule of the Health Resources and Services Administration.) You
may obtain a copy of the disposal standard for a particular project
by writing to the System Manager.
System manager(s) and address:
Deputy Director, Division of Information and Analysis, Office of
Planning, Evaluation and Legislation, HRSA, 5600 Fishers Lane, Room
14-36, Rockville, MD 20857.
Notification procedure:
To determine if you are the subject of a record, contact the
System Manager and provide suitable identification and, if possible,
information about the specific project.
Record access procedures:
To obtain access to your record, contact the System Manager and
provide suitable identification, a reasonable description of the
record and, if possible, information about the specific project. You
may also request a list of accountable disclosures that have been
made of your record.
Contesting record procedures:
To correct your record, contact the System Manager and provide
(a) suitable identification, (b) a reasonable description of the
record, (c) the specific information you want corrected, and (d) a
precise description of the correction, with supporting justification.
The right to contest records is limited to information which is
incomplete, irrelevant, or untimely (obsolete).
Record source categories:
Subject individuals, State and local health departments, other
health providers, health professions schools, and health professions
associations may provide information depending on the individual
project involved.
Systems exempted from certain provisions of the act:
None.
09-15-0054
System name:
National Practitioner Data Bank for Adverse Information on
Physicians and Other Health Care Practitioners, HHS/HRSA/BHPr.
Security classification:
None.
System location:
The SRA Corporation (the Contractor) operates the National
Practitioner Data Bank (Data Bank) under contract with the Bureau of
Health Professions (BHPr), Health Resources and Services
Administration (HRSA). Records are located at the following address:
National Practitioner Data Bank, PO Box 10832, Chantilly, VA 20151.
For security reasons, the street address cannot be disclosed.
Categories of individuals covered by the system:
Health care practitioners including physicians, dentists, and all
other health care practitioners (such as nurses, optometrists,
pharmacists, and podiatrists), licensed or otherwise authorized by a
State to provide health care services, on whose behalf a payment has
been made as a result of a malpractice action or claim; physicians
and dentists who are the subject of licensure disciplinary actions;
and physicians, dentists and other health care practitioners who are
on medical staffs or who hold clinical privileges, or who are members
of professional societies, against whom certain adverse actions have
been taken as a result of a professional review action.
Categories of records in the system:
1. For malpractice payments. Information on the physician,
dentist or other licensed health care practitioner such as name; work
address; home address, if known; Social Security number, if known,
and obtained in accordance with section 7 of the Privacy Act of 1974;
date of birth; name of each professional school attended and year of
graduation; for each professional license: The license number, the
field of licensure, and the name of the State or Territory in which
the license is held; Drug Enforcement Administration registration
number(s), if known; and name of each hospital with which the
practitioner is affiliated, if known. Information on the person or
entity making the payment, such as the name and address of the person
or entity making the payment; and the name, title, and telephone
number of the responsible official submitting the report on behalf of
the entity.
Information on the payments, such as the date of the occurrence
of the acts or omissions upon which the action or claim was based
occurred; date and amount of payment; description of the acts or
omissions and injuries or illnesses upon which the action or claim
was based; and classification of the acts or omission per reporting
code.
2. For State Medical or Dental Board actions. Information such
as: The physician's or dentist's name; work address; homes address,
if known; Social Security number, if known, and if obtained in
accordance with section 7 of the Privacy Act of 1974; date of birth;
name of each professional school attended and year of graduation; for
each professional license: The license number, the field of
licensure, and the name of the State or Territory in which the
license is held; Drug Enforcement Administration registration number,
if known; description of the acts or omission or other reasons for
the action taken; description of the Board action; the date the
action was taken and its effective date; and classification of the
action per reporting code.
3. For certain professional review actions. Information such as
the physician's, dentist's or other health care practitioner's name;
work address; home address, if known; date of birth; name of each
professional school attended and year of graduation; for each
professional license: The license number, the field of licensure, and
the names of the State or Territory in which the license is held;
Drug Enforcement Administration registration number, if known; Social
Security number, if known, and if obtained in accordance with section
7 of the Privacy Act of 1974; description of the acts or omissions or
other reasons for clinical privilege or professional society
membership loss or, if known, for surrender; and action taken, date
the action was taken, and effective date the action was taken, and
effective date of the action.
4. Inquiry file. Copies of all inquiries received by the Data
Bank.
5. For OIG Medicare/Medicaid Exclusions. Under authority of
section 1106(a) of the Social Security Act, 42 CFR 401.105, and
routine use exception of the Privacy Act (5 U.S.C. 522a(b)(3)), HCFA
will provide certain specific information on physicians,
practitioners, providers, and other health care entities which the
OIG has excluded from participation in and from recovering payment
from the Medicare and Medicaid programs. HCFA will provide
information such as the physician's, dentist's or other health care
practitioner's name; Social Security number (used for Data Bank
matching purposes only; not disclosed to authorized queriers); HCFA's
unique practitioner identifier number; date of birth; basis for
exclusion; facts about the exclusion; status of exclusion; and other
information as necessary to ensure proper identification.
Authority for maintenance of the system:
Under the Health Care Quality Improvement Act of 1986 (the Act),
as amended, section 424(b), 42 U.S.C. 11134(b), authorizes the
maintenance of records of medical malpractice payments, disciplinary
actions taken by Boards of Medical Examiners, and professional review
actions taken by health care entities.
Purpose(s):
The purposes of the system are to (1) Receive from insurance
companies and others making payments as a result of malpractice
actions or claims, State Medical and Dental Boards, and health care
entities, information pertaining to the professional performance or
conduct of physicians, dentists and other licensed health care
practitioners; and (2) disseminate such data to health care entities,
to State professional licensing boards, and to others as authorized
by the Act.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Data may be disclosed to:
1. A hospital requesting data concerning a physician, dentist or
other health care practitioner who is on its medical staff (courtesy
or otherwise) or who has clinical privileges at the hospital, for the
purpose of: (a) Screening the professional qualifications of
individuals who apply for staff positions or clinical privileges at
the hospital; and (b) meeting the requirements of the Health Care
Quality Improvement Act of 1986, which also prescribes that a
hospital must query the Bank once every 2 years regarding all
individuals on its medical staff or who hold clinical privileges.
2. Other health care entities, as defined in 45 CFR 60.3, to
which a physician, dentist or other health care practitioner has
applied for clinical privileges or appointment to the medical staff
or who has entered or may be entering an employment or affiliation
relationship. The purpose of these disclosures is to identify
individuals whose professional conduct may be unsatisfactory.
3. A health care entity with respect to professional review
activity. The purpose of these disclosures is to aid health care
entities in the conduct of professional review activities, such as
those involving determinations of whether a physician, dentist, or
other health care practitioner may be granted membership in a
professional society; the conditions of such membership, or of
changes to such membership; and ongoing professional review
activities conducted by a health care entity which provides health
care services, of the professional performance or professional
conduct of a physician, dentist, or other health care practitioner.
4. A State professional licensing board conducting a review of an
individual. The purpose of these disclosures is to aid the board in
meeting its responsibility to protect the health of the population in
its jurisdiction, by identifying individuals whose professional
performance or professional conduct may be unsatisfactory.
5. An attorney, or individual representing himself or herself,
who has filed a medical malpractice action or claim in a State or
Federal court or other adjudicative body against a hospital, and who
requests information regarding a specific physician, dentist, or
other health care practitioner who is also named in the action or
claim provided that (a) This information will be disclosed only upon
the submission of evidence that the hospital failed to request
information from the Bank as required by law, and (b) the information
will be used solely with respect to litigation resulting from the
action or claim against the hospital. The purpose of these
disclosures is to permit an attorney (or a person representing
himself or herself in a medical malpractice action) to have
information from the Bank on a health care practitioner, under the
conditions set out in this routine use.
6. Any Federal entity, employing or otherwise engaging under
arrangement (e.g., such as a contract) the services of a physician,
dentist, or other health care practitioner, or having the authority
to sanction such practitioners covered by a Federal program, which
(a) Enters into a memorandum of understanding with HHS regarding its
participation in the Bank; (b) engages in a professional review
activity in determining an adverse action against a practitioner; and
(c) maintains a Privacy Act system of records regarding the health
care practitioners it employs, or whose services it engages under
arrangement. The purpose of such disclosures is to enable hospitals
and other facilities and health care providers under the jurisdiction
of Federal agencies such as the Public Health Service, HHS; the
Department of Defense; the Department of Veterans' Affairs; the U.S.
Coast Guard; and the Bureau of Prisons, Department of Justice, to
participate in the Bank. The Health Care Quality Improvement Act of
1986 includes provisions regarding the participation of such
agencies, and of the Federal Drug Enforcement Administration, in the
Bank.
7. In the event of litigation where the defendant is (a) The
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to affect directly the operation of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Department of Justice has agreed to
represent such employee, for example in defending a claim against the
Public Health Service based upon an individual's mental or physical
condition and alleged to have arisen because of activities of the
Public Health Service in connection with such individual, disclosures
may be made to the Department of Justice to enable the Department to
present an effective defense, provided that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in electronic folders, on magnetic tape,
and/or disks.
Retrievability:
Retrieval will be by use of personal identifiers, including a
unique identifier assigned by the Data Bank.
Safeguards:
1. Authorized Users: Access to records is limited to designated
employees of the Contractor and to designated HRSA staff. The Data
Bank Project Director and Manager of Operations are among the
Contractor's employees who are authorized users. The Contracting
Officer's Technical Representative (COTR) and AIS Security Officer
are among the HRSA staff who are authorized users. Both HRSA and the
contractor maintain lists of authorized users.
2. Physical Safeguards: Magnetic tapes, disks, computer
equipment, and hard copy files are stored in areas where fire and
environmental safety codes are strictly enforced. All automated and
nonautomated documents are protected on a 24-hour basis. Perimeter
security includes intrusion alarms, random guard patrols, monitors,
key/passcard/combination controls, receptionist controlled area, and
reception alarm button.
3. Procedural and Technical Safeguards: A password is required to
access the system, and additional identification numbers and
passwords, to limit access to data to only authorized users. All
users of personal information, in connection with the performance of
their jobs, protect information from public view and from
unauthorized personnel entering an unsupervised area. All authorized
users will sign a nondisclosure statement. To protect the
confidentiality of information contained in the system, when a person
leaves or no longer has authorized duties, the Security Officer
deletes his or her identification number and password, retrieves all-
electronic access cards, and changes all combinations to which the
departing employee had access. The system automatically logs all
access to data resources.
Access to records is limited to those authorized personnel
trained in accordance with the Privacy Act and ADP security
procedures. The Contractor is required to assure the confidentiality
safeguards of these records and to comply with all provisions of the
Privacy Act. All individuals who have access to these records must
have the appropriate ADP security clearances. Privacy Act and ADP
system security requirements are included in the contract with the
SRA Corporation. In addition, the Data Bank Project Officer and the
System Manager oversee compliance with these requirements. HRSA staff
who are authorized users will make site visits to the Contractor's
facilities to assure compliance with security and Privacy Act
requirements.
The safeguards described above were established in accordance
with DHHS Chapter 45-13 and supplementary Chapter PHS hf: 45-13 of
the General Administration Manual, and the DHHS Information Resources
Management Manual, Part 6. ``ADP Systems Security.''
Retention and disposal:
1. Project Director's Subject File-- significant documents
associated with the creation and maintenance of the Data Bank, such
as essential policy documents, regulations, and handbooks.
Authorized disposition is permanent. Cut off superseded materials
annually. Transfer to the WNRC in 5-year blocks when 5 years old.
Transfer to the National Archives 5 years thereafter. Annual
accumulation is less than one cubic foot. Amount on hand is less than
one cubic foot.
2. Source Documents--reporting and query forms.
Authorized disposition is temporary. Destroy hardcopy forms after
conversion to microfilm when no longer needed for administrative
purposes. Dispose of microfilm and diskettes in contractor office
space when no longer needed to support the reconstruction of, or
serve as a backup to, the Master File, whichever is later.
3. Master file and associated documentation.
Authorized disposition is not authorized. Maintain until NARA and
HRSA agree on a disposition. Data may be cut off annually. As the
data and documentation remain unscheduled, maintenance and storage
procedures shall conform with the provisions laid out in 36 CFR
1234.28.
4. General administrative records associated with the
establishment and maintenance of the Data Bank, both at the
contractor and at HRSA.
Authorized disposition is temporary. Destroy when no longer
needed for administrative purposes.
System manager(s) and address:
Director, Division of Quality Assurance, Bureau of Health
Professions, Health Resources and Services Administration, Room 8A-
55, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857.
Notification procedure:
An individual is informed when a record concerning himself or
herself is entered into the Data Bank, with the exception of HCFA
exclusion reports.
Requests by mail: Practitioners may submit a ``Request for
Information Disclosure'' to the address under system location for any
report on themselves. The request must contain the following: Name,
address, date of birth, gender, Social Security Number (optional),
professional schools and years of graduation, and the professional
license(s). For license, include: The license number, the field of
licensure, the name of the State or Territory in which the license is
held, and Drug Enforcement Administration registration number(s).
Practitioners must sign and have notarized their requests. Submitting
a request under false pretenses is a criminal offense subject to, at
a minimum, a $5,000 fine under provisions of the Privacy Act, and to
a $10,000 fine under provisions of the Health Care Quality
Improvement Act of 1986.
Requests in person: Due to security considerations, the Data Bank
cannot accept requests in person.
Request by telephone: Practitioners may provide all of the
identifying information stated above to the Data Bank Helpline
operator. Before the data request is fulfilled, the operator will
return a paper copy of this information for verification, signature
and notarization.
Record access procedures:
Same as notification procedures. Requesters will receive an
accounting of disclosure that has been made of their records, if any.
Contesting record procedures:
The Data Bank routinely mails a copy of any report filed (other
than those filed by HCFA) in it to the subject individual. Any record
subject may contest the accuracy of information in the Data Bank
(except information filed by HCFA) concerning himself or herself and
file a dispute. To dispute the accuracy of the information, the
individual must notify the Data Bank by: (1) Identifying the record
involved; (2) specifying the information being contested; (3) stating
the corrective action sought and reason for requesting the
correcting; and (4) submitting supporting justification and/or
documentation to show how the record is inaccurate. At the same time,
the individual must notify the reporting entity, in writing.
Additional detail on the process of dispute resolution can be
found at 45 CFR part 60 under Sec. 60.14 of the Data Bank
regulations.
Record source categories:
Entities that have submitted records on individuals contained in
the system; insurance companies and others who have made payment as a
result of a malpractice action or claim; State Medical Boards; State
Boards of Dentistry; State Licensing Boards; hospitals and other
health care entities as defined in the Act; the Drug Enforcement
Administration; and Federal entities which employ health
practitioners or which have authority to sanction such practitioners
covered by a Federal program.
Systems exempted from certain provisions of the act:
None.
09-15-0055
System name: Organ Procurement and Transplantation Network
(OPTN) Data System, HHS/HRSA/BHRD.
Security classification:
None.
System location:
United Network for Organ Sharing (UNOS), PO Box 13770, 1100
Boulders Parkway, Suite 500, Richmond, Virginia 23225.
Categories of individuals covered by the system:
Persons from whom organs have been obtained for translantation,
persons who are candidates for organ transplantation, and persons who
have been recipients of transplanted organs.
Categories of records in the system:
Donor registration, transplant recipient registration,
histocompatibility forms, and transplant recipient follow-up forms.
Data items include: Name, Social Security number (voluntary),
identifiers assigned by OPTN contractors, hospital and hospital
provider number, city and State, race/ethnicity, date and time of
organ recovery and transplantation, name of transplant center,
histocompatibility status, patient condition before and after
transplantation, immunosuppressive medication, and cause of death (if
appropriate).
Authority for maintenance of the system:
42 U.S.C. 274 requires that the Secretary, by contract, provide
for the establishment and operation of an OPTN, and 42 U.S.C. 274a
requires that the Secretary, by grant or contract, develop and
maintain a Scientific Registry of the recipients of organ
transplants.
Purpose(s):
The purpose of the system is to: (1) Match donor organs with
recipients; (2) monitor compliance of member organizations with
membership requirements of the OPTN; (3) review and report
periodically on the status of organ donation and transplantation in
the United States; and (4) assist the Health Care Financing
Administration (HCFA) in evaluating their financial support of organ
transplantation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The Health Resources and Services Administration (HRSA),
through its contractor, may disclose records regarding organ donors,
organ transplant candidates, and organ transplant recipients to
transplant centers, histocompatibility laboratories, and organ
procurement organizations, provided that such disclosure is
compatible with the purpose for which the records were collected.
These records consist of Social Security numbers, other patient
identification information and pertinent medical information.
2. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to effect directly the operation of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Department of Justice has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service in connection with such individual,
disclosure may be made to the Department of Justice to enable the
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
3. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
4. A record may be disclosed for a research purpose, when the
Department:
a. Has determined that the use or disclosure does not violate
legal or policy limitations under which the record was provided,
collected, or obtained;
b. Has determined that the research purpose (1) cannot be
reasonably accomplished unless the record is provided in individually
identifiable forms, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring;
c. Has required the recipient to (1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, (2) remove or destroy
the information that identifies the individual at the earliest time
at which removal or destruction can be accomplished consistent with
the purpose of the research project, unless the recipient has
presented adequate justification of a research or health nature for
retaining such information, and (3) make no further use or disclosure
of the record except (a) in emergency circumstances affecting the
health or safety of any individual, (b) for use in another research
project, under these same conditions, and with written authorization
of the Department, (c) for disclosure to a properly identified person
for the purpose of an audit related to the research project, if
information that would enable research subjects to be identified is
removed or destroyed at the earliest opportunity consistent with the
purpose of the audit, or (d) when required by law; and
d. Has secured a written statement attesting to the recipient's
understanding of, and willingness to abide by these provisions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, magnetic tapes, and disc
packs.
Safeguards:
1. Authorized users: Access is limited to authorized Health
Resources and Services Administration (HRSA) and contract personnel
responsible for administering the program. Authorized personnel
include the System Manager and Project Officer, and the HRSA
Automated Information System (AIS) Systems Security Officer; and the
program managers who have responsibilities for implementing the
program. Both HRSA and the contractor shall maintain current lists of
authorized users
2. Physical safeguards: Magnetic tapes, disc packs, computer
equipment, and hard-copy files are stored in areas where fire and
life safety codes are strictly enforced. All automated and
nonautomated documents are protected on a 24-hour basis in locked
storage areas. Security guards perform random checks on the physical
security of the records storage area. The contractor is required to
maintain off site a complete copy of the system and all necessary
files to run the computer organ donor-recipient match and update
software.
3. Procedural safeguards: A password is required to access the
terminal and a data set name controls the release of data to only
authorized users. All users of personal information in connection
with the performance of their jobs protect information from public
view and from unauthorized personnel entering an unsupervised office.
All authorized users must sign a nondisclosure statement. Access to
records is limited to those staff members trained in accordance with
the Privacy Act and Automated Data Processing (ADP) security
procedures. The contractor is required to assure that the
confidentiality safeguards of these records will be employed and that
it complies with all provisions of the Privacy Act. All individuals
who have access to these records must have the appropriate ADP
security clearances. Privacy Act and ADP system security requirements
are included in the contract. The HRSA Project Officer and the System
Manager oversee compliance with these requirements. The HRSA
authorized users will make visits to the contractor's facilities to
assure security and Privacy Act compliance.
Retention and disposal:
Each record shall be retained for 25 years beyond the known death
of the organ recipient.
System manager(s) and address:
Chief, Operations and Analysis Branch, Division of
Transplantation, Office of Special Programs, Health Resources and
Services Administration, 5600 Fishers Lane, Room 7-18, Rockville,
Maryland 20857.
Notification procedure:
1. Requests by mail: To determine if a record about you exists,
write to the contractor operating the bank (see SYSTEM LOCATION). The
request should contain the name and address of the individual; the
Social Security number if the individual chooses to provide it; the
name of his/her transplant center, a written statement that the
requester is the person he/she claims to be and that he/she
understands that the request or acquisition of records pertaining to
another individual under false pretenses is a criminal offense
subject to a 5,000 dollars fine.
2. Requests in person: The individual must meet all the
requirements stated above for a request by mail, providing the
information in written form. The individual should recognize that in
order to maintain confidentiality, and thus the accuracy of data
released through repeated internal verification, securing the
information by request in person will be time consuming.
3. Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requestors should also provide a
reasonable description of the record being sought. Requestors also
may request an accounting of disclosures that have been made of their
records, if any.
A parent or guardian who requests notification of, or access to,
a minor's/incompetent person's medical record shall designate a
family physician or other health professional (other than a family
member) to whom the record, if any, will be sent. The parent or
guardian must verify relationship to the minor/incompetent person as
well as his/her own identity.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above and reasonably identify the record, specify the
information being contested, and the corrective action sought, and
your reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Organ procurement organizations, histocompatibility laboratories,
and organ transplant centers.
Systems exempted from certain provisions of the act:
None.
09-15-0056
System name: National Vaccine Injury Compensation Program, HHS/
HRSA/BHPr.
Security classification:
None.
System location:
Bureau of Health Professions (BHPr), Health Resources and
Services Administration (HRSA), 5600 Fishers Lane, Room 8A-35,
Rockville, Maryland 20857.
Categories of individuals covered by the system:
Persons filing claims (petitioners) under the National Vaccine
Injury Compensation Program (NVICP).
Categories of records in the system:
Petition for compensation, including petitioner's name and name
of person vaccinated if different from petitioner, and all relevant
medical records, (including autopsy reports and slides, radiological
films, and home videos, if any), appropriate assessments,
evaluations, prognoses, and such other records and documents as are
reasonably necessary for the determination of eligibility for and the
amount of compensation to be paid to, or on behalf of, the person who
suffered such injury or who died from the administration of the
vaccine.
Authority for maintenance of the system:
42 U.S.C. 300aa-11 and Executive Order 9397 regarding the Use of
Social Security Number.
Purpose(s):
1. To determine eligibility of petitioners to receive
compensation under the National Vaccine Injury Compensation Program.
2. To compensate successful petitioners in the amount determined
by the court.
3. To evaluate vaccine safety through research programs.
Routine uses of records maintained in the system, including
categories of user and the purposes of such uses:
1. Disclosures may be made to a Congressional office from the
record of an individual, in response to an inquiry from the
Congressional office made at the written request of the individual.
2. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Department of Justice (DOJ) has agreed
to represent such employee, for example in defending against a claim
based upon an individual's mental or physical condition and alleged
to have risen because of activities of the Public Health Service in
connection with such individual, the Department may disclose such
records as it deems desirable or necessary to the DOJ to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
3. HRSA will contract with expert medical consultants for the
purpose of obtaining advice on petitioner's eligibility for
compensation. Relevant records may be disclosed to such consultants.
The consultants shall be required to maintain Privacy Act safeguards
with respect to such records and return all records to HRSA.
4. HRSA will release the petitioner's complete medical file and
may release consultants' report to the DOJ and the Special Master of
the U.S. Court of Federal Claims for adjudication of the compensation
claim.
5. HRSA will disclose for publication in the Federal Register the
name of the petitioner, the name of the person vaccinated, if not the
petitioner, the city and State where the vaccine was administered and
the U.S. Court of Federal Claims' Docket Number as required by the
National Childhood Vaccine Injury Act.
6. Records may be disclosed to organizations deemed qualified by
the Secretary for the purpose of evaluating the administration,
process, or outcomes of the National Vaccine Injury Compensation
Program (as required by Congress). The purpose of the disclosure is
to document the extent to which the National Vaccine Compensation
Program is satisfying the goals and objectives of its authorizing
legislation, i.e., maintaining a system for compensating those who
have been injured by a vaccine that is fair and expeditious.
Organizations to which information is disclosed for this use shall be
required to maintain Privacy Act safeguards with respect to such
records.
7. A record may be disclosed to annuity brokers and to employees
of life insurance companies for the purposes of obtaining financial
advice and for the purchase of contracts to provide benefits to
recipients of benefits under the Program. Organizations to which
information is disclosed for this use will be required to maintain
Privacy Act safeguards with respect to such records.
8. A record may be disclosed to contractors for the purpose of
providing medical review, analysis and determination as to whether
petitions meet the medical requirements for compensation. Contractors
will be required to maintain Privacy Act safeguards with respect to
such records.
9. A record may be disclosed for a research purpose when the
Department:
(A) Has determined that the disclosure does not violate legal or
policy limitations under which the record was provided, collected, or
obtained;
(B) Has determined that the research purpose:
(1) Is consistent with the purpose for which the program was
formed, which includes but is not limited to evaluating the safety of
vaccines covered under the Program,
(2) Cannot be reasonably accomplished with information in
statistical form, and must be provided in an identifiable form to
accomplish the research purpose, and
(3) Warrants the risk to the privacy of the individual that
additional exposure of the record might bring;
(C) Has required the recipient to:
(1) Establish reasonable administrative, technical and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) Remove or destroy the information that identifies the
individual at the earliest time at which removal or destruction can
be accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and
(3) Make no further use of the record except:
(a) In emergency circumstances affecting the health or safety of
any individual,
(b) For disclosure to a properly identified person for the
purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or
(c) When required by law; and
(D) Has secured a written statement attesting to the recipient's
understanding of and willingness to abide by these provisions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders and disks.
Retrievability:
(1) Docket number assigned by the U.S. Claims Court;
(2)petitioner and/or name of person vaccinated.
Safeguards:
1. Authorized users: Access is limited to the System Manager and
authorized HRSA/BHPr personnel responsible for administering the
program. HRSA/BHPr will maintain a current list of authorized users.
2. Physical safeguards: All files are stored in an electronic
carriage filing system which can be locked and secured during non-
work hours; disk packs and computer equipment are retained in areas
where fire and safety codes are strictly enforced. All automated and
non-automated documents are protected on a 24-hour basis in security
areas. Security guards perform random checks of the physical security
of the record storage area.
3. Procedural safeguards: HRSA/BHPr has established stringent
safeguards in line with the sensitivity of the records. These
include: Transmitting records to consultants by Federal Express,
United Parcel Service, or other courier service to ensure that a
signature is required upon receipt of the records; escorting visitors
into areas where records are maintained; utilizing passwords for
computer access; and securing areas where records are stored. A
password is required to access the terminal and the data set name
controls the release of data only to authorized users. All users of
personal information in connection with the performance of their jobs
protect information from public view and from unauthorized personnel
entering an unsupervised office.
Retention and disposal:
The records shall be disposed of by shredding twenty-five years
after the termination of all administrative and judicial proceedings,
determined by a final adjudication. Upon written notification to the
Government, the petitioner shall have the right to reclaim the
original medical records submitted to the Government, after the final
adjudication.
System manager(s) and address:
Associate Administrator for Health Professions, Bureau of Health
Professions, Health Resources and Services Administration, 5600
Fishers Lane, Room 8-05, Rockville, MD 20857.
Notification procedure:
Requests must be made to the System Manager at the above address.
Request in person: A subject individual who appears in person
seeking access or disclosure of records relating to him/her shall
provide his/her name, current address, and at least one piece of
tangible identification such ��as a driver's license, passport, voter
registration card, or union card. Identification papers with current
photographs are preferred but not required. Additional identification
may be requested when there is a request for access to records which
contain an apparent discrepancy between information contained in the
records and that provided by the individual requesting access to the
record. No verification of identity shall be required where the
record is one which is required to be disclosed under the Freedom of
Information Act.
Requests by mail: To determine if a record exist about you, write
to the System Manager. The request must contain the name and address
of the individual, assigned court docket number (if known), and a
written statement that the requester is the person he/she claims to
be and that he/she understands that the request or acquisition of
records pertaining to another individual, under false pretenses, is a
criminal offense subject to a $5000 fine.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedure:
Same as notification procedures. Individuals may also request an
accounting of disclosures that have been made of their records, if
any.
Contesting record procedure:
Contact the appropriate official at the address specified under
Notification Procedures above and reasonably identify the record,
specify the information being contested, and state the corrective
action sought and the reason(s) for requesting the correction, along
with supporting justification to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Petitioner, petitioner's legal representative, health care
providers, and other interested persons.
Systems exempted from certain provisions of the Act:
None.
09-15-0057
System name: Scholarships for the Undergraduate Education of
Professional Nurses Grant Programs, HHS/HRSA/BHPr.
Security classification:
None.
System location:
Division of Student Assistance, Bureau of Health Professions,
Health Resources and Services Administration, Room 8-34, 5600 Fishers
Lane, Rockville, MD 20857.
Division of Computer Research and Technology, National Institutes
of Health, Building 12, 9000 Rockville Pike, Bethesda, MD 20205.
Categories of individuals covered by the system:
Applicants for and recipients of Scholarships for the
Undergraduate Education of Professional Nurses Grant Program.
Categories of records in the system:
Contains name, Social Security number, school identifier, grant
number, birthdate, demographic background, educational status, school
location, employment status, payback status, and financial
information about the individual for whom the record is maintained.
Authority for maintenance of the system:
Public Health Service Act, as amended, section 843 (42 U.S.C.
297j). This section authorizes the establishment of a grant program
to be administered by schools of nursing for the awarding of
Scholarships for the Undergraduate Education of Professional Nurses.
Executive Order 9397 regarding the use of Social Security number.
Purpose(s):
1. To maintain all information relative to the application for an
awarding of scholarship(s) to an individual.
2. To monitor recipient's continued eligibility.
3. To monitor recipient's employment in nursing shortage areas in
fulfillment of recipient's service obligations.
4. To monitor all repayment actions until the repayment
obligation is satisfied.
5. To compile and generate managerial and statistical reports.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual, in response to an inquiry from the
congressional office made at the request of the individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof, where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in such case HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
3. HRSA will disclose to debt collection agents, other Federal
agencies, and other third parties who are authorized to collect or
compromise a Federal debt, information necessary to identify a
delinquent debtor. Disclosure will be limited to the debtor's name,
address, Social Security number, and other information necessary to
identify him/her; the amount, status, and history of the claim, and
the agency or program under which the claim arose.
4. Records may be disclosed to authorized persons employed at
educational institutions where the recipient received a scholarship.
The purpose of this disclosure is to assist institutions in
identifying defaulted scholarship recipients (hereafter called
debtors) in order to enforce the conditions and terms of such
scholarships.
5. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute or rule,
regulation or order issued pursuant thereto.
6. HRSA will disclose from this system of records a debtor's
name, address, Social Security number, and other information
necessary to identify him/her; the amount, status, and history of the
claim, and the agency or program under which the claim arose, as
follows: (a) To another Federal agency so that agency can effect a
salary offset for debts owed by Federal employees; if the claim arose
under the Social Security Act, the emplnyee must have agreed in
writing to the salary offset; (b) to another Federal agency so that
agency can effect an authorized administrative offset (i.e., withhold
money payable to or held on behalf of debtors other than Federal
employees); (c) to the Treasury Department, Internal Revenue Service
(IRS), to request a debtor's current mailing address to locate him/
her for purposes of either collecting or compromisng a debt, or to
have a commercial credit report prepared.
7. Records may be disclosed to the General Accounting Office and
to the Office of Management and Budget for auditing financial
obligations to determine compliance with programmatic, statutory, and
regulatory provisions.
8. HRSA may disclose information from this system of records to
another Federal agency that has asked the Department to effect an
administrative offset to help collect a debt owed to the United
States. Disclosure is limited to the individual's name, address,
Social Security number, and other information necessary to identify
the individual; information about the money payable to or held for
the individual, and other information concerning the administrative
offset.
9. HRSA will report to the Treasury Department, Internal Revenue
Service (IRS), as taxable income, the written-off amount of a debt
owed by an individual to the Federal Government when a debt becomes
partly or wholly uncollectable--either because the time period for
collection under the statute of limitations has expired, or because
the Government agrees with the individual to forgive or compromise
the debt.
10. HRSA will disclose information from this system of records to
any third party that may have information about a delinquent debtor's
current address, such as a U.S. post office, a State motor vehicle
administration, professional organization, alumni association, etc.,
for the purpose of obtaining the debtor's current address. This
disclosure will be strictly limited to information necessary to
identify the individual without any reference to the reason for the
agency's need for obtaining the address.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to `consumer reporting agencies' as defined in
the Fair Credit Reporting Act (15 U.S.C. 1681a(f) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purpose of
disclosure is to provide an incentive for debtors to repay delinquent
Federal Government debts by making these debts part of their credit
records. Disclosure of records will be limited to the individual's
name, Social Security number, and other information necessary to
establish the identity of the individual, the amount, status, and
history of the claim, and the agency or program under which the claim
arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Files of individual borrowers are maintained in a standard
upright file cabinet. All original borrower contracts are kept in a
fire-proof file safe. Records are maintained in file folders, on
magnetic tape, and on computer disc packs.
Retrievability:
All record files are maintained and indexed alphabetically by
last name and can be retrieved accordingly. Records will also be
retrieved by Social Security number.
Safeguards:
1. Authorized users: Administrative and staff personnel of the
Division of Student Assistance and other components of the HRSA who
have responsibility for implementing the Scholarship Program.
2. Physical safeguards: Magnetic tapes, disks, other computer
equipment, and other forms of personal data are stored in area where
fire and life safety codes are strictly enforced. Twenty-four hour,
7-day security guards perform random checks on the physical security
of the data. All documents are protected during lunch hours and
nonworking hours in locked file cabinets or locked storage areas.
3. Procedural safeguards: A password is required to access the
computer system and data set name controls the release of data to
only authorized users. All users of personal information in
connection with the performance of their jobs protect information
from public view and from unauthorized personnel entering an
unsupervised office. Access to records is strictly limited to those
staff members trained in accordance with the Privacy Act.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual; and the DHHS Information Resources Management Manual, Part 6,
``ADP Systems Security.''
Retention and disposal:
Records will be retained for 6 years (1 year on site and 5 years
at the National Records Center) after completion of the service
obligation or repayment to the Secretary in cases of default. Records
on magnetic tape are retained for 5 years and then they are
destroyed. Records are disposed of in accordance with the Records
Control Schedule of the Health Resources and Services Administration.
Contact the System Manager for disposal standard.
System manager(s) and address:
Associate Division Director, Office for Campus Based Programs,
Division of Student Assistance, Bureau of Health Professions, Health
Resources and Services Administration, 5600 Fishers Lane, Room 8-34,
Rockville, Maryland 20857.
Notification procedure:
Requests must be made to the System Manager.
Request in person: A subject individual who appears in person at
a specific location seeking access or disclosure of records relating
to him/her shall provide his/her name, current address, and at least
one piece of tangible identification such as driver's license,
passport, voter registration card, or union card. Identification
papers with current photographs are preferred but not required.
Additional identification may be requested when there is a request
for access to records which contain an apparent discrepancy between
information contained in the record and that provided by the
individual requesting access to the record. No verification of
identity shall be required where the record is one which is required
to be disclosed under the Freedom of Information Act.
Requests by mail: Requests for information and/or access to
records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired. Written requests must contain the name and address of the
requester, his/her date of birth and at least one piece of
information which is also contained in the subject record, and his/
her signature for comparison purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosure that have been made of their
records, if any.
Contesting record procedures:
Contact the System Manager at the address specified under the
Notification Procedures above and reasonably identify the record,
specify the information being contested, and state the corrective
action and the reason(s) for requesting the correction, along with
supporting justification to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Individual scholarship recipients, recipient's nursing school.
Systems exempted from certain provisions of the act:
None.
09-15-0058
System name: Faculty Loan Repayment Program, HHS/HRSA/BHPr.
Security classification:
None.
System location:
Office for Campus Based Programs, Division of Student Assistance,
Bureau of Health Progessions, Health Resources and Services
Administration, 5600 Fishers Lane, Room 8-34, Rockville, Maryland
20857.
Categories of individuals covered by the system:
Applicants for and receipients of contracts under the Faculty
Loan Repayment Program.
Categories of records in the system:
Contain name, Social Security number, school identifier, contract
number, birthdate, demographic background, educational status, school
location, employment status, payback status, and financial
information about the individual for whom the record is maintained.
Authority for maintenance of the system:
Public Health Service Act, as amended, sec. 738 (42 U.S.C. 293b).
This section authorizes the establishment of a program for entering
into contract with individuals from disadvantaged backgrounds for
repayment of educational loans in exchange for teaching services.
Purpose(s):
1. To maintain all information relative to the application for
awarding a contract to an individual.
2. To monitor recipient's continued eligibility.
3. To monitor recipient's employment in fulfillment of
recipient's service obligation.
4. To monitor all repayment actions until the repayment
obligation is satisfied.
5. To compile and generate managerial and statistical reports.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual, in responses to an inquiry from the
congressional office made at the request of the individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof, where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in such care HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
3. HRSA may disclose to debt collection agents, other Federal
agencies, and other third parties who are authorized to collect or
compromise a Federal debt, information necessary to identify a
delinquent debtor. Disclosure will be limited to the debtor's name,
address, Social Security number, and other information necessary to
identify him/her; the amount, status, and history of the claim, and
the agency or program under which the claim arose.
4. Records may be disclosed to authorized persons employed at
educational institutions where the recipient received a loan. The
purpose of this disclosure is to assist institutions in identifying
defaulted loan recipients (hereafter called debtors) in order to
enforce the conditions and terms of such loans.
5. In the event that system of records maintained by this agency
to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute or rule,
regulation or order issued pursuant thereto.
6. HRSA may disclose from this system of records a debtor's name,
address, Social Security number, and other information necessary to
identify him/her; the amount, status, and history of the claim, and
the agency or program under which the claim arose, as follows: (a) To
another Federal agency so that agency can effect a salary offset for
debts owed by Federal employees; if the claim arose under the Social
Security Act, the employee must have agreed in writing to the salary
offset; (b) to another Federal agency so that agency can effect an
authorized administrative offset (i.e., withhold money payable to or
held on behalf of debtors other than Federal employees); (c) to the
Treasury Department, Internal Revenue Service (IRS), to request a
debtor's current mailing address to locate him/her for purposes of
either collecting or compromising debt, or to have a commercial
credit report prepared.
7. Records may be disclosed to the General Accounting Office and
to the Office of Management and Budget for auditing financial
obligations to determine compliance with programmatic, statutory, and
regulatory provisions.
8. HRSA may disclose information from this system of records to
another Federal agency that has asked the Department to effect an
administrative offset to help collect a debt owed to the United
States. Disclosure is limited to the individual's name, address,
Social Security number, and other information necessary to identify
the individual; information about the money payable to or held for
the individual, and other information concerning the administrative
offset.
9. HRSA will report to the Treasury Department, Internal Revenue
Service (IRS), as taxable income, the written-off amount of a debt
owed by an individual to the Federal Government when a debt becomes
partly or wholly uncollectible, either because the time period for
collection under the statute of limitations has expired, or because
the Government agrees with the individual to forgive or compromise
the debt.
10. HRSA may disclose information from this system of record to
any third party that may have information about a delinquent debtor's
current address, such as a U.S. post office, a State motor vehicle
administration, professional organization, alumni association, etc.,
for the purpose of obtaining the debtor's current address. This
disclosure will be strictly limited to information necessary to
identify the individual without any reference to the reason for the
agency's need for obtaining the address.
11. The amount of the contract awarded the individual will be
reported as taxable income to the Internal Revenue Service (IRS).
Disclosures to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to consumer reporting agencies as defined in
the Fair Credit Reporting Act (15 U.S.C. 1681a(f) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purpose of
disclosure is to provide an incentive for debtors to repay delinquent
Federal Government debts by making these debts part of their credit
records. Disclosure of records will be limited to the individual's
name, Social Security number, and other information necessary to
establish the identity of the individual, the amount, status, and
history of the claim, and the agency or program under which the claim
arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, on magnetic tape,
microfilm, and/or in disk packs.
Retrievability:
Retrieval will be by name and/or Social Security number.
Safeguards:
1. Authorized users: Personnel of the Division of Student
Assistance and other components of the Health Resources and Services
Administration.
2. Physical safeguards: Magnetic tapes, microfilms, disk packs,
computer equipment, and hard copy files are stored in areas where
fire and life safety codes are strictly enforced. Twenty-four hour,
seven-day security guards perform random checks on the physical
security of the data. All documents are protected during lunch hours
and nonworking hours in locked file cabinets or locked storage areas.
3. Procedural and technical safeguards: A password is required to
access the terminal, and a software security system controls the
release of data to only authorized users. All users of personal
information in connection with the performance of their jobs protect
information from public view and from unauthorized personnel entering
an unsupervised area. Access to records is strictly limited to those
staff members trained in accordance with the Privacy Act.
4. Implementation guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual; and the Department's Information Systems Security Handbook.
Retention and disposal:
Records will be retained for 6 years (1 year on site and 5 years
at the National Records Center) after completion of the service
obligation or repayment to the Secretary in cases of default. Records
on magnetic tape are retained for 5 years and then they are
destroyed. Records are disposed of in accordance with the Records
Control Schedule of the Health Resources and Services Administration.
Contact the System Manager for disposal standard.
System manager(s) and address:
Associate Division Director, Office for Campus Based Programs,
Division of Student Assistance, Bureau of Health Professions, Health
Resources and Services Administration, 5600 Fishers Lane, Room 8-34,
Rockville, Maryland 20857.
Notification procedure:
Requests must be made to the System Manager.
Requests in person: A subject individual who appears in person at
a specific location seeking access or disclosure of records relating
to him/her shall provide his/her name, current address, and at least
one piece of tangible identification such as driver's license,
passport, voter registration card, or union card. Identification
papers with current photographs are preferred but not required.
Additional identification may be requested when there is a request
for access to records which contain in apparent discrepancy between
information contained in the records and that provided by the
individual requesting access to the records. No verification of
identity shall be required where the record is one which is required
to be disclosed under the Freedom of Information Act.
Requests by mail: Requests for information and/or access to
records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired. Written requests must contain the name and address of the
requester, his/her date of birth and at least one piece of
information which is also contained in the subject record, and his/
her signature for comparison purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosure that have been made of their
records, if any.
Contesting record procedures:
Contact the System Manager at the address specified above and
reasonably identify the record, specify the information being
contested, and state the corrective action and the reason(s) for
requesting the correction, along with supporting justification to
show how the record is inaccurate, incomplete, untimely, or
irrelevant.
Record source categories:
Individual contract recipients, recipient's school.
Systems exempted from certain provisions of the act:
None.
09-15-0059
System name: Health Resources and Services Administration
Correspondence Control System, HHS/HRSA/OMPS.
Security classification:
None.
System location:
Executive Secretariat, Division of Policy Review and
Coordination, Office of Management and Program Support, Health
Resources and Services Administration (HRSA), 5600 Fishers Lane, Room
14A-08, Rockville, MD 20857.
Office of Program Support, Bureau of Health Professions, HRSA,
5600 Fishers Lane, Room 8-15, Rockville, MD 20857.
Executive Secretariat, HIV/AIDS Bureau and Office of Special
Programs, HRSA, 5600 Fishers Lane, Room 7-08, Rockville, MD 20857.
Office of Program and Policy Development, Bureau of Primary
Health Care, HRSA, 4350 East West Highway, Room 7-2B3, Bethesda, MD
20814.
Office of the Director, Material and Child Health Bureau, HRSA,
5600 Fishers Lane, Room 18-05, Rockville, MD 20857.
Washington National Records Center, 4205 Suitland Road, Suitland,
MD 20746-8001.
Categories of individuals covered by the system:
Individuals who have contacted the Administrator, HRSA, the
Deputy Administrator, an associate administrator, or a bureau
director, or individuals who have been contacted by one of these
officials.
Categories of records in the system:
Hard copies of the actual correspondence and computer printout
and disk control system records of that correspondence.
Authority for maintenance of the system:
5 U.S.C. 301 ``Departmental Regulations.''
Purpose(s):
To control and track all correspondence documents addressed or
directed to the Administrator, HRSA, or his/her subordinates as
indicated above, as well as documents initiated by them, to assure
timely and appropriate attention.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (DHHS) may
disclose information from this system of records to the Department of
Justice, or to a court or other tribunal, when:
(a) DHHS, or any component thereof; or
(b) Any DHHS employee in his or her official capacity; or
(c) Any DHHS employee in his or her individual capacity where the
Department of Justice (or DHHS, where authorized to do so) has agreed
to represent the employee; or
(d) The United States, or any agency thereof where DHHS
determines that the litigation is likely to affect DHHS or any of its
components, is a party to litigation or has an interest in such
litigation, and DHHS determines that the use of such records by the
Department of Justice, the court or other tribunal is relevant and
necessary to the litigation and would help in the effective
representation of the governmental party, provided, however, that in
each case, DHHS determines that such disclosure is compatible with
the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Correspondence records are maintained in hard copy. Control
records are maintained on computer disks.
Retrievability:
Hard-copy records are indexed by name of addressee and date of
outgoing correspondence; or by name of sender and date of incoming
correspondence; or by subject. Records may also be cross-referenced.
Safeguards:
1. Authorized users: Office directors, correspondence assistants,
and professional and support staff with designated functional
responsibilities directly relating to the purpose of the
correspondence.
2. Procedural safeguards: Confidential and/or sensitive documents
are either hand carried or transmitted in sealed envelopes. Employees
who handle correspondence are instructed to observe established
office procedures to protect correspondence documents from
unauthorized access. The computerized subsystem is protected by
passwords assigned to specific correspondence assistants; passwords
are changed periodically; the password is changed when a
correspondence assistant terminates employment.
3. Physical safeguards: Rooms where records are stored are locked
when not in use. During regular business hours, rooms are unlocked
but are controlled by on-site personnel. Security guards perform
random physical security checks.
Retention and disposal:
Hard-copy records are cut off at the end of each calendar year,
retained two years, transferred to the Washington National Records
Center, and destroyed five years later. Control records are cut off
at the end of each calendar year, retained two years, and destroyed.
Computer records are purged after correspondence is finalized to a
history file.
System manager(s) and address:
Policy Coordinator: Director, Division of Policy Review and
Coordination, Office of Management and Program Support, Health
Resources and Servics Administration (HRSA), 5600 Fishers Lane, Room
14-08, Rockville, MD 20857.
System Manager: Chief, Executive Secretariat, Division of Policy
Review and Coordination, Office of the Management and Program
Support, HRSA, 5600 Fishers Lane, Room 14A-08, Rockville, MD 20857.
System Manager: Executive Secretariat, Office of Program Support,
HIV/AIDS Bureau and Office of Special Programs, HRSA, 5600 Fishers
Lane, Room 7-08, Rockville, MD 20857.
System Manager: Information Systems Specialist, Office of Program
and Policy Development, Bureau of Primary Health Care, HRSA, 4350
East West Highway, Room 7-2B3, Bethesda, MD 20814.
System Manager: Correspondence Coordinator, Office of the
Director, Maternal and Child Health Bureau, HRSA, 5600 Fishers Lane,
Room 18-05, Rockville, MD 20857.
Notification procedure:
Inquiries should indicate the name of the individual with whom
the HRSA corresponded, the date of the incoming correspondence, if
any, and the date of the outgoing correspondence. Inquiries should be
addressed to the appropriate system manager, listed above, not to the
policy coordinator.
Record access procedures:
Same as notification procedures. Requesters must state that they
are who they claim to be and understand that obtaining information
under false pretenses is subject to a maximum statutory penalty of
$5,000.
Requesters may also ask for an accounting of disclosures that
have been made of their records, if any.
Contesting record procedures:
Contact the appropriate system manager at the address for that
official specified under ``System Location'' above, and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and the reason for seeking the correction,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Records are derived from incoming correspondence to, and the
outgoing correspondence of, the Administrator, HRSA, or his/her
subordinates as indicated above.
Systems exempted from certain provisions of the act:
None.
09-15-0060
System name:
Minority/Disadvantaged Health Professions Programs, HHS/HRSA/
BHPr.
Security classification:
None.
System location:
Division of Disadvantaged Assistance, Bureau of Health
Professions, Health Resources and Services Administration, Room 8A-
09, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857.
Categories of individuals covered by the system:
Institutional grantees, student and faculty participants in the
Health Careers Opportunity Program, and Centers of Excellence
Program.
Categories of records in the system:
Name of the institutional grantee, grant number, type of grantee
institution, budget information, project dates, amount of grant
award, program participants by name, date of birth, social security
number, race ethnicity and gender, current educational pathway or
practice status of participants, outcomes of program participation
for participants, and programmatic results for the grantee.
Authority for maintenance of the system:
The Programs are authorized by Title VII, sections 739 Center of
Excellence and 740 Educational Assistance Regarding Undergraduates of
the Public Health Service Act, as amended by Pub. L. 102-408.
Purpose(s):
1. To maintain information relative to the activities and
participants of programs conducted by institutions and organizations
awarded grants under this program.
2. To monitor grantees' performance outcomes and progress in
meeting stated objectives.
3. To track individual student program participants in order to
evaluate program effectiveness and outcomes.
4. To compile and generate statistical reports.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual participant or institutional grantee, in
response to an inquiry from the congressional office made at the
request of the student or the institution.
2. Disclosure may be made to the Department of Justice, or to a
court or other tribunal, from this system of records, when (a) HHS,
or any component thereof; or (b) any HHS employee in his or her
official capacity; or (c) any HHS employee in his or her individual
capacity where the Department of Justice (or HHS, where it is
authorized to do so) has agreed to represent the employee; or (d) the
United States or any agency thereof, where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in such case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. HRSA may disclose records to Department contractors and
subcontractors for the purposes of conducting data analysis for
program evaluations, compiling managerial and statistical reports,
and record systems processing and refinement.
4. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature
and whether arising by general statute or particular program statute,
or by regulation, rule, or order issued pursuant thereto, the
relevant records in the system of records may be referred to the
appropriate agency, whether Federal, State or local, charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute or rule,
regulation or order issued pursuant thereto.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of of records in the system:
Storage:
Records are maintained in file folders, on computer hard drives
and/or disk packs.
Retrievability:
Retrieval will be by grantee name or by grant number or programs'
participant name and/or social security number.
Safeguards:
1. Assign Responsibility for Security: Assign responsibility for
security to a management official knowledgeable in the nature of the
information and process supported by the application and in the
management, personnel, operational, and technical controls used to
protect it.
2. Develop Application Security Plan: Plan for the adequate
security of the application, taking into account the security of all
systems in which the application will operate. Application security
plans shall address application rules, training on use of the system,
personnel security, contingency planning, technical controls,
information sharing, public access controls.
3. Review Application Controls: Perform an independent review or
audit of the security control in the application at least every 3
years.
4. Authorize Processing: Ensure that a management official
authorizes in writing use of the application by confirming that its
security plan as implemented adequately secures the application. The
application must be authorized prior to operating and reauthorized at
least every 3 years thereafter. Management authorization implies
accepting the risk of each system used by the application.
5. Implementation Guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.H:45-13 of the General Administration
Manual; the DHHS Automated Information Systems Security Program
Handbook; and Appendix III to OMB Circular No. A-130.
Retention and disposal:
Records will be retained for 6 years after the grant is closed,
and then destroyed.
System manager(s) and address:
Director, Division of Disadvantaged Assistance, Bureau of Health
Professions, Health Resources and Services Administration, Parklawn
Building, Room 8A-09, 5600 Fishers Lane, Rockville, MD 20857.
Notification procedure:
Requests must be made to the System Manager.
Requests in person: An individual who appears at the site where
records are stored seeking access to or disclosure of records
relating to him/her shall provide his/her name, current address, and
at least one piece of identification such as driver's license,
passport, voter registration card, or union card. Identification with
a current photograph is preferred but not required. Additional
identification may be requested when there is a request for access to
records which contain an apparent discrepancy between information
contained in the records and that provided by the individual
requesting access to the records. No verification of identity shall
be required where the record is one which is required to be disclosed
under the Freedom of Information Act.
Requests by mail: Requests for information and/or access to
records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired. Written requests must contain the name and address of the
requester, his/her date of birth and at least one piece of
information which is also contained in the subject record, and his/
her signature for comparison purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosure that may have been made of
their records, if any.
Contesting record procedure:
Contact the System Manager at the address specified above and
reasonably identify the record, specify the information being
contested, and state the corrective action and the reason(s) for
requesting the correction, along with supporting justification to
show how the record is inaccurate, incomplete, untimely, or
irrelevant.
Record source categories:
Institutions and organizations awarded grants.
Systems exempted from certain provisions of the act:
None.
09-15-0061
System name:
Ricky Ray Hemophilia Relief Fund Act of 1998, HHS/HRSA/BHPr
Security classification:
None.
System location:
Ricky Ray Program Office, Bureau of Health Professions, Health
Resources and Services Administration, Room 8-05, Parklawn Building,
5600 Fishers Lane, Rockville, Maryland 20857.
Categories of individuals covered by the system:
Petitioners and/or their representatives (if any) filing for
compensation under the Ricky Ray Hemophilia Relief Fund Act of 1998.
Categories of records in the system:
Records consist of documents which may include general or
Congressional correspondence, Notice of Intent to File a Petition,
case number assignment, HHS responses, medical and legal
documentation, payment information, and other related case processing
documents.
Authority for maintenance of the system:
The authority for management of the system is governed by Pub. L.
105-369, Ricky Ray Hemophilia Relief Fund Act of 1998, enacted
November 12, 1998 (42 U.S.C. 300c-22) which provides for
compassionate payments with regard to certain individuals with blood-
clotting disorders, such as hemophilia, who contracted human
immunodeficiency virus (HIV) due to contaminated antihemophilic
factor within specified time periods.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a Congressional office from the
record of an individual petitioner, in response to an inquiry from
the Congressional office made at the request of the petitioner.
2. In the event of litigation where the defendant is:
(a) The Department, any component of the Department, or any
employee of the Department in his or her official capacity;
(b) The United States where the Department determines that the
claim, if successful, is likely to directly affect the operations of
the Department or any of its components; or
(c) Any Department employee in his or her individual capacity
where the Justice Department has agreed to represent such employee,
for example in defending against a claim based upon an individual's
mental or physical condition and alleged to have arisen because of
activities of the Public Health Service in connection with such
individual, the Department may disclose such records as it deems
desirable or necessary to the Department of Justice to enable that
Department to present an effective defense, provided that such
disclosure is compatible with the purpose for which the records were
collected.
3. HRSA may disclose records to Department contractors and
subcontractors for the purposes of conducting data analysis for
program evaluations, compiling managerial and statistical reports,
and record systems processing and refinement.
4. HRSA may contract with expert consultants for the purpose of
obtaining advice on petitioner's eligibility for compensation.
Relevant records may be disclosed to such consultants. The
consultants shall be required to maintain Privacy Act safeguards with
respect to such records and return all records to HRSA.
5. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
regulation, rule, or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with the
responsibility of investigating or prosecuting such violation, or
charged with enforcing or implementing the statute, rule, regulation
or order issued pursuant thereto, provided that such disclosure is
compatible with the purpose for which records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, on computer hard drives
and/or disk packs.
Retrievability:
Retrievability will be by case number and/or name of petitioner.
Safeguards:
1. Assign Responsibility for Security: Assign responsibility for
security to a management official knowledgeable in the nature of the
information and process supported by the application and in the
management, personnel, operational, and technical controls used to
protect it.
2. Perform Risk Assessment: A risk assessment shall be conducted
in conjunction with the development of and prior to the approval of
the system design and shall ensure that vulnerabilities, risks, and
other security concerns are identified and addressed in the system
design and throughout the life cycle of the project. This shall be
consistent with the HHS Automated Information Systems Security
Program Handbook (in particular Chapters V and X).
3. Develop Application Security Plan: Plan for the adequate
security of the application, taking into account the security of all
systems in which the application will operate. Application security
plans shall address application rules, training on use of the system,
personnel security, contingency planning, technical controls,
information sharing, and public access controls.
4. Review Application Controls: Perform an independent review or
audit of the security control in the application at least every 3
years.
5. Authorize Processing: Ensure that a management official
authorizes in writing confirming that its security plan as
implemented adequately secures the application. The application must
be authorized prior to operating and reauthorized at least every 3
years thereafter. Management authorization implies accepting the risk
of each system used by the application.
6. Implementation Guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual; the DHHS Automated Information Systems Security Program
Handbook; and Appendix III to OMB Circular No. A-130; Appendix I,
``Federal Agency Responsibilities for Maintaining Records About
Individuals.''
Retention and disposal:
Records will be retained for 6 years after the program is closed,
and then destroyed.
System manager(s) and address:
Program Manager, Ricky Ray Program Office, Bureau of Health
Professions, Health Resources and Services Administration, Parklawn
Building, Room 8-05, 5600 Fishers Lane, Rockville, MD 20857.
Notification procedure:
Requests must be made to the System Manager.
Requests in person: An individual who appears at the site where
records are stored seeking access to or disclosure of records
relating to him/her shall provide his/her name, current address, and
at least one piece of identification such as driver's license,
passport, voter registration card, or union card. Identification with
a current photograph is preferred but not required. Additional
identification may be requested when there is a request for access to
records which contain an apparent discrepancy between information
contained in the records and that provided by the individual
requesting access to the records. No verification of identity shall
be required where the record is one which is required to be disclosed
under the Freedom of Information Act.
Requests by mail: Requests for information and/or access to
records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired. Written requests must contain the name and address of the
requester, his/her date of birth and his/her signature for comparison
purposes.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosures that may have been made of
their records, if any.
Contesting record procedure:
Contact the System Manager at the address specified above and
reasonably identify the record, specify the information being
contested, and state the corrective action and the reason(s) for
requesting the correction, along with supporting justification to
show how the record is inaccurate, incomplete, untimely, or
irrelevant.
Record source categories:
Petitioners and/or their representatives under the Ricky Ray
Hemophilia Relief Fund Act of 1998.
Systems exempted from certain provisions of the act:
None.
Indian Health Service
Table of Contents
09-17-0001 Health and Medical Records Systems, HHS/IHS/OHP.
09-17-0002 Indian Health Service Scholarship and Loan Repayment
Programs, HHS/IHS/OHP.
09-17-0003 Indian Health Service Staff Credentials and
Privileges Records, HHS/IHS/OHP.
09-17-0001
System name: Health and Medical Records Systems, HHS/IHS/OHP.
Security classification:
None.
System location:
Indian Health Service (IHS) hospitals, health centers, school
health centers, health stations, field clinics, Service Units, IHS
Area Offices (Appendix 1), and Regional Federal Records Centers
(Appendix 2). Automated records, including Patient Care Component
(PCC) records, are stored at the Data Processing Service Center, IHS,
located in Albuquerque, New Mexico (Appendix 1). Records may also be
located at hospitals and offices of health care providers who are
under contract to IHS, including Tribal contractors. A current list
of contractor site, including Tribal contractors, is available by
writing to the appropriate System Manager (Area or Service Unit
Director) at the address shown in Appendix 1.
Categories of individuals covered by the system:
Individuals, including both IHS beneficiaries and
nonbeneficiaries, who are examined/treated on an inpatient and/or
outpatient basis by IHS staff and/or contract (including tribal
contract) health care providers.
Categories of records in the system:
1. Health and medical records containing: Examination, diagnostic
and treatment data, proof of IHS eligibility, social data such as
name, address, date of birth, Social Security Number, tribe; case
records for special programs such as: Dental, social service, mental
health, nursing; and laboratory test results. 2. Follow-up registers
of individuals with specific health conditions or a particular health
status such as: Tumors, communicable diseases, hospital commitment,
suspected and confirmed physical child abuse and neglect,
immunizations, self-destructive behavior, or handicap. 3. Logs of
individuals provided health care by staffs of specific hospital
components such as: Surgery, emergency, obstetric delivery, x-ray and
laboratory. 4. Operation and/or disease indices for particular
hospitals which list each relevant patient by the operation or
disease. 5. Monitoring strips and tapes such as fetal monitoring
strips and EEG and EKG tapes. 6. Third-party reimbursement records
containing name, address, date of birth, date of admission and
Medicare or Medicaid claim numbers, SSN, health plan name, insurance
number, employment status, and other relevant claim information
necessary to process and validate third-party reimbursement claims.
Authority for maintenance of the system:
Section 321 of the Public Health Service Act, as amended, (42
U.S.C. 248), ``Hospitals, Medical Examinations and Medical Care.''
Section 327A of the Public Health Service Act, as amended, (42 U.S.C.
254a-1), ``Hospital-Affiliated Primary Care Centers.'' Indian Self
Determination and Education Assistance Act (25 U.S.C. 450). Snyder
Act (25 U.S.C. 13). Indian Health Care Improvement Act (25 U.S.C.
1601 et. seq). Construction of Community Hospitals Act (25 U.S.C.
2005-2005f). Indian Health Service Transfer Act (42 U.S.C. 2001-
2004).
Purpose(s):
The purposes of this system are:
1. To provide a description of a patient's illness, the treatment
administered and results achieved, and to plan for future care of the
patient.
2. To provide IHS program officials with statistical data upon
which the health care program is evaluated and modified to meet
future needs.
3. To serve as a means of communication among members of the
health care team who contribute to the patient's care by integrating
information from field visits with that from IHS facilities which
have provided treatment.
4. To serve as the official documentation of health care
rendered.
5. To contribute to continuing education of IHS staff to improve
their competency to deliver health care services.
6. For disease surveillance purposes. For example:
(a) The Centers for Disease Control may use these records for
their monitoring of various communicable diseases among persons
residing within the United States; and,
(b) The National Institutes of Health may use these records for
their review of the prevalence of particular diseases (i.e.,
malignant neoplasms, diabetes mellitus, arthritis, metabolism and
digestive diseases) for various ethnic groups of the Nation.
7. To compile and provide aggregated program statistics. Upon
request of other components of the Department, IHS will provide
statistical information, from which individual identifiers have been
removed, such as:
(a) To the National Center for Health Statistics, for its
dissemination of aggregated health statistics for various ethnic
groups;
(b) To the Assistant Secretary for Population Affairs to keep a
record of the number of sterilizations provided through the use of
Federal funds;
(c) To the Health Care Financing Administration for the
documentation of IHS health care covered by the Medicare and Medicaid
programs for third-party reimbursement; and
(d) To the Bureau of Support Services, Health Care Financing
Administration, to determine the prevalence of end-stage renal
disease among the American Indian and Alaska Native population and to
coordinate the care of American Indian and Alaska Native patients
with this condition.
8. To process and collect third-party claims.
9. To improve the IHS national patient care database through
obtaining and verifying patients' SSNs with the Social Security
Administration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Note: Special requirements for alcohol and drug abuse patients:
If an individual receives treatment, or referral for treatment, for
alcohol or drug abuse, then the Confidentiality of Alcohol and Drug
Abuse Patient Records Regulations, 42 CFR part 2 may apply. In
general under these regulations, the only disclosures of the alcohol
or drug abuse record which may be made without patient consent are:
(1) To meet medical emergencies (42 CFR Part D, sec. 2.51), (2) for
research, audit, evaluation and examination (42 CFR Part D, secs.
2.52 and 2.53), (3) pursuant to a court order (42 CFR 2.61-2.67), and
(4) pursuant to a qualified service organization agreement, as
defined in 42 CFR 2.11. In all other situations, written consent of
the patient is usually required prior to disclosure of alcohol or
drug abuse information under the routine uses listed below.
Individuals acting in loco parentis to minors, as well as parents,
legal guardians, and custodians may act on behalf of the subject
individual for purposes of giving consent for disclosures to others
when it is determined that the subject individual is a minor who is
unable to or cannot exercise with appropriate understanding, the
right of consent by himself or herself.
1. Records may be disclosed to State, local or other authorized
organizations which provide health services to American Indians and
Alaska Natives, or provide third-party reimbursement or fiscal
intermediary functions, for the purpose of planning for or providing
such services, billing or collecting third-party reimbursements and
reporting results of medical examination and treatment.
2. Records may be disclosed to Federal and non-Federal school
systems which serve American Indians and Alaska Natives for the
purpose of student health maintenance.
3. Records may be disclosed to organizations deemed qualified by
the Secretary to carry out quality assessment, medical audits,
utilization review or to provide accreditation or certification of
health care facilities or programs.
4. Records may be disclosed to authorized organizations, such as
the United States Office of Technology Assessment, or individuals for
conduct of analytical and evaluation studies sponsored by the IHS.
5. Records may be disclosed to a congressional office in response
to an inquiry from that office made at the request of the subject
individual.
6. A record may be disclosed for a research purpose, when the
Department:
(a) Has determined that the use or disclosure does not violate
legal or policy limitations under which the record was provided,
collected, or obtained;
(b) Has determined that the research purpose (1) cannot be
reasonably accomplished unless the record is provided in individually
identifiable form, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring;
(c) Has required the recipient to--(1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, and (2) remove or
destroy the information that identifies the individual at the
earliest time at which removal or destruction can be accomplished
consistent with the purpose of the research project, unless the
recipient has presented adequate justification of a research or
health nature for retaining such information, and (3) make no further
use or disclosure of the record except--(A) in emergency
circumstances affecting the health or safety of any individual, (B)
for use in another research project, under these same conditions, and
with written authorization of the Department, (C) for disclosure to a
properly identified person for the purpose of an audit related to the
research project, if information that would enable research subjects
to be identified is removed or destroyed at the earliest opportunity
consistent with the purpose of the audit, or (D) when required by
law;
(d) Has secured a written statement attesting to the recipient's
understanding of, and willingness to abide by these provisions.
7. The IHS health care providers may disclose information from
these records regarding the commission of crimes or the occurrence of
communicable diseases, tumors, suspected child abuse, births, deaths,
alcohol or drug abuse, etc., as required by Federal law or regulation
or State or local law or regulation of the jurisdiction in which the
facility is located. Disclosure may be made to organizations as
specified by the law or regulation, such as births and deaths to
State or local health departments, and crimes to law enforcement
agencies. In federally conducted or assisted alcohol or drug abuse
programs, the disclosure of the contents of records which pertain to
patient identity, diagnosis, prognosis or treatment of alcohol or
drug abuse is restricted under 42 CFR part 2; e.g., disclosure of
patient information on alcohol and drug abuse for purposes of
criminal investigation generally must be authorized by court order
issued under 42 CFR 2.65 except that reports of suspected child abuse
may be made to the appropriate State or local authorities under State
law.
8. The IHS health care providers may disclose information from
these records regarding suspected cases of child abuse to: (1)
Agencies of any Indian tribe, any State or the Federal Government
that need to know the information in the performance of their duties,
and (2) members of community child protection teams of the purpose of
establishing a diagnosis, formulating a treatment plan, monitoring
the plan, investigation reports of suspected child abuse, and making
recommendations to the appropriate court. Community child protection
teams are comprised of representatives of: Tribes, the Bureau of
Indian Affairs, child protection service agencies, the judicial
system(s) (local, State and/or tribal, law enforcement agencies and
IHS). In federally conducted or assisted alcohol or drug abuse
programs, the disclosure to the contents of records which pertain to
patient identity, diagnosis, prognosis, or treatment of alcohol or
drug abuse is restricted under 42 CFR part 2; e.g., disclosure of
patient information on alcohol or drug abuse for purposes of criminal
investigation generally must be authorized by court order issued
under 42 CFR 2.65 except that reports of suspected child abuse by be
made to the appropriate State or local authorities under State law.
9. The Department may disclose information from this system of
records to the Department of Justice, to a court or other tribunal,
or to another party before such tribunal, when:
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the tribunal, or the other party is relevant and necessary
to the litigation and would help in the effective representation of
the governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
10. Records may be disclosed to the Bureau of Indian Affairs and
its contractors for the identification of American Indian and Alaska
Native handicapped children to permit that Bureau to carry out the
Education for All Handicapped Children Act of 1975 (20 U.S.C. 1401 et
seq.).
11. Records may be disclosed to an IHS contractor, including
tribal contractors, for the purpose of computerized data entry or
maintenance of records contained in this system. The contractor shall
be required to maintain Privacy Act safeguards with respect to the
receipt and processing of such records.
12. Records may be disclosed to a health care provider
undercontract to IHS (including tribal contractors) to permit the
contractor to obtain health and medical information about the subject
individual in order to provide appropriate health services to that
individual. The contractor shall be required to maintain Privacy Act
safeguards with respect to the receipt and processing of such
records.
13. Records may be disclosed to the State of Alaska, Department
of Health and Social Services (DHSS) (which supplies part or all of
this information to IHS), in response to its request for patient
summaries, portions of immunization registers, disease indices and
other computer-generated medical summaries. This information assists
DHSS in its provision of health care to the subject individual.
Disclosure to the State of Alaska's DHSS is limited to information
concerning its patients.
14. Disclosures regarding specific medical services may be made
from the records of a minor patient to the minor's parent or legal
guardian who previously consented to those specific medical services.
15. (a) PHS may inform the sexual and/or needle-sharing
partner(s) of a subject individual who is infected with the human
immunodeficiency virus (HIV) of their exposure to HIV, under the
following circumstances:
(1) The information has been obtained in the course of clinical
activities at PHS facilities carried out by PHS personnel or
contractors;
(2) The PHS employee or contractor has made reasonable efforts to
counsel and encourage the subject individual to provide the
information to the individual's sexual or needle-sharing partner(s);
(3) The PHS employee or contractor determines that the subject
individual is unlikely to provide the information to the sexual or
needle-sharing partner(s) or that the provision of such information
cannot reasonably be verified; and
(4) The notification of the partner(s) is made, whenever
possible, by the subject individual's physician or by a professional
counselor and shall follow standard counseling practices.
(b) PHS may disclose information to State or local public health
departments, to assist in the notification of the subject
individual's sexual and/or needle-sharing partner(s), or in the
verification that the subject individual has, notified such sexual or
needle-sharing partner(s).
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, ledgers, card files, microfiche, microfilm,
computer tapes, disk packs and automated files.
Retrievability:
Indexed by name, record number, and SSN and cross-indexed.
Safeguards:
Safeguards apply to records stored on-site and off-site.
1. Authorized Users: Access is limited to authorized IHS
personnel and IHS contractors and subcontractors in the performance
of their duties. Authorized personnel include: Medical records
personnel, health care providers, authorized researchers, medical
audit personnel, and health care team members, and, administrative
personnel on a need to know basis.
2. Physical Safeguards: Records are kept in locked metal filing
cabinets or in a secured room at all times when not actually in use
during working hours and at all times during nonworking hours.
Magnetic tapes, disks, other computer equipment and other forms of
personal data are stored in areas where fire and life safety codes
are strictly enforced. Telecommunication equipment (computer
terminal, modems and disks) of the Patient Care Component (PCC) are
maintained in locked rooms during nonworking hours. Combinations on
door locks are changed periodically and whenever a PCC employee
resigns, retires or is reassigned.
3. Procedural Safeguards: Within each facility a list of
personnel or categories of personnel having a demonstrable need for
the records in the performance of their duties has been developed and
is maintained. Procedures have been developed and implemented to
review one-time requests for disclosure to personnel who may not be
on the authorized user list. Proper charge-out procedures are
followed for the removal of all records from the area in which they
are maintained. Persons who have a need to know are entrusted with
records from this system of records and are instructed to safeguard
the confidentiality of these records. They are to make no further
disclosure of the records except as authorized by the system manager
and permitted by the Privacy Act, and to destroy all copies or to
return such records when the need to know has expired. Procedural
instructions include the statutory penalties for noncompliance.
The following automated information systems (AIS) security
procedural safeguards are in place for automated health and medical
records maintained in the Patient Care Component. A profile of
automated systems security is maintained. Security clearance
procedures for screening individuals, both Government and contractor
personnel, prior to their participation in the design, operation, use
or maintenance of IHS automated information systems are implemented.
The use of current passwords and log-on codes are required to protect
sensitive automated data from unauthorized access. Such passwords and
codes are changed periodically. An automated audit trail is
maintained. Only authorized IHS Division of Data Processing Services
staff may modify automated files in batch mode. Personnel at remote
terminal sites may only retrieve automated data. Such retrievals are
password protected.
Privacy Act requirements and specified Automated Information
System security provisions are specifically included in contracts and
agreements and the system manager or his/her designee oversee
compliance with these contract requirements.
4. Implementing Guidelines: DHHS Chapter 45-13 and supplementary
Chapter PHS.hf: 45-13 of the General administration Manual; and DHHS,
``Automated Information Systems Security Program Handbook'', as
amended.
Retention and disposal:
Patient listings which may identify individuals are maintained in
IHS Area and Program Offices permanently. Inactive records are held
at the facility which provided health services from three to seven
years and then are transferred to the appropriate Federal Records
Center. Monitoring strips and tapes (i.e., fetal monitoring strips
and EEG and EKG tapes) which are not stored in the patient's official
medical record, are stored at the health facility for one year and
are then transferred to the appropriate Federal Records Center. (See
Appendix 2 for Federal Record Center addresses). Records, including
those maintained on computer media are retained in useable formats at
the Regional Federal Records Centers for 25 years. Disposal methods
include burning or shredding of hard copy and erasing of magnetic
media.
System manager(s) and address:
Policy-Coordinating Official: Director, Division of Clinical and
Preventive Health Services, Indian Health Service, 5600 Fishers Lane,
Room 6A-54, Rockville, Maryland 20857. See Appendix 1. The IHS Area
Office Directors, Service Unit Directors, Chief Executive Officers
and Facility Directors listed in Appendix 1 are System Managers.
Notification procedure:
General Procedure: Requests must be made to the appropriate
System Manager (IHS Area/Program Office Director or Service Unit
Director). An individual who requests a copy of, or access to, a
medical record shall at the time the request is made designate in
writing a responsible representative who will be willing to review
the record and inform the subject individual of its contents at the
representative's discretion. Such a representative may be an IHS
health professional. When an individual is seeking to obtain
information about himself/herself which may be retrieved by a
different name or identifier than his/her current name or identifier,
he/she shall be required to produce evidence to verify that he/she is
the person whose record he/she seeks. No verification of identity
shall be required where the record is one which is required to be
disclosed under the Freedom of Information Act.
Requests In Person: Identification papers with current
photographs are preferred but not required. If a subject individual
has no identification but is personally known to the designated
agency employee, such employee shall make a written record verifying
the subject individual's identity. If the subject individual has no
identification papers, the responsible system manager or designated
agency official shall require that the subject individual certify in
writing that he/she is the individual whom he/she claims to be and
that he/she understands that the knowing and willful request or
acquisition of records concerning an individual under false pretenses
is a criminal offense subject to a $5,000 dollar's fine. If an
individual is unable to sign his/her name when required, he/she shall
make his/her mark and have the mark verified in writing by two
additional persons.
Requests By Mail: Written requests must contain the name and
address of the requester, his/her date of birth and at least one
piece of information which is also contained in the subject record,
and his/her signature for comparison purposes. If the written request
does not contain sufficient information, the System Manager shall
inform the requester in writing that additional, specified
information is required to process the request.
Requests By Telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Parents And Legal Guardians: Parents of minor children and legal
guardians of legally incompetent individuals shall verify their own
identification in the manner described above, as well as their
relationship to the individual whose record is sought. A copy of the
child's birth certificate or court order establishing legal
guardianship may be required if there is any doubt regarding the
relationship of the individual to the patient.
Record access procedures:
Same as Notification Procedures. Requesters should also provide a
reasonable description of the record being sought. Requesters may
also request an accounting of disclosures that have been made of
their record, if any.
Contesting record procedures:
Write to the appropriate IHS Area/Program Office Director or
Service Unit Director at his/her address specified in Appendix 1, and
specify the information being contested, the corrective action
sought, and the reasons for requesting the correction, along with
supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Patient and/or family members, IHS health care personnel,
contract health care providers, State and local health care provider
organizations, Medicare and Medicaid funding agencies, and the Social
Security Administration.
Systems exempted from certain provisions of the Act:
None.
Appendix 1--System Managers and IHS Locations Under Their
Jurisdiction Where Records are Maintained
Director, Aberdeen Area Indian Health Service, Room
309, Federal Building, 115 Fourth Avenue, SE, Aberdeen,
South Dakota 57401.
Director, Cheyenne River Service Unit, Eagle Butte
Indian Hospital, Eagle Butte, South Dakota 57625.
Director, Crow Creek Service Unit, Ft. Thompson Indian
Health Center, Ft. Thompson, South Dakota 57339.
Director, Flandreau Indian School Health Center, RR1,
Box 10, Flandreau, South Dakota 57028.
Director, Fort Berthold Service Unit, Minni-Tohe Indian
Health Center, New Town, North Dakota 58763.
Director, Fort Totten Service Unit, Fort Totten Indian
Health Center, Fort Totten, North Dakota 58335.
Director, Kyle Indian Health Center, PO Box 540, Kyle,
South Dakota 57752.
Director, Lower Brule Indian Health Center, Lower
Brule, South Dakota 57548.
Director, McLaughlin Indian Health Center, McLaughlin,
South Dakota 57642.
Director, Omaha-Winnebago Service Unit, Winnebago
Indian Hospital, Winnebago, Nebraska 68071.
Director, Pine Ridge Service Unit, Pine Ridge Indian
Hospital, Pine Ridge, South Dakota 57770.
Director, Rapid City Service Unit, Rapid City Indian
Hospital, Rapid City, South Dakota 57701.
Director, Rosebud Service Unit, Rosebud Indian
Hospital, Rosebud, South Dakota 57570.
Director, Sisseton-Wahpeton Service Unit, Sisseton
Indian Hospital, Sisseton, South Dakota 57262.
Director, Standing Rock Service Unit, Fort Yates Indian
Hospital, Fort Yates, North Dakota 58538.
Director, Turtle Mountain Service Unit, Belcourt Indian
Hospital, Belcourt, North Dakota 58316.
Director, Wahpeton Indian School Health Center,
Wahpeton, North Dakota 58075.
Director, Wanblee Indian Health Center, Wanblee, South
Dakota 57577.
Director, Yankton-Wagner Service Unit, Wagner Indian
Hospital, Wagner, South Dakota 57380.
Director, Director, Alaska Area Native Health Service,
250 Gambell Street, Anchorage, Alaska 99501.
Director, Alaska Native Health Center, St. George
Island, Alaska 99660.
Director, Alaska Native Health Center, St. Paul Island,
Alaska 99660.
Director, Anchorage Service Unit, PHS, Alaska Native
Medical Center, 255 Gambell St., Anchorage, Alaska
99501.
Director, Annette Islands Service Unit, Metlakatla
Alaska Native Health Center, Box 428, Metlakatla,
Alaska 99926.
Director, Barrow Service Unit, Barrow Alaska Native
Hospital, Barrow, Alaska 99723.
Director, Ketchikan Alaska Native Health Center, 3289
Tongass Avenue, Ketchikan, Alaska 99901.
Director, Kotzebue Service Unit, Kotzebue Alaska Native
Hospital, Kotzebue, Alaska 99752.
Director, Southeast Area Regional Health Center, 3272
Hospital Drive, Juneau, Alaska 99801.
Director, Yukon-Kuskokwim-Delta Service Unit, Yukon-
Kuskokwim-Delta Regional Hospital, Indian Health
Center, Bethel, Alaska 99559.
Director, Albuquerque Area Indian Health Service, 505
Marquette, NW, Suite 1502, Albuquerque, New Mexico
87102-2163.
Director, Acoma-Canoncito-Laguna Service Unit, Acoma-
Canoncito-Laguna Indian Hospital, PO Box 130, San
Fidel, New Mexico 87049.
Director, Albuquerque Service Unit, Albuquerque Indian
Hospital, 801 Vassar Drive, NE, Albuquerque, New Mexico
87106.
Director, Canoncito Indian Health Station, c/o Acoma-
Canoncito-Laguna Indian Hospital, PO Box 130, San
Fidel, New Mexico 87049.
Director, Cochiti Indian Health Station, Cochiti, New
Mexico 87041.
Director, Dulce Indian Health Center, Dulce, New Mexico
87528.
Chief, Dental Program, IHS Dental Training Center,
Southwestern Indian Polytechnical Institute, 9168 Coors
Road, NW, PO Box 25927, Albuquerque, New Mexico 87125.
Director, Indian School Health Center, Southwestern
Indian Polytechnical Institute, 9168 Coors Road, NW, PO
Box 25927, Albuquerque, New Mexico 87125.
Director, Isleta Indian Health Center, PO Box 429,
Isleta, New Mexico 87022.
Director, Jemez Indian Health Center, PO Box 256, Jemez
Pueblo, New Mexico 87024.
Director, Laguna Indian Health Center, PO Box 199, New
Laguna, New Mexico 87038.
Director, Mescalero Service Unit, Mescalero Indian
Hospital, PO Box 210, Mescalero, New Mexico 88340.
Director, New Sunrise Regional Treatment Center, PO Box
219, San Fidel, New Mexico 87049.
Director, Sandia Indian Health Station, PO Box 6008,
Bernalillo, New Mexico 87004.
Director, Santa Ana Indian Health Station, PO Box 580,
Bernalillo, New Mexico 87004.
Director, San Felipe Indian Health Station, General
Delivery, San Felipe Pueblo, New Mexico 87001.
Director, San Juan Indian Health Station, San Juan, New
Mexico 87566.
Director, Santa Clara Indian Health Center, PO Box
1322, Espanola, New Mexico 87532.
Director, Santo Domingo Indian Health Station, Santo
Domingo, New Mexico 87052.
Director, Santa Fe Service Unit, Santa Fe Indian
Hospital, 1700 Cerrillos Road, Santa Fe, New Mexico
87501.
Director, Southern Colorado-Ute Service Unit, PO Box
778, Ignacio, Colorado 81137.
Director, Southern Ute Health Center, Ignacio, Colorado
81137.
Director, Taos Indian Health Center, Taos, New Mexico
87571.
Director, Ute Mountain Ute Health Center, Towaoc,
Colorado 81334.
Director, White Mesa Indian Health Station, General
Delivery, Towaoc, Colorado 81334.
Director, Zia Indian Health Station, General Delivery,
San Ysidro, New Mexico 87053.
Director, Zuni-Ramah Service Unit, Zuni Indian
Hospital, Zuni, New Mexico 87327.
Director, Bemidji Area Indian Health Service, 203
Federal Building, Bemidji, Minnesota 56601.
Director, Ball Club Indian Health Station, Ball Club,
Minnesota 56622.
Director, Cass Lake Service Unit, Cass Lake Indian
Hospital, Cass Lake, Minnesota 56633.
Director, Eastern Michigan Service Unit, Kincheloe
Indian Health Center, Kincheloe, Minnesota 49788.
Director, Inger Indian Health Station, Inger Route,
Deer River, Minnesota 56636.
Director, Naytahwaush Indian Health Station,
Naytahwaush, Minnesota 56566.
Director, Onigum Indian Health Station, Star Route,
Walker, Minnesota 56484.
Director, Pine Point Indian Health Station, White
Earth, Minnesota 56591.
Director, Ponemah Indian Health Station, Ponemah,
Minnesota 56666.
Director, Red Lake Service Unit, Red Lake Indian
Hospital, Red Lake, Minnesota 56671.
Director, Squaw Lake Indian Health Station, Squaw Lake,
Minnesota 56681.
Director, White Earth Service Unit, White Earth Indian
Health Center, White Earth, Minnesota 56591.
Director, Billings Area Indian Health Service, PO Box
2143, 711 Central Avenue, Billings, Montana 59103.
Director, Arapahoe Indian Health Center, Arapahoe,
Wyoming 82510.
Director, Blackfeet Service Unit, Browning Indian
Hospital, Browning, Montana 59417.
Director, Crow Service Unit, Crow Indian Hospital, Crow
Agency, Montana 59022.
Director, Flathead Service Unit, St. Ignatius Indian
Health Center, St. Ignatius, Montana 59865.
Director, Fort Belknap Service Unit, Harlem Indian
Hospital, Harlem, Montana 59526.
Director, Fort Peck Service Unit, Poplar Indian Health
Center, Poplar, Montana 59255.
Director, Hays Indian Health Station, Hays, Montana
59527.
Director, Heart Butte Indian Health Station, Heart
Butte, Montana 59448.
Director, Lodge Grass Indian Health Center, Lodge
Grass, Montana 59050.
Director, Northern Cheyenne Service Unit, Lame Dear
Indian Health Center, Lame Deer, Montana 59043.
Director, Pryor Indian Health Station, Pryor, Montana
59066.
Director, Polson Indian Health Center, 320-B 4th Avenue
East, Polson, Montana 59860.
Director, Rocky Boy's Service Unit, Box Elder Indian
Health Center, Box Elder, Montana 59521.
Director, Wind River Service Unit, Fort Washakie Indian
Health Center, Fort Washakie, Wyoming 82514.
Director, Wolf Point Indian Health Center, Wolf Point,
Montana 59201.
Director, California Area Indian Health Service, 1825
Bell Street, Suite 200, Sacramento, California 95825-
1097.
Director, Nashville Area Indian Health Service, 3310
Perimeter Hill Drive, Nashville, Tennessee 37211-4139.
Director, Cherokee Service Unit, Cherokee Indian
Hospital, Cherokee, North Carolina 28719.
Director, Unity Regional Youth Treatment Center, PO Box
C-201, Cherokee, North Carolina 28719.
Director, Navajo Area Indian Health Service, PO Box G,
Window Rock, Arizona 86515.
Director, Chilchinbeto Indian Health Station, c/o
Kayenta Indian Health Center, PO Box 368, Kayenta,
Arizona 86033.
Chief Executive Officer, Chinle Service Unit, PO Drawer
P.H., Chinle, Arizona 86503.
Chief Executive Officer, Crownpoint Service Unit,
Crownpoint Indian Hospital, PO Box 358, Crownpoint, New
Mexico 87313.
Director, Dennebito Indian Health Station, c/o Tuba
City Indian Hospital, Tuba City, Arizona 86045.
Director, Dennehotso Indian Health Center, c/o Kayenta
Indian Health Center, PO Box 368, Kayenta, Arizona
86033.
Director, Dilkon Indian Health Station, c/o Winslow
Indian Health Center, PO Drawer 40, Winslow, Arizona
86047.
Director, Dzilth-Na-O-Dith-Le Indian Health Center,
Star Route 4, Box 5400, Bloomfield, New Mexico 87413.
Chief Executive Officer, Fort Defiance Service Unit,
Fort Defiance Indian Hospital, PO Box 649, Fort
Defiance, Arizona 86504.
Director, Fort Wingate Indian School Health Center, c/o
Gallup Indian Medical Center, PO Box 1337, Gallup, New
Mexico 87301.
Director, Gallup Service Unit, Gallup Indian Medical
Center, PO Box 1337, Gallup, New Mexico 87301.
Director, Inscription House Indian Health Center, PO
Box 7397, Shonto, Arizona 86044.
Chief Executive Officer, Kayenta Service Unit, Kayenta
Indian Health Center, PO Box 366, Kayenta, Arizona
86033.
Director, Leupp Indian Health Station, c/o Winslow
Indian Health Center, PO Drawer 40, Winslow, Arizona
86047.
Facility Director, Montezuma Creek Health Center,
Montezuma Creek, Utah 84534.
Director, Pinon Indian Health Station, c/o Chinle
Indian Hospital, PO Box P.H., Chinle, Arizona 85603.
Director, Pueblo Pintado Indian Health Station, c/o
Crownpoint Indian Hospital, PO Box 358, Crownpoint, New
Mexico 87313.
Director, Rock Point Indian Health Station, c/o Chinle
Indian Hospital, PO Box P.H., Chinle, Arizona 85603.
Director, Sanostee Indian Health Station, Shiprock
Indian Hospital, PO Box 160, Shiprock, New Mexico
87420.
Chief Executive Officer, Shiprock Service Unit,
Shiprock Indian Hospital, PO Box 160, Shiprock, New
Mexico 87420.
Director, Teec Nos Pos Indian Health Center, PO Drawer
D, Teec Nos Pos, Arizona 85614.
Director, Toadlena Indian Health Station, c/o Shiprock
Indian Hospital, PO Box 160, Shiprock, New Mexico
87420.
Director, Tohatchi Indian Health Center, PO Box 142,
Tohatchi, New Mexico 87325.
Chief Executive Officer, Tsaile Indian Health Center,
PO Box 467, Tsaile, Arizona 86556.
Chief Executive Officer, Tuba City Service Unit, Tuba
City Indian Hospital, Tuba City, Arizona 86045.
Chief Executive Officer, Winslow Service Unit, Winslow
Indian Health Center, PO Drawer 40, Winslow, Arizona
86047.
Director, Oklahoma City Area Indian Health Service,
Five Corporation Plaza, 3625 NW 56th Street, Oklahoma
City, Oklahoma 73112.
Director, Carl Albert Indian Hospital, 1001 North
Country Club Drive, Ada, Oklahoma 74820.
Director, Anadarko Indian Health Center, PO Box 828,
Anadarko, Oklahoma 73005.
Director, Carnegie Indian Health Center, PO Box 1120,
Carnegie, Oklahoma 73150.
Director, Claremore Service Unit, Claremore
Comprehensive Indian Health Facility, West Will Rogers
Boulevard & Moore, Claremore, Oklahoma 74017.
Director, Clinton Service Unit, Clinton Indian
Hospital, Route 4, Box 213, Clinton, Oklahoma 73601.
Director, Concho Indian Health Clinic, PO Box 150,
Concho, Oklahoma 73022.
Director, Kansas Service Unit, Holton Indian Health
Center, 100 West 16th Street, Holton, Kansas 66436.
Facility Director, Lawrence (Haskell) Indian Health
Center, 2415 Massachusetts Avenue, Lawrence, Kansas
66044.
Director, Lawton Service Unit, Lawton Indian Hospital,
Lawton, Oklahoma 73501.
Director, Miami Indian Health Center, PO Box 1498,
Miami, Oklahoma 74855.
Director, Pawhuska Indian Health Center, 715 Grandview,
Pawhuska, Oklahoma 74056.
Director, Pawnee Service Unit, Pawnee Indian Service
Center, RR2, Box 1, Pawnee, Oklahoma 74058.
Director, Shawnee Service Unit, Shawnee Indian Health
Center, 2001 South Gordon Cooper Drive, Shawnee,
Oklahoma 74801.
Director, Tahlequah Service Unit, W.W. Hastings Indian
Hospital, 100 S. Bliss, Tahlequah, Oklahoma 74464.
Director, Watonga Indian Health Center, PO Box 878,
Watonga, Oklahoma 73772.
Director, Wewoka Indian Health Center, PO Box 1475,
Wewoka, Oklahoma 74884.
Director, White Eagle Indian Health Center, PO Box
2071, Ponca City, Oklahoma 74601.
Director, Phoenix Area Indian Health Service, 3738 N.
16th Street, Suite A, Phoenix, Arizona 85016-5981.
Director, Bylas Indian Health Center, PO Box 208, San
Carlos, Arizona 85550.
Director, Chemehuevi Indian Health Clinic, Chemehuevi
Valley, California 92363.
Director, Cibecue Indian Health Center, Cibecue,
Arizona 85941.
Director, Colorado River Service Unit, Parker Indian
Hospital, Route 1, PO Box 12, Parker, Arizona 85344.
Director, Fort McDermitt Indian Health Station, PO Box
475, McDermitt, Nevada 89421.
Director, Fort McDowell Indian Health Station, c/o
Phoenix Indian Medical Center, 4212 North 16th Street,
Phoenix, Arizona 85016.
Director, Fort Yuma Service Unit, Fort Yuma Indian
Hospital, PO Box 1368, Fort Yuma, Arizona 85364.
Director, Gila Crossing Indian Health Clinic, Route 1,
Box 770, Laveen, Arizona 85339.
Director, Havasupai Indian Health Station, Supai,
Arizona 86435.
Director, Keams Canyon Service Unit, Keams Canyon
Indian Hospital, PO Box 98, Keams Canyon, Arizona
86034.
Director, Owyhee Service Unit, Owyhee Indian Hospital,
PO Box 212, Owyhee, Nevada 89832.
Director, Peach Springs Indian Health Center, Peach
Springs, Arizona 86434.
Director, Phoenix Indian School Health Center, c/o
Phoenix Indian Medical Center, 4212 North 16th Street,
Phoenix, Arizona 85016.
Director, Phoenix Service Unit, Phoenix Indian Medical
Center, 4212 North 16th St., Phoenix, Arizona 85016.
Director, Pyramid Lake Indian Health Clinic, Nixon,
Nevada 89424.
Director, Sacaton Service Unit, Sacaton Indian
Hospital, Sacaton, Arizona 85247.
Director, Salt River Indian Health Center, Route 1, Box
215, Scottsdale, Arizona 85256.
Director, San Carlos Service Unit, San Carlos Indian
Hospital, San Carlos, Arizona 85550.
Director, San Lucy Indian Health Station, c/o Phoenix
Indian Medical Center, 4212 North 16th Street, Phoenix,
Arizona 85016.
Director, Schurz Service Unit, Schurz Indian Hospital,
Schurz, Nevada 89427.
Director, Second Mesa Indian Health Center, General
Delivery, Second Mesa, Arizona 86043.
Director, Sherman Indian School Health Center, 8934
Magnolia, Riverside, California 92503.
Director, Southern Bank Indian Health Clinic, 1545
Silver Eagle Road, Elko, Nevada 89801.
Director, Stewart Indian Health Station, Stewart,
Nevada 89437.
Director, Unitah and Ouray Service Unit, Fort Duchesne
Indian Health Center, PO Box 160, Roosevelt, Utah
84066.
Director, Whiteriver Service Unit, Whiteriver Indian
Hospital, Whiteriver, Arizona 85941.
Director, Portland Area Indian Health Service, Room
476, Federal Building, 1220 Southwest Third Avenue,
Portland, Oregon 97204-2829.
Director, Chemawa Indian Health Center, 3750 Chemawa
Road, NE., Salem, Oregon 97305-1198.
Director, Colville Service Unit, Colville Indian Health
Center, Nespelem, Washington 99155.
Director, Coeur d'Alene Indian Health Station, Coeur
d'Alene, Idaho 83814.
Director, Fort Hall Service Unit, Fort Hall Indian
Health Center, PO Box 317, Fort Hall, Idaho 83203.
Director, Inchelium Indian Health Center, Inchelium,
Washington 99138.
Director, Kamiah Indian Health Station, Kamiah, Idaho
83536.
Director, Neah Bay Service Unit, Neah Bay Indian Health
Center, PO Box 418, Neah Bay, Washington 98357.
Director, Northern Idaho Service Unit, Northern Idaho
Indian Health Center, PO Drawer 367, Lapwai, Idaho
83540.
Director, Northwest Washington Service Unit, Lummi
Indian Health Center, 2592 Kwina Road, Bellingham,
Washington 98225.
Director, Puget Sound Service Unit, Puget Sound Indian
Health Station, 1212 South Judkins, Seattle, Washington
98144.
Director, Queets Indian Health Station, c/o Service
Unit Director, Taholah Indian Health Center, PO Box
219, Taholah, Washington 98587.
Director, Taholah Service Unit, Taholah Indian Health
Center, PO Box 219, Taholah, Washington 98587.
Director, Warm Springs Service Unit, Wellpinit Indian
Health Center, PO Box 357, Wellpinit, Oregon 99040.
Director, Wellpinit Service Unit, David C. Wynecoop
Memorial Clinic, PO Box 357, Wellpinit, Washington
99040.
Director, Yakima Service Unit, Yakima Indian Health
Center, 401 Buster Road, Toppenish, Washington 98948.
Director, Yellowhawk Service Unit, Yellowhawk Indian
Health Center, PO Box 160, Pendleton, Oregon 97801.
Director, Office of Health Program Research &
Development, Indian Health Service, 7900 S. J. Stock
Road, Tucson, Arizona 85746-9352.
Director, Santa Rosa Indian Health Center, HCR Box 700,
Sells, Arizona 85634.
Director, San Xavier Indian Health Center, 7900 S. J.
Stock Road, Tucson, Arizona 85746-9352.
Director, Sells Service Unit, Sells Indian Hospital, PO
Box 548, Sells, Arizona 85634.
Appendix 2--Federal Archives and Records Centers
District of Columbia, Maryland Except U.S. Court
Records for Maryland, Washington National Records
Center, 4205 Suitland Road, Suitland, Maryland 20409.
GSA Region 1--Connecticut, Maine, and Rhode Island,
Federal Archives and Records Center, 380 Trapelo Road,
Waltham, MA 02154.
GSA Region 2--New York, Federal Archives and Records
Center, Military Ocean Terminal, Bldg. 22, Bayonne, NJ
07002.
GSA Region 3--Pennsylvania, Federal Archives and
Records Center, 5000 Wissahickon Avenue, Philadelphia,
PA 19144.
GSA Region 4--Alabama, Florida, Mississippi and North
Carolina, Federal Archives and Records Center, 1557 St.
Joseph Avenue, East Point, GA 30344.
GSA Region 5--Wisconsin, Minnesota and U.S. Court
Records for Michigan, Federal Archives and Records
Center, 7358 South Pulaski Rd., Chicago, IL 60629.
GSA Region 5--Michigan Except U.S. Court Records,
Federal Records Center, 3150 Springboro Road, Dayton,
OH 45439.
GSA Region 6--Kansas, Iowa, and Nebraska, Federal
Archives and Records Center, 2306 East Bannister Rd.,
Kansas City, MO 64131.
GSA Region 7--Louisiana, New Mexico, Oklahoma and
Texas, Federal Archives and Records Center, PO Box
6216, Ft. Worth, TX 76115.
GSA Region 8--Colorado, Wyoming, Utah, Montana, North
Dakota and South Dakota, Federal Archives and Records
Center, PO Box 25307, Denver, CO 80225.
GSA Region 9--California, Except Southern California,
and Nevada, Except Clark County, Federal Archives and
Records Center, 1000 Commodore Drive, San Bruno, CA
94066.
GSA Region 9--Arizona: Clark County, Nevada and
Southern California (Counties of San Luis Obispo, Kern,
San Bernardino, Santa Barbara, Ventura, Los Angeles,
Riverside, Orange, Imperial Inyo, and San Diego),
Federal Archives and Records Center, 24000 Avila Road,
Laguna Niguel, CA 92677.
GSA Region 10--Washington, Oregon, Idaho and Alaska,
Federal Archives and Records Center, 6125 Sand Point
Way, Seattle, WA 98115.
09-17-0002
System name: Indian Health Service Scholarship and Loan
Repayment Programs, HHS/IHS/OHP.
Security classification:
None.
System location:
Scholarship and Loan Repayment Branch, Indian Health Service,
12300 Twinbrook Parkway, Suite 100, Rockville, Maryland 20852.
Washington National Records Center, 4205 Suitland Road, Suitland,
Maryland 20409.
Records are also located at the Department of Health and Human
Services (HHS) Regional Offices and Indian Health Service (IHS) Area
Offices. A list of the HHS Regional Offices and IHS Area Offices
where individually identifiable data are currently located is
available upon request to the Policy-Coordinating Official.
Categories of individuals covered by the system:
Applicants for and recipients of benefits from scholarship and
loan repayment programs administered by the IHS. The IHS scholarship
program includes the Health Professions Pre-Graduate Scholarship
Program for Indians, the Health Professions Preparatory Scholarship
Program for Indians, and the Health Professions Scholarship Program.
Also included are records of scholarship or loan repayment recipients
who are fulfilling their IHS service obligations as a result of
receiving funds from these IHS programs, and individuals who have
expressed an interest in employment in or an assignment to an IHS
medical facility or other facility described in sections 104 and 108
of the Indian Health Care Improvement Act, as amended.
Categories of records in the system:
Contains: Name, telephone number, work, school, home and/or
mailing address; Social Security Number; IHS scholarship or IHS loan
repayment application; associated forms; employment data;
professional performance and credentialing history of licensed health
professionals; preference for site selection; personal, professional,
and demographic background information; progress reports (which
include related data, correspondence, and professional performance
information consisting of continuing education, performance awards,
and adverse or disciplinary actions); payroll forms; lender's loan
repayment confirmation forms; IHS loan recipients's request form for
quarterly loan repayment distribution among lenders; deferment and
placement date; and repayment/delinquent/default status information.
Authority for maintenance of the system:
25 U.S.C. 1613, including the Health Professions Compensatory
Preprofessional and the Health Professions Pregraduate Scholarships;
25 U.S.C. 1613a, Health Professions Scholarship; 25 U.S.C. 1616a, IHS
Loan Repayment Program, 5 U.S.C. 5514, Requirement That Applicant
Furnish Taxpayer Identifying Number; 42 U.S.C. 216(a), for PHS
Commissioned Officers, and 5 U.S.C. 3301 for civil service employee,
both of which authorize verification of an individual's suitability
for employment; and 42 U.S.C. 254f, Assignment of Corps Personnel.
Purpose(s):
The purposes of this system of records are: (1) To select
applicants for the IHS Scholarship Programs and the IHS Loan
Repayment Program; (2) to monitor scholarship or loan repayment
related activities, such as payment tracking, deferment of services
obligation, default, placement, and claims determinations; (3) to
select and match IHS scholarship and loan repayment recipients for
employment assignments to medical programs, such as IHS medical
facilities; (4) to monitor services provided by these IHS health
providers; (5) to maintain records on and to verify individuals'
educational/professional employment data and performance history; (6)
to assist PHS officials in the collection of overdue debts owed under
the IHS Scholarship Program; and (7) to negotiate site assignments,
and recruit health professionals for IHS programs. Portions of
records from this system of records may be used by staff of the
Health Resources and Services Administration (HRSA), PHS, who
maintain System No. 09-15-0045, ``Health Resources and Services
Administration Loan Repayment/Debt Management Records System, HHS/
HRSA/OA,'' for activities related to the participants' breach of
contract including debt collection information provided to HRSA staff
includes, but may not be limited to the participants' identification,
number of days in school while covered by an IHS scholarship
agreement, number of days served and still owed, and amount of funds
expended and still owed.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The IHS may disclose records to a congressional office in
response to a verified inquiry from the congressional office made at
the written request of the subject individual.
2. Records may be disclosed to authorized persons employed by the
grantee institution (the educational institution which the recipient
of a scholarship grant is attending or the hospital affiliated with
an educational institution the IHS loan repayment recipient is
attending to complete his/her residency requirement) as needed for
the administration of a scholarship grant award.
3. Records may be disclosed to other Federal agencies that also
provide scholarship funding at the request of these Federal agencies
to detect or curtail fraud and abuse in Federal scholarship programs,
and to collect delinquent loans or benefit payments owed to the
Federal Government.
4. The IHS will provide to any person or organization requesting
it a list of recipients of scholarship grants, including the school
attended and tribal affiliation of each recipient.
5. The Department may disclose information from this system of
records to the Department of Justice, or to a court or other
tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
6. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation of potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State, or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
7. The IHS may disclose records consisting of names, disciplines,
current mailing addresses, and dates of graduation of scholarship
recipients to designated coordinators at each school of medicine,
osteopathy, and dentistry participating in the IHS loan recipient is
completing his/her residency requirement for the purpose of guiding
and informing these recipients about the nature of their forthcoming
professional service obligation.
8. The IHS may disclose records consisting of names of the IHS
scholarship of IHS loan repayment recipient, professional school he/
she is attending, and the date of graduation to health professions
associations and other interested health professions groups which
have responsibility for coordinating funds paid to students from
Federal and other sources.
9. The IHS may disclose records contained in this system of
records to HHS contractors and subcontractors for the purpose of
collecting, compiling, aggregating, analyzing, or refining records in
the system. Contractors maintain, and are also required to ensure
that subcontractors maintain, Privacy Act safeguards with respect to
such records.
10. The IHS may disclose records contained in this system of
records to HHS contractors and subcontractors for the purpose of
recruiting, screening, and matching health professionals for
assignment to or employment in a medical facility located in one of
the options cited in section 108(a)(2)(A). In addition, HHS
contractors and subcontractors:
(a) May disclose biographic data and information supplied by
potential applicants;
(1) To references listed on application and associated forms for
the purpose of evaluating the applicant's professional
qualifications, experience, and suitability, and
(2) To a State or local government medical licensing board and/or
tothe Federation of State Medical Boards or a similar nongovernment
entity for the purpose of verifying that all claimed background and
employment data are valid and all claimed credentials are current and
in good standing.
(b) May disclose biographic data and information supplied by
references listed on application and associated forms to other
references for the purpose of inquiring into the applicants's
professional qualifications and suitability; and
(c) May disclose professional suitability evaluation information
to IHS officials, prospective employers, or to officials, prospective
employers, or to site representatives, for the purpose of appraising
the applicant's professional qualifications and suitability for site
assignment or employment. Contractors maintain, and are also required
to ensure that subcontractors maintain Privacy Act safeguards with
respect to such records.
11. The IHS may disclose records contained in this system of
records to private parties such as present and former employers
references listed on application and associated forms, other
references, and education institutions. The purpose of such
disclosures is to obtain information to evaluate an individuals's
professional accomplishments, performance, and educational
background, and to determine if an applicant is suitable for
employment in/assignment to a medical facility located at one of the
sites listed in section 108(a)(2)(A).
12. The IHS may disclose records contained in this system of
records to other Federal agencies that also provide scholarship or
educational loan repayment fundings at the request of these Federal
agencies in conjunction with a computer matching program conducted by
these Federal agencies to detect or curtail fraud and abuse in
Federal scholarship or educational loan repayment programs, and to
collect delinquent loans or benefit payments owed to the Federal
Government.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 158a(f) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). The purposes of
these disclosures are: (1) To provide an incentive for debtors to
repay delinquent Federal Government debts by making these debts part
of their credit records, and (2) to enable PHS agencies to improve
the quality of loan and scholarship decisions by taking into account
the financial reliability of applicants. Disclosure of records will
be limited to the individual's name, Social Security Number, and
other information necessary to establish the identity of the
individual, the amount, status, and history of the claim, and the
agency or program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in folders, ledgers, magnetic tapes, and
on electronic word processing diskettes.
Retrievability:
Records which identify individual persons are indexed by name or
identification number of scholarship or loan repayment applicant or
recipient.
Safeguards:
1. Authorized users: Access is limited only to authorized
personnel in the performance of their duties. Authorized personnel
include: The system manager, his/her staff, IHS Area Office
Scholarship or IHS Loan Repayment Coordinators, IHS Headquarters
Branch Chiefs acting as advisors to scholarship or IHS loan repayment
recipients, staffs of the IHS Grants Management Offices in IHS
Headquarters and IHS Area Offices and HRSA debt management staff for
activities related to the participants' breach of contract including
debt collection.
2.Physical safeguards: Paper records are stored in locked file
cabinets. The records storage areas are secured during off-duty
hours. Magnetic tapes, discs, and word processing diskettes are
stored in areas where fire and life safety codes are strictly
enforced. Word processing diskettes are off-loaded and stored in
locked cabinets when not in use. All automated and nonautomated
documents are protected during lunch hours and nonworking hours in
locked file cabinets or locked storage areas. The Automated Data
Processing remote stations are locked during non-standard working
hours. Twenty-four hour, 7-day security guards perform randon checks
on the physical security of the data and the storage areas. Backup
files are maintained in an off-site facility with controlled
entrances and exits.
3. Procedural safeguards: All IHS personnel who make use of
records contained in this system are made aware of their
responsibilities under the provisions of the Privacy Act and are
required to maintain Privacy Act safeguards with respect to such
records. The records storage areas are not left unattended during
office hours, including lunch hours. Records are not removed from
these areas in which they are maintained in the absence of proper
charge-out procedures. Twenty-four hour, seven-day security guards
perform random checks on the physical security of the records storage
areas and word processing diskettes. A data set name controls the
release of data to only authorized users. When copying records for
authorized purposes, care is taken to ensure that any imperfect pages
are not left in the reproduction room where they can be read, but are
destroyed or obliterated.
Retention and disposal:
1. Scholarship applications are returned to unsuccessful
applicants 6 months after the IHS scholarships are awarded for each
fiscal year. The records for the scholarship participants who are
obligated to the IHS, are retained for approximately 4 to 15 years
(depending on when the student completes the obligatory service)
after the final award payments has been made by the IHS. The records
for the scholarship applicants, who are not obligated to the IHS, are
destroyed 6 years and 3 months after final payment, or upon
resolution of any adverse audit findings, whichever is later.
2. Loan repayment applications are returned to unsuccessful
applicants after the end of the following fiscal year. Loan repayment
applications are automatically applied to the loan repayment cycle of
the following fiscal year if the application is turned down for the
current fiscal year. The records for the loan repayment participants
are destroyed 6 to 10 years after the final payment, or upon
resolution of any adverse audit findings, whichever is later.
Records are transferred to the Federal Records Center 2 years
after final repayment or when closed, for 4 years, and are then
subsequently disposed of in accordance with the IHS Records
Disposition Schedule. The IHS Records Disposition Schedule
regulations for these records may be obtained by writing to the
System Manager at the address listed below.
System manager(s) and address:
Policy Coordinating Official:
Director, Division of Health Professions Recruitment and
Training, Indian Health Service, Twinbrook Metro Plaza, 12300
Twinbrook Parkway, Suite 100, Rockville, Maryland 20852
Chief, Scholarship Branch, DHPRT, Indian Health Service,
Twinbrook Metro Plaza, 12300 Twinbrook Parkway, Suite 100, Rockville,
Maryland 20852
Loan Repayment Applicants/Recipients:
Coordinator, Loan Repayment Program, Scholarship Branch, DHPRT,
Indian Health Service, Twinbrook Metro Plaza, 12300 Twinbrook
Parkway, Suite 100, Rockville, Maryland 20852.
Notification procedures:
Requests in person: A subject individual who appears in person at
a specific location seeking access to or disclosure of records
relating to him/her shall provide his/her name, current address,
Grant Identification Number, Social Security Number or other
identification numbers, dates of enrollment in the IHS scholarship or
loan repayment program, and at least one piece of tangible
identification such as driver's license, passport, or viter
registration card. Identification papers with current photographs are
preferred, but not required. If a subject individual has no
identification, but is personally known to an agency employee, such
employee shall make a written record verifying the subject
individual's identity. Where the subject individual has no
identification papers, the responsible agency official shall require
that the subject individual certify in writing that he/she is the
individual who he/she claims to be and that he/she understands that
the knowing and willful request or acquisition of a record concerning
an individual under false pretenses is a criminal offense subject to
a 5,000 dollars fine.
Requests by mail: A written request must contain the name and
address of the requestor, Social Security Number or signature which
is either notarized to verify his/her identity or includes a written
certification that the requestor is the person he/she claims to be
and that he/she understands that the knowing and willful request or
acquisition of records pertaining to an individual under false
pretenses is a criminal offense subject to a 5,000 dollars fine. In
addition, the following information is needed: Dates of enrollment in
the IHS scholarship program or IHS loan repayment program, and
current enrollment status, such as pending application approval,
deferment or service obligation, or shortage area placement.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored; the
caller is asked to submit his/her request in writing. In addition,
the requestor is informed that provision of his/her Social Security
Number may assist in the verification of the identity of the person
as well as the identification of his/her record. The requestor is
informed that provision of his/her Social Security Number is
voluntary and that the individual will not be refused access to his/
her record for failure to disclose his/her Social Secutiry Number.
Record access procedures:
Same as notification procedures. Requesters should also provide a
reasonable description of the record being sought. Requesters may
also request an accounting of disclosures that have been made of
their record, if any.
Contesting record procedures:
Contact the Policy Coordinating Official, provide a reasonable
description of the record, specify the information being contested,
the corrective action sought, and the reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
Information will be collected from the following sources:
Educational institutions attended; internship and/or residency
training progress reports; IHS site selection questionnaires; IHS
site selection questionnaries; IHS Scholarship or Loan Repayment
applicants; financial institutions from which these applicants habe
obtained educational loans; Bureau of Health Professions Area
Resources File tapes; health professional associations; HHS
contractors/subcontractors; consumer reporting agencies/credit
bureaus; lending institutions; PHS Commissioned Personnel Operations
Division and U.S. Office of Personnel Operations Division and U.S.
Office of Personnel Management personnel records; other Federal
agencies, including but not limited to the Department of Treasury,
the Internal Revenue Service, and the U.S. Postal Service; State or
local government medical licensing boards and/or the Federation of
State Medical Boards or a similar nongovernment entity; and third
parties who provide references concerning the subject individual.
Systems exempted from certain provisions of the act:
None.
09-17-0003
System name: Indian Health Service Medical Staff Credentials and
Privileges Records, HHS/IHS/OHP.
Security classification:
None.
System location:
Each Indian Health Service (IHS) Area Office and each IHS Service
Unit (Appendix 1). Records may also be located at hospitals and
offices of health care providers who are under contract to IHS. A
current list of contractor sites is available by writing to the
appropriate System Manager (Area or Service Unit Director) at the
address shown in Appendix I.
Categories of individuals covered by the system:
Prospective, current and former Indian Health Service (IHS)
medical staff members. The term IHS medical staff includes fully
licensed individuals permitted by law to provide patient care
services independently and without concurrent professional direction
or supervision, within the scope of his /her license and in
accordance with individually granted clinical privileges. The IHS
medical staff includes physicians (M.D. and D.O.) and dentists and
may include other health care practitioners such as psychologists,
optometrists, podiatrists, audiologists, and, in some states,
certified nurse midwives.
Types of assignment categories of current and former IHS medical
staff members include the following:
Provisional--Those new members of the medical staff who are
serving a required initial probationary period, as specified in the
local medical staff bylaws. During this time, their qualifications
for membership on the active or courtesty IHS medical staff are
assessed.
Active--Those members who are either IHS employees or employees
of Pub. L. 93-638 Tribal Contractors who spend at least 50 percent of
their professional time within the IHS facility and/or IHS Service
Unit. They have served their probationary period and have been found
to be fully qualified for membership on the IHS medical staff.
Temporary--Those members who provide services on a short-term
basis.
Courtesty or Associate--Those members who generally provide
services on a periodic or episodic basis (e.g., consultants for
specialty clinics) and are usually not IHS employees.
Categories of records in the system:
Contains name, Social Security Number, IHS medical staff
membership and privileges applications and associated forms,
employment data, liability insurance coverage, credentialing history
of licensed health professionals, personal, educational, and
demographic background information, professional performance
information consisting of continuing education, performance awards,
and adverse or disciplinary actions, and evaluations and approvals
completed by IHS medical staff reviewers.
Authority for maintenance of the system:
Indian Self Determination and Education and Assistance Act (25
U.S.C. 450), Snyder Act (25 U.S.C. 13), Indian Health Care
Improvement Act (25 U.S.C. 1601 et seq.), Indian Health Service
Transfer Act (42 U.S.C. 2001-2004).
Purpose(s):
The purposes of this system are:
1. To ensure that IHS medical staff members are qualified,
competent and capable of delivering quality health services
consistent with those of the medical community at large and that they
are granted privileges commensurate with their training and
competence and with the ability of the facility to provide adequate
support equipment, services, and staff.
2. To inform health care practitioner(s) and staff of health care
facilities, state or county health professional societies or
licensing boards to whom the subject individual may apply for
clinical privileges, membership or licensure, of the subject
individual's professional competence, character and ethical
qualifications. This may include information regarding drug or
alcohol abuse or dependency. Within the Department such releases may
be made to personnel staffs of DHHS Regional Offices.
3. To provide adverse health care practice information to the
data bank established under Title IV of Pub. L. 99-660, the Health
Care Quality Improvement Act of 1986. The purpose of such a release
is to provide information concerning a current or former IHS medical
staff member whose professional health care activity failed to
conform to generally accepted standards of professional medical
practice.
4. To provide health care practice information concerning current
or former members of the IHS medical staff with Commissioned Corps
status to the Division of Commissioned Personnel, U.S. Public Health
Service, so that an informed decision may be made concerning the
promotion, retention, or reassignment of the subject individual.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Records may be disclosed to organizations authorized to
conduct evaluation studies concerning the delivery of health care
services by the Indian Health Service (e.g., Joint Commission on the
Accreditation of Healthcare Organizations).
2. IHS may disclose records consisting of name, Social Security
Number, employment history and any professional qualification
information concerning medical staff membership and privileges,
professional competence, clinical judgment and personal character to
a State or local government health professional licensing board, to
the Federation of State Medical Boards, to the data bank established
under Title IV of Pub. L. 99-660 and/or to a similar entity which has
the authority to maintain records concerning the issuance, retention
or revocation of licenses or registrations necessary to practice a
health professional occupation or specialty. The purpose of this
disclosure is to inform medical profession licensing boards and
appropriate entities about the health care practices of a current,
terminated, resigned, or retired IHS medical staff member whose
professional health care activity so significantly failed to conform
to generally accepted standards of professional medical practice as
to raise reasonable concern for the health and safety of members of
the general public. This will be done within the guidelines for
notice, hearing, and review as delineated in the medical staff bylaws
for the IHS facility and/or within other HHS or IHS regulations or
policies.
3. IHS may disclose biographic data and information supplied by
potential applicants to (a) references listed on the IHS medical
staff and/or privileges application and associated forms for the
purpose of evaluating the applicant's professional qualifications,
experience, and suitability, and (b) a State or local government
health profession licensing board, to a health-related professional
organization, to the Federation of State Medical Boards, and to the
data bank established under Title IV of Pub. L. 99-660 or a similar
entity for the purpose of verifying that all claimed background and
employment data are valid and all claimed credentials are current and
in good standing.
4. Records may be disclosed to other Federal agencies (including
the Office of Personnel Management for subject individuals applying
for or maintaining Civil Service appointments), to State and local
governmental agencies, and to organizations in the private sector to
which the subject individual applies for clinical privileges,
membership or licensure for the purpose of documenting the
qualifications and competency of the subject individual to provide
health services in his/her health profession based on the
individual's professional performance while employed by the IHS.
5. The Department may disclose information from this system of
records to the Department of Justice, or to a court or other
tribunal, when (a) HHS, or any component thereof, or (b) any HHS
employee in his or her official capacity; or (c) any HHS employee in
his or her individual capacity where the Department of Justice (or
HHS, where it is authorized to do so) has agreed to represent the
employee; or (d) the United States or any agency thereof where HHS
determines that the litigation is likely to affect HHS or any of its
components, is a party to litigation or has an interest in such
litigation, and HHS determines that the use of such records by the
Department of Justice, the court or other tribunal is relevant and
necessary to the litigation and would help in the effective
representation of the governmental party, provided, however, that in
each case, HHS determines that such disclosure is compatible with the
purpose for which the records were collected.
6. Records may be disclosed to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
7. In the event that a system of records maintained by the IHS to
carry out its functions indicates a violation or potential violation
of law, whether civil, criminal, or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State, or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Indexed and retrieved by name, Social Security Number, and any
other identifying numbers necessary to establish the identity of an
individual whose record is maintained in the system of records.
Safeguards:
1. Authorized Users: Access is limited to authorized personnel
for use in the performance of their official duties. Authorized
personnel include: Physician Recruitment and other Health Professions
Branch Staff and Area Governing Board Members at IHS Area Offices,
and Service Unit Directors, Clinical Directors and members of the
Credentials and Privilege Committee of each IHS Service Unit. At each
location where records in this system will be maintained, a list of
personnel or categories of personnel having an official need-to-know
has been developed and is maintained.
2. Physical Safeguards: Records are kept in locked metal filing
cabinets or in locked desk drawers in secured rooms at all times when
not actually in use during working hours and at all times during non-
working hours. Record storage areas, including file cabinets and
desks, are not left unattended or unlocked during office hours,
including lunch hours.
3. Procedural Safeguards: Persons who have an official need-to-
know are entrusted with records from this system of records and are
instructed to safeguard the confidentiality of these records and to
destroy all copies or to return such records when the need to know
has expired. Instructions include the statutory penalties for
noncompliance. Proper charge-out procedures are followed for the
removal of records from the area in which they are maintained. Before
an employee who will control disclosure of records can work with the
records (i.e., employees who report to the system manager) the system
manager or designee ensures that the employee has received training
in the safeguards applicable to the records and is aware of the
actions to take to restrict disclosure. When copying records for
authorized purposes, care is taken to ensure that any imperfect pages
are not left in the reproduction room where they can be read but are
destroyed or obliterated.
4. Implementation Guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf:45-13 of the General Administration
Manual.
Retention and disposal:
Records are maintained by IHS for at least five years after the
individual's termination of employment or association with IHS.
Records of unsuccessful applicants for medical staff membership will
be retained for three years after his/her rejection. After these
periods of retention expire, records are destroyed by shredding or
burning.
System manager(s) and address:
See Appendix 1.
Policy Coordinating Official: Director, Patient Care Professional
Affairs and Support IHS, 5600 Fishers Lane, Room 6A-55, Rockville,
Maryland 20857.
The IHS Clinical Directors at all IHS Service Units listed in
Appendix 1 are System Managers. IHS medical staff credentials and
privileges files are stored at these locations. Other addresses
listed in Appendix 1 are locations at which all or parts of these
records may also be stored (Physician Recruiter at IHS Area Offices).
Post Office Box designations appearing in Appendix 1 should be
specified when making requests by mail.
Notification procedure:
Requests must be made to the appropriate System Manager (Clinical
Director for the appropriate Service Unit) listed in Appendix 1.
Requests by mail: Requests for information and/or access to
records received by mail must contain information providing the
identity of the writer and a reasonable description of the record
desired. Written requests must contain, at a minimum, the name,
signature, Social Security Number, and address of the requester, and
for unsuccessful applicants the date when the application was
submitted, and for current or former IHS health care providers the
dates and locations of service.
We may request additional identification when we hold records for
different persons with the same name or where an apparent discrepancy
exists between information contained in the record and that provided
by the individual requesting access to the record.
Other names used: Where an individual is seeking to obtain
information about himself/herself which may be retrieved by a
different name than his/her current name, he/she shall be required to
produce evidence to verify that he/she is the person whose record he/
she seeks.
Requests in person: A subject individual who appears in person at
a specific location (where he or she currently works or formerly
worked) seeking access or disclosure of records contained in this
system of records relating to him/her shall provide the information
described in ``Requests by mail'' (above) and at least one piece of
tangible identification such as a driver's license or passport.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as Notification Procedure. Requesters should also provide a
reasonable description of the record being sought.
Requesters may also request an accounting of disclosures that
have been made of their records, if any.
Contesting record procedures:
Write to the appropriate Service Unit Clinical Director at the
address specified in Appendix 1 and reasonably identify the record,
specify the information being contested, and state the corrective
action sought, and the reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Subject individual, IHS health care personnel, references
supplied by the subject individual, professional societies or
associations, specialty boards, colleges and universities attended by
the subject individual, former employers, health facilities or health
providers with which the subject individual was associated, liability
insurance carriers, organizations providing cardiopulmonary
resuscitation (CPR) training to the subject individual, State and
local health and health care licensing or certifying organizations,
and organizations which serve as repositories of information on
health care professionals.
Systems exempted from certain provisions of the act:
None.
Appendix 1--System Managers and IHS Locations Under Their
Jurisdiction Where Records Are Maintained
Director, Aberdeen Area Indian Health Service, Federal Building,
115 Fourth Avenue, SE. Aberdeen, South Dakota 57401
Clinical Director, Cheyenne River Service Unit, Eagle Butte
Indian Hospital, Eagle Butte, South Dakota 57625
Clinical Director, Crow Creek Service Unit, Ft. Thompson Indian
Health Center, Ft. Thompson, South Dakota 57339.
Clinical Director, Fort Berthold Service Unit, Minni-Tohe Indian
Health Center, New Town, North Dakota 58763
Clinical Director, Fort Totten Service Unit, Fort Totten Indian
Health Center, Fort Totten, North Dakota 58335
Clinical Director, Omaha-Winnebago Service Unit, Winnebago Indian
Hospital, Winnebago, Nebraska 68071
Clinical Director, Pine Ridge Service Unit, Pine Ridge Indian
Hospital, Pine Ridge, South Dakota 57770
Clinical Director, Rapid City Service Unit, Rapid City Indian
Hospital, Rapid City, South Dakota 57702
Clinical Director, Rosebud Service Unit, Rosebud Indian Hospital,
Rosebud, South Dakota 57570
Clinical Director, Sisseton-Wahpeton Service Unit, Sisseton
Indian Hospital, Sisseton, South Dakota 57262
Clinical Director, Standing Rock Service Unit, Fort Yates Indian
Hospital, Fort Yates, North Dakota 58538
Clinical Director, Turtle Mountain Service Unit, Belcourt Indian
Hospital, Belcourt, North Dakota 58316
Clinical Director, Yankton-Wagner Service Unit, Wagner Indian
Hospital, Wagner, South Dakota 57380
Director, Alaska Native Health Service, 250 Gambell Street, Third
and Gambell Street, Anchorage, Alaska 99501
Clinical Director, Anchorage Service Unit, PHS, Alaska Native
Medical Center, PO Box 107741, Anchorage, Alaska 99510
Clinical Director Annette Island Service Unit, Metlakatla Alaska
Native Health Center, Box 428, Metlakatla, Alaska 99926
Clinical Director, Barrow Service Unit, Barrow Alaska Native
Hospital, Barrow, Alaska 99723
Clinical Director, Kotzebue Service Unit, Kotzebue Alaska Native
Hospital, Kotzebue, Alaska 99752
Clinical Director, Yukon-Kuskokwim-Delta Service Unit, Yukon-
Kuskokwim-Delta Regional Hospital, Indian Health Service, Bethel,
Alaska 99559
Director, Albuquerque Area Indian Health Service, 505 Marquette
NW, Suite 1502, Albuquerque, New Mexico 87102-2163.
Clinical Director, Acoma-Canoncito-Laguna Service Unit, Acoma-
Canoncito-Laguna Indian Hospital, PO Box 130, San Fidel, New Mexico
87049
Clinical Director, Albuquerque Service Unit, Albuquerque Indian
Hospital, 2801 Vassar Drive NE, Albuquerque, New Mexico 87106
Clinical Director, Mescalero Service Unit, Mescalero Indian
Hospital, PO Box 210, Mescalero, New Mexico 88340
Clinical Director, New Sunrise Regional Treatment Center, PO Box
219, San Fidel, New Mexico 87049.
Clinical Director, Santa Fe Service Unit, Santa Fe Indian
Hospital, 1700 Cerrillos Road, Santa Fe, New Mexico 87501.
Clinical Director, Southern Colorado-Ute Service Unit, PO Box
778, Ignacio, Colorado 81137
Clinical Director, Zuni-Ramah Service Unit, Zuni Indian Hospital,
Zuni, New Mexico 87327
Director, Bemidji Area Office, Indian Health Service, 203 Federal
Building, Bemidji, Minnesota 56601
Clinical Director, Cass Lake Service Unit, Cass Lake Indian
Hospital, Cass Lake, Minnesota 56633
Clinical Director, Eastern Michigan Service Unit, Kincheloe
Indian Health Center, Kincheloe, Minnesota 49788
Clinical Director, Red Lake Service Unit, Red Lake Indian
Hospital, Red Lake, Minnesota 56671
Clincial Director, White Earth Service Unit, White Earth Indian
Health Center, White Earth, Minnesota 56591
Director, Billings Area Indian Health Service, PO Box 2143, 711
Central Avenue, Billings, Montana 59103
Clinical Director, Blackfeet Service Unit, Browning Indian
Hospital, Browning, Montana 59417
Clinical Director, Crow Service Unit, Crow Indian Hospital, Crow
Agency, Montana 59022
Clinical Director, Flathead Service Unit, St. Ignatius Indian
Health Center, St. Ignatius, Montana 59865
Clinical Director, Fort Belknap Service Unit, Harlem Indian
Hospital, Harlem, Montana 59526
Clinical Director, Fort Peck Service Unit, Poplar Indian Health
Center, Poplar, Montana 59255
Clinical Director, Northern Cheyenne Service Unit, Lame Deer
Indian Health Center, Lame Deer, Montana 59043
Clinical Director, Rocky Boy's Service Unit, Box Elder Indian
Health Center, Box Elder, Montana 59521
Clinical Director, Wind River Service Unit, Fort Washakie Indian
Health Center, Fort Washakie, Wyoming 82514
Director, California Area Office, Indian Health Service, 1825
Bell Street, Suite 200, Sacramento, California 95825-1097.
Director, Nashville Area Indian Health Service, 3310 Perimeter
Hill Drive, Nashville, Tennessee 37211-4139.
Clinical Director, Cherokee Service Unit, Cherokee Indian
Hospital, Cherokee, North Carolina 28719
Clinical Director, Navajo Area Indian Health Service, PO Box G,
Window Rock, Arizona 86515-0190
Clinical Director, Chinle Service Unit, Chinle Indian Hospital,
PO Drawer P.H., Chinle, Arizona 86503
Clinical Director, Crownpoint Service Unit, Crownpoint Indian
Hospital, PO Box 358, Crownpoint, New Mexico 87313
Clinical Director, Fort Defiance Service Unit, Fort Defiance
Indian Hospital, PO Box 649, Fort Defiance, Arizona 86504
Clinical Director, Gallup Service Unit, Gallup Indian Medical
Center, PO Box 1337, Gallup, New Mexico 87301
Clinical Director, Kayenta Service Unit, Kayenta Indian Health
Center, PO Box 368, Kayenta, Arizona 86033
Clinical Director, Shiprock Service Unit, Shiprock Indian
Hospital, PO Box 160, Shiprock, New Mexico 87420
Clinical Director, Tuba City Service Unit, Tuba City Indian
Hospital, PO Box H, Tuba City, Arizona 86045
Clinical Director, Winslow Service Unit, Winslow Indian Health
Center, PO Drawer 40, Winslow, Arizona 86047
Director, Oklahoma City Area Indian Health Service, Five
Corporation Plaza, 3625 NW., 56th Street, Oklahoma City, Oklahoma
73112.
Clinical Director, Ada Service Unit, Carl Albert Indian Hospital,
1001 North Country Club Drive, Ada, Oklahoma 74820
Clinical Director, Claremore Service Unit, Claremore
Comprehensive Indian Health Facility, Claremore, Oklahoma 74017
Clinical Director, Clinton Service Unit, Clinton Indian Hospital,
Route 4, Box 213, Clinton, Oklahoma 73601
Clinical Director, Kansas Service Unit, Holton Indian Health
Center, 100 West 16th Street, Holton, Kansas 66436
Clinical Director, Lawton Service Unit, Lawton Indian Hospital,
Lawton, Oklahoma 73501
Clinical Director, Pawnee Service Unit, Pawnee Indian Health
Center, Rural RR2, Box 1, Pawnee, Oklahoma 74058
Clinical Director, Shawnee Service Unit, Shawnee Indian Health
Center, 2001 South Gordon Cooper Drive, Shawnee, Oklahoma 74801
Clinical Director, Tahlequah Service Unit, W.W. Hastings Indian
Hospital, 100 S. Bliss, Tahlequah, Oklahoma 74464
Director, Phoenix Area Indian Health Service, 3738 N. 16th
Street, Suite A, Phoenix, Arizona 85016-5981
Clinical Director, Colorado River Service Unit, Parker Indian
Hospital, Route 1, PO Box 12, Parker, Arizona 85344
Clinical Director, Fort Yuma Service Unit, Fort Yuma Indian
Hospital, PO Box 1368, Fort Yuma, Arizona 85364
Clinical Director, Keams Canyon Service Unit, Keams Canyon Indian
Hospital, PO Box 98, Keams Canyon, Arizona 86034
Clinical Director, Owyhee Service Unit, Owyhee Indian Hospital,
PO Box 212, Owyhee, Nevada 89832
Clinical Director, Phoenix Service Unit, Phoenix Indian Medical
Center, 4212 North 16th St., Phoenix, Arizona 85016
Clinical Director, Sacaton Service Unit, Sacaton Indian Hospital,
PO Box 38, Sacaton, Arizona 85247
Clinical Director, San Carlos Service Unit, San Carlos Indian
Hospital, PO Box 208, San Carlos, Arizona 85550
Clinical Director, Schurz Service Unit, Schurz Indian Hospital,
Drawer ``A'', Schurz, Nevada 89427
Clinical Director, Unitah and Ouray Service Unit, Fort Duchesne
Indian Health Center, PO Box 160, Roosevelt, Utah 84066
Clinical Director, Whiteriver Service Unit, Whiteriver Indian
Hospital, PO Box 860, Whiteriver, Arizona 85941
Director, Portland Area Indian Health Service, Room 476, Federal
Building, 1220 Southwest Third Avenue, Portland, Oregon 97204-2892
Clinical Director, Coleville Service Unit, Coleville Indian
Health Center, Nespelem, Washington 99155
Clinical Director, For Hall Service Unit, Fort Hall Indian Health
Center, PO Box 317, Fort Hall, Idaho 83203
Clinical Director, Neah Bay Service Unit, Neah Bay Indian Health
Center, PO Box 418, Neah Bay, Washington 98357
Clinical Director, Northern Idaho Service Unit, Northern Idaho
Indian Health Center, PO Drawer 367, Lapawai, Idaho 83540
Clinical Director, Northwest Washington Service Unit, Lummi
Indian Health Center, 2592 Kwina Road, Bellingham, Washington 98225
Clinical Director, Puget Sound Service Unit, Puget Sound Indian
Health Station, 1212 South Judkins, Seattle, Washington 98144
Clinical Director, Taholah Service Unit, Taholah Indian Health
Center, PO Box 219, Taholah, Washington 98587
Clinical Director, Warm Springs Service Unit, Wellpinit Indian
Health Center, PO Box 357, Wellpinit, Oregon 99040
Clinical Director, Wellpinit Servie Unit, David C. Wynecoop
Memorial Clinic, PO Box 357, Wellpinit, Washington 99040
Clinical Director, Yakima Service Unit, Yakima Indian Health
Center, 401 Buster Road, Toppenish, Washington 98948
Clinical Director, Yellowhawk Service Unit, Yellowhawk Indian
Health Center, PO Box 160, Pendleton, Oregon 97801
Director, Office of Health Program Research & Development, Indian
Health Service, 7900 S. J. Stock Road, Tucson, Arizona 85746-9352
Clinical Director, Sells Service Unit, Sells Indian Hospital, PO
Box 548, Sells, Arizona 85634
National Institutes of Health
Table of Contents
09-25-0005, Administration: Library Operations and User I.D.
File, HHS/NIH/OD.
09-25-0007, Administration: NIH Safety Glasses Issuance
Program, HHS/NIH/ORS.
09-25-0011, Clinical Research: Blood Donor Records, HHS/NIH/CC.
09-25-0012, Clinical Research: Candidate Normal Volunteer
Records, HHS/NIH/CC.
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC.
09-25-0033, International Activities: Fellowships Awarded by
Foreign Organizations, HHS/NIH/FIC.
09-25-0034, International Activities: Scholars-in-Residence
Program, HHS/NIH/FIC.
09-25-0036, Extramural Awards and Chartered Advisory
Committees: IMPAC (Grant/Contract/Cooperative Agreement/Chartered
Advisory Committee Information), HHS/NIH/CSR and HHS/NIH/CMO.
09-25-0041, Research Resources: Scientists Requesting Hormone
Distribution, HHS/NIH/NIDDK.
09-25-0054, Administration: Property Accounting, HHS/NIH/ORS.
09-25-0078, Administration: Consultant File, HHS/NIH/NHLBI.
09-25-0087, Administration: Senior Staff, HHS/NIH/NIAID.
09-25-0093, Administration: Authors, Reviewers, Editorial
Board, and Members of the Journal of the National Cancer Institute,
HHS/NIH/NCI.
09-25-0099, Clinical Research: Patient Medical Records, HHS/
NIH/CC.
09-25-0105, Administration: Health Records of Employees,
Visiting Scientists, Fellows, and Others Who Receive Medical Care
Through the Employee Health Unit, HHS/NIH/ORS.
09-25-0106, Administration: Office of the NIH Director and
Institute/Center Correspondence Records, HHS/NIH/OD.
09-25-0108, Personnel: Guest Researchers, Special Volunteers,
and Scientists Emeriti, HHS/NIH/OHRM.
09-25-0112, Grants and Cooperative Agreements: Research,
Research Training, Fellowship and Construction Applications and
Related Awards, HHS/NIH/OD.
09-25-0115, Administration: Curricula Vitae of Consultants and
Clinical Investigators, HHS/NIH/NIAID.
09-25-0118, Contracts: Professional Services Contractors, HHS/
NIH/NCI.
09-25-0121, International Activities: Senior International
Fellowships Program, HHS/NIH/FIC.
09-25-0124, Administration: Pharmacology Research Associates,
HHS/NIH/NIGMS.
09-25-0140, International Activities: International Scientific
Researchers in Intramural Laboratories at the National Institutes of
Health, HHS/NIH/FIC.
09-25-0156, Records of Participants in Programs and Respondents
in Surveys Used to Evaluate Programs of the Public Health Service,
HHS/PHS/NIH/OD.
09-25-0158, Administration: Records of Applicants and Awardees
of the NIH Intramural Research Training Awards Program, HHS/NIH/OD.
09-25-0160, United States Renal Data System (USRDS), HHS/NIH/
NIDDK.
09-25-0161, Administration: NIH Consultant File, HHS/NIH/CSR.
09-250165, National Institutes of Health (NIH) Office of Loan
Repayment and Scholarship (OLRS) Records System, HHS/NIH/OD.
09-25-0166, Administration: Radiation and Occupational Safety
and Health Management Information Systems, HHS/NIH/ORS.
09-25-0167, National Institutes of Health (NIH) TRANSHARE
Program, HHS/NIH/OD.
09-25-0168, Invention, Patent, and Licensing Documents
Submitted to the Public Health Service by its Employees, Grantees,
Fellowship Recipients, and Contractors, HHS/PHS/NIH/OTT.
09-25-0169, Medical Staff-Credentials Files, HHS/NIH/CC.
09-25-0200, Clinical, Epidemiologic, and Biometric Studies of
the National Institutes of Health (NIH), HHS/NIH/OD.
09-25-0202, Patient Records on PHS Beneficiaries (1935-1974)
and Civilly Committed Drug Abusers (1967-1976) Treated at the PHS
Hospitals in Fort Worth, Texas, or Lexington, Kentucky, HHS/NIH/NIDA.
09-25-0203, National Institute on Drug Abuse, Intramural
Research Program, Federal Prisoner and Non-Prisoner Research Files,
HHS/NIH/NIDA.
09-25-0207, Subject-Participants in Pharmacokinetic Studies on
Drugs of Abuse and on Treatment Medications, HHS/NIH/NIDA.
09-25-0208, Drug Abuse Treatment Outcome Study (DATOS), HHS/
NIH/NIDA.
09-25-0209, Subject-Participants in Drug Abuse Research Studies
on Drug Dependence and in Research Supporting New Drug Applications,
HHS/NIH/NIDA.
09-25-0210, Shipment Records of Drugs of Abuse to Authorized
Researchers, HHS/NIH/NIDA.
09-25-0211, Intramural Research Program Records of In-and Out-
Patients with Various Types of Alcohol Abuse and Dependence,
Relatives of Patients with Alcoholism, and Healthy Volunteers, HHS/
NIH/NIAAA.
09-25-0216, Administration:NIH Electronic Directory, HHS/NIH.
09-25-0005
System name:
Administration: Library Operations and User I.D. File, HHS/NIH/
OD.
Security classification:
None.
System location:
This system of records is an umbrella system comprising separate
sets of records located in National Institutes of Health (NIH)
facilities in Bethesda, Maryland, or facilities of contractors of the
NIH. Write to the appropriate system manager listed below for list of
current contractor locations.
National Institutes of Health, Building 10, Room 1L07, 9000
Rockville Pike, Bethesda, MD 20892 and
National Institutes of Health, Building 38, Room 1S33, 8600
Rockville Pike, Bethesda, MD 20894 and
National Institutes of Health, Building 38, Room 1N21, 8600
Rockville Pike, Bethesda, MD 20894 and
National Institutes of Health, Building 38, Room B1E21, 8600
Rockville Pike, Bethesda, MD 20894 and
National Institutes of Health, Building 38A, Room 4N419, 8600
Rockville Pike, Bethesda, MD 20894 and
National Technical Information Service, Accounting Department,
8001 Forbes Place, Room 208F, Springfield, VA 22151.
Categories of individuals covered by the system:
Users of Library Services.
Categories of records in the system:
Name, organization, address, phone number, photographs, issue
date, email address, signature, user code and identification number;
and when applicable, credit card number and billing information.
Authority for maintenance of the system:
Section 301 of the Public Health Service Act, describing the
general powers and duties of the Public Health Service relating to
research and investigation (42 U.S.C. 241).
Purpose(s):
1. To monitor library material, services, and circulation
control.
2. To provide user documentation.
3. To provide copying services (duplication of library
materials).
4. To manage invoice and billing transactions for library
services.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
3. Disclosure may be made to contractors and staff to monitor
library material, services, circulation control; to provide user
documentation; and to process or refine the records. Recipients are
required to maintain Privacy Act safeguards with respect to those
records.
4. Disclosure may be made for billing purposes to: (a)
contractors providing copying services: and (b) NTIS for Medlars
Services.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on computer tape and disk, microfiche, paper
and file cards.
Retrievability:
Records are retrieved by name, user code and/or identification
number.
Safeguards:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to Library staff
members who need to verify that Library identification cards have
been issued to those Library users requesting services such as
MEDLINE and other computer online bibliographic searches,
translations and interlibrary loans. Other one-time and special
access by other employees is granted on a need-to-know basis as
specifically authorized by the system manager. The contractor
maintains a list of personnel having authority to access records to
perform their duties.
2. Physical Safeguards: The offices housing the cabinets and file
drawers for storage of records are locked during all library off-duty
hours. During all duty hours offices are attended by employees who
maintain the files. The contractor has secured records storage areas
which are not left unattended during the working hours and file
cabinets which are locked after hours.
3. Procedural Safeguards: Access to the file is strictly
controlled by employees who maintain the files. Records may be
removed from files only at the request of the system manager or other
authorized employees. Access to computerized records is controlled by
the use of security codes known only to authorized users. Contractor
personnel receive instruction concerning the significance of
safeguards under the Privacy Act.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 8000-D-2, which allows
records to be kept until superseded or for a maximum period of six
years. Refer to the NIH Manual Chapter for specific conditions on
disposal.
System manager(s) and address:
The Policy Coordinating Official for this system is the
Management Analyst, Office of Administration, National Library of
Medicine, Building 38, Room 2N21, 8600 Rockville Pike, Bethesda, MD
20894.
Chief, Reference and Bibliographic Services Section, Library
Branch, National Center for Research Resources, National Institutes
of Health, Building 10, Room 1L21, 9000 Rockville Pike, Bethesda, MD
20892.
Head, Quality Assurance Unit, Preservation and Collection
Management Section, Public Services Division, Library Operations,
National Library of Medicine, National Institutes of Health, Building
38, Room B1E21, 8600 Rockville Pike, Bethesda, MD 20894.
Chief, Public Services Division, Library Operations, National
Library of Medicine, National Institutes of Health, Building 38, Room
1S33, 8600 Rockville Pike, Bethesda, MD 20894.
Librarian, History of Medicine Division, NLM, NIH, Building 38,
Room 1N21, 8600 Rockville Pike, Bethesda, MD 20894.
Chief, Medlars Management Section, Bibliographic Services
Division, Library Operations, National Institutes of Health, National
Library of Medicine, Building 38A, Room 4N419, 8600 Rockville Pike,
Bethesda, MD 20894.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request an accounting of disclosures that have been made of their
records, if any.
Contesting record procedure:
Write to the official at the address specified under Notification
Procedure above, and reasonably identify the record and specify the
information to be contested, the corrective action sought, and the
reasons for the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely, or irrelevant.
The right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Individual, NIH Library ID card data.
Systems exempted from certain provisions of the act:
None.
09-25-0007
System name:
Administration: NIH Safety Glasses Issuance Program, HHS/NIH/ORS.
Security classification:
None.
System location:
Building 13, Room G904, National Institutes of Health, 9000
Rockville Pike, Bethesda, MD 20892.
Write to the system manager at the address below for the address
of any Federal Records Center where records from this system may be
stored.
Categories of individuals covered by the system:
NIH employees who apply for safety glasses.
Categories of records in the system:
Explanation of eye impact and hazard occupation.
Authority for maintenance of the system:
5 U.S.C. 7902.
Purpose(s):
Records are used for proper distribution of safety glasses and
for proof of delivery.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical
and procedural safeguards such as the following:
1. Authorized Users: Access is limited to personnel involved in
safety glasses issuance program, to supervisors of employees who have
requested glasses, and to personnel involved in accounting.
2. Physical Safeguards: Record storage locations are locked when
unattended.
3. Procedural Safeguards: Access to file rooms and files is
controlled by system manager or designee.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1300-B-3, which allows
records to be kept for a maximum period of five years. Refer to the
NIH Manual Chapter for specific disposition instructions.
System manager(s) and address:
Deputy Director, Division of Safety, ORS, Building 31, Room 1C02,
9000 Rockville Pike, Bethesda, MD 20892.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the official at the address specified under Notification
Procedure above, and reasonably identify the record and specify the
information to be contested, the corrective action sought, and the
reasons for the correction, with supporting information to how the
record is inaccurate, incomplete, untimely or irrelevant. The right
to contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Previous employer and education institutions.
Systems exempted from certain provisions of the act:
None.
09-25-0011
System name:
Clinical Research: Blood Donor Records, HHS/NIH/CC.
Security classification:
None.
System location:
National Institutes of Health, Transfusion Medicine Department,
10 Center Drive, MSC 1184, Bethesda, MD 20892-1184.
Categories of individuals covered by the system:
Donors of blood and blood components to be used in the NIH
Clinical Center for patient infusions.
Categories of records in the system:
Past donations, blood types, phenotypes. Laboratory results of
hepatitis testing, serologic reactions on all blood samples,
donations of blood or blood components.
Authority for maintenance of the system:
``Preparation of Biological Products'' of the Public Health
Service Act (42 U.S.C. 263).
Purpose(s):
1. To provide a means for contacting blood donors for patient
care and research.
2. To provide a medical history of all donors for the transfusion
records of each blood unit.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to HHS contractors and their staff in
order to accomplish the purposes for which the records are collected.
The recipients are required to comply with the requirements of the
Privacy Act with respect to such records.
2. Certain diseases and conditions, including infectious
diseases, may be reported to State or Federal government as required
by State or Federal law.
3. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
4. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example in defending against a claim
based upon an individual's mental or physical condition and alleged
to have arisen because of activities of the Public Health Service in
connection with such individual, the Department may disclose such
records as it deems desirable or necessary to the Department of
Justice or other appropriate Federal agency to enable that agency to
present an effective defense, provided that such disclosure is
compatible with the purpose for which the records were collected.
5.(a). PHS may inform the sexual and/or needle-sharing partner(s)
of a subject individual who is infected with the human
immunodeficiency virus (HIV) of their exposure to HIV, under the
following circumstances: (1) The information has been obtained in the
course of clinical activities at PHS facilities carried out by PHS
personnel or contractors; (2) The PHS employee or contractor has made
reasonable efforts to counsel and encourage the subject individual to
provide the information to the individual's sexual or needle-sharing
partner(s); (3) The PHS employee or contractor determines that the
subject individual is unlikely to provide the information to the
sexual or needle-sharing partner(s) or that the provision of such
information cannot reasonably be verified; and (4) The notification
of the partner(s) is made, whenever possible, by the subject
individual's physician or by a professional counselor and shall
follow standard counseling practices.
(b). PHS may disclose information to State or local public health
departments, to assist in the notification of the subject
individual's sexual and/or needle-sharing partner(s), or in the
verification that the subject individual has notified such sexual or
needle-sharing partner(s).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in a computer file, on donor cards, and on
microfilm.
Retrievability:
Records are retrieved by a unique control number assigned to each
individual donor.
Safeguards:
Access is granted only to authorized employees in the Department
of Transfusion Medicine including physicians, nurses, technologists,
computer operators, and the department's administrative officer.
1. Authorized Users: Access is granted only to authorized
employees of the Department of Transfusion Medicine including
physicians, nurses technologists, computer operators and the
secretary to the Chief.
2. Physical Safeguards: Record facilities are locked when system
personnel are not present.
3. Procedural Safeguards: Access to manual files is limited to
authorized users. Access to computerized records is controlled by the
use of security codes known only to the authorized users.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 3000-E-50. Refer to the NIH
Manual Chapter for specific conditions on disposal.
System manager(s) and address:
Chief, Transfusion Medicine Department, National Institutes of
Health, 10 Center Drive, MSC 1184, Bethesda, MD 20892-1184.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
An individual who requests notification of or access to a medical
record shall, at the time the request is made, designate in writing,
a responsible representative, who may be a physician, who will be
willing to review the record and inform the subject individual of its
contents at the representative's discretion.
Record access procedure:
To obtain access to a record, contact the system manager at the
address specified above. Requesters should provide the same
information as is required under the Notification Procedure above.
Individuals may also request listings of accountable disclosures that
have been made of their records, if any.
Contesting record procedure:
Write to the official specified under Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely, or irrelevant.
The right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Data are collected from the individual.
Systems exempted from certain provisions of the act:
None.
09-25-0012
System name:
Clinical Research: Candidate Normal Volunteer Records, HHS/NIH/
CC.
Security classification:
None.
System location:
Clinical Research Volunteer Program, 10 Cloister Ct., Bldg. 61,
Bethesda, MD 20892-4754.
Categories of individuals covered by the system:
Normally healthy individuals who volunteer to participate in NIH
studies.
Categories of records in the system:
Program application, health questionnaire and record of
participation.
Authority for maintenance of the system:
42 U.S.C. 241, 263.
Purpose(s):
1. To determine suitability for participation in the normal
volunteer program.
2. To document remuneration of normal volunteers.
3. To provide a record of participation to be used (a) in writing
letters of recommendation/reference for the volunteer, and (b)
preparing reports on the normal volunteer program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Clinical research data are made available to approved or
collaborating researchers, including HHS contractors and grantees.
2. Certain diseases and conditions, including infectious
diseases, may be reported to appropriate representatives of State or
Federal Government as required by State or Federal law.
3. Information may be used to respond to congressional inquiries
for constituents concerning admission to the NIH Clinical Center.
4. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Program applications and health questionnaires are stored in file
folders. Records of participation are stored on index cards.
Retrievability:
Records are retrieved by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
procedural safeguards such as the following:
1. Authorized Users: Access is granted only to the Normal
Volunteer Program staff and to NIH physicians who have requested the
recruitment of volunteers for their clinical research projects.
2. Physical Safeguards: Access to the files is strictly
controlled by the files staff. Records may be removed from the file
only at the request of the system manager or other authorized
employees. Record facilities are locked when system personnel are not
present.
3. Procedural Safeguards: Access to the files is strictly
controlled by the files staff. Records may be removed from the file
only at the request of the system manager or other authorized
employees.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 3000-E-61, which allows
records to be kept for a maximum period of three years after the
volunteer period ends. Refer to the NIH Manual Chapter for specific
conditions on disposal.
System manager(s) and address:
Director, Clinical Research Volunteer Program, 10 Cloister Ct.,
Bldg. 61, Bethesda, MD 20892-4745.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
An individual who requests notification of or access to a medical
record shall, at the time the request is made, designate in writing,
a responsible representative, who may be a physician, who will be
willing to review the record and inform the subject individual of its
contents at the representative's discretion.
A parent or guardian who requests notification of, or access to,
a child's or incompetent person's medical record shall designate a
family physician or other health professional (other than a family
member) to whom the record, if any, will be sent. The parent or
guardian must verify relationship to the child or incompetent person
as well as his or her own identity.
Record access procedure:
To obtain access to a record, contact: Chief, Social Work
Department, National Institutes of Health, Social Work Department, 10
Center Drive, MSC 1160, Bethesda, MD 20892-1160 and provide the
information described under Notification Procedure above. Requesters
should also reasonably specify the record contents being sought.
Individuals may also request listings of accountable disclosures that
have been made of their records, if any.
Contesting record procedure:
Write to the official at the address specified under Notification
Procedure above, and reasonably identify the record and specify the
information to be contested, the corrective action sought, and the
reasons for the correction, with supporting justification. The right
to contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Volunteer, sponsoring contractor.
Systems exempted from certain provisions of the act:
None.
09-25-0014
System name:
Clinical Research: Student Records, HHS/NIH/CC.
Security classification:
None.
System location:
National Institutes of Health, Office of Education, 10 Center
Drive, MSC 1158, Bethesda, MD 20892-1158.
Write to the system manager at the address below for the address
of any Federal Records Center where records from this system may be
stored.
Categories of individuals covered by the system:
Potential and accepted Medical Staff and Research Fellows,
medical students, and other students in NIH training programs.
Categories of records in the system:
Application form, transcripts, references, evaluations.
Authority for maintenance of the system:
42 U.S.C. 241.
Purpose(s):
1. To identify candidates for clinical and research fellow,
clinical elective, and other training positions.
2. To maintain a permanent record of those individuals who have
received clinical research training at the NIH for historical and
reference uses.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Information may be used to respond to congressional inquiries
regarding constituents who have applied for training programs.
2. Information may be used to respond to prospective employers
who seek training verification on NIH alumni.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name and year.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
procedural safeguards such as the following:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to health care
personnel of the NIH who are involved in the evaluation and selection
of candidates for training programs.
2. Physical Safeguards: Records are maintained in locked cabinets
with access limited to authorized personnel, including the systems
manager and staff in the Office of Education.
3. Procedural safeguards: Access to the files is strictly
controlled by the staff. Records may be removed from the file only at
the request of the system manager or other authorized employees.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), items 2300-320-1-13, which allows
records to be kept up to a maximum period of ten years. Refer to the
NIH Manual Chapter for specific disposition instructions.
System manager(s) and address:
Director, Office of Education, National Institutes of Health,
Bldg. 10, Room 1C129, 10 Center Drive, MSC 1158, Bethesda, MD 20892-
1158.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedure:
To obtain access to a record, contact the system manager at the
above address and provide the information described under
Notification Procedure above. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the system manager at the address specified above, and
reasonably identify the record and specify the information to be
contested, the corrective action sought, and the reasons for the
correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
Applicants, universities and teachers.
Systems exempted from certain provisions of the act:
None.
09-25-0033
System name:
International Activities: Fellowships Awarded by Foreign
Organizations, HHS/NIH/FIC.
Security classification:
None.
System location:
National Institutes of Health, Building 31, Room B2C29, 9000
Rockville Pike, Bethesda, MD 20892.
Write to system manager at the address below for the address of
any Federal Records Center where records from this system may be
stored.
Categories of individuals covered by the system:
U.S. citizens qualified in health-related sciences submitting
applications through NIH for fellowships for study abroad.
Categories of records in the system:
Applications and associated records and reports.
Purpose(s):
To perform scientific reviews and evaluations of applicants'
suitability of referral to awarding organization in foreign
countries.
Authority for maintenance of the system:
42 U.S.C. 2421.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. After review by the operating agency review panel the
applications and all supporting documents are forwarded to the
foreign organizations or agencies making awards.
2. In addition, such application may be made available to
authorized employees and agents of the Federal Government for
purposes of investigations, inspections and audits, and, in
appropriate cases, to the Department of Justice for prosecution under
civil and criminal laws.
3. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
4. Disclosure may be made to the Department of Justice, or to a
court or other tribunal, when (a) HHS, or any component thereof; or
(b) any HHS employee in his or her official capacity; or (c) any HHS
employee in his or her individual capacity where the Department of
Justice (or HHS, where it is authorized to do so) has agreed to
represent the employee; or (d) the United States or any agency
thereof where HHS determines that the litigation is likely to affect
HHS or any of its components, is a party to litigation or has any
interest in such litigation, and HHS determines that the use of such
records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name and fellowship number.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical
and procedural safeguards such as the following:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to FIC program
staff. Other one-time and special access by other employees is
granted on a need-to-know basis as specifically authorized by the
system manager.
2. Physical Safeguards: The records are maintained in locked file
cabinets, and offices are locked during off-duty hours.
3. Procedural Safeguards: Access to file rooms and files is
strictly controlled by files staff. Records may be removed from files
only at the request of the system manager or other authorized
employees.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), items 2300-320-5, which allows
records to be destroyed after a maximum period of six years after the
close of a case. Refer to the NIH Manual Chapter for specific
disposition instructions.
System manager(s) and address:
Fogarty International Center, Chief, International Research
Awards Branch, National Institutes of Health, Building 31, Room
B2C29, 9000 Rockville Pike, Bethesda, MD 20892.
Notification procedure:
Requests for notification of or access to records should be
addressed to the system manager, as listed above. The requester must
also verify his or her identity by providing either a notarization of
the request or a written certification that the requester is who he
or she claims to be and understands that the knowing and willful
request for acquisition of a record pertaining to an individual under
false pretenses is a criminal offense under the Act, subject to a
five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought, and your reasons
for requesting the correction, along with supporting information to
show how the record is inaccurate, incomplete, untimely or
irrelevant.
Record source categories:
Applicants and persons supplying references.
Systems exempted from certain provisions of the act:
None.
09-25-0034
System name:
International Activities: Scholars-in-Residence Program, HHS/NIH/
FIC.
Security classification:
None.
System location:
National Institutes of Health, Building 16, Room 202, 9000
Rockville Pike, Bethesda, MD 20892.
Write to system manager at the address below for the address of
the Federal Records Center where records may be stored.
Categories of individuals covered by the system:
Distinguished scientists and scholars invited to accept NIH
scholarships.
Categories of records in the system:
Employment and education histories; references.
Authority for maintenance of the system:
42 U.S.C. 2421, ``International Cooperation'' of the PHS Act.
Purpose(s):
To administer and award scholarships to distinguished scientists.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Information is made available to authorized employees and
agents of the Federal Government for purposes of investigations,
inspections and audits, and in appropriate cases, to the Department
of Justice for prosecution under civil and criminal laws.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
3. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
and procedural safeguards such as the following:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to FIC program
staff. Other one-time and special access by other employees is
granted on a need-to-know basis as specifically authorized by the
system manager.
2. Physical safeguards: Records are kept in file cabinets.
Offices are locked during off-duty hours.
3. Procedural safeguards: Access to files is strictly controlled
by files staff. Files may be removed only at the request of the
system manager or other authorized employee.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-320-7 which allows
records to be destroyed after a maximum period of six years after the
close of a case. Refer to the NIH Manual Chapter for specific
retention instructions.
System manager(s) and address:
Acting Director, Division of International Advanced Studies,
Fogarty International Center, National Institutes of Health, Building
16, Room 202, 31 Center Drive, MSC 6705, Bethesda, MD 20892.
Notification procedure:
Requests for notification of or access to records should be
addressed to the system manager, as listed above. The requester must
also verify his or her identity by providing either a notarization of
the request or a written certification that the requester is who he
or she claims to be and understands that the knowing and willful
request for acquisition of a record pertaining to an individual under
false pretenses is a criminal offense under the Act, subject to a
five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Information is obtained from invitees, reference sources, and
persons supplying recommendations.
Systems exempted from certain provisions of the act:
None.
09-25-0036
System name:
Extramural Awards and Chartered Advisory Committees: IMPAC
(Grant/Contract/Cooperative Agreement Information/Chartered Advisory
Committee Information), HHS/NIH/OER and HHS/NIH/CMO.
Security classification:
None.
System location:
Rockledge Centre II, 6701 Rockledge Drive, Bethesda, MD 20817.
Building 12, NIH Computer Center, 9000 Rockville Pike, Bethesda,
MD 20892.
Building 31, Room 3B-59, 9000 Rockville Pike, Bethesda, MD 20892.
Categories of individuals covered by the system:
Principal investigators; program directors; program and projects
staff and others named in the application; National Research Service
Awards (NRSA) trainees and fellows; research career awardees;
chartered advisory committee members; contractor personnel;
subcontractor personnel; and consultants.
Categories of records in the system:
Funding applications, awards, associated records, trainee
appointments, current and historical information pertaining to
chartered advisory committees, and past performance information
pertaining to contractors.
Authority for maintenance of the system:
5 U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48
CFR subpart 15.3 and subpart 42.15.
Purpose(s):
1. To support centralized grant programs of the Public Health
Service. Services are provided in the areas of grant application
assignment and referral, initial review, council review, award
processing and grant accounting. The database is used to provide
complete, accurate, and up-to-date reports to all levels of
management.
2. To maintain communication with former fellows and trainees who
have incurred a payback obligation through the National Research
Service Award Program.
3. To maintain current and historical information pertaining to
the establishment of chartered advisory committees of the National
Institutes of Health and the appointment or designation of their
members.
4. To maintain current and historical information pertaining to
contracts awarded by the National Institutes of Health, and
performance evaluations on NIH contracts and contracts awarded by
other Federal agencies that participate in the NIH Contractor
Performance System.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to the National Technical Information
Service (NTIS), Department of Commerce, for dissemination of
scientific and fiscal information on funded awards (abstract of
research projects and relevant administrative and financial data).
2. Disclosure may be made to the cognizant audit agency for
auditing.
3. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
4. Disclosure may be made to qualified experts not within the
definition of Department employees as prescribed in Department
regulations for opinions as a part of the application review process.
5. Disclosure may be made to a Federal agency, in response to its
request, in connection with the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision in the
matter.
6. Disclosure of past performance information pertaining to
contractors may be made to a Federal agency upon request. In
addition, routine access to past performance information on
contractors will be provided to Federal agencies that subscribe to
the NIH Contractor Performance System.
7. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
justifies the risk to the privacy of the individual that additional
exposure of the record might bring; (C) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining that information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; and (D) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
8. Disclosure may be made to a private contractor or Federal
agency for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. The contractor or Federal
agency will be required to maintain Privacy Act safeguards with
respect to these records.
9. Disclosure may be made to a grantee or contract institution in
connection with performance or administration under the conditions of
the particular award or contract.
10. Disclosure may be made to the Department of Justice, or to a
court or other adjudicative body, from this system of records when
(a) HHS, or any component thereof; or (b) any HHS officer or employee
in his or her official capacity; or (c) any HHS officer or employee
in his or her individual capacity where the Department of Justice (or
HHS, where it is authorized to do so) has agreed to represent the
officer or employee; or (d) the United States or any agency thereof
where HHS determines that the proceeding is likely to affect HHS or
any of its components, is a party to proceeding or has any interest
in the proceeding, and HHS determines that the records are relevant
and necessary to the proceeding and would help in the effective
representation of the governmental party.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are retrieved by name, application, grant or contract ID
number, and contractor tax ID number.
Retrievability:
Records are retrieved by name, application, grant or contract ID
number, and contractor tax ID number.
Safeguards:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to NIH extramural
and committee management staff, NIH contract management staff, and
Federal acquisition personnel. Other one-time and special access by
other employees is granted on a need-to-know basis as specifically
authorized by the system manager.
2. Physical Safeguards: Physical access to Office of Extramural
Research (OER) work areas is restricted to OER employees. Physical
access to Office of Contracts Management (OCM) work areas is
restricted to OCM employees. Physical access to Committee Management
Office (CMO) work areas is restricted to CMO employees. Access to the
contractor performance files is restricted through the use of secure
socket layer encryption and through an IBM password protection
system. Only authorized government contracting personnel are
permitted access. Access is monitored and controlled by OCM.
3. Procedural Safeguards: Access to source data files is strictly
controlled by files staff. Records may be removed from files only at
the request of the system manager or other authorized employee.
Access to computer files is controlled by the use of registered
accounts, registered initials, keywords, and similar limited access
systems.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 4000-A-2, which allows
records to be destroyed when no longer needed for administrative
purposes. Refer to the NIH Manual Chapter for specific disposition
instructions.
System manager(s) and address:
For extramural awards: Director, Extramural Information Systems,
OD/OER/OPERA, Rockledge II, Room 2172, Bethesda, MD 20892.
For chartered Federal advisory committees of the National
Institutes of Health: NIH Committee Management Officer, Building 31,
Room 3B-59, 31 Center Drive, Bethesda, MD 20892.
For contracts: Office of Contracts Management, 6100 Executive
Boulevard, Room 6D01, Rockville, MD 20892.
Notification procedure:
To determine if a record exists, write to the system manager
listed above. The requester must also verify his or her identity by
providing either a notarization of the request or a written
certification that the requester is who he or she claims to be and
understands that the knowing and willful request for acquisition of a
record pertaining to an individual under false pretenses is a
criminal offense under the Privacy Act, subject to a five thousand
dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
Applicant institution, individual, individual's educational
institution and references, and participating Federal acquisition
personnel.
Systems exempted from certain provisions of the act:
None.
09-25-0041
System name:
Research Resources: Scientists Requesting Hormone Distribution,
HHS/NIH/NIDDK.
Security classification:
None.
System location:
Westwood Building, Room 605, NIH, 5333 Westbard Avenue, Bethesda,
MD 20892.
Categories of individuals covered by the system:
Scientists requesting hormones from the National Institute of
Diabetes, and Digestive and Kidney Diseases (NIDDK).
Categories of records in the system:
Justification for request for hormones, including requester's
competence.
Authority for maintenance of the system:
42 U.S.C. 241, 263, 289a, 289c.
Purpose(s):
1. For review of applications requesting hormones and antibodies
for research purposes, prior to awarding these substances.
2. To determine if the requester is qualified to receive these
materials.
3. To determine if requests for human hormones for clinical
research follow acceptable protocols. In this connection, records may
be disclosed to the Food and Drug Administration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to NIDDK Contractors for distribution
of various hormones to requesters.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
3. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided that
such disclosure is compatible with the purpose for which the records
were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name.
Safeguards:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to staff working
for the contractor who need the records for hormone distribution, to
NIH staff who supervise the Hormone Distribution Program, and, as
approved by the system manager, to scientists and physicians who may
have need of the information for research.
2. Physical Safeguards: Records are kept in cabinets in offices
which are locked during off-duty hours and which have alarms.
3. Procedural Safeguards: Access to files is strictly controlled
by files staff. Files may be obtained only at the request of the
system manager or other authorized employee.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 3000-G-3, which allows
records to be kept as long as they are useful in scientific research.
Refer to the NIH Manual Chapter for specific disposition
instructions.
System manager(s) and address:
Hormone Distribution Officer, Westwood Building, Room 605, NIH,
5333 Westbard Avenue, Bethesda, MD 20892.
Notification procedure:
To determine if a record exists write to: Administrative Officer,
NIDDK, Building 31, Room 9A46, NIH, 9000 Rockville Pike, Bethesda, MD
20892.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
Data is obtained from the individual.
Systems exempted from certain provisions of the act:
None.
09-25-0054
System name:
Administration: Property Accounting, HHS/NIH/ORS.
Security classification:
None.
System location:
National Institutes of Health, Computer Center, Building 12, 9000
Rockville Pike, Bethesda, MD 20892 and
National Institutes of Health, Building 31, Room B3B16, 31 Center
Drive, MSC 2012, Bethesda, MD 20892 and
National Institute of Environmental Health Sciences, Office of
Facilities Engineering, 102-01, P.O. Box 12233, Research Triangle
Park, NC 27709.
Categories of individuals covered by the system:
Employees of the National Institutes of Health who are issued
card keys.
Categories of records in the system:
Property management.
Authority for maintenance of the system:
5 U.S.C. 301; 5 U.S.C. 5901; 5 U.S.C. 7903; 40 U.S.C. 318a; 42
U.S.C. 241.
Purpose(s):
Used for card keys issuance and control.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether federal or foreign, charged with
the responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
3. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided that
such disclosure is compatible with the purpose for which the records
were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders, and on magnetic media.
Retrievability:
Records are retrieved by name.
Safeguards:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to officials whose
duties require use of the information. Other one-time and special
access by other employees is granted on a need-to-know basis as
specifically authorized by the system manager.
2. Physical Safeguards: Textual records are stored in offices
which are locked when not in use.
3. Procedural Safeguards: Computer files are password protected.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1300-C-14, which allows
records to be destroyed after all listed credentials are accounted
for or three months after the return of credentials to the issuing
office. Refer to the NIH Manual Chapter for specific instructions.
System manager(s) and address:
For card keys: National Institutes of Health, Chief, Crime
Prevention Branch, Division of Public Safety, ORS, Building 31, Room
B3B16, 31 Center Drive, MSC 2012, Bethesda, MD 20892; or
National Institute of Environmental Health Sciences, Chief,
Office of Facilities Engineering, 102-01, PO Box 12233, Research
Triangle Park, NC 27709.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the official specified under Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely or irrelevant. The
right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Data is obtained from the individual.
Systems exempted from certain provisions of the act:
None.
09-25-0078
System name:
Administration: Consultant File, HHS/NIH/NHLBI.
Security classification:
None.
System location:
National Institutes of Health, Westwood Building, 5333 Westbard
Avenue, Bethesda, MD 20892.
Categories of individuals covered by the system:
List of consultants available for use in evaluation of National
Heart, Lung, and Blood Institute special grants and contracts.
Categories of records in the system:
Names and resumes.
Authority for maintenance of the system:
42 U.S.C. 241(d), 281.
Purpose(s):
1. To identify and select experts and consultants for program
reviews and evaluations.
2. For use in evaluation of NHLBI special grants and contracts.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided that
such disclosure is compatible with the purpose for which the records
were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Computer disk and file folders.
Retrievability:
Records are retrieved by name.
Safeguards:
1. Authorized Users: Data on computer files is accessed by
keyword known only to authorized users.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use.
3. Procedural Safeguards: During regular business hours, rooms
are unlocked but are controlled by on-site personnel.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1100-G. Refer to the NIH
Manual Chapter for specific disposition instructions.
System manager(s) and address:
Chief, Review Branch, National Heart, Lung, and Blood Institute,
Westwood Building, Room 557A, 5333 Westbard Avenue, Bethesda, MD
20892.
Notification procedure:
To determine if a record exists, contact: Privacy Act
Coordinator, NHLBI, National Institutes of Health, 31/5A10, 31 Center
Drive, MSC 2490, Bethesda, MD 20892-2490.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Subject individual.
Systems exempted from certain provisions of the act:
None.
09-25-0087
System name:
Administration: Senior Staff, HHS/NIH/NIAID.
Security classification:
None.
System location:
National Institutes of Health, Building 31, Room 7A50, 9000
Rockville Pike, Bethesda, MD 20892.
Write to system manager at the address below for the address of
the Federal Records Center where records from this system may be
stored.
Categories of individuals covered by the system:
Current and former key professional employees of the Institute
and consultants.
Categories of records in the system:
Press releases, curricula vitae, nominations for awards, and
photographs.
Authority for maintenance of the system:
42 U.S.C. 241(d), 289a.
Purpose(s):
For background records to provide public announcements on
National Institute of Allergy and Infectious Diseases (NIAID)
research.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in file folders.
Retrievability:
Retrieved by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
and procedural safeguards such as the following:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to staff whose
duties require the use of such information. Authorized users are
located in the Office of the Director, NIAID. Other one time and
special access by other employees is granted on a need-to-know basis
as specifically authorized by the system manager.
2. Physical Safeguards: Records in this system are stored in file
folders which are kept in locked cabinets. The room is locked during
off-duty hours.
3. Procedural Safeguards: Access to files is strictly controlled
by files staff. Records may be removed from files only at the request
of the system manager or other authorized employee.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1100-G. Refer to the NIH
Manual Chapter for specific disposition instructions.
System manager(s) and address:
Director, Office of Communications and Public Liaison, National
Institutes of Health, Building 31, Room 7A-50, 9000 Rockville Pike,
Bethesda, MD 20892.
Notification procedure:
To determine if a record exists, write to: National Institutes of
Health, Privacy Act Coordinator, NIAID, Solar Bldg., Room 3C-23, 6003
Executive Blvd., Bethesda, MD 20892.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as record Notification Procedure. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request listings of accountable disclosures that have been made
of their records, if any.
Contesting record procedure:
Contact the system manager at the address above, and reasonably
identify the record and specify the information to be contested, and
state the corrective action sought and the reasons for the
correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
Individuals and newspaper clippings.
Systems exempted from certain provisions of the act:
None.
09-25-0093
System name:
Administration: Authors, Reviewers, Editorial Board, and Members
of the Journal of the National Cancer Institute, HHS/NIH/NCI.
Security classification:
None.
System location:
Building 82, Room 239, 9030 Old Georgetown Road, Bethesda, MD
20814.
Write to system manager at the address below for the address of
the Federal Records Center where records may be stored.
Categories of individuals covered by the system:
Authors and manuscript reviewers and members of the Journal of
the National Cancer Institute (JNCI) editorial board.
Categories of records in the system:
Accepted, rejected and pending manuscripts and review comments.
Authority for maintenance of the system:
42 U.S.C. 241, 281.
Purpose(s):
Manuscript review by NCI staff of manuscripts submitted for
possible publication in the Journal of the National Cancer Institute
(JNCI) or JNCI Monographs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. Disclosure may be made to qualified experts not within the
definition of Department employees for opinions as a part of the
review of manuscripts.
3. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name and manuscript number.
Safeguards:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant access only to JNCI staff personnel,
the Editor in Chief, and members of the Board of Editors whose duties
require the use of such information.
2. Physical Safeguards: Records are kept in a limited access area
where an employee is present at all times during working hours. The
building is locked during off-duty hours.
3. Procedural Safeguards: Access to manual files is tightly
controlled by office staff. Only authorized users may have access to
the files.
Information that identifies reviewers is not maintained in
computer files.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 8000-A-1(b), which allows
records to be kept for a maximum period of one year after year in
which published or presented. Refer to the NIH Manual Chapter for
specific disposition instructions.
System manager(s) and address:
Systems Specialist, Scientific Publications Branch, Building 82,
Room 239, 9030 Old Georgetown Road, Bethesda, MD 20814.
Notification procedure:
Write to system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
Authors and reviewers.
Systems exempted from certain provisions of the act:
None.
09-25-0099
System name:
Clinical Research: Patient Medical Records, HHS/NIH/CC.
Security classification:
None.
System location:
National Institutes of Health, Medical Record Department, 10
Center Drive, MSC 1192, Bethesda, MD 20892-1192 and at private
organizations under contract. Write to the system manager for a list
of current locations.
Categories of individuals covered by the system:
Registered Clinical Center patients. Some individuals not
registered as patients but seen in Clinical Center for diagnostic
tests.
Categories of records in the system:
Medical treatment records.
Authority for maintenance of the system:
42 U.S.C. 241, 248: ``Research and Investigation,'' and
``Hospitals, Medical Examinations, and Medical Care.''
Purpose(s):
1. To provide a continuous history of the treatment afforded
individual patients in the Clinical Center.
2. To provide a data base for the clinical research conducted
within the hospital.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Information may be used to respond to Congressional inquiries
for constituents concerning their admission to NIH Clinical Center.
2. Social Work Department may give pertinent information to
community agencies to assist patients or their families.
3. Referring physicians receive medical information for
continuing patient care after discharge.
4. Information regarding diagnostic problems, or having unusual
scientific value may be disclosed to appropriate medical or medical
research organizations or consultants in connection with treatment of
patients or in order to accomplish the research purposes of this
system. For example, tissue specimens may be sent to the Armed Forces
Institute of Pathology; X-rays may be sent for the opinion of a
radiologist with extensive experience in a particular kind of
diagnostic radiology. The recipients are required to maintain Privacy
Act safeguards with respect to these records.
5. Records may be disclosed to representatives of the Joint
Commission on Accreditation of Hospitals conducting inspections to
ensure that the quality of Clinical Center medical record-keeping
meets established standards.
6. Certain diseases and conditions, including infectious
diseases, may be reported to appropriate representatives of State or
Federal Government as required by State or Federal law.
7. Medical information may be disclosed to tumor registries for
maintenance of health statistics.
8. The Department contemplates that it may contract with a
private firm for transcribing, updating, copying, or otherwise
refining records in this system. Relevant records will be disclosed
to such a contractor. The contractor will be required to comply with
the requirements of the Privacy Act with respect to such records.
9. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example in defending against a claim
based upon an individual's mental or physical condition and alleged
to have arisen because of activities of the Public Health Service in
connection with such individual, the Department may disclose such
records as it deems desirable or necessary to the Department of
Justice to enable that agency to present an effective defense,
provided that such disclosure is compatible with the purpose for
which the records were collected.
10. (a). PHS may inform the sexual and/or needle-sharing
partner(s) of a subject individual who is infected with the human
immunodeficiency virus (HIV) of their exposure to HIV, under the
following circumstances: (1) The information has been obtained in the
course of clinical activities at PHS facilities carried out by PHS
personnel or contractors; (2) The PHS employee or contractor has made
reasonable efforts to counsel and encourage the subject individual to
provide the information to the individual's sexual or needle-sharing
partner(s); (3) The PHS employee or contractor determines that the
subject individual is unlikely to provide the information to the
sexual or needle-sharing partner(s) or that the provision of such
information cannot reasonably be verified; and (4) The notification
of the partner(s) is made, whenever possible, by the subject
individual's physician or by a professional counselor and shall
follow standard counseling practices.
(b). PHS may disclose information to State or local public health
departments, to assist in the notification of the subject
individual's sexual and/or needle-sharing partner(s), or in the
verification that the subject individual has notified such sexual or
needle-sharing partner(s).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders and/or on microfiche, and on
computer tapes.
Retrievability:
Records are retrieved by unit number and patient name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
and procedural safeguards such as the following:
1. Authorized Users: Employees maintaining records in this system
are instructed to grant regular access only to physicians and
dentists and other health care professionals officially participating
in patient care, to contractors, or to NIH researchers specifically
authorized by the system manager.
2. Physical Safeguards: All record facilities are locked when
system personnel are not present.
3. Procedural Safeguards: Access to files is strictly controlled
by the system manager. Records may be removed only by system
personnel following receipt of a request signed by an authorized
user. Access to computerized records is controlled by the use of
security codes known only to the authorized user. Codes are user-and
function-specific.
Contractor compliance is assured through inclusion of Privacy Act
requirements in contract clauses, and through monitoring by contract
and project officers. Contractors who maintain records in this system
are instructed to make no disclosure of the records except as
authorized by the system manager.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 3000-E-22, which allows
records to be kept until no longer needed for scientific reference.
Refer to the NIH Manual Chapter for specific disposition
instructions.
System manager(s) and address:
Director, Medical Record Department, National Institutes of
Health, 10 Center Drive, MSC 1192, Bethesda, MD 20892-1192.
Notification procedure:
To determine if a record exists, write to the system manager at
the above address. The requester must provide tangible proof of
identity, such as a driver's license. If no identification papers are
available, the requester must verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
An individual who requests notification of or access to a
medical/dental record shall, at the time the request is made,
designate in writing a responsible representative who will be willing
to review the record and inform the subject individual of its
contents at the representative's discretion. The representative may
be a physician, or other health professional, or other responsible
individual. The subject individual will be granted direct access
unless it is determined that such access is likely to have an adverse
effect on him or her. In that case, the medical/dental record will be
sent to the designated representative. The individual will be
informed in writing if the record is sent to the representative.
A parent or guardian who requests notification of or access to a
child's/incompetent person's record shall designate a family
physician or other health professional (other than a family member)
to whom the record, if any, will be sent. The parent or guardian must
verify relationship to the child/incompetent personas as well as his/
her own identity.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
identify the specific reports and related dates pertaining to the
information to be released. There may be a fee for reproducing more
than 20 pages of material. Individuals may also request listings of
accountable disclosures that have been made of their records, if any.
Contesting record procedure:
Contact the system manager and reasonably identify the record and
specify the information to be contested, and state the corrective
action sought and your reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely or irrelevant. The right to contest records is
limited to information which is incomplete, irrelevant, incorrect, or
untimely (obsolete).
Record source categories:
Referring physicians, other medical facilities (with patient's
consent), patients, relatives of patients.
Systems exempted from certain provisions of the act:
None.
09-25-0105
System name:
Administration: Health Records of Employees, Visiting Scientists,
Fellows, and Others Who Receive Medical Care Through the Employee
Health Unit, HHS/NIH/ORS.
Security classification:
None.
System location:
Buildings 10 and 13, NIH, 9000 Rockville Pike, Bethesda, MD
20892.
Rocky Mountain Laboratories, Hamilton, Montana 59840.
Categories of individuals covered by the system:
Employees, fellows, visiting scientists, relatives of inpatients,
visitors, and others who receive medical care through the Employee
Health Unit.
Categories of records in the system:
Medical records.
Authority for maintenance of the system:
5 U.S.C. 7901.
Purpose(s):
1. For medical treatment.
2. Upon researcher request with individual's written permission,
release of record for research purposes to medical personnel.
3. Upon request by HHS personnel offices for determination of
fitness for duty, and for disability retirement and other separation
actions.
4. For monitoring personnel to assure that safety standards are
maintained.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to Federal, State, and local government
agencies for adjudication of benefits under workman's compensation,
and for disability retirement and other separation actions.
2. To district office of OPEC, Department of Labor with copies to
the U.S. Office of Personnel Management for processing of disability
retirement and other separation actions.
3. Upon non-HHS agency request, for examination to determine
fitness for duty with copies to requesting agency and to the U.S.
Office of Personnel Management.
4. Disclosure may be made to a congressional office from the
record of an individual in response to any inquiry from the
congressional office made at the request of the individual.
5. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders.
Retrievability:
Records are retrieved by name and social security number.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical
and procedural safeguards such as the following:
1. Authorized Users: Access is limited to authorized personnel
(system manager and staff; Occupational Medicine Service staff; and
personnel and administrative officers with need for information for
fitness for duty, disability, and other similar determinations).
2. Physical Safeguards: Files are maintained in locked cabinets.
3. Procedural Safeguards: Access to files is strictly controlled
by authorized staff.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule, Manual Chapter 1743 (HHS Records
Management Manual, Appendix B-361), item 2300-792-3.
System manager(s) and address:
Deputy Director, Division of Safety, NIH, Building 31, Room 1C02,
9000 Rockville Pike, Bethesda, MD 20892.
Chief, Rocky Mountain Operations Branch, Rocky Mountain
Laboratories (RML), National Institutes of Health, Hamilton, MT
59840.
Notification procedure:
Contact system manager at appropriate treatment location listed
above, to determine if a record exists. The requester must also
verify his or her identity by providing either a notarization of the
request or a written certification that the requester is who he or
she claims to be and understands that the knowing and willful request
for acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Act, subject to five
thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requester should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the official specified under Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely or irrelevant. The
right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Records contain data resulting from clinical and preventative
services provided at treatment location, and data received from
individual.
Systems exempted from certain provisions of the act:
None.
09-25-0106
System name:
Administration: Office of the NIH Director and Institute/Center
Correspondence Records, HHS/NIH/OD.
Security classification:
None.
System location:
Executive Secretariat, Office of the Director, Building 1, Room
B1-55, 9000 Rockville Pike, Bethesda, MD 20892 and
Office of Legislative Policy and Analysis, Office of the
Director, Building 1, Room 244, 9000 Rockville Pike, Bethesda, MD
20892 and
Office of Science Education, Office of the Director, 6100
Executive Blvd., Suite 5H01, Bethesda, MD 20892 and
Institute/Center staff offices that retain correspondence files.
Write to the appropriate system manager listed in Appendix I for
a list of current locations and for the address of the Federal
Records Center where records are stored.
Categories of individuals covered by the system:
Individuals who have contacted the NIH Director or his/her
subordinates, or have been contacted in writing by one of these
officials.
Categories of records in the system:
Correspondence and other supporting documents; mailing lists.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3101.
Purpose(s):
1. To control, address, and track all correspondence documents
addressed or directed to the NIH Director or his/her subordinates, as
well as documents/supporting documents initiated by them, in order to
assure timely and appropriate attention.
2. Incoming correspondence and supporting documentation is
forwarded to other HHS components when a response from them is
warranted.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. Disclosure may be made from this system of records by the
Department of Health and Human Services (HHS) to the Department of
Justice, or to a court or other tribunal, when (a) HHS, or any
component thereof; or (b) any HHS employee in his or her official
capacity; or (c) any HHS employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) the United States or
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has any interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, court or other tribunal
is relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored by computer index, optical image and in file
folders.
Retrievability:
Records are retrieved by name, document number, date, and
subject.
Safeguards:
1. Authorized Users: Access to textual records is limited to
authorized personnel (system managers and staff).
2. Physical Safeguards: Physical access to records is restricted
to authorized personnel.
3. Procedural Safeguards: Access to textual records is strictly
controlled by system managers and staff. Records may be removed from
files only at the request of system managers or other authorized
employees. Computer files are password protected.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1700-C, which allows records
to be kept for a maximum period of ten years. Refer to the NIH Manual
Chapter for specific disposition instructions.
System manager(s) and address:
System managers are listed in Appendix I; each maintains full
responsibility for their specific correspondence system.
Notification procedure:
To determine if a record exists, write to the appropriate system
manager as listed in Appendix I. The requester must also verify his
or her identity by providing either a notarization of the request or
a written certification that the requester is who he or she claims to
be and understands that the knowing and willful request for
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Act, subject to a five
thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction. The right to contest records is limited to
information which is incomplete, irrelevant, incorrect, or untimely
(obsolete).
Record source categories:
Records are derived from incoming and outgoing correspondence.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Managers
Assistant to the Director, Executive Secretariat, Office of the
Director, Building 1, Room B146, 9000 Rockville Pike, Bethesda,
MD 20892.
Acting Associate Director, Office of Legislative Policy and
Analysis, Office of the Director, Building 1, Room 244, 9000
Rockville Pike, Bethesda, MD 20892.
Privacy Act Systems Manager, Office of Science Education, 6100
Executive Blvd., Suite 5H01, Bethesda, MD 20892.
National Cancer Institute (NCI), Secretary to the Director,
Building 31, Room 11A48, Bethesda, MD 20892.
National Heart, Lung and Blood Institute (NHLBI), Secretary to
the Director, OD, Director's Office, Building 31, Room 5A52, 31
Center Drive, MSC 2486, Bethesda, MD 20892-2486.
National Institute of Diabetes and Digestive and Kidney (NIDDK),
Director, OHRR, Building 31, Room 9A04, Bethesda, MD 20892.
National Institute of Environmental Health Sciences (NIEHS),
Executive Secretariat, PO Box 12233, South Campus, Building 2,
Room B201, Research Triangle Park, NC 27709.
National Eye Institute (NEI), Administrative Officer, Building
31, Room 6A-03, 31 Center Drive, MSC 2510, Bethesda, MD 20892-
2510.
National Institute of Arthritis and Musculoskeletal and Skin
Diseases (NIAMS), Executive Officer, Building 31, Room 4C32, 31
Center Drive, MSC 2350, Bethesda, MD 20892-2350.
National Institute on Deafness and Other Communication Disorders
(NIDCD), Chief, Administrative Management Branch, Building 31,
Room 3C21, Bethesda, MD 20892.
National Institute of General Medical Sciences (NIGMS), Secretary
to the Director, Natcher Building, Room 2AN.12D, 45 Center Drive,
Bethesda, MD 20892.
National Library of Medicine (NLM), Secretary to the Director,
Office of the Director, Building 38, Room 2E17, Bethesda, MD
20894.
Fogarty International Center (FIC), Secretary to the Director,
Building 31, Room B2C06, Bethesda, MD 20892.
Office of AIDS Research (OAR), Special Assistant for Liaison
Activities, Building 31, Room 5C12, Bethesda, MD 20892.
National Institute on Drug Abuse (NIDA), Executive Secretariat,
Neuroscience Center, 6001 Executive Blvd., Room 5101, MSC 9585,
Rockville, MD 20892-9585.
National Institute on Alcohol Abuse and Alcoholism (NIAAA),
Secretary to the Director, Willco Building, Suite 400, 6000
Executive Blvd., MSC 7003, Bethesda, MD 20892-7003.
National Institute of Mental Health (NIMH), Executive
Secretariat, Neuroscience Center, 6001 Executive Blvd., Room
8213, Rockville, MD 20852.
Washington National Records Center, 4205 Suitland Road,
Washington, DC 20857.
09-25-0108
System name:
Personnel: Guest Researchers, Special Volunteers, and Scientists
Emeriti, HHS/NIH/OHRM.
Security classification:
None.
System location:
This system is located in the personnel/administrative offices of
individual Institutes/Centers of the National Institutes of Health.
Categories of individuals covered by the system:
Individuals using NIH facilities who are not NIH employees.
Categories of records in the system:
Personal information including name, address, date and place of
birth, education, employment, purpose for which NIH facilities are
desired, outside sponsor, and NIH sponsor.
Authority for maintenance of the system:
42 U.S.C. 241(a)(2), 42 U.S.C. 282(b)(10), and 42 U.S.C.
284(b)(1)(k).
Purpose(s):
To determine eligibility to use NIH facilities, to document the
individual's presence at NIH, and to record that the individual is
not an employee.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to U.S. Office of Personnel Management
for program evaluation purposes; to General Accounting Office for
fund disbursement determinations.
2. Disclosure may be made to institutions providing financial
support.
3. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the request of that individual.
4. Disclosure may be made to the Department of Justice or to a
court or other tribunal, when (a) HHS, or any component thereof; or
(b) any HHS employee in his or her official capacity; or (c) any HHS
employee in his or her individual capacity where the Department of
Justice (or HHS, where it is authorized to do so) has agreed to
represent the employee; or (d) the United States or any agency
thereof where HHS determines that the litigation is likely to affect
HHS or any of its components, is a party to litigation or has any
interest in such litigation, and HHS determines that the use of such
records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
5. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
Records are retrieved by name.
Safeguards:
For each location and for the particular records maintained in
each project. Each site implements personnel, physical and procedural
safeguards such as the following:
1. Authorized Users: Access is granted only to personnel staff,
administrative office staff, and management officials directly
involved in the administration of the Guest Researcher, Special
Volunteer, and Scientist Emeriti programs.
2. Physical Safeguards: Record facilities are locked when system
personnel are not present.
3. Procedural Safeguards: Access to files is strictly controlled
by system personnel. Records may be removed from the file only with
the approval of the system manager or other authorized employees.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-320-3(a), which allows
records to be destroyed after a maximum period of two years after the
individual completes work at NIH. Refer to the NIH Manual Chapter for
specific disposition instructions.
System manager(s) and address:
Personnel/Administrative Officers of National Institutes of
Health Institutes/Centers.
Notification procedure:
To determine if a record exists and where it is located, contact:
National Institutes of Health, Office of Human Resources
Management, Privacy Act Coordinator, Building 31, Room 1C39, 9000
Rockville Pike, Bethesda, MD 20892.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Contact the Personnel Officer or Administrative Officer in whose
office the record is located and provide verification of identity as
described under Notification Procedure above. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request listings of accountable disclosures that have been made
of their records, if any.
Contesting record procedure:
Write to the official specified under Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely or irrelevant. The
right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Subject individual, NIH sponsor, funding institution.
Systems exempted from certain provisions of the act:
None.
09-25-0112
System name:
Grants and Cooperative Agreements: Research, Research Training,
Fellowship and Construction Applications and Related Awards, HHS/NIH/
OD.
Security classification:
None.
System location:
See Appendix I.
Categories of individuals covered by the system:
Grant applicants and Principal Investigators; Program Directors;
Institutional and Individual Fellows; Research Career Awardees; and
other employees of Applicant and/or grantee institutions.
Categories of records in the system:
Grant and cooperative agreement applications and review history,
awards, financial records, progress reports, payback records, and
related correspondence.
Authority for maintenance of the system:
``Research and Investigation,'' ``Appointment and Authority of
the Directors of the National Research Institutes,'' ``National
Institute of Mental Health,'' ``National Institute on Drug Abuse,''
``National Institute on Alcohol Abuse and Alcoholism,'' ``National
Cancer Institute,'' ``National Heart, Lung and Blood Institute,''
``National Institute of Diabetes, and Digestive and Kidney
Diseases,'' ``National Institute of Arthritis and Musculoskeletal and
Skin Diseases,'' ``National Institute on Aging,'' ``National
Institute on Allergy and Infectious Diseases,'' ``National Institute
of Child Health and Human Development,'' ``National Institute of
Dental and Craniofacial Research,'' ``National Eye Institute,''
``National Institute of Neurological Disorders and Stroke,''
``National Institute of General Medical Sciences,'' ``National
Institute of Environmental Health Sciences,'' ``National Institute on
Deafness and Other Communication Disorders,'' ``National Institute of
Nursing Research,'' ``National Library of Medicine,'' and the
``National Center for Research Resources'' of the Public Health
Service Act. (42 U.S.C. 241, 284, 285, 285(b), (c), (d), (e), (f),
(g), (h), (i), (j), (k), (l), (m), 286b-286b-7, 287a-2, 287a-3.)
Purpose(s):
1. Information provided is used by NIH staff for review, award,
and administration of grant programs.
2. Information is also used to maintain communication with former
fellows who have incurred an obligation through the National Research
Service Award Program.
3. Staff may also use curricula vitae to identify candidates who
may serve as ad hoc consultants or committee and council members in
the grant peer review process.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made of assignments of research
investigators and project monitors to specific research projects to
the National Technical Information Service (NTIS), Department of
Commerce, to contribute to the Smithsonian Science Information
Exchange, Inc.
2. Disclosure may be made to the cognizant audit agency for
auditing.
3. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
4. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
5. Disclosure may be made to qualified experts not within the
definition of Department employees as prescribed in Department
Regulations, 45 CFR 56.2, for opinions as a part of the application
review and award administration processes.
6. Disclosure may be made to a Federal agency, in response to its
request, in connection with the letting of a contract, or the
issuance of a license, grant or other benefit by the requesting
agency, to the extent that the record is relevant and necessary to
the requesting agency's decision on the matter.
7. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected; or obtained; (B) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (C) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; (D) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
8. Disclosure may be made to a private firm for the purpose of
collating, analyzing, aggregating or otherwise refining records in a
system. Relevant records will be disclosed to such a contractor. The
contractor shall be required to maintain Privacy Act safeguards with
respect to such records.
9. Disclosure may be made to the grantee institution in
connection with the review of an application or performance or
administration under the terms and conditions of the award, or in
connection with problems that might arise in performance or
administration if an award is made on a grant proposal.
10. Disclosure may be made to the profit institution's president
or official responsible for signing the grant application in
connection with the review or award of a grant application and in
connection with the administration and performance of a grant under
the terms and conditions of the awards.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12):
Disclosures may be made from this system to ``consumer reporting
agencies'' as defined in the Fair Credit Reporting Act (15 U.S.C.
1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C.
3701(a)(3)).
The Department may disclose to consumer reporting agencies
information on individuals who have failed to meet payback
obligations incurred under awards made under authority of the
National Research Service Awards Program (41 U.S.C. 289l-1).
Information disclosed includes data identifying the individual, the
amount, status and history of the obligation, and that the obligation
arose from an award made under the National Research Service Awards
Program.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in file folders, on computer tapes and disks, cards and in
notebooks.
Retrievability:
Retrieved by name and grant number.
Safeguards:
A variety of physical and procedural safeguards are implemented,
as appropriate, at the various locations of this system:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to officials whose
duties require use of the information. These officials include review
groups, grants management staff, other extramural program staff,
health scientist administrators, data processing and analysis staff
and management officials with oversight responsibilities for
extramural programs. Other one-time and special access is granted on
an individual basis as specifically authorized by the system manager.
Authorization for access to computerized files is controlled by the
system manager or designated official and is granted on a need-to-
know basis. Lists of authorized users are maintained.
2. Physical Safeguards: Secured facilities, locked rooms, locked
cabinets, personnel screening; records stored in order of grant
numbers which are randomly assigned.
3. Procedural Safeguards: Access to file rooms and files is
strictly controlled by files staff or other designated officials;
charge-out cards identifying users are required for each file used;
inactive records are transferred to controlled storage in Federal
Records Center in a timely fashion; retrieval of records from
inactive storage is controlled by the system manager or designated
official and by the NIH Records Management Officer; computer files
are password protected and access is actively monitored by the
Computer Center to prevent abuse. Employees are given specialized
training in the requirements of the Privacy Act as applied to the
grants program.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), items: 4000-B-1; 4000-B-4; 4000-
C-1 and, 4000-D-1. Refer to the NIH Manual Chapter for specific
disposition instructions.
System manager(s) and address:
See Appendix II.
Notification procedure:
Write to official at the address specified in Appendix II to
determine if a record exists. The requester must also verify his or
her identity by providing either a notarization of the request or a
written certification that the requester is who he or she claims to
be and understands that the knowing and willful request for
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Act, subject to a five
thousand dollar fine.
Record access procedures:
Write to the official at the address specified in Appendix IV to
obtain access to a record, and provide the same information as is
required under the Notification Procedure above. Requesters should
also reasonably specify the record contents being sought.
Individuals may also request listings of accountable disclosures
that have been made of their records, if any.
Contesting record procedure:
Contact the official at the address specified in Appendix II, and
reasonably identify the record and specify the information being
contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely or irrelevant. The
right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Information submitted by applicant; supplemented by outside
reviewers and internal staff.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Location
National Cancer Institute, Executive Plaza South, Suite
T-42, 6120 Executive Boulevard, Bethesda, MD 20892.
National Heart, Lung, and Blood Institute, Westwood
Building, Room 4A09, 5333 Westbard Avenue, Bethesda, MD
20892.
National Library of Medicine, Extramural Programs, 6705
Rockledge Drive, Suite 301, Bethesda, MD 20817.
National Institute of Allergy and Infectious Diseases,
Chief, Grants Management Branch, DEA, Solar Bldg., Room
4C-09, 6003 Executive Blvd., Rockville, MD 20892.
National Institute of Allergy and Infectious Diseases,
Chief, Management Information Systems Section, FMISB,
OAM, Solar Building, Room 4A-03, 6003 Executive Blvd.,
Rockville, MD 20892.
National Institute of Diabetes and Digestive and Kidney
Diseases, Westwood Building, Room 610, 5333 Westbard
Avenue, Bethesda, MD 20892.
National Institute of Arthritis and Musculoskeletal and
Skin Diseases, Natcher Building, Room 5A352, Bethesda,
MD 20892-6500.
National Institute of Child Health and Human
Development, 6100 Executive Blvd., Room 8A-01,
Bethesda, MD 20892-7510.
National Institute on Aging, Gateway Building, Room 2N-
212, 7201 Wisconsin Avenue, Bethesda, MD 20892.
National Institute of Dental and Craniofacial Research,
Grants Management Officer, Natcher Building, Room 4AS-
55, 45 Center Drive, MSC 6402, Bethesda, MD 20892-6402.
National Institute of Environmental Health Sciences,
Grants Management Officer, Building 2, Room 204, 104
Alexander Drive, Research Triangle Park, NC 27709.
National Institute of General Medical Sciences, Grants
Management Officer, Natcher Building, Room 2AN52, 9000
Rockville Pike, Bethesda, MD 20892.
National Institute of Neurological Disorders and
Stroke, Federal Building, Room 10A12, 7550 Wisconsin
Avenue, Bethesda, MD 20892.
National Institute on Deafness and Other Communication
Disorders, Executive Plaza South, Room 400B, 6120
Executive Boulevard, Rockville, MD 20892-7180.
National Eye Institute, Executive Plaza South, Room
350, 6120 Executive Boulevard, Bethesda, MD 20892.
National Center for Research Resources, 6705 Rockledge
Drive, Room 6086, Bethesda, MD 20892.
National Institute of Nursing Research, Building 45,
Room 3AN32, MSC 6301, Bethesda, MD 20892-6301.
Fogarty International Center, Building 31, Room B2C32,
9000 Rockville Pike, Bethesda, MD 20892.
Washington National Records Center, 4205 Suitland Road,
Suitland, MD 20409.
National Institute on Drug Abuse, Grants Management
Branch, 6001 Executive Blvd., Room 3131, MSC 9541,
Bethesda, MD 20892-9541.
National Institute on Alcohol Abuse and Alcoholism,
Grants Management Branch, Willco Building, Suite 504,
6000 Executive Blvd., MSC 7003, Bethesda, MD 20892-
7003.
National Institute of Mental Health, Grants Management
Branch, ORM, Neuroscience Center, 6001 Executive Blvd.,
Room 6122, Bethesda, MD 20892.
Appendix II: System Manager(s) and Address(es)
National Cancer Institute, Grants Management Analyst,
Executive Plaza South, Suite 234, 6120 Executive
Boulevard, Bethesda, MD 20892.
National Heart, Lung, and Blood Institute, Chief,
Grants Operations Branch, Division of Extramural
Affairs, Westwood Building, Room 4A10, 5333 Westbard
Avenue, Bethesda, MD 20852.
National Library of Medicine, Associate Director for
Extramural Programs, 6705 Rockledge Drive, Suite 301,
Bethesda, MD 20817.
National Institute of Allergy and Infectious Diseases,
Chief, Grants Management Branch, DEA, Solar Bldg., Room
4B-21, 6003 Executive Blvd., Bethesda, MD 20892.
National Institute of Allergy and Infectious Diseases,
Chief, Management Information Systems Section, FMISB,
OAM, Solar Building, Room 4A-03, 6003 Executive Blvd.,
Bethesda, MD 20892.
National Institute of Arthritis and Musculoskeletal and
Skin Diseases, Grants Management Officer, Natcher
Building, Room 5AS49, Bethesda, MD 20892-6500.
National Institute of Diabetes and Digestive and Kidney
Disease, Grants Management Officer, Room 637, Westwood
Building, 5333 Westbard Avenue, Bethesda, MD 20892.
National Institute of Child Health and Human
Development, Chief, Grants Management Branch, 6100
Executive Blvd., Room 8A01, Bethesda, MD 20892.
National Institute on Aging, Grants Management Officer,
Gateway Building, Room 2N-212, 7201 Wisconsin Avenue,
Bethesda, MD 20892.
National Institute of Dental and Craniofacial Research,
Grants Management Officer, NIDCR, Natcher Building,
Room 4AS-55, 45 Center Drive, MSC 6402, Bethesda, MD
20892-6402.
National Institute of Environmental Health Sciences,
Grants Management Officer, Building 2, Room 204, 104
Alexander Drive, Research Triangle Park, NC 27709.
National Institute of General Medical Sciences, Grants
Management Officer, NIGMS, Natcher Building, Room
2AN24, 9000 Rockville Pike, Bethesda, MD 20892.
National Institute of Neurological Disorders and
Stroke, Grants Management Officer, Federal Building,
Room 1004A, Bethesda, MD 20892.
National Institute on Deafness and Other Communication
Disorders, Chief, Grants Management Branch, Executive
Plaza South, Room 400B, MSC 7180, 6120 Executive
Boulevard, Bethesda, MD 20892-7180.
National Institute of Nursing Research, Grants
Management Officer, Building 45, Room 3AN32, MSC 6301,
Bethesda, MD 20892-6301.
National Eye Institute, Grants Management Officer,
Executive Plaza South, Room 350, 6120 Executive
Boulevard, Bethesda, MD 20892.
National Center for Research Resources, Office of
Grants Management, 6705 Rockledge Drive, Room 6086,
Bethesda, MD 20892.
Fogarty International Center, Scientific Review
Administrator, International Studies Branch, Building
31, Room B2C32, 9000 Rockville Pike, Bethesda, MD
20892.
National Institute on Drug Abuse, 6001 Executive Blvd.,
Room 3131, MSC 9541, Bethesda, MD 20892-9541.
National Institute on Alcohol Abuse and Alcoholism,
Chief, Grants Operation Section, Willco Building, Suite
504, 6000 Executive Blvd., MSC 7003, Bethesda, MD
20892-7003.
National Institute of Mental Health, Grants Management
Officer, ORM, Neuroscience Center, 6001 Executive
Blvd., Room 6122, Bethesda, MD 20892.
Appendix III: Notification Procedure
National Cancer Institute, see Appendix II.
National Heart, Lung, and Blood Institute, Privacy Act
Coordinator, Building 31, Room 5A10, 31 Center Drive,
MSC 2490, Bethesda, MD 20892-2490.
National Library of Medicine, see Appendix II.
National Institute of Allergy and Infectious Diseases,
see Appendix II.
National Institute of Diabetes and Digestive and Kidney
Diseases, Administrative Officer, Building 31, Room
9A46, 9000 Rockville Pike, Bethesda, MD 20892.
National Institute of Child Health and Human
Development, see Appendix II.
National Institute of Aging, see Appendix II.
National Institute of Dental and Craniofacial Research
(NIDCR), Privacy Act Coordinator, Natcher Building,
Room 4AS-43A, 45 Center Drive, MSC 6401, Bethesda, MD
20892-6401.
National Institute of Environmental Health Sciences,
see Appendix II.
National Institute of General Medical Sciences, see
Appendix II.
National Institute of Neurological Disorders and
Stroke, see Appendix II.
National Institute on Deafness and Other Communication
Disorders, see Appendix II.
National Eye Institute, see Appendix II.
National Center for Nursing Research, see Appendix II.
National Center for Research Resources, see Appendix
II.
Fogarty International Center, see Appendix II.
National Institute on Drug Abuse, see Appendix II.
National Institute on Alcohol Abuse and Alcoholism, see
Appendix II.
National Institute of Mental Health, Privacy Act
Coordinator, Room 15-81, Parklawn Building, 5600
Fishers Lane, Rockville, MD 20857.
National Institute of Arthritis and Musculoskeletal and
Skin Diseases, see Appendix II.
Appendix IV: Records Access Procedure
National Cancer Institute, Privacy Act Coordinator,
Building 31, Room 10A30, 9000 Rockville Pike, Bethesda,
MD 20892.
National Heart, Lung, and Blood Institute, see Appendix
III.
National Library of Medicine, see Appendix II.
National Institute of Allergy and Infectious Diseases,
Privacy Act Coordinator, Solar Bldg., Room 3C-23,
Bethesda, MD 20892.
National Institute of Diabetes and Digestive and Kidney
Diseases, see Appendix II.
National Institute of Child Health and Human
Development, see Appendix II.
National Institute on Aging, see Appendix II.
National Institute of Dental and Craniofacial Research
(NIDCR), Grants Management Officer, Natcher Building,
Room 4AS-55, 45 Center Drive, MSC 6402, Bethesda, MD
20892-6402.
National Institute of Environmental Health Sciences,
see Appendix II.
National Institute of General Medical Sciences, Privacy
Act Coordinator, Natcher Building, Room 3AS43, 9000
Rockville Pike, Bethesda, MD 20892.
National Institute of Neurological Disorders and
Stroke, Chief, Grants Management Branch, Executive
Plaza South, Room 400B, 6120 Executive Blvd.,
Rockville, MD 20892-7180.
National Institute on Deafness and Other Communication
Disorders, see Appendix II.
National Eye Institute, Administrative Officer,
Building 31, Room 6A17, 9000 Rockville Pike, Bethesda,
MD 20892.
National Center for Research Resources, Privacy Act
Coordinator, 6705 Rockledge Drive, Room 5142, Bethesda,
MD 20892.
Fogarty International Center, see Appendix II.
National Institute on Drug Abuse, see Appendix II.
National Institute on Alcohol Abuse and Alcoholism, see
Appendix II.
National Institute of Mental Health, see Appendix II.
National Institute of Nursing Research, see Appendix
II.
National Institute of Arthritis and Musculoskeletal and
Skin Diseases, see Appendix II.
09-25-0115
System name:
Administration: Curricula Vitae of Consultants and Clinical
Investigators, HHS/NIH/NIAID.
Security classification:
None.
System location:
National Institutes of Health, Solar Bldg., 6003 Executive Blvd.,
Room 3A37, MSC 7630, Bethesda, MD 20892 and
McKesson BioServices Corporation, 7501 Standish Place, Rockville,
MD 20850.
Write to the system manager at the address below for the address
of the Federal Records Center where records are stored.
Categories of individuals covered by the system:
Consultants and Clinical Investigators under National Institute
of Allergy and Infectious Diseases (NIAID) Investigational New Drug
Applications.
Categories of records in the system:
Curricula vitae.
Authority for maintenance of the system:
42 U.S.C. 241, 289a.
Purpose(s):
1. To maintain a record of the investigators under
Investigational New Drug (IND) applications.
2. To appoint consultants to the NIAID Institutional Review Board
(IRB).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in books.
Retrievability:
Retrieved by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
and procedural safeguards such as the following:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to NIAID staff
whose duties require the use of such information. Authorized users
are located in the Clinical and Regulatory Affairs Branch, Division
of Microbiology and Infectious Diseases, NIAID. Other one-time and
special access by other employees is granted on a need-to-know basis
as specifically authorized by the system manager.
2. Physical Safeguards: Building is locked during off-duty hours.
3. Procedural safeguards: Access to files is strictly controlled
by files staff. Records may be removed from files only at the request
of the system manager or other authorized employee.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1100-G. Refer to the NIH
Manual Chapter for specific disposition instructions.
System manager(s) and address:
Chief, Clinical and Regulatory Affairs Branch, DMID, NIAID, Solar
Bldg., Room 3A-01, 6003 Executive Blvd., Bethesda, MD 20892.
Notification procedure:
To determine if a record exists, write to: NIAID Privacy Act
Coordinator, Solar Bldg., Room 3C-23, 6003 Executive Blvd., Bethesda,
MD 20892.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the official specified under Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely or irrelevant. The
right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Individuals.
Systems exempted from certain provisions of the act:
None.
09-25-0118
System name:
Contracts: Professional Services Contractors, HHS/NIH/NCI.
Security classification:
None.
System location:
Write to system manager at the address below for the address of
the Federal Records Center where records may be stored.
Categories of individuals covered by the system:
Individuals under contract with the National Cancer Institute.
Categories of records in the system:
Professional services contracts.
Authority for maintenance of the system:
42 U.S.C. 241(d), 281.
Purpose(s):
Used by staff for general administrative purposes to assure
compliance with contract program requirements.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in file folders.
Retrievability:
Retrieved by name.
Safeguards:
1. Authorized Users: Access is limited to authorized personnel
(system manager and staff).
2. Physical Safeguards: Records are maintained in offices which
are locked when not in use.
3. Procedural Safeguards: Access to files is strictly controlled
by system manager and staff.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2600-A-4, which allows
records to be destroyed after a maximum period of six years and three
months after final payment. Refer to the NIH Manual Chapter for
specific disposition instructions.
System manager(s) and address:
ARC Manager, NCI/DCTD, Building 31, Room 3A44, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/OD-31, Building 31, Room 11A33, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/OD-EP, Executive Plaza South, Room 531, 6120
Executive Blvd., Rockville, MD 20852.
ARC Manager, NCI/6116, Executive Plaza South, Room 531, 6120
Executive Blvd., Rockville, MD 20852.
ARC Manager, NCI/DCP, Building 31, Room 10A50, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/DCB, Executive Plaza North, Room 500, 6130
Executive Blvd., Rockville, MD 20852.
ARC Manager, NCI/DCCPS, Executive Plaza North, Room 306, 6130
Executive Blvd., Rockville, MD 20852.
ARC Manager, NCI/Bldg. 41, Building 41, Room A101, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/Bldg. 37, Building 37, Room 5A15, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/FCRDC, FCRDC, Building 428, Room 43, Frederick,
MD 21702.
ARC Manager, NCI/DCEG, Executive Plaza South, Room 8086, 6120
Executive Blvd., Rockville, MD 20852.
ARC Manager, NCI/31-DBS, Building 31, Room 3A20, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/31-DCS, Building 31, Room 3A11, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/10A, Building 10, Room 12N210, 9000 Rockville
Pike, Bethesda, MD 20892.
ARC Manager, NCI/10B, Building 10, Room 12N210, 9000 Rockville
Pike, Bethesda, MD 20892.
Notification procedure:
Write to the appropriate system manager listed above to determine
if a record exists. The requester must also verify his or her
identity by providing either a notarization of the request or a
written certification that the requester is who he or she claims to
be and understands that the knowing and willful request for
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Act, subject to a five
thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
Individuals in the system.
Systems exempted from certain provisions of the act:
None.
09-25-0121
System name:
International Activities: Senior International Fellowships
Program, HHS/NIH/FIC.
Security classification:
None.
System location:
National Institutes of Health, Building 31, Room B2C39, 9000
Rockville Pike, Bethesda, MD 20892.
Write to system manager at the address below for the address of
the Federal Records Center where records from this system are stored.
Categories of individuals covered by the system:
Applicants for Senior International Fellowships.
Categories of records in the system:
Applications and associated records and reports.
Authority for maintenance of the system:
42 U.S.C. 242e.
Purpose(s):
For award and administration of fellowships to outstanding
faculty members in mid-career from U.S. biomedical research and
educational institutions for study abroad.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Each fellow's home institution receives a notice of award and
funding for the fellowship.
2. Applications are made available to authorized employees and
agents of the U.S., including the General Accounting Office for
purposes of investigations, inspections and audits, and in
appropriate cases, to the Department of Justice for proper action
under civil and criminal laws.
3. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
4. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders and computer disks.
Retrievability:
Name and fellowship number.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
procedural safeguards such as the following:
1. Authorized Users: Employees who maintain records in this
system are instructed to grant regular access only to Fogarty
International Center (FIC) program staff. Other one-time and special
access by other employees is granted on a need-to-know basis as
specifically authorized by the system manager.
2. Physical Safeguards: The records are stored in locked file
cabinets and offices are locked during off-duty hours.
3. Procedural Safeguards: Access to files is strictly controlled
by files staff. Records may be removed from files only at the request
of the system manager or other authorized employees. For computerized
records access is controlled by the use of security codes known to
authorized users and access codes are changed periodically. The
computer system maintains an audit record of all requests for access.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-320-7, which allows
records to be destroyed after a maximum period of six years after the
close of a case. Refer to the NIH Manual Chapter for specific
disposition instructions.
System manager(s) and address:
Chief, International Research Awards Branch, Fogarty
International Center, National Institutes of Health, Building 31,
Room B2C39, 9000 Rockville Pike, Bethesda, MD 20892.
Notification procedure:
Requests for notification of or access to records should be
addressed to the system manager, listed above. The requester must
also verify his or her identity by providing either a notarization of
the request or a written certification that the requester is who he
or she claims to be and understands that the knowing and willful
request for acquisition of a record pertaining to an individual under
false pretenses is a criminal offense under the Act, subject to a
five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction. The right to contest records is limited to
information which is incomplete, irrelevant, incorrect, or untimely
(obsolete).
Record source categories:
Information obtained from applicants and persons supplying
recommendations through the Center for Scientific Review.
Systems exempted from certain provisions of the act:
None.
09-25-0124
System name:
Administration: Pharmacology Research Associates, HHS/NIH/NIGMS.
Security classification:
None.
System location:
National Institutes of Health, Director, PRAT Program,
Pharmacological Sciences, NIGMS, Natcher Building, Room 2AS.43D, 9000
Rockville Pike, Bethesda, MD 20892.
Write to system manager at the address below for the address of
the Federal Records Center where records are stored.
Categories of individuals covered by the system:
Applicants for positions as Pharmacology Research Associates with
the National Institute of General Medical Sciences (NIGMS) and
current and former Pharmacology Research Associates.
Categories of records in the system:
Individual application forms, addresses, telephone numbers, lists
of awards received, research keywords, preceptor and institute during
time of fellowship for former fellows, academic transcripts, reprints
and references, curricula vitae, and salary adjustment memorandum for
fellows.
Authority for maintenance of the system:
42 U.S.C. 209.
Purpose(s):
For review, award and administration of the Pharmacology Research
Associate Program (PRAT).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders.
Retrievability:
By name of applicant.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location and for the particular records
maintained in each project. Each site implements personnel, physical,
and procedural safeguards such as the following:
1. Authorized Users: Employees who maintain the system are
instructed to grant access only to authorized personnel (system
manager and staff assigned to the program).
2. Physical Safeguards: The records are maintained in locked file
cabinets when not in use and system location is locked during non-
working hours.
3. Procedural Safeguards: Access to files is strictly controlled
by responsible individuals who have been instructed in the Privacy
Act requirements. Records are returned to the locked cabinets when
not in use.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-320-2(a). Refer to the
NIH Manual Chapter for specific disposition instructions.
System manager(s) and address:
Director, PRAT Program, Pharmacological Sciences, NIGMS, Natcher
Building, Room 2AS.49K, 9000 Rockville Pike, Bethesda, MD 20892.
Notification procedure:
To determine if a record exists, write to system manager and
provide the following information: Applicant's name and date of
application. The requester must also verify his or her identity by
providing either a notarization of the request or a written
certification that the requester is who he or she claims to be and
understands that the knowing and willful request for acquisition of a
record pertaining to an individual under false pretenses is a
criminal offense under the Act, subject to a five thousand dollar
fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above, and reasonably identify the record and specify the
information to be contested, the corrective action sought. The right
to contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Information obtained from applicants, university registrars, and
persons supplying recommendations through the PRAT Program. Salary
adjustment memos from preceptors. Information on former fellows
obtained from former fellows.
Systems exempted from certain provisions of the act:
None.
09-25-0140
System name:
International Activities: International Scientific Researchers in
Intramural Laboratories at the National Institutes of Health, HHS/
NIH/FIC.
Security classification:
None.
System location:
Fogarty International Center, Building 16A, Room 101, 9000
Rockville Pike, Bethesda, MD 20892, and
Center for Information Technology, Building 12A, Room 3061,
National Institutes of Health, 9000 Rockville Pike, Bethesda,
Maryland 20892.
Ancillary records are located in the Office of the Associate
Director for Intramural Affairs, laboratories, administrative and
personnel offices where participants are assigned. Write to system
manager at the address below for the address of the Federal Records
Center where records are stored.
Categories of individuals covered by the system:
Health scientists at all levels of their pre- and postdoctoral or
equivalent research careers who are invited to the National
Institutes of Health to conduct research related to their doctoral
studies, for further postdoctoral training, or to conduct research in
their biomedical specialties under the auspices of FIC's
administration of International Activities. Most of these scientists
are foreign; however, some may be resident aliens.
Individuals in these categories include the following: Visiting
Scientists (i.e., Title 42 employees) and Foreign Special Experts
(also employees) and Visiting Fellows, Guest Researchers, Exchange
Scientists, International Research Fellows, Fogarty Scholars, and
Special Volunteers.
Categories of records in the system:
History of fellowship, employment and/or stay at NIH; education,
previous institution of affiliation, immigration data, and
references. For payroll purposes, social security numbers are
requested of all applicants accepted into the program.
Authority for maintenance of the system:
42 U.S.C. 242l and Section 307 of the Public Health Service Act.
Purpose(s):
To document the individual's presence at the NIH, to record
immigration history of the individual in order to verify continued
eligibility in existing programs, and to meet requirements in the
code of Federal Regulations (8 CFR, ``Aliens and Nationality,'' and
22 CFR, ``Foreign Relations'').
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Information is made available to authorized employees and
agents of the U.S. Government including, but not limited to, the
General Accounting Office, the Internal Revenue Service, the FBI and
Immigration and Naturalization Service, Department of Justice, and
the Department of State for purposes of investigations, inspections
and audits.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of the individual.
3. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
any interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders, computer hard disks and
tapes, and computer diskettes.
Retrievability:
By name, country of citizenship, country of birth, gender,
fellowship case number, visa and immigration status, program
category, NIH institute and lab, sponsor, degree attained, stipend or
salary level, dates of stay at NIH, termination date, work address
and telephone number, and home address.
Safeguards:
A variety of safeguards is implemented for the various sets of
records included under this system according to the sensitivity of
the data they contain.
1. Authorized Users: NIH administrative and personnel staff
screened by FIC staff to access information on a need-to-know basis.
Only FIC staff are authorized to add, change, or delete data. Access
by other employees is granted on a need-to-know basis as specifically
authorized by the system manager.
2. Physical Safeguards: The records are maintained in file
cabinets in offices that are locked during off-duty hours.
3. Procedural Safeguards: Access to files is strictly controlled
by files staff. Records may be removed from files only at the request
of the system manager or other authorized employees. For computerized
records, access is controlled by the use of security codes known only
to authorized users; access codes are changed periodically. The
computer system maintains an audit record of all requests for access.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-320, which allows
records to be destroyed after a maximum period of six years after the
close of a case. Refer to the NIH Manual Chapter for specific
disposition instructions.
System manager(s) and address:
Chief, International Services Branch, National Institutes of
Health, Fogarty International Center, Building 16A, Room 101, 16A
Center Drive, MSC 6710, Bethesda, MD 20892-6710.
Notification procedure:
Write to the system manager to determine if a record exists. The
requester must also verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official listed under Notification Procedure above,
and reasonably identify the record, and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction. The right to contest records is limited to
information which is incomplete, irrelevant, incorrect, or untimely
(obsolete).
Record source categories:
Subject individuals and other Federal agencies.
Systems exempted from certain provisions of the act:
None.
09-25-0156
System name:
Records of Participants in Programs and Respondents in Surveys
Used to Evaluate Programs of the Public Health Service, HHS/PHS/NIH/
OD.
Security classification:
None.
System location:
This system of records is an umbrella system comprising separate
sets of records located either in the organizations responsible for
conducting evaluations or at the sites of programs or activities
under evaluation. Locations include Public Health Service (PHS)
facilities, or facilities of contractors of the PHS. Write to the
appropriate system manager below for a list of current locations.
Categories of individuals covered by the system:
Individuals covered by this system are those who provide
information or opinions that are useful in evaluating programs or
activities of the PHS other persons who have participated in or
benefitted from PHS programs or activities; or other persons included
in evaluation studies for purposes of comparison. Such individuals
may include (1) participants in research studies; (2) applicants for
and recipients of grants, fellowships, traineeships or other awards;
(3) employees, experts and consultants; (4) members of advisory
committees; (5) other researchers, health care professionals, or
individuals who have or are at risk of developing diseases or
conditions studied by PHS; (6) persons who provide feedback about the
value or usefulness of information they receive about PHS programs,
activities or research results; (7) persons who have received
Doctorate level degrees from U.S. institutions; (8) persons who have
worked or studied at U.S. institutions that receive(d) institutional
support from PHS.
Categories of records in the system:
This umbrella system of records covers a varying number of
separate sets of records used in different evaluation studies. The
categories of records in each set depend on the type of program being
evaluated and the specific purpose of the evaluation. In general, the
records contain two types of information: (1) Information identifying
subject individuals, and (2) information which enables PHS to
evaluate its programs and services.
(1) Identifying information usually consists of a name and
address, but it might also include a patient identification number,
grant number, social security number, or other identifying number as
appropriate to the particular group included in an evaluation study.
(2) Information used for evaluation varies according to the
program evaluated. Categories of evaluative information include
personal data and medical data on participants in clinical and
research programs; personal data, publications, professional
achievements and career history of researchers; and opinions and
other information received directly from individuals in evaluation
surveys and studies of PHS programs.
The system does not include any master list, index or other
central means of identifying all individuals whose records are
included in the various sets of records covered by the system.
Authority for maintenance of the system:
Authority for this system comes from the authorities regarding
the establishment of the National Institutes of Health, its general
authority to conduct and fund research and to provide training
assistance, and its general authority to maintain records in
connection with these and its other functions (42 U.S.C. 203, 241,
2891-1 and 44 U.S.C. 3101), and Section 301 and 493 of the Public
Health Service Act.
Purpose(s):
This system supports evaluation of the policies, programs,
organization, methods, materials, activities or services used by PHS
in fulfilling its legislated mandate for (1) conduct and support of
biomedical research into the causes, prevention and cure of diseases;
(2) support for training of research investigators; (3) communication
of biomedical information.
This system is not used to make any determination affecting the
rights, benefits, or privileges of any individual.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to HHS contractors and collaborating
researchers, organizations, and State and local officials for the
purpose of conducting evaluation studies or collecting, aggregating,
processing or analyzing records used in evaluation studies. The
recipients are required to protect the confidentiality of such
records.
2. Disclosure may be made to organizations deemed qualified by
the Secretary to carry out quality assessments, medical audits or
utilization review.
3. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
4. The Department may disclose information from this system of
records to the Department of Justice, to court or other tribunal, or
to another party before such tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS or any of its components, is a party to
litigation or has an interest in such litigation, and HHS determines
that the use of such records by the Department of Justice, the
tribunal, or the other party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Data may be stored in file folders, bound notebooks, or computer-
accessible media (e.g., magnetic tapes, disks, cartridges, CD-ROMs,
etc.).
Retrievability:
Information is retrieved by name and/or participant
identification number within each evaluation study. There is no
central collection of records in this system, and no central means of
identifying individuals whose records are included in the separate
sets of records that are maintained for particular evaluation
studies.
Safeguards:
A variety of safeguards are implemented for the various sets of
records in this system according to the sensitivity of the data each
set contains. Information already in the public domain, such as
titles and dates of publications, is not restricted. However,
sensitive information, such as personal or medical history or
individually identified opinions, is protected according to its level
of sensitivity. Records derived from other systems of records will be
safeguarded at a level at least as stringent as that required in the
original systems. Minimal safeguards for the protection of
information which is not available to the general public include the
following:
1. Authorized Users: Regular access to information in a given set
of records is limited to PHS or to contractor employees who are
conducting, reviewing, or contributing to a specific evaluation
study. Other access is granted only on a case-by-case basis,
consistent with the restrictions required by the Privacy Act (e.g.,
when disclosure is required by the Freedom of Information Act), as
authorized by the system manager or designated responsible official.
2. Physical Safeguards: Records are stored in closed or locked
containers, in areas which are not accessible to unauthorized users,
and in facilities which are locked when not in use. Records collected
in each evaluation project are maintained separately from those of
other projects. Sensitive records are not left exposed to
unauthorized persons at any time. Sensitive data in machine-readable
form may be encrypted.
3. Procedural Safeguards: Access to records is controlled by
responsible employees and is granted only to authorized individuals
whose identities are properly verified. Data stored in mainframe
computers is accessed only through the use of keywords known only to
authorized personnel. When personal computers are used, magnetic
media (e.g. diskettes, CD-ROMs, etc.) are protected as under Physical
Safeguards. When data is stored within a personal computer (i.e., on
a ``hard disk''), the machine itself is treated as though it were a
record, or records, under Physical Safeguards. Contracts for
operation of this system of records require protection of the records
in accordance with these safeguards; PHS project and contracting
officers monitor contractor compliance.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1100-C-2. Refer to the NIH
Manual Chapter for specific disposition instructions.
System manager(s) and address:
See Appendix I.
Policy coordination for this system is provided by: Acting
Director, Office of Reports and Analysis, Office of Extramural
Research, Office of the Director, National Institutes of Health,
Bldg. 1, Room 252, 9000 Rockville Pike, Bethesda, MD 20892.
Notification procedure:
To determine if a record exists, write to the official of the
organization responsible for the evaluation, as listed in Appendix
II. If you are not certain which component of PHS was responsible for
the evaluation study, or if you believe there are records about you
in several components of PHS, write to: NIH Privacy Act Officer, 6011
Executive Blvd., Room 601L, MSC 7669, Rockville, MD 20852.
Requesters must provide the following information:
1. Full name, and name(s) used while studying or employed;
2. Name and location of the evaluation study or other PHS program
in which the requester participated or the institution at which the
requester was a student or employee, if applicable;
3. Approximate dates of participation, matriculation or
employment, if applicable.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
An individual who requests notification of or access to a medical
record shall, at the time the request is made, designate in writing,
a responsible representative, who may be a physician, other health
professional, or other responsible individual, who will be willing to
review the record and inform the subject individual of its contents
at the representative's discretion.
A parent or guardian who requests notification of, or access to,
a child's or incompetent person's medical record shall designate a
family physician or other health professional (other than a family
member) to whom the record, if any, will be sent. The parent or
guardian must verify relationship to the child or incompetent person
as well as his or her own identity.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the official specified under Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is inaccurate, incomplete, untimely, or irrelevant.
The right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Information contained in these records is obtained directly from
individual participants; from systems of records 09-25-0036,
``Extramural Awards and Chartered Advisory Committees: IMPAC (Grants/
Contract Information/Cooperative Agreement Information/Chartered
Advisory Committee Information), HHS/NIH/OER and HHS/NIH/CMO;'' 09-
25-0112, ``Grants and Cooperative Agreements: Research, Research
Training, Fellowship and Construction Applications and Related
Awards, HHS/NIH/OD;'' NSF-6, ``Doctorate Record File'', NSF-43,
``Doctorate Work History File'' (previously entitled NSF-43, ``Roster
and Survey of Doctorate Holders in The United States'' and other
records maintained by the operating programs of NIH; the National
Academy of Sciences, professional associations such as the AAMC and
ADA, and other contractors; grantees or collaborating researchers; or
publicly available sources such as bibliographies.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Managers
Office of Reports and Analysis, Office of Extramural
Research, Office of the Director, National Institutes
of Health, RKL2, 6701 Rockledge Drive, Room 6212,
Bethesda, MD 20892.
National Institutes of Health, Office of the Director,
Director, Division of Personnel Management, Building 1,
Room B1-60, 9000 Rockville Pike, Bethesda, MD 20892.
National Heart, Lung, and Blood Institute (NHLBI),
NHLBI Minority Coordinator, OD, OPPE, Building 31, Room
5A03/5A06, 31 Center Drive, MSC 2482, Bethesda, MD
20892-2482.
National Library of Medicine (NLM), Associate Director
for Health Information Programs Development, Building
38, Room 2S20, Bethesda, MD 20894.
National Eye Institute (NEI), Associate Director for
Science Policy and Legislation, Building 31, Room 6A25,
Bethesda, MD 20892.
National Cancer Institute (NCI), Public Health
Educator, OCC, NCI, National Institutes of Health,
Building 31, Room 10A03, Bethesda, MD 20892.
National Institute on Aging (NIA), Chief, Office of
Planning, Analysis, Technical Information and
Evaluation, Federal Building, Room 6A09, 7550 Wisconsin
Avenue, Bethesda, MD 20892.
National Institute of Child Health and Human
Development (NICHD), Associate Director for Science
Policy, Analysis, and Communication, Building 31, Room
2A18, Bethesda, MD 20892.
National Institute on Deafness and Other Communication
Disorders, Chief, Program Planning and Health Reports
Branch, Building 31, Room 3C35, 9000 Rockville Pike,
Bethesda, MD 20892.
National Institute of Dental and Craniofacial Research
(NIDCR), Evaluation Officer, Office of Science Policy
and Analysis, Building 31, Room 5B55, 31 Center Drive,
MSC 2190, Bethesda, MD 20892-2190.
National Institute of Environmental Health Sciences
(NIEHS), Program Analyst, Office of Program Planning
and Evaluation, P.O. Box 12233, Research Triangle Park,
NC 27709.
National Institute of General Medical Sciences (NIGMS),
Chief, Office of Program Analysis and Evaluation,
Natcher Building, Room 2AS-55F, 9000 Rockville Pike,
Bethesda, MD 20892.
Fogarty International Center (FIC), National Institutes
of Health, Assistant Director for International Science
Policy and Analysis, Building 31, Room B2C08, Bethesda,
MD 20892.
Center for Scientific Review (CSR), Information
Officer, Rockledge Centre II, Room 6160, 6701 Rockledge
Drive, Bethesda, MD 20817.
National Center for Research Resources (NCRR),
Director, Office of Science Policy, Rockledge Building,
Room 5046, Bethesda, MD 20892.
National Institute of Nursing Research (NINR), Chief,
Office of Planning, Analysis and Evaluation, Building
31, Room 5B09, Bethesda, MD 20892.
Office of Research Integrity, Policy Analyst, Division
of Policy and Education, U.S. Public Health Service,
5515 Security Lane, Suite 700, Rockwall-II Building,
Rockville, MD 20852.
Appendix II: Notification and Access Officials
NIH, Office of the Director, Office of Extramural
Research, Acting Director, Office of Reports and
Analysis, Building 1, Room 252, 9000 Rockville Pike,
Bethesda, MD 20892.
National Institutes of Health, Office of the Director,
Director, Division of Personnel Management, Building 1,
Room B1-60, 9000 Rockville Pike, Bethesda, MD 20892.
National Heart, Lung, and Blood Institute (NHLBI),
Privacy Act Coordinator, Building 31, Room 5A29,
Bethesda, MD 20892.
National Library of Medicine (NLM), Assistant Director
for Planning and Evaluation, Building 38, Room 2S18,
Bethesda, MD 20894.
National Eye Institute (NEI), Executive Officer,
Building 31, Room 6A25, Bethesda, MD 20892.
Fogarty International Center (FIC), National Institutes
of Health, Assistant Director for International Science
Policy and Analysis, Building 31, Room B2C08, Bethesda,
MD 20892.
Center for Scientific Review (CSR), Information
Officer, Rockledge Centre II, Room 6160, 6701 Rockledge
Drive, Bethesda, MD 20817.
National Center for Research Resources (NCRR),
Director, Office of Science Policy, Rockledge Bldg.,
Room 5046, Bethesda, MD 20892.
National Cancer Institute, Privacy Act Coordinator,
National Institutes of Health, Building 31, Room 10A30,
Bethesda, MD 20892.
09-25-0158
System name:
Administration: Records of Applicants and Awardees of the NIH
Intramural Research Training Awards Program, HHS/NIH/OD.
Security classification:
None.
System location:
This system is located in each of the intramural offices and
laboratories where the Intramural Research Training Awards (IRTA)
Fellow is located and assigned, including the respective Scientific
Director's office, the administrative and personnel offices, and in
Division of Personnel Management branches responsible for
administering the IRTA Program, and the Office of Education, Building
10, Room 1C125, 9000 Rockville Pike, Bethesda, MD 20892.
Categories of individuals covered by the system:
Applicants for IRTA Fellowships, current IRTA Fellows, and former
IRTA Fellows.
Categories of records in the system:
These records contain information relating to education and
training, employment history, scientific publications; research
goals; letters of reference; and personal information such as name,
date of birth, social security number, home address and citizenship;
and information related to fellowship awards such as stipend levels,
training assignments, training expenses and travel allowances.
Authority for maintenance of the system:
42 U.S.C. 284(b)(1)(C), 286b-3, and 287c-1 authorizes PHS to make
awards for biomedical research and research training.
Purpose(s):
Records in this system are used to determine individuals'
eligibility and evaluate their qualifications for IRTA Fellowships;
to document the basis for management actions relating to Fellowships
that are awarded; and to provide data for program evaluation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to the Office of Personnel Management
for evaluation of NIH Personnel programs.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the written request of that individual.
3. Disclosure may be made to the Department of Justice or to a
court or other tribunal from this system of records, when (a) HHS, or
any component thereof; or (b) any HHS employee in his or her official
capacity; or (c) any HHS employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) the United States or
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, court or other tribunal
is relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
4. Disclosure may be made to a Federal, State or local agency
maintaining civil, criminal or other pertinent records, such as
current licenses, if necessary to obtain a record relevant to an
agency decision concerning the selection or retention of a fellow.
5. Disclosure may be made to a Federal agency, in response to its
request, in connection with hiring or retention of an employee, the
issuance of a security clearance, an investigation of an employee,
the letting of a contract, or the issuance of a license, grant, or
other benefit by the requesting agency, to the extent that the record
is relevant and necessary to the requesting agency's decision on the
matter.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders, and on magnetic tapes and
disks.
Retrievability:
Records are retrieved by name, social security number, or
institute list number.
Safeguards:
1. Authorized Users: Access is granted only to NIH scientists,
administrative office staff, personnel staff, and financial
management staff directly involved in the administration of the IRTA
Program.
2. Physical Safeguards: File folders are kept in locked drawers
or locked rooms when system personnel are not present.
3. Procedural Safeguards: Access to file folders is controlled by
system personnel. Records may be removed from the files only with the
approval of the system manager or other authorized employees. Data
stored in the automated system is accessed through the use of
keywords known only to authorized personnel.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 4000-E-3. Refer to the NIH
Manual Chapter for specific disposition instructions.
System manager(s) and address:
Personnel/Administrative Officers of the National Institutes of
Health Institutes/Centers. Contact the individual listed under
Notification Procedure for the name and address of the appropriate
system manager.
Notification procedure:
To determine if a record exists and where it is located, contact:
Chief, Staffing Management Branch, Division of Personnel Management,
NIH, Building 31, Room 1C31, 9000 Rockville Pike, Bethesda, MD 20892.
The requestor must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Write to the official specified under the Notification Procedure
above, and reasonably identify the record and specify the information
being contested, the corrective action sought, and your reasons for
requesting the correction, along with supporting information to show
how the record is untimely, incomplete, irrelevant or inaccurate. The
right to contest records is limited to information which is
incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Applicants, persons and institutions supplying references.
Systems exempted from certain provisions of the act:
None.
09-25-0160
System name:
United States Renal Data System (USRDS), HHS/NIH/NIDDK.
Security classification:
None.
System location:
Records are located at contractor operated coordinating center.
Write to the system manager at address below for address of current
location. U.S. Renal Data System, Coordinating Center (CC), 2100 M
Street NW, Suite 400, Washington, DC 20037.
Categories of individuals covered by the system:
Persons with end-stage renal disease (ESRD), providers of ESRD
services.
Categories of records in the system:
Health and medical record data; fiscal information; patient
names, social security number, Health Care Financing Administration
(HCFA) beneficiary ID, patient demographic, epidemiologic and
survival characteristics; physician provider characteristics;
facility provider characteristics.
Authority for maintenance of the system:
42 U.S.C. 241a, 289c, as last amended by Pub. L. 100-607,
November 4, 1988 under the Health Omnibus Programs Extension of 1988.
Purpose(s):
1. To design and implement a consolidated renal disease system
that will provide the biostatistical, data management and analytical
expertise necessary to characterize the total renal patient
population and describe the distribution of patients by
sociodemographic variables across treatment modalities.
2. To report on the incidence, prevalence, and mortality rates of
renal disease by primary diagnosis.
3. To identify the modalities of treatment best suited to
individual patients. To compare the various treatment alternatives to
examine the prevention and progression of renal disease by morbidity,
mortality, and quality of life criteria.
4. To identify problems and opportunities for more focused
investigations of renal research issues currently unaddressed by the
consolidated data system.
5. To share data with other PHS agencies and HCFA for their use
in research analysis and program administration.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure from the record of an individual may be made to the
Department of Justice, or to a court or other tribunal, when (a) HHS,
or any component thereof; or (b) any HHS employee in his or her
official capacity; or (c) any HHS employee in his or her official
capacity where the Department of Justice (or HHS, where it is
authorized to do so) has agreed to represent the employee; or (d) the
United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
2. Disclosure may be made to a Congressional office from the
record of an individual in response to a written inquiry from the
Congressional office made at the written request of the individual.
3. Disclosure may be made to the HHS contractor for the purpose
of collating, analyzing, aggregating or otherwise refining or
processing records in this system for developing, modifying and/or
manipulating ADP software. Data would also be disclosed to
contractors incidental to consultation, programming, operation, user
assistance, or maintenance for an ADP or telecommunications systems
containing or supporting records in the system. The contractor shall
be required to maintain Privacy Act safeguards with respect to such
records.
4. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) Has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (C) Has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; (D) Has secured a written statement
attesting to the recipients understanding of, and willingness to
abide by these provisions.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Electronic medium; selected hard copy backup.
Retrievability:
Information will be retrieved by patient identification number
such as social security number and HCFA beneficiary ID. Individual
patient data provided only as noted above. Statistical data provided
as noted above and to the general public as part of periodic
published reports.
Safeguards:
A variety of safeguards are implemented for the various sets of
records in this system according to the sensitivity of the records:
1. Authorized Users: Regular access is limited to National
Institute of Diabetes and Digestive and Kidney Diseases (NIDDK), HCFA
and contract personnel who have a need for the data in performance of
their duties as determined by the system manager.
2. Physical Safeguards: Records are stored in areas where access
is restricted to areas where data are maintained and processed; data
tapes and hard copy data are stored in locked files in secured areas;
terminal access controlled by user ID and keywords; off-site data
backups in two locations--a remote area of the same building and a
separate building; and fire protection secured by Halon fire
extinguisher system and fire alarm system present in the computer
room.
3. Procedural Safeguards: Contractors who maintain records in
this system are instructed to make no further disclosure of the
records except as authorized by the system manager and permitted by
the Privacy Act.
Privacy Act requirements are specifically included in contracts
and in agreements with grantees or collaborators participating in
research activities supported by this system. HHS project directors,
contract officers, and project officers oversee compliance with these
requirements.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 3000-G-3(b), which allows
records to be kept as long as they are useful in scientific research.
Refer to the NIH Manual Chapter for specific disposition
instructions.
System manager(s) and address:
Epidemiology Program Director, National Institute of Diabetes and
Digestive and Kidney Diseases, Division of Kidney, Urologic and
Hematologic Diseases, 5333 Westbard Avenue, Westwood Building, Room
621, Bethesda, MD 20892.
Notification procedure:
To determine if a record exists, write to the system manager at
the address noted above. Provide notarized signature as proof of
identity. The request should include as much of the following
information as possible: (a) Full name; (b) title of project
individual participated in; and (c) approximate dates of
participation.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the system manager at the address specified under
Notification Procedure above and reasonably identify the record,
specify the information being contested, and state the corrective
action sought, with supporting information to show how the record is
inaccurate, incomplete, untimely, or irrelevant. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record source categories:
The majority of health, medical, fiscal and other demographic
information on patients and health care providers is from the end
stage renal disease program of the Health Care Financing
Administration (HCFA). Additional data comes from other HCFA Medicare
patient records, the National Death Index, and other sources of non-
Medicare ESRD patient records such as the NIH Continuous Ambulatory
Peritoneal Dialysis (CAPD) Registry, the United Network of Organ
Sharing (UNOS) transplant patients, the Veteran's Administration, and
the Indian Health Service.
Systems exempted from certain provisions of the act:
None.
09-25-0161
System name:
Administration: NIH Consultant File, HHS/NIH/CSR.
Security classification:
None.
System location:
This system of records is an umbrella system comprising separate
sets of records located in each of the NIH organizational components
or facilities of contractors of the NIH.
Center for Information Technology, Data Management Branch,
Building 12A, Room 4041B, National Institutes of Health, Bethesda, MD
20892.
Write to the appropriate system manager listed in Appendix I for
a list of current locations.
Categories of individuals covered by the system:
Consultants who provide the evaluation of extramural grants and
cooperative agreement applications and research contract proposals,
including the NIH Reviewers' Reserve and/or advise on policy.
Consultants who participate in NIH conferences, workshops, evaluation
projects and/or provide technical assistance at site locations
arranged by contractors.
Categories of records in the system:
Names, addresses, social security numbers, resumes, curricula
vitae (C.V.s), areas of expertise, gender, minority status, business
status, AREA-eligible status, publications, travel records, and
payment records for consultants.
Authority for maintenance of the system:
Section 301 of the Public Health Service Act, describing the
general powers and duties of the Public Health Service relating to
research and investigation, and Section 402 of the Public Health
Service Act, describing the appointment and authority of the Director
of the National Institutes of Health, (42 U.S.C. 241, 282 and 290aa).
Purpose(s):
This umbrella system comprises separate sets of records located
in each of the NIH organizational components or facilities of
contractors of the NIH. These records are used: (1) To identify and
select experts and consultants for program reviews and evaluations;
(2) To identify and select experts and consultants for the review of
special grant and cooperative agreement applications and research
contract proposals; (3) To obtain and pay consultants who participate
in NIH conferences, workshops, evaluation projects and/or provide
technical assistance at site locations arranged by contractors; and
(4) To provide necessary reports related to payment to the Internal
Revenue Service.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. Disclosure may be made to the Department of Justice or to a
court or other tribunal from this system of records, when (a) HHS, or
any component thereof; or (b) any HHS employee in his or her official
capacity; or (c) any HHS employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, court or other tribunal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
3. Disclosure may be made to contractors to process or refine the
records. Contracted services may include transcription, collation,
computer input, and other records processing.
4. Information in this system of records is used routinely to
prepare W-2 and 1099 Forms to submit to the Internal Revenue Service
and applicable state and local governments those items to be included
as income to an individual.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored in file folders, computer tapes and disks,
microfiche, and microfilm.
Retrievability:
Records are retrieved by name, expertise, gender, minority
status, business status, AREA-eligible status and experimental system
used.
Safeguards:
1. Authorized Users: Data on computer files is accessed by
keyword known only to authorized users who are PHS or contractor
employees involved in managing a review or program advisory
committee, conducting a review of extramural grant applications,
cooperative agreement applications, or research contract proposals,
performing an evaluation study or managing the consultant file.
Access to information is thus limited to those with a need to know.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use. During regular business hours rooms are unlocked but
are controlled by on-site personnel.
3. Procedural Safeguards: Names and other identifying particulars
are deleted when data from original records are encoded for analysis.
Data stored in computers is accessed through the use of keywords
known only to authorized users. Contractors who maintain records in
this system are instructed to make no further disclosure of the
records except as authorized by the system manager and permitted by
the Privacy Act.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1100-G. Refer to the NIH
Manual Chapter for specific disposition instructions.
System manager(s) and address:
The policy coordinator for this system is also the system manager
listed for the Center for Scientific Review (CSR).
Chief, Biochemical Sciences Initial Review Group, Division of
Molecular and Cellular Mechanisms, Center for Scientific Review,
Rockledge Centre II, Room 5150, 6701 Rockledge Drive, Bethesda,
Maryland 20817 and
See Appendix I.
Notification procedure:
To determine if a record exists, write to the appropriate system
manager as listed in Appendix I.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is whom he or she claims to be. The request should
include: (a) full name, and (b) appropriate dates of participation.
Record access procedures:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request listings of accountable disclosures that have been made of
their records, if any.
Contesting record procedure:
Contact the official under Notification Procedure above,
reasonably identify the record, specify the information to be
contested, and state the corrective action sought with supporting
information. The right to contest records is limited to information
which is incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Subject individual.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Managers
Office of the Director (OD), Extramural Programs Management
Officer, Building 31, Room 5B31, Bethesda, MD 20892.
National Center for Research Resources (NCRR), Director, Office
of Review, 6705 Rockledge Drive, Room 6018, Bethesda, MD 20892.
National Cancer Institute (NCI), Chief, Applied Information
Systems Branch, Executive Plaza North, Room 643, Bethesda, MD 20892.
National Eye Institute (NEI), Review and Special Projects
Officer, Executive Plaza South, Room 350, Bethesda, MD 20892.
National Heart, Lung, and Blood Institute (NHLBI), Chief, Review
Branch, Westwood Building, Room 557A, 5333 Westbard Avenue, Bethesda,
MD 20892.
National Institute on Aging (NIA), Chief, Scientific Review
Office, Gateway Building, Suite 2C212, 7201 Wisconsin Avenue,
Bethesda, MD 20892.
National Institute of Allergy and Infectious Diseases (NIAID),
Director, Scientific Review Program, Division of Extramural
Activities, Solar Bldg., Room 3C-16, 6003 Executive Blvd., Bethesda,
MD 20892.
National Institute of Child Health and Human Development (NICHD),
Director, Division of Scientific Review, 6100 Executive Boulevard,
Room 5E03H, Bethesda, MD 20892.
National Institute on Deafness and Other Communication Disorders
(NIDCD), Chief, Scientific Review Branch, Executive Plaza South, Room
400C, 6120 Executive Boulevard, Rockville, MD 20852.
National Institute of Diabetes and Digestive and Kidney Diseases
(NIDDK), Chief, Review Branch, Natcher Building, Room 6AS-37F,
Bethesda, MD 20892.
National Institute of Dental and Craniofacial Research (NIDCR),
Chief, Scientific Review Section, Natcher Building, Room 4AN-44F, 45
Center Drive, MSC 6402, Bethesda, MD 20892-6402.
National Institute of Environmental Health Sciences (NIEHS),
Chief, Scientific Review Branch, Division of Extramural Research and
Training, PO Box 12233, Research Triangle Park, NC 27709.
National Institute of General Medical Sciences (NIGMS), Chief,
Office of Scientific Review, Natcher Building, Room 1AS-13F,
Bethesda, MD 20892.
National Institute of Neurological Disorders and Stroke (NINDS),
Chief, Scientific Review Branch, Federal Building, Room 9C10A,
Bethesda, MD 20892.
National Institute of Nursing Research (NINR), Chief, Office of
Review, Natcher Building, Room 3AN24, MSC 6302, Bethesda, MD 20892-
6302.
National Library of Medicine (NLM), Extramural Programs,
Scientific Review Administrator, 6705 Rockledge Drive, Bethesda, MD
20817.
National Center for Human Genome Research (NCHGR), Chief, Office
of Scientific Review, Building 38A, Room 604, Bethesda, MD 20892.
National Institute of Mental Health, Committee Management
Officer, Division of Extramural Activities, 6100 Executive Blvd.,
Room 6133, Bethesda, MD 20892.
National Institute on Alcohol Abuse and Alcoholism, Committee
Management Officer, Willco Building, Suite 504, 6000 Executive Blvd,
MSC 7003, Bethesda, MD 20892-7003.
National Institute on Alcohol Abuse and Alcoholism, Deputy
Director, Office of Scientific Affairs, Willco Building, Suite 409,
6000 Executive Blvd., MSC 7003, Bethesda, MD 20892-7003.
National Institute on Drug Abuse, Office of Extramural Program
Review, Neuroscience Center, 6001 Executive Blvd., Room 3158,
Bethesda, MD 20892.
09-25-0165
System name:
National Institutes of Health (NIH) Office of Loan Repayment and
Scholarship (OLRS) Records System, HHS/NIH/OD.
Security classification:
None.
System location:
Office of Loan Repayment and Scholarship (OLRS), National
Institutes of Health, 7550 Wisconsin Avenue, Rooms 604 & B1-16,
Bethesda, Maryland 20814-9121.
See Appendix I for a listing of NIH offices responsible for
administration of the NIH LRSPs. Write to the System Manager at the
address below for the address of any Federal Records Center where
records from this system may be stored.
Categories of individuals covered by the system:
Individuals who have applied for, who have been approved to
receive, who are receiving, or who have received funds under the NIH
LRSPs; and individuals who are interested in participation in the NIH
LRSPs.
Categories of records in the system:
Name, address, Social Security number (SSN), program application
and associated forms, service pay-back obligations, employment data,
professional performance and credentialing history of licensed health
professionals; personal, professional, and demographic background
information; academic and research progress reports (which include
related data, correspondence, and professional performance
information consisting of continuing education, performance awards,
and adverse or disciplinary actions); standard school budgets;
financial data including loan balances, deferment, forbearance, and
repayment/delinquent/default status information; commercial credit
reports; educational data including tuition and other related
educational expenses; educational data including academic program and
status; employment status verification (which includes certifications
and verifications of continuing participation in qualified research);
Federal, State and local tax related information, including copies of
tax returns.
Authority for maintenance of the system:
Sections 487A-E (42 U.S.C. 288-1, 288-2, 288-3, 288-4, 288-5) of
the PHS Act, as amended, authorize the NIH to establish and implement
(a) multiple programs of educational loan repayment for qualified
health professionals who agree to conduct research, subject to each
program's specific statutory requirements; and (b) a scholarship
program for undergraduates who agree to pursue academic programs
appropriate for careers in professions needed by the NIH and who
agree to serve as NIH employees. The provisions of subpart III of
part D of title III of the PHS Act (42 U.S.C. 254l et seq.), as
amended, governing the National Health Service Corps (NHSC) loan
repayment and scholarship programs, are incorporated in these
authorities, except as inconsistent with Sections 487A-E. The
Internal Revenue Code at 26 U.S.C. 6109 requires the provision of the
SSN for the receipt of loan repayment and scholarship funds under the
NIH LRSPs. The Federal Debt Collection Procedures Act of 1990, Public
Law 101-647 (28 U.S.C. 3201) requires that an individual who has a
judgement lien against his/her property for a debt to the United
States shall not be eligible to receive funds directly from the
Federal Government in any program, except funds to which the debtor
is entitled as a beneficiary, until the judgement is paid in full or
otherwise satisfied. Thus, individuals applying to the LRSPs are
required to disclose in their applications whether they have a
judgement lien against them arising from a debt to the United States.
Purpose(s):
These records are used to: (1) Identify and select applicants for
the NIH LRSPs; (2) monitor loan repayment and scholarship activities,
such as payment tracking, academic status and performance, research
and related services, deferment of service obligation, and default;
and (3) assist NIH officials in the collection of overdue debts owed
under the NIH LRSPs. Records may be transferred to System No. 09-15-
0045, ``Health Resources and Services Administration Loan Repayment/
Debt Management Records System, HHS/HRSA/OA,'' for debt collection
purposes when NIH officials are unable to collect overdue debts owed
under the NIH LRSPs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a Member of Congress or to a
Congressional staff member in response to an inquiry of the
Congressional office made at the written request of the constituent
about whom the record is maintained.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal when: (a) HHS or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the
[[Page 3969]]
United States Government, is a party to litigation or has an interest
in such litigation, and by careful review, HHS determines that the
records are both relevant and necessary to the litigation and the use
of such records by the Department of Justice is therefore deemed by
HHS to be for a purpose that is compatible with the purpose for which
the records were collected.
3. When a record on its face, or in conjunction with other
records, indicates a violation or potential violation of law, whether
civil, criminal or regulatory in nature, and whether arising by
general statute or particular program statute, or by regulation,
rule, or order issued pursuant thereto, disclosure may be made to the
appropriate agency, whether Federal, foreign, State, local, or
tribal, or other public authority responsible for enforcing,
investigating or prosecuting such violation or charged with enforcing
or implementing the statute, or rule, regulation, or order issued
pursuant thereto, if the information disclosed is relevant to any
enforcement, regulatory, investigative or prosecutive responsibility
of the receiving entity.
4. The NIH may disclose records to HHS contractors and
subcontractors for the purpose of collecting, compiling, aggregating,
analyzing, or refining records in the system. Contractors maintain,
and are also required to ensure that subcontractors maintain, Privacy
Act safeguards with respect to such records.
5. The NIH may disclose information from this system of records
to private parties such as present and former employers, references
listed on applications and associated forms, other references and
educational institutions. The purpose of such disclosures is to
evaluate an individual's professional and or academic accomplishments
and plans, performance, credentials, and educational background, and
to determine if an applicant is suitable for participation in the NIH
LRSPs.
6. The NIH will disclose information from this system of records
to a consumer reporting agency (credit bureau) to obtain an applicant
or participant's commercial credit report for the following purposes:
(1) To establish his/her creditworthiness; (2) To assess and verify
his/her ability to repay debts owed to the Federal Government; and
(3) To determine and verify the eligibility of loans submitted for
repayment. Disclosures are limited to the individual's name, address,
Social Security number and other information necessary to identify
him/her; the funding being sought or amount and status of the debt;
and the program under which the applicant or claim is being
processed.
7. The NIH may disclose from this system of records a delinquent
debtor's or a defaulting participant's name, address, Social Security
number, and other information necessary to identify him/her; the
amount, status, and history of the claim, and the agency or program
under which the claim arose, as follows:
a. To another Federal agency so that agency can effect a salary
offset for debts owed by Federal employees; if the claim arose under
the Social Security Act, the employee must have agreed in writing to
the salary offset.
b. To another Federal agency so that agency can effect an
authorized administrative offset; i.e., withhold money, other than
Federal salaries, payable to or held on behalf of the individual.
c. To the Treasury Department, Internal Revenue Service (IRS), to
request an individual's current mailing address to locate him/her for
purposes of either collecting or compromising a debt, or to have a
commercial credit report prepared.
8. The NIH may disclose information from this system of records
to another agency that has asked the HHS to effect a salary or
administrative offset to help collect a debt owed to the United
States. Disclosure is limited to the individual's name, address,
Social Security number, and other information necessary to identify
the individual, information about the money payable to or held for
the individual, and other information concerning the offset.
9. The NIH may disclose to the IRS information about an
individual applying for any NIH loan repayment or scholarship program
authorized by the Public Health Service Act to find out whether the
applicant has a delinquent tax account. This disclosure is for the
sole purpose of determining the applicant's creditworthiness and is
limited to the individual's name, address, Social Security number,
other information necessary to identify him/her, and the program for
which the information is being obtained.
10. The NIH may report to the IRS, as taxable income, the
written-off amount of a debt owed by an individual to the Federal
Government when a debt becomes partly or wholly uncollectible, either
because the time period for collection under statute or regulations
has expired, or because the Government agrees with the individual to
forgive or compromise the debt.
11. The NIH may disclose to debt collection agents, other Federal
agencies, and other third parties who are authorized to collect a
Federal debt, information necessary to identify a delinquent debtor
or a defaulting participant. Disclosure will be limited to the
individual's name, address, Social Security number, and other
information necessary to identify him/her; the amount, status, and
history of the claim, and the agency or program under which the claim
arose.
12. The NIH may disclose information from this system of records
to any third party that may have information about a delinquent
debtor's or a defaulting participant's current address, such as a
U.S. post office, a State motor vehicle administration, a
professional organization, an alumni association, etc., for the
purpose of obtaining the individual's current address. This
disclosure will be strictly limited to information necessary to
identify the individual, without any reference to the reason for the
agency's need for obtaining the current address.
13. The NIH may disclose information from this system of records
to other Federal agencies that also provide loan repayment or
scholarship at the request of these Federal agencies in conjunction
with a matching program conducted by these Federal agencies to detect
or curtail fraud and abuse in Federal loan repayment or scholarship
programs, and to collect delinquent loans or benefit payments owed to
the Federal Government.
14. The NIH will disclose from this system of records to the
Department of Treasury, IRS: (1) A delinquent debtor's or a
defaulting participant's name, address, Social Security number, and
other information necessary to identify the individual; (2) the
amount of the debt; and (3) the program under which the debt arose,
so that the IRS can offset against the debt any income tax refunds
which may be due to the individual.
15. The NIH may disclose information provided by a lender or
educational institution to other Federal agencies, debt collection
agents, and other third parties who are authorized to collect a
Federal debt. The purpose of this disclosure is to identify an
individual who is delinquent in loan or benefit payments owed to the
Federal Government and the nature of the debt.
16. The NIH will disclose records consisting of names,
disciplines, current mailing addresses, and dates of scholarship
support and dates of graduation of scholarship recipients to: (a)
Designated coordinators at each school participating in the
scholarship program for the purpose of determining educational
expenses and resulting levels of scholarship support, and for the
purpose of guiding and informing these recipients about the nature of
their
[[Page 3970]]
service obligations to the NIH; and (b) medical and graduate schools,
attended by UGSP scholars who have elected to defer their service
obligation, for the purpose of determining their academic status and
verifying the validity of the NIH UGSP service deferment.
17. The NIH may disclose records to HHS contractors and
subcontractors for the purpose of recruiting, screening, and matching
health professionals for NIH employment in qualified research
positions under the NIH LRSPs. In addition, HHS contractors and
subcontractors: (1) May disclose biographic data and information
supplied by potential applicants (a) to references listed on
application and associated forms for the purpose of evaluating the
applicant's professional qualifications, experience, and suitability,
and (b) to a State or local government medical licensing board and/or
to the Federation of State Medical Boards or a similar nongovernment
entity for the purpose of verifying that all claimed background and
employment data are valid and all claimed credentials are current and
in good standing; (2) may disclose biographic data and information
supplied by references listed on application and associated forms to
other references for the purpose of inquiring into the applicant's
professional qualifications and suitability; and (3) may disclose
professional suitability evaluation information to NIH officials for
the purpose of appraising the applicant's professional qualifications
and suitability for participation in the NIH LRSPs. Contractors
maintain, and are also required to ensure that subcontractors
maintain, Privacy Act safeguards with respect to such records.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Federal Claims Collection Act of 1966, as amended (31 U.S.C.
3701(a)(3)). The purposes of these disclosures are: (1) To provide an
incentive for debtors to repay delinquent debts to the Federal
Government by making these debts part of their credit records, and
(2) to enable NIH to improve the quality of loan repayment and
scholarship decisions by taking into account the financial
reliability of applicants, including obtaining a commercial credit
report to assess and verify the ability of an individual to repay
debts owed to the Federal Government. Disclosure of records will be
limited to the individual's name, Social Security number, and other
information necessary to establish the identity of the individual,
the amount, status, and history of the claim, and the agency or
program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, file cards, microfiche
and electronic media, including computer tape, discs, servers
connected to local area networks, and Internet servers.
Retrievability:
Records are retrieved by name, NIH Institutes and Centers, Social
Security number, or other identifying numbers or characteristics.
Safeguards:
1. Authorized Users: Access to information is limited to
authorized personnel in the performance of their duties. Authorized
personnel include system managers and their staffs, NIH OLRS
officials and staff, financial, fiscal and records management
personnel, legal personnel, computer personnel, and NIH contractors
and subcontractors--all of whom are responsible for administering the
NIH LRSPs.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use. During regular business hours rooms are unlocked but
are controlled by on-site personnel. Security guards perform random
checks on the physical security of the storage locations after duty
hours, including weekends and holidays.
3. Procedural and Technical Safeguards: A password is required to
access the terminal and a data set name controls the release of data
to only authorized users. All users of personal information in
connection with the performance of their jobs (see Authorized Users,
above) protect information from public view and from unauthorized
personnel entering an unsupervised office. Data on local area network
computer files is accessed by keyword known only to authorized
personnel. Codes by which automated files may be accessed are changed
periodically. This procedure also includes deletion of access codes
when employees or contractors leave. New employees and contractors
are briefed and the security department is notified of all staff
members and contractors authorized to be in secured areas during
working and nonworking hours. This list is revised as necessary.
Individuals remotely accessing the secured areas of the OLRS Internet
sites have separate accounts and passwords. Passwords are assigned by
project staff and may include both alphabetic and non-alphabetic
characters. These practices are in compliance with the standards of
Chapter 45-13 of the HHS General Administration Manual,
``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the Department's Automated
Information System Security Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-537-1. Participant case
files are transferred to a Federal Records Center one year after
closeout and destroyed five years later. Closeout is the process by
which it is determined that all applicable administrative actions and
disbursements of benefits have been completed by the OLRS and service
obligations have been completed by the participant. Applicant case
files are destroyed three years after disapproval or withdrawal of
their application. Appeal and litigation case files are destroyed six
years after the calendar year in which the case is closed. Other
copies of these files are destroyed two years after the calendar year
in which the case is closed.
System manager(s) and address:
Director, Office of Loan Repayment and Scholarship, National
Institutes of Health, 7550 Wisconsin Avenue, Room 604, Bethesda,
Maryland 20814-9121.
Notification procedure:
To determine if a record exists, write to the System Manager
listed above. A written request must contain the name and address of
the requester, Social Security number, and his/her signature which is
either notarized to verify his/her identity or includes a written
certification that the requester is the person he/she claims to be
and that he/she understands that the knowing and willful request or
acquisition of records pertaining to an individual under false
pretenses is a criminal offense subject to a $5,000 fine. In
addition, the following information is needed: dates of enrollment in
the NIH LRSPs and current enrollment status, such as pending
application approval or approved for participation.
An individual who appears in person at a specific location
seeking access to or disclosure of records relating to him/her shall
provide his/her name, current address, Social Security number, dates
of enrollment in an NIH loan repayment or scholarship program, and at
least one piece of tangible identification, such as driver's license,
passport, or voter registration card. Identification papers with
current photographs are preferred but not required. If an individual
has no identification papers but is personally known to an agency
employee, such employees shall make a written record verifying the
individual's identity. Where the individual has no identification
papers, the responsible agency official shall require that the
individual certify in writing that he/she is the individual who he/
she claims to be and that he/she understands that the knowing and
willful request or acquisition of a record concerning an individual
under false pretenses is a criminal offense subject to a $5,000 fine.
Since positive identification of the caller or sender cannot be
established, telephone and electronic mail requests are not honored.
Record access procedures:
Write to the System Manager specified above to attain access to
records and provide the same information as is required under the
Notification Procedures. Requesters should also reasonably specify
the record contents being sought. Individuals may also request an
accounting of disclosures of their records, if any.
Contesting record procedures:
Contact the System Manager specified above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and your reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely or irrelevant. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Subject individual; participating lending and loan servicing
institutions; educational institutions; other Federal agencies;
consumer reporting agencies/credit bureaus; and third parties that
provide references concerning the subject individual.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Locations
Office of Loan Repayment and Scholarship, National
Institutes of Health, 7550 Wisconsin Avenue, Room 604,
Bethesda, Maryland 20814-9121
Center for Information Technology, National Institutes
of Health, Building 12A, Room 1011, 9000 Rockville
Pike, Bethesda, Maryland 20892
Clinical Center, National Institutes of Health, 6100
Executive Boulevard, Room 3E01, Bethesda, MD 20892-7509
National Cancer Institute, National Institutes of
Health, Building 31, Room 11A19, 9000 Rockville Pike,
Bethesda, MD 20892-2590
National Heart, Lung, and Blood Institute, National
Institutes of Health, Building 10, Room 7N220, 9000
Rockville Pike, Bethesda, MD 20892-1670
National Institute of Dental and Craniofacial Research,
National Institutes of Health, Building 31, Room 2C23,
9000 Rockville Pike, Bethesda, MD 20892-2290
National Institute of Diabetes and Digestive and Kidney
Diseases, National Institutes of Health, Building 10,
Room 9N222, 9000 Rockville Pike, Bethesda, MD 20892-
1818
National Institute of Neurological Disorders and
Stroke, National Institutes of Health, Building 10,
Room 5N220, 9000 Rockville Pike, Bethesda, MD 20892-
4152
National Institute of Allergy and Infectious Diseases,
National Institutes of Health, Building 31, Room 7A05,
9000 Rockville Pike, Bethesda, MD 20892-2520
National Institute of Mental Health, National
Institutes of Health, Building 10, Room 4N222, 9000
Rockville Pike, Bethesda, MD 20892
National Institute of General Medical Sciences,
Pharmacological Sciences Program, National Institutes
of Health, Building 45, Room 2AS-43, 9000 Rockville
Pike, Bethesda, MD 20892-6200
National Institute of Child Health and Human
Development, National Institutes of Health, Building
31, Room 2A25, 9000 Rockville Pike, Bethesda, MD 20892
National Institute of Child Health and Human
Development, National Institutes of Health, Building
61E, Room 8B01A, Bethesda, MD 20892
National Eye Institute, National Institutes of Health,
Building 10, Room 10N202, 9000 Rockville Pike,
Bethesda, MD 20892-1858
National Institute of Environmental Health Sciences,
National Institutes of Health, South Campus, Building
101, Room A-210, 111 Alexander Drive, Research Triangle
Park, NC 27709
National Institute on Aging, Gerontology Research
Center, National Institutes of Health, 4940 Eastern
Avenue, Baltimore, MD 21224
National Institute of Arthritis and Musculoskeletal and
Skin Diseases, National Institutes of Health, Building
45, Room 5AN40, 9000 Rockville Pike, Bethesda, MD 20892
National Institute of Deafness and Communication
Disorders, National Institutes of Health, Building 31,
Room 3C02, 9000 Rockville Pike, Bethesda, MD 20892-2320
National Institute on Drug Abuse, National Institutes
of Health, Parklawn Building, Room 9A30, 5600 Fishers
Lane, Rockville, MD 20857
National Center for Research Resources, National
Institutes of Health, One Rockledge Center, Room 6070,
6705 Rockledge Drive, Bethesda, MD 20892-7965
National Institute for Nursing Research, National
Institutes of Health, Building 31, Room 5B25, 9000
Rockville Pike, Bethesda, MD 20892-2178
National Institute on Alcohol Abuse and Alcoholism,
National Institutes of Health, Building 31, Room 1B58,
9000 Rockville Pike, Bethesda, MD 20892-2088
National Human Genome Research Institute, National
Institutes of Health, 49 Covent Drive, Building 49,
Room 4A06, 9000 Rockville Pike, Bethesda, MD 20892-4470
Office of Financial Management, National Institutes of
Health, Building 31, Room B1B47, 9000 Rockville Pike,
Bethesda, Maryland 20892
09-25-0166
System name:
Administration: Radiation and Occupational Safety and Health
Management Information Systems, HHS/NIH/ORS.
Security classification:
None.
System location:
Radiation Safety Branch (RSB), Division of Safety, Office of
Research Services, NIH, Building 21, Room 134, 9000 Rockville Pike,
Bethesda, MD 20892.
Occupational Safety and Health Branch (OSHB), Division of Safety,
National Institutes of Health, Building 13, Room 3K04, 9000 Rockville
Pike, Bethesda, Maryland 20892.
Write to appropriate system manager at the address below for the
address of contractor locations, including the address of any Federal
Records Center where records from this system may be stored.
Categories of individuals covered by the system:
Radiation Safety Branch (RSB): NIH employees using radioactive
materials or radiation producing machinery, contractor employees who
provide service to the Radiation Safety Branch, and any other
individuals who could potentially be exposed to radiation or
radioactivity as a result of NIH operations and who, therefore, must
be monitored in accordance with applicable regulations.
Occupational Safety and Health Branch (OSHB): Individuals
(including NIH employees and NIH service contract employees) who use
or come into contact with potentially hazardous biological or
chemical materials, and participants of occupational safety and
health monitoring/surveillance programs.
Categories of records in the system:
Employee name, title, organizational affiliation, birth date,
social security number (optional), work address, work telephone
number, name of supervisor, and other necessary employment
information; radiation/occupational safety and health training
information; medical and technical information pertaining to safety
and health related initiatives; research protocols and other related
documents used to monitor and track radiation exposure and exposure
to potentially hazardous biological or chemical materials; radiation
materials usage data; and incident data.
Authority for maintenance of the system:
42 U.S.C. 241, regarding the general powers and duties of the
Public Health Service relating to research and investigation; 5
U.S.C. 7902 regarding agency safety programs; and 42 U.S.C. 2201,
regarding general duties of the Nuclear Regulatory Commission
including the setting of standards to cover the possession and use of
nuclear materials in order to protect health.
Purpose(s):
1. To provide adequate administrative controls to assure
compliance with internal NIH policies, and applicable regulations of
the Occupational Safety and Health Administration (OSHA), Department
of Labor, and other Federal and/or State agencies which may establish
health and safety requirements or standards. Ensure legal compliance
with requirements of Nuclear Regulatory Commission to maintain
internal and external radiation exposure data.
2. To identify, evaluate and monitor use or contact (including
incident follow-up) with:
a. Radiation (exposure maintained at lowest levels reasonable);
b. Biological and/or chemical (potentially hazardous materials).
3. To monitor, track, and assess the use of personal protective
equipment in the work place to ensure availability, effectiveness,
and proper maintenance.
4. To address emergent safety and health issues or concerns.
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. Disclosure may be made to the Department of Justice or to a
court or other tribunal from this system of records, when (a) HHS, or
any component thereof; or (b) any HHS employee in his or her official
capacity; or (c) any HHS employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) the United States of
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, court or other tribunal
is relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
3. Disclosure may be made to contractors for the purpose of
processing or refining the records. Contracted services may include
monitoring, testing, sampling, surveying, evaluating, transcription,
collation, computer input, and other records processing. The
contractor shall be required to maintain Privacy Act safeguards with
respect to such records.
4. Disclosure may be made to: (a) Officials of the United States
Nuclear Regulatory Commission which, by Federal regulation, licenses,
inspects and enforces the regulations governing the use of
radioactive materials; and (b) OSHA, which provides oversight to
ensure that safe and healthful work conditions are maintained for
employees. Disclosure will also be permitted to other Federal and/or
State agencies which may establish health and safety requirements or
standards.
5. Radiation exposure and/or training and experience history may
be transferred to new employer.
6. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (C) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (a) in
emergency circumstances affecting the health or safety of any
individual, (b) for use in another research project, under these same
conditions, and with written authorization of the Department, (c) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(d) when required by law; (D) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file cabinets or in computer databases
maintained by the RSB and OSHB. Records may be stored in file
folders, binders, magnetic tapes, magnetic disks, optical disks, and/
or other types of data storage devices.
Retrievability:
Records are retrieved by name, social security number, office
address, or unique RSB or OSHB assigned identification number.
Safeguards:
1. Authorized Users: Employees who maintain this system are
instructed to grant regular access only to RSB/OSHB staff, authorized
contractor personnel, U.S. Nuclear Regulatory Commission Inspectors,
Radiation Safety Committee Members, Biosafety Committee members, and
other appropriate NIH administrative and management personnel with a
need to know. Access to information is thus limited to those with a
need to know.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use. During regular business hours, rooms are unlocked
but are controlled by on-site personnel. Individually identifiable
records are kept in locked file cabinets or rooms under the direct
control of the Project Director.
3. Procedural Safeguards: Names and other identifying particulars
are deleted when data from original records are encoded for analysis.
Data stored in computers is accessed through the use of keywords
known only to authorized users. All users of personal information in
connection with the performance of their jobs (see Authorized Users,
above) will protect information from public view and from
unauthorized personnel entering an unsupervised office. The computer
terminals are in secured areas and keywords needed to access data
files will be changed frequently.
4. Additional RSB Technical Safeguards: Computerized records are
accessible only through a series of code or keyword commands
available from and under direct control of the Project Director or
his/her delegated representatives. The computer records are secured
by a multiple level security system which is capable of controlling
access to the individual data field level. Persons having access to
the computer database can be restricted to a confined application
which only permits a narrow ``view'' of the data. Data on computer
files is accessed by keyword known only to authorized users who are
NIH or contractor employees involved in work for the program.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361): item 1300-B which applies to
Division of Safety records. Refer to the NIH Manual Chapter for
specific disposition instructions. Radiation exposure records are
retained under item 1300-B-10, which does not allow disposal at this
time.
System manager(s) and address:
Assistant Chief, Information Technology, Radiation Safety Branch,
DS, ORS, Building 21, Room 134, 9000 Rockville Pike, Bethesda,
Maryland 20892.
Chief, Occupational Safety and Health Branch, Division of Safety,
National Institutes of Health, Building 13, Room 3K04, 9000 Rockville
Pike, Bethesda, Maryland 20892.
Notification procedure:
To determine if a record exists, write to the appropriate system
manager as listed above.
The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is whom he or she claims to be. The request should
include: (a) Full name, and (b) appropriate dates of participation.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request an accounting of disclosure of their records, if any.
Contesting record procedur:
Contact the appropriate system manager specified above and
reasonably identify the record, specify the information to be
contested, and state the corrective action sought with supporting
documentation. The right to contest records is limited to information
which is incomplete, irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Information is obtained from the subject individual, previous
employers and educational institutions, contractors, safety and
health monitoring/surveillance records, employee interviews, site
visits, or other relevant NIH organizational components.
Systems exempted from certain provisions of the act:
None.
09-25-0167
System name:
National Institutes of Health (NIH) TRANSHARE Program, HHS/NIH/
OD.
Security classification:
None.
System location:
Employee Transportation Services Office (ETSO), National
Institutes of Health, Building 31, Room B3B08, 9000 Rockville Pike,
Bethesda, MD 20892.
Recreation and Welfare Association Activities Desk, National
Institutes of Health, Building 31, Room B1W30A, 9000 Rockville Pike,
Bethesda, MD 20892.
Categories of individuals covered by the system:
NIH employees who apply for and participate in the NIH TRANSHARE
Program.
Categories of records in the system:
Name, home address, parking hanger permit number, unique computer
identification number, NIH TRANSHARE commuter card number, NIH pay
plan, grade level, office phone number, building and room, Institute/
Center designation, name of supervisor, commute mode to work, and
type of fare media used.
Authority for maintenance of the system:
Section 629 of Pub. L. 101-509, ``State or Local Government
Programs Encouraging Employee Use of Public Transportation; Federal
Agency Participation,'' found at 5 U.S.C. note prec. section 7901.
Purpose(s):
1. To manage the NIH TRANSHARE Program, including receipt and
processing of employee applications, and coordination of the fare
media distribution to employees.
2. To monitor the use of appropriated funds used to support the
NIH TRANSHARE Program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation, and
HHS determines that the use of such records by the Department of
Justice, court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. NIH may disclose applicant's name, unique computer
identification number, NIH TRANSHARE commuter card number, and type
of participant's fare media to be disbursed to cashiers of the
Recreation and Welfare Association of the National Institutes of
Health, Inc. (R&W Association) who are responsible for distribution
of fare media. Cashiers are required to maintain Privacy Act
safeguards with respect to such records.
4. Disclosure may be made to organizations deemed qualified by
the Secretary to carry out quality assessments or utilization review.
5. NIH may disclose statistical reports containing information
from this system of records to city, county, State, and Federal
Government agencies (including the General Accounting Office).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders and computer disks.
Retrievability:
Records are retrieved by name and NIH TRANSHARE commuter card
number.
Safeguards:
1. Authorized Users: Data on computer files is accessed by
keyword known only to authorized users who are ETSO employees and
cashiers of the R&W Association who are responsible for implementing
the Program. Cashier access will be limited to applicant's name,
unique computer identification number, NIH TRANSHARE computer card
number, and type of fare media disbursed. Access to information is
thus limited to those with a need to know.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use. During regular business hours, rooms are unlocked
but are controlled by on-site personnel.
3. Procedural and Technical Safeguards: A password is required to
access the terminal, and a data set name controls the release of data
to only authorized users. All users of personal information in
connection with the performance of their jobs (see Authorized Users,
above) protect information from public view and from unauthorized
personnel entering an unsupervised office.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1500-A-3. Records are
retained for a maximum of two years following the last month of an
employee's participation in the NIH TRANSHARE Program. Paper copies
are destroyed by shredding. Computer files are destroyed by deleting
the record from the file.
System manager(s) and address:
Traffic Management Specialist, Employee Transportation Service
Officer, Division of Security Operations, National Institutes of
Health, Building 31, Room B3B08, 9000 Rockville Pike, Bethesda, MD
20892.
Notification procedure:
To determine if a record exists, write to the system manager
listed above. The requester must also verify his or her identity by
providing either a notarization of the request or a written
certification that the requester is who he or she claims to be. The
request should include: (a) Full name, and (b) appropriate dates of
participation. The requester must also understand that the knowing
and willful request for acquisition of a record pertaining to an
individual under false pretenses is a criminal offense under the Act,
subject to a five thousand dollar fine.
Record access procedure:
Write to the system manager specified above to attain access to
records and provide the same information as is required under the
Notification Procedure. Requesters should also reasonably specify the
record contents being sought. Individuals may also request an
accounting of disclosure of their records, if any.
Contesting record procedure:
Contact the system manager specified above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and your reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely or irrelevant. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Subject individual.
Systems exempted from certain provisions of the act:
None.
09-25-0168
System name:
Invention, Patent, and Licensing Documents Submitted to the
Public Health Service by its Employees, Grantees, Fellowship
Recipients, and Contractors, HHS/PHS/FDA/NIH/OTT.
Security classification:
None.
System location:
Office of Technology Transfer, National Institutes of Health,
6011 Executive Boulevard, Third Floor, Room 325, Rockville, MD 20852.
Office of Financial Management (OFM), National Institutes of
Health, Building 31, Room B1B55, 9000 Rockville Pike, Bethesda,
Maryland 20892.
Office of Reports and Analysis, Office of Extramural Research,
National Institutes of Health, Building 1, Room 252, 1 Center Drive,
Bethesda, MD 20892-2184.
Public Health Service (PHS) Technology Development Coordinators
and PHS Contract Attorneys retain files supplemental to the records
maintained by the Office of Technology Transfer. Write to the system
manager at the address below for office locations.
Categories of individuals covered by the system:
PHS employees, grantees, fellowship recipients and contractors
who have reported inventions, applied for patents, have been granted
patents, and/or are receiving royalties from patents.
Categories of records in the system:
Inventor name, address, social security number (required if
inventor is receiving royalties, otherwise optional), title and
description of the invention, Employee Invention Report (EIR) number,
Case/Serial Number, prior art related to the invention, evaluation of
the commercial potential of the invention, prospective licensees'
intended development of the invention, associated patent prosecution
and licensing documents and royalty payment information.
Authority for maintenance of the system:
35 U.S.C. 200 and 15 U.S.C. 3710 provide authority to maintain
the records; 37 CFR part 401 ``Rights to Inventions Made by Nonprofit
Organizations and Small Business Firms under Government Grants,
Contracts, and Cooperative Agreements;'' 37 CFR part 404 ``Licensing
of Government Owned Inventions;'' and 45 CFR part 7 ``Employee
Inventions.''
Purpose(s):
Records in this system are used to: (1) Obtain patent protection
of inventions submitted by PHS employees; (2) monitor the development
of inventions made by grantees, fellowship recipients and contractors
and protect the government rights to patents made with NIH support;
(3) grant licenses to patents obtained through the invention reports;
and (4) provide royalty payments to PHS inventors, non-government
contractors, and nonprofit and educational institutions.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. Disclosure may be made to the Department of Justice or to a
court or other tribunal from this system of records, when (a) HHS, or
any component thereof; or (b) any HHS employee in his or her official
capacity; or (c) any HHS employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) the United States or
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, court or other tribunal
is relevant and necessary to the litigation and would help in the
effective representation of the governmental party provided, however,
that in each case HHS determines that such disclosure is compatible
with the purpose for which the records were collected. Disclosure may
also be made to the Department of Justice to obtain legal advice
concerning issues raised by the records in this system.
3. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State, or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
4. NIH may disclose records to Department contractors and
subcontractors for the purpose of collecting, compiling, aggregating,
analyzing, or refining records in the system. Contractors maintain,
and are also required to ensure that subcontractors maintain, Privacy
Act safeguards with respect to such records.
5. NIH may disclose information from this system of records for
the purpose of obtaining patent protection for PHS inventions and
licenses for these patents to: (a) Scientific personnel, both in this
agency and other Government agencies, and in non-Governmental
organizations such as universities, who possess the expertise to
understand the invention and evaluate its importance as a scientific
advance; (b) contract patent counsel and their employees and foreign
contract personnel retained by the Department for patent searching
and prosecution in both the United States and foreign patent offices;
(c) all other Government agencies whom PHS contacts regarding the
possible use, interest in, or ownership rights in PHS inventions; (d)
prospective licensees or technology finders who may further make the
invention available to the public through sale or use; (e) parties,
such as supervisors of inventors, whom PHS contacts to determine
ownership rights, and those parties contacting PHS to determine the
Government's ownership; and (f) the United States and foreign patent
offices involved in the filing of PHS patent applications.
6. NIH will report to the Treasury Department, Internal Revenue
Service (IRS), as taxable income, the amount of royalty payment paid
to PHS inventors.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records will be stored in file folders, computer tapes and
computer disks.
Retrievability:
Records are retrieved by name of the inventor, EIR number, or
keywords relating to the nature of the invention, Case/Serial Number,
Licensing Number, internal reference numbers, contractor, agency,
Institute, and/or Center.
Safeguards:
1. Authorized Users: Data on computer files is accessed by
password known only to authorized users who are NIH or contractor
employees involved in patenting and licensing of PHS inventions.
Access to information is thus limited to those with a need to know.
2. Physical Safeguards: Records are stored in a dedicated file
room or in locking file cabinets in file folders. During normal
business hours, OTT Records Management on-site contractor personnel
regulate availability of the files. During evening and weekend hours
the offices are locked and the building is closed.
3. Procedural and Technical Safeguards: Data stored in computers
will be accessed through the use of passwords known only to the
authorized users. A password is required to access the database. All
users of personal information in connection with the performance of
their jobs (see Authorized Users, above) protect information,
including confidential business information submitted by potential
licensees, from public view and from unauthorized personnel entering
an unsupervised office.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 1100-L, which allows records
to be kept for a maximum of thirty years. Refer to the NIH Manual
Chapter for specific disposition instructions.
System manager(s) and address:
Acting Director for Administrative Services, Office of Technology
Transfer, National Institutes of Health, 6011 Executive Boulevard,
Third Floor, Room 325, Rockville, Maryland 20852.
Office of Reports and Analysis, Office of Extramural Research,
National Institutes of Health, Building 1, Room 252, 1 Center Drive,
Bethesda, MD 20892-2184.
Notification procedure:
To determine if a record exists, write to the system manager
listed above. The requester must also verify his or her identity by
providing either a notarization of the request or a written
certification that the requester is who he or she claims to be and
understands that the knowing and willful request for acquisition of a
record pertaining to an individual under false pretenses is a
criminal offense under the Act, subject to a five thousand dollar
fine. The request should include: (a) Full name, and (b) appropriate
identifying information on the nature of the invention.
Record access procedure:
Write to the system manager specified above to attain access to
records and provide the same information as is required under the
Notification Procedure. Requesters should also reasonably specify the
record contents being sought. Individuals may also request an
accounting of disclosure of their records, if any.
Contesting record procedure:
Contact the system manager specified above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and your reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely or irrelevant. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Inventors and other collaborating persons, grantees, fellowship
recipients and contractors; other Federal agencies; scientific
experts from non-Government organizations; contract patent counsel
and their employees and foreign contract personnel; United States and
foreign patent offices; prospective licensees; PHS Technology
Development Coordinators, Internet and commercial databases, and
third parties whom PHS contacts to determine individual invention
ownership or Government ownership.
Systems exempted from certain provisions of the act:
None.
09-25-0169
System name:
Medical Staff-Credentials Files, HHS/NIH/CC.
Security classification:
None.
System location:
Medical Record Department, National Institutes of Health, 10
Center Drive, MSC 1192, Bethesda, MD 20892-1192.
Write to the system manager at the address below for a list of
Contractor locations, including the address of any Federal Records
Center where records from this system may be stored.
Categories of individuals covered by the system:
Individuals who have been approved as members of the medical
staff at the Warren G. Magnuson Clinical Center.
Categories of records in the system:
Medical staff names, date of birth, home address and telephone
number, office address and telephone number, citizenship, visa
information, appointment date, hospital-wide computer access
privileges, Institute/Center designation, branch/lab, type of medical
staff membership, privilege delineation, professional degree(s)
including school of attendance and graduation dates, foreign medical
examinations, specialty board certifications, licensing information
(including state of licensure and license number), record of
disciplinary actions, documentation of training, and admitting
privileges.
Authority for maintenance of the system:
The authority for collecting the requested information is
contained in section 301 (42 U.S.C. 241) of the Public Health Service
Act, as amended, outlining the authority of the Secretary to, within
the Public Health Service (PHS), promote the coordination of various
research and associated activities, including for purposes of study,
admitting and treating individuals at PHS facilities. Section 402(b)
of the Public Health Service Act (42 U.S.C. 282(b)), as amended,
outlining the authority of the Director of the National Institutes of
Health (NIH) with respect to the admission and treatment of
individuals at NIH facilities for purposes of study.
Purpose(s):
These records are used to: (1) Maintain information used in the
credentialing and privileging of active medical staff members at the
Warren G. Magnuson Clinical Center; (2) document patient care
privileges for active members of the medical staff; (3) provide
information about active and non-active members of the medical staff
to authorized individuals; and (4) report to the National
Practitioner Data Bank as required by the provisions of Title IV of
Pub. L. 99-660, as amended.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation, and
HHS determines that the use of such records by the Department of
Justice, court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State, or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
4. NIH may disclose records to Department contractors and
subcontractors for the purpose of collecting, compiling, aggregating,
analyzing, or refining records in the system. Contractors maintain,
and are also required to ensure that subcontractors maintain, Privacy
Act safeguards with respect to such records.
5. NIH may disclose information to representatives of the Joint
Commission on Accreditation of Healthcare Organizations for the
purpose of conducting quality assurance reviews and inspections of
the Warren G. Magnuson Clinical Center credentialing policies and
procedures.
6. NIH may disclose information from this system of records to
State medical boards for purposes of professional quality assurance
activities.
7. NIH may disclose information from this system of records to
health care facilities for the purpose of verifying that an
individual to whom they intend to grant medical staff or patient care
privileges has or previously held such privileges at the Warren G.
Magnuson Clinical Center.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper forms in file folders and on computer
disks.
Retrievability:
Records are retrieved by name, date of birth, type of medical
staff membership, Institute/Center and licensing status.
Safeguards:
1. Authorized Users: Data on the computer network system is
accessed by a password known only to authorized users who are NIH
employees and contractor staff responsible for implementing the
medical staff credentials data system. Access to information is thus
limited to those with a need to know.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use. During regular business hours rooms are unlocked but
entry is controlled by on-site personnel.
3. Procedural and Technical Safeguards: Access to files is
strictly controlled by the system manager. Names and other
identifying particulars are deleted when data from original records
are encoded for analysis. Data stored in computers is accessed
through a network system by use of a password known only to
authorized users. All authorized users of personal information in
connection with the performance of their jobs (see Authorized Users,
above) protect information from public view and from unauthorized
personnel entering an unsupervised office.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1'' ``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 2300-293-4, ``Medical
Staffs' Credential Files,'' which allows inactive records to be
transferred to the Federal Records Center at five year intervals and
to be destroyed after thirty years. Refer to the NIH Manual Chapter
for specific disposition instructions.
System manager(s) and address:
Director, Medical Record Department, National Institutes of
Health, 10 Center Drive, MSC 1192, Bethesda, MD 20892-1192.
Notification procedure:
To determine if a record exists, write to the system manager at
the above address. The requester must provide tangible proof of
identity (e.g., driver's license). If no identification papers are
available, the requester must verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Record access procedure:
Write to the system manager specified above to attain access to
records and provide the same information as that required under the
Notification Procedure. Requesters should also reasonably specify the
record contents being requested. Individuals may also request an
accounting of disclosure of their records, if any.
Contesting record procedure:
Contact the system manager specified above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and your reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely or irrelevant. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
Record source categories:
Subject individual.
Systems exempted from certain provisions of the act:
None.
09-25-0200
System name:
Clinical, Epidemiologic, and Biometric Studies of the National
Institutes of Health (NIH), HHS/NIH/OD.
Security classification:
None.
System location:
Records are located at NIH and Contractor research facilities
which collect or provide research data for this system. Contractors
may include, but are not limited to: Research centers, clinics,
hospitals, universities, medical schools, research institutions/
foundations, national associations, commercial organizations,
collaborating State and Federal Government agencies, and coordinating
centers. A current list of sites, including the address of any
Federal Records Center where records from this system may be stored,
is available by writing to the appropriate Coordinator listed under
Notification Procedure.
Categories of individuals covered by the system:
Adults and/or children who are the subjects of clinical,
epidemiologic, and biometric research studies of the NIH. Individuals
with disease. Individuals who are representative of the general
population or of special groups including, but not limited to: Normal
controls, normal volunteers, family members and relatives; providers
of services (e.g., health care and social work); health care
professionals and educators, and demographic sub-groups as
applicable, such as age, sex, ethnicity, race, occupation, geographic
location; and groups exposed to real and/or hypothesized risks (e.g.,
exposure to biohazardous microbial agents).
Categories of records in the system:
The system contains data about individuals as relevant to a
particular research study. Examples include, but are not limited to:
Name, study identification number, address, relevant telephone
numbers, social security number (voluntary), driver's license number,
date of birth, weight, height, sex, race; medical, psychological and
dental information, laboratory and diagnostic testing results;
registries; social, economic and demographic data; health services
utilization; insurance and hospital cost data, employers, conditions
of the work environment, exposure to hazardous substances/compounds;
information pertaining to stored biologic specimens (including blood,
urine, tissue and genetic materials), characteristics and activities
of health care providers and educators and trainers (including
curricula vitae); and associated correspondence.
Authority for maintenance of the system:
``Research and Investigation,'' ``Appointment and Authority of
the Directors of the National Research Institutes,'' ``National
Cancer Institute,'' ``National Eye Institute,'' ``National Heart,
Lung and Blood Institute,'' ``National Institute on Aging,''
``National Institute on Alcohol Abuse and Alcoholism,'' ``National
Institute on Allergy and Infectious Diseases,'' ``National Institute
of Arthritis and Musculoskeletal and Skin Diseases,'' ``National
Institute of Child Health and Human Development,'' ``National
Institute on Deafness and Other Communication Disorders,'' ``National
Institute of Dental and Craniofacial Research,'' ``National Institute
of Diabetes, and Digestive and Kidney Diseases,'' ``National
Institute of Drug Abuse,'' ``National Institute of Environmental
Health Sciences,'' ``National Institute of Mental Health,''
``National Institute of Neurological Disorders and Stroke,'' and the
``National Human Genome Research Institute'' of the Public Health
Service Act. (42 U.S.C. 241, 242, 248, 281, 282, 284, 285a, 285b,
285c, 285d, 285e, 285f, 285g, 285h, 285i, 285j, 285l, 285m, 285n,
285o, 285p, 285q, 287, 287b, 287c, 289a, 289c, and 44 U.S.C. 3101.)
Purpose(s):
To document, track, monitor and evaluate NIH clinical,
epidemiologic, and biometric research activities.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; e.g., disclosure of alcohol or drug
abuse patient records will be made only in accordance with the
restrictions of confidentiality statutes and regulations 42 U.S.C.
241, 42 U.S.C. 290dd-2, 42 CFR part 2, and where applicable, no
disclosures will be made inconsistent with an authorization of
confidentiality under 42 U.S.C. 241 and 42 CFR part 2a; (B) has
determined that the research purpose (1) cannot be reasonably
accomplished unless the record is provided in individually
identifiable form, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring; (C)
has required the recipient to (1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, (2) remove or destroy
the information that identifies the individual at the earliest time
at which removal or destruction can be accomplished consistent with
the purpose of the research project, unless the recipient has
presented adequate justification of a research or health nature for
retaining such information, and (3) make no further use or disclosure
of the record except (a) in emergency circumstances affecting the
health or safety of any individual, (b) for use in another research
project, under these same conditions, and with written authorization
of the Department, (c) for disclosure to a properly identified person
for the purpose of an audit related to the research project, if
information that would enable research subjects to be identified is
removed or destroyed at the earliest opportunity consistent with the
purpose of the audit, or (d) when required by law; and (D) has
secured a written statement attesting to the recipient's
understanding of, and willingness to abide by, these provisions.
2. Disclosure may be made to a Member of Congress or to a
Congressional staff member in response to an inquiry of the
Congressional office made at the written request of the constituent
about whom the record is maintained.
3. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice
when: (a) The agency or any component thereof; or (b) any employee of
the agency in his or her official capacity where the Department of
Justice has agreed to represent the employee; or (c) the United
States Government, is a party to litigation or has an interest in
such litigation, and by careful review, the agency determines that
the records are both relevant and necessary to the litigation and the
use of such records by the Department of Justice is, therefore,
deemed by the agency to be for a purpose that is compatible with the
purpose for which the agency collected the records.
4. Disclosure may be made to agency contractors, grantees,
experts, consultants, collaborating researchers, or volunteers who
have been engaged by the agency to assist in the performance of a
service related to this system of records and who need to have access
to the records in order to perform the activity. Recipients shall be
required to comply with the requirements of the Privacy Act of 1974,
as amended, pursuant to 5 U.S.C. 552a(m).
5. Information from this system may be disclosed to Federal
agencies, State agencies (including the Motor Vehicle Administration
and State vital statistics offices, private agencies, and other third
parties (such as current or prior employers, acquaintances,
relatives), when necessary to obtain information on morbidity and
mortality experiences, and to locate individuals for follow-up
studies. Social security numbers, date of birth and other identifiers
may be disclosed: (1) To the National Center for Health Statistics to
ascertain vital status through the National Death Index; (2) to the
Health Care Financing Agency to ascertain morbidities; and (3) to the
Social Security Administration to ascertain disabilities and/or
location of participants. Social security numbers may also be given
to other Federal agencies, and State and local agencies when
necessary to locating individuals for participation in follow-up
studies.
6. Medical information may be disclosed in identifiable form to
tumor registries for maintenance of health statistics, e.g., for use
in epidemiologic studies.
7. (a). PHS may inform the sexual and/or needle-sharing
partner(s) of a subject individual who is infected with the human
immunodeficiency virus (HIV) of their exposure to HIV, under the
following circumstances: (1) The information has been obtained in the
course of clinical activities at PHS facilities carried out by PHS
personnel or contractors; (2) The PHS employee or contractor has made
reasonable efforts to counsel and encourage the subject individual to
provide the information to the individual's sexual or needle-sharing
partner(s); (3) The PHS employee or contractor determines that the
subject individual is unlikely to provide the information to the
sexual or needle-sharing partner(s) or that the provision of such
information cannot reasonably be verified; and (4) The notification
of the partner(s) is made, whenever possible, by the subject
individual's physician or by a professional counselor and shall
follow standard counseling practices.
(b.) PHS may disclose information to State or local public health
departments, to assist in the notification of the subject
individual's sexual and/or needle-sharing partner(s), or in the
verification that the subject individual has notified such sexual or
needle-sharing partner(s).
8. Certain diseases and conditions, including infectious
diseases, may be reported to appropriate representatives of State or
Federal Government as required by State or Federal law.
9. Disclosure may be made to authorized organizations which
provide health services to subject individuals or provide third-party
reimbursement or fiscal intermediary functions, for the purpose of
planning for or providing such services, billing or collecting third-
party reimbursements.
10. The Secretary may disclose information to organizations
deemed qualified to carry out quality assessment, medical audits or
utilization reviews.
11. Disclosure may be made for the purpose of reporting child,
elder, or spousal abuse or neglect or any other type of abuse or
neglect as required by State or Federal law.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored on index cards, file folders, computer
tapes and disks (including optical disks), photography media,
microfiche, microfilm, and audio and video tapes. For certain
studies, factual data with study code numbers are stored on computer
tape or disk, while the key to personal identifiers is stored
separately, without factual data, in paper/computer files.
Retrievability:
During data collection stages and follow-up, retrieval is by
personal identifier (e.g., name, social security number, medical
record or study identification number, etc.). During the data
analysis stage, data are normally retrieved by the variables of
interest (e.g., diagnosis, age, occupation).
Safeguards:
1. Authorized Users: Access to identifiers and to link files is
strictly limited to the authorized personnel whose duties require
such access. Procedures for determining authorized access to
identified data are established as appropriate for each location.
Personnel, including contractor personnel, who may be so authorized
include those directly involved in data collection and in the design
of research studies, e.g., interviewers and interviewer supervisors;
project managers; and statisticians involved in designing sampling
plans. Other one-time and special access by other employees is
granted on a need-to-know basis as specifically authorized by the
system manager. Researchers authorized to conduct research on
biologic specimens will typically access the system through the use
of encrypted identifiers sufficient to link individuals with records
in such a manner that does not compromise confidentiality of the
individual.
2. Physical Safeguards: Records are either stored in locked rooms
during off-duty hours, locked file cabinets, and/or secured computer
facilities. For certain studies, personal identifiers and link files
are separated and stored in locked files. Computer data access is
limited through the use of key words known only to authorized
personnel.
3. Procedural Safeguards: Collection and maintenance of data is
consistent with legislation and regulations in the protection of
human subjects, informed consent, confidentiality, and
confidentiality specific to drug and alcohol abuse patients where
these apply. When anonymous data is provided to research scientists
for analysis, study numbers which can be matched to personal
identifiers will be eliminated, scrambled, or replaced by the agency
or contractor with random numbers which cannot be matched.
Contractors who maintain records in this system are instructed to
make no further disclosure of the records. Privacy Act requirements
are specifically included in contracts for survey and research
activities related to this system. The OHS project directors,
contract officers, and project officers oversee compliance with these
requirements. Personnel having access are trained in Privacy Act
requirements. Depending upon the sensitivity of the information in
the record, additional safeguard measures may be employed.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook.
Retention and disposal:
Records are retained and disposed of under the authority of the
NIH Records Control Schedule contained in NIH Manual Chapter 1743,
Appendix 1--``Keeping and Destroying Records'' (HHS Records
Management Manual, Appendix B-361), item 3000-G-3, which allows
records to be kept as long as they are useful in scientific research.
Collaborative Perinatal Project records are retained in accordance
with item 3000-G-4, which does not allow records to be destroyed.
Refer to the NIH Manual Chapter for specific conditions on disposal
or retention instructions.
System manager(s) and address:
See Appendix I for a listing of current system managers. This
system is for use by all NIH Institutes and Centers. The following
system notices have been subsumed under this umbrella system notice.
09-25-0001, Clinical Research: Patient Records, HHS/
NIH/NHLBI.
09-25-0010, Research Resources: Registry of Individuals
Potentially Exposed to Microbial Agents, HHS/NIH/NCI.
09-25-0015, Clinical Research: Collaborative Clinical
Epilepsy Research, HHS/NIH/NINDS.
09-25-0016, Clinical Research: Collaborative Perinatal
Project, HHS/NIH/NINDS.
09-25-0026, Clinical Research: Nervous System Studies,
HHS/NIH/NINDS.
09-25-0028, Clinical Research: Patient Medical
Histories, HHS/NIH/NINDS and HHS/NIH/NIDCD.
09-25-0031, Clinical Research: Serological and Virus
Data in Studies Related to the Central Nervous System,
HHS/NIH/NINDS.
09-25-0037, Clinical Research: The Baltimore
Longitudinal Study of Aging, HHS/NIH/NIA.
09-25-0038, Clinical Research: Patient Data, HHS/NIH/
NIDDK.
09-25-0039, Clinical Research: Diabetes Mellitus
Research Study of Southwestern American Indians, HHS/
NIH/NIDDK.
09-25-0040, Clinical Research: Southwestern American
Indian Patient Data, HHS/NIH/NIDDK.
09-25-0042, Clinical Research: National Institute of
Dental and Craniofacial Research Patient Records, HHS/
NIH/NIDCR.
09-25-0044, Clinical Research: Sensory Testing Research
Program, HHS/NIH/NIDCR.
09-25-0046, Clinical Research: Catalog of Clinical
Specimens from Patients, Volunteers and Laboratory
Personnel, HHS/NIH/NIAID.
09-25-0053, Clinical Research: Vision Studies, HHS/NIH/
NEI.
09-25-0057, Clinical Research: Burkitt's Lymphoma
Registry, HHS/NIH/NCI.
09-25-0060, Clinical Research: Division of Clinical
Sciences Clinical Investigations, HHS/NIH/NCI.
09-25-0067, Clinical Research: National Cancer
Incidence Surveys, HHS/NIH/NCI.
09-25-0069, NIH Clinical Center Admissions of the
National Cancer Institute, HHS/NIH/NCI.
09-25-0074, Clinical Research: Division of Cancer
Biology and Diagnosis Patient Trials, HHS/NIH/NCI.
09-25-0077, Biological Carcinogenesis Branch Human
Specimen Program, HHS/NIH/NCI.
09-25-0126, Clinical Research: National Heart, Lung,
and Blood Institute Epidemiological and Biometric
Studies, HHS/NIH/NHLBI.
09-25-0128, Clinical Research: Neural Prosthesis and
Biomedical Engineering Studies, HHS/NIH/NINDS.
09-25-0129, Clinical Research: Clinical Research
Studies Dealing with Hearing, Speech, Language and
Chemosensory Disorders, HHS/NIH/NIDCD.
09-25-0130, Clinical Research: Epidemiologic Studies in
the Division of Cancer Epidemiology and Genetics, HHS/
NIH/NCI.
09-25-0134, Clinical Research: Epidemiology Studies,
National Institute of Environmental Health Sciences,
HHS/NIH/NIEHS.
09-25-0142, Clinical Research: Records of Subjects in
Intramural Research, Epidemiology, Demography and
Biometry Studies on Aging, HHS/NIH/NIA.
09-25-0143, Biomedical Research: Records of Subjects in
Clinical, Epidemiologic and Biometric Studies of the
National Institute of Allergy and Infectious Diseases,
HHS/NIH/NIAID.
09-25-0145, Clinical Trials and Epidemiological Studies
Dealing with Visual Disease and Disorders in the
National Eye Institute, HHS/NIH/NEI.
09-25-0148, Contracted and Contract-Related Research:
Records of Subjects in Clinical, Epidemiological and
Biomedical Studies of the National Institute of
Neurological Disorders and Stroke and the National
Institute on Deafness and Other Communication
Disorders, HHS/NIH/NINDS and HHS/NIH/NIDCD.
09-25-0152, Biomedical Research: Records of Subjects in
National Institute of Dental and Craniofacial Research
Contracted Epidemiological and Biometric Studies, HHS/
NIH/NIDCR.
09-25-0153, Biomedical Research: Records of Subjects in
Biomedical and Behavioral Studies of Child Health and
Human Development, HHS/NIH/NICHD.
09-25-0154, Biomedical Research: Records of Subjects:
(1) Cancer Studies of the Division of Cancer Prevention
and Control, HHS/NIH/NCI; and (2) Women's Health
Initiative (WHI) Studies, HHS/NIH/OD.
09-25-0170, Diabetes Control and Complications Trial
(DCCT) Data System, HHS/NIH/NIDDK.
09-25-0172, Clinical Research: National Human Genome
Research Institute, HHS/NIH/NHGRI.
09-25-0201, Clinical Research: National Institute of
Mental Health Patient Records, HHS/NIH/NIMH.
09-25-0205, Alcohol, Drug Abuse, and Mental Health
Epidemiologic and Biometric Research Data, HHS/NIH/
NIAAA, HHS/NIH/NIDA and HHS/NIH/NIMH.
09-25-0212, Clinical Research: Neuroscience Research
Center Patient Medical Records, HHS/NIH/NIMH.
Notification procedure:
To determine if a record exists, write to the appropriate IC
Privacy Act Coordinator listed below. In cases where the requester
knows specifically which system manager to contact, he or she may
contact the system manager directly (see Appendix I). Notification
requests should include: Individual's name; current address; date of
birth; date, place and nature of participation in specific research
study; name of individual or organization administering the research
study (if known); name or description of the research study (if
known); address at the time of participation; and in specific cases,
a notarized statement (some highly sensitive systems require two
witnesses attesting to the individual's identity). A requester must
verify his or her identity by providing either a notarization of the
request or by submitting a written certification that the requester
is who he or she claims to be and understands that the knowing and
willful request for acquisition of a record pertaining to an
individual under false pretenses is a criminal offense under the Act,
subject to a five thousand dollar fine.
Individuals will be granted direct access to their medical
records unless the system manager determines that such access is
likely to have an adverse effect (i.e., could cause harm) on the
individual. In such cases when the system manager has determined that
the nature of the record information requires medical interpretation,
the subject of the record shall be requested to designate, in
writing, a responsible representative who will be willing to review
the record and inform the subject individual of its contents at the
representative's discretion. The representative may be a physician,
other health professional, or other responsible individual. In this
case, the medical/dental record will be sent to the designated
representative. Individuals will be informed in writing if the record
is sent to the representative. This same procedure will apply in
cases where a parent or guardian requests notification of, or access
to, a child's or incompetent person's medical record. The parent or
guardian must also verify (provide adequate documentation) their
relationship to the child or incompetent person as well as his or her
own identity to prove their relationship.
If the requester does not know which Institute or Center Privacy
Act Coordinator to contact for notification purposes, he or she may
contact directly the NIH Privacy Act Officer at the following
address: NIH Privacy Act Officer, Office of Management Assessment,
6011 Executive Blvd., Room 601L, Rockville, MD 20852.
NIH Privacy Act Coordinators
Office of the Director, (OD), NIH, Associate Director
for Disease Prevention, OD, NIH, Building 1, Room 260,
1 Center Drive, Bethesda, MD 20892.
National Cancer Institute (NCI), Privacy Act
Coordinator, NCI, NIH, Building 31, Room 10A34, 31
Center Drive, Bethesda, MD 20892.
National Eye Institute (NEI), Privacy Act Coordinator,
NEI, NIH, Building 31, Room 6A32, 31 Center Drive, MSC
2510, Bethesda, MD 20892-2510.
National Heart, Lung and Blood Institute (NHLBI),
Privacy Act Coordinator, NHLBI, NIH, Building 31, Room
5A08, 31 Center Drive, Bethesda, MD 20892.
National Institute on Aging (NIA), Privacy Act
Coordinator, NIA, NIH, Building 31, Room 2C12, 31
Center Drive, Bethesda, MD 20892.
National Institute on Alcohol Abuse and Alcoholism
(NIAAA), Privacy Act Coordinator, NIAAA, NIH, Willco
Building, Suite, 6000 Executive Blvd., MSC 7003,
Bethesda, MD 20892-7003.
National Institute of Allergy and Infectious Diseases
(NIAID), Privacy Act Coordinator, NIAID, NIH, Solar
Building, Room 3C-23, 6003 Executive Blvd., Bethesda,
MD 20892.
National Institute of Arthritis and Musculoskeletal and
Skin Diseases (NIAMS), Privacy Act Coordinator, NIAMS,
NIH, Natcher Building, Room 5AS49, 45 Center Drive,
Bethesda, MD 20892.
National Institute of Child Health and Human
Development (NICHD), Privacy Act Coordinator, NICHD,
NIH, 6100 Executive Blvd., Room 5D01, Bethesda, MD
20892.
National Institute on Deafness and Other Communication
Disorders (NIDCD), Privacy Act Coordinator, NIDCD, NIH,
Building 31, Room 3C02, 9000 Rockville Pike, Bethesda,
MD 20892.
National Institute of Dental and Craniofacial Research
(NIDCR), Privacy Act Coordinator, NIDCR, NIH, Natcher
Building, Room 4AS-43A, 45 Center Drive, MSC 6401,
Bethesda, MD 20892-6401.
National Institute of Diabetes and Digestive and Kidney
Disease (NIDDK), Privacy Act Coordinator, NIDDK, NIH,
Building 31, Room 9A47, 31 Center Drive, Bethesda, MD
20892.
National Institute on Drug Abuse (NIDA), Privacy Act
Coordinator, NIDA, NIH, Parklawn Building, Room 10A-42,
5600 Fishers Lane, Rockville, MD 20857.
National Institute of Environmental Health Sciences
(NIEHS), Privacy Act Coordinator, NIEHS, NIH, PO Box
12233, Research Triangle Park, NC 27709.
National Institute of Mental Health (NIMH), Privacy Act
Coordinator, NIMH, NIH, Parklawn Building, Room 7C-22,
5600 Fishers Lane, Rockville, MD 20857.
National Institute of Neurological Disorders and Stroke
(NINDS), Privacy Act Coordinator, NINDS, NIH, Federal
Building, Room 816, 7550 Wisconsin Avenue, Bethesda, MD
20892.
National Human Genome Research Institute (NHGRI),
Office of Policy Coordination, Bldg. 31, Room 4B09,
Bethesda, MD 20892.
Record access procedure:
Same as Notification Procedure. Requesters should reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Contesting record procedure:
Contact the appropriate official at the address specified under
Notification Procedure, and reasonably identify the record, specify
the information being contested, and state corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
The system contains information obtained directly from the
subject individual by interview (face-to-face or telephone), written
questionnaire, or by other tests, recording devices or observations,
consistent with legislation and regulation regarding informed consent
and protection of human subjects. Information is also obtained from
other sources, including but not limited to: Referring medical
physicians, mental health/alcohol/drug abuse or other health care
providers; hospitals; organizations providing biological specimens;
relatives; guardians; schools; and clinical medical research records.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Manager(s) and Address(es)
Office of the Director, NIH, Associate Director for
Disease Prevention, OD, NIH, Building 1, Room 260, 1
Center Drive, Bethesda, MD 20892.
National Cancer Institute, Computer Systems Analyst,
DCBD, NCI, NIH, Executive Plaza North, Room 344,
Bethesda, MD 20892.
American Burkitt's Lymphoma Registry, Division of
Cancer Etiology, NCI, NIH, Executive Plaza North, Suite
434, 6130 Executive Blvd., Bethesda, MD 20892.
Chief, Genetic Epidemiology Branch, DCEG, NCI, NIH,
Executive Plaza South, Room 7122, MSC 7236, 6120
Executive Blvd., Bethesda, MD 20892-7236.
Program Director, Research Resources, Biological
Carcinogenesis Branch, DCE, NCI, NIH, Executive Plaza
North, Room 540, 6130 Executive Blvd., Bethesda, MD
20892.
Chief, Environmental Epidemiology Branch, DCE, NCI,
NIH, Executive Plaza North, Room 443, 6130 Executive
Blvd., Bethesda, MD 20892.
Associate Director, Surveillance Program, DCPC, NCI,
NIH, Executive Plaza North, Room 343K, 6130 Executive
Blvd., Bethesda, MD 20892.
Head, Biostatistics and Data Management Section, DCS,
NCI, NIH, 6116 Executive Blvd., Room 702, Bethesda, MD
20892.
Chief, Clinical Research Branch, Biological Response
Modifiers Program, Frederick Cancer Research and
Development Center, DCT, NCI, NIH, 501 W. 7th Street,
Suite #3, Frederick, MD 21701.
Deputy Branch Chief, Navy Hospital, NCI--Naval Medical
Oncology Branch, DCT, NCI, NIH, Building 8, Room 5101,
Bethesda, MD 20814.
Chief, Pharmaceutical Management Branch, Cancer Therapy
Evaluation Program, DCT, NCI, NIH, Executive Plaza
North, Suite 804, Bethesda, MD 20892.
Director, Extramural Clinical Studies, BRB, BRMP, DCT,
NCI, NIH, Frederick Cancer Research and Development
Center, Fort Detrick, Frederick, MD 21701.
National Eye Institute, Clinical Director, NEI, NIH,
Building 10, Room 10N-202, 10 Center Drive, Bethesda,
MD 20892.
Director, Division of Biometry and Epidemiology, NEI,
NIH, Building 31, Room 6A-52, 31 Center Drive,
Bethesda, MD 20892.
National Heart Lung and Blood Institute, Administrative
Officer, Division of Intramural Research, NHLBI, NIH,
Building 10 Room 7N220, 10 Center Drive, MSC 1670,
Bethesda, MD 20892-1670.
Senior Scientific Advisor, OD, Division of Epidemiology
and Clinical Applications, NHLBI, NIH, Federal
Building, 220, 7550 Wisconsin Avenue, Bethesda, MD
20892.
National Institute on Aging, Computer Scientist,
Longitudinal Studies Branch, IRP, NIH, Gerontology
Research Center, GRC, 4940 Eastern Avenue, Baltimore,
MD 21224.
Associate Director, Epidemiology, Demography and
Biometry Program, NIA, NIH, Gateway Building, Suite
3C309, 7201 Wisconsin Avenue, Bethesda, MD 20892.
National Institute on Alcohol Abuse and Alcoholism,
Deputy Director, Division of Biometry and Epidemiology,
NIAAA, NIH, Willco Building, Suite 514, 6000 Executive
Blvd., MSC 7003, Bethesda, MD 20892-7003.
Deputy Director, Div. of Clinical and Prevention Res.,
NIAAA, NIH, Willco Building, Suite 505, 6000 Executive
Blvd., MSC 7003, Bethesda, MD 20892-7003.
National Institute of Allergy and Infectious Diseases,
Chief, Respiratory Viruses Section, LID, NIAID, NIH,
Building 7, Room 106, 9000 Rockville Pike, Bethesda, MD
20892.
Chief, Hepatitis Virus Section, LID, NIAID, NIH,
Building 7, Room 202, 9000 Rockville Pike, Bethesda, MD
20892.
Chief, Epidemiology and Biometry Branch, DMID, NIAID,
NIH, Solar Building, Room 3A24, Bethesda, MD 20892.
Special Assistant, Clinical Research Program, DAIDS,
NIAID, NIH, Solar Building, Room 2C-20, 6003 Executive
Blvd., Bethesda, MD 20892.
National Institute of Arthritis and Musculoskeletal and
Skin Diseases, Clinical Director, NIAMS, NIH, Building
10, Room 9S205, 10 Center Drive, Bethesda, MD 20892.
National Institute of Child Health and Human
Development, Chief, Contracts Management Branch, NICHD,
NIH, Executive Plaza North, Room 7A07, 6100 Executive
Blvd., North Bethesda, MD 20892.
National Institute on Deafness and Other Communication
Disorders, Acting Director of Intramural Research,
NIDCD, NIH, Building 31, Room 3C02, 31 Center Drive,
Bethesda, MD 20892.
Director, Division of Human Communication, NIDCD, NIH,
Executive Plaza South, Room 400C, 6120 Executive
Boulevard, MSC 7180, Bethesda, MD 20892-7180.
National Institute of Dental and Craniofacial Research,
Deputy Clinical Director, NIDCR, NIH, Building 10, Room
1N-113, 10 Center Drive, MSC 1190, Bethesda, MD 20892-
1190.
Research Psychologist, Gene Therapy and Therapeutics
Branch, NIDCR, NIH, Building 10, Room 1N114, 10 Center
Drive, MSC 1190, Bethesda, MD 20892-1190.
National Institute of Diabetes and Digestive and Kidney
Diseases, Chief, Clinical Investigations, NIDDK, NIH,
Building 10, Room 9N222, 10 Center Drive, Bethesda, MD
20892.
Chief, Phoenix Clinical Research Section, NIDDK, NIH,
Phoenix Area Indian Hospital, Room 541, 4212 North 16th
Street, Phoenix, AZ 85016.
Chief, Diabetes Research Section, DPB, DDEMD, NIDDK,
NIH, Natcher Building, Room 5AN-18G, 45 Center Drive,
MSC 6600, Bethesda, MD 20892.
National Institute on Drug Abuse, Privacy Act
Coordinator, NIDA, NIH, Parklawn Building, Room 10A-42,
5600 Fishers Lane, Rockville, MD 20857.
National Institute of Environmental Health Sciences,
Chief, Epidemiology Branch, NIEHS, NIH, PO Box 12233,
Research Triangle Park, NC 27709.
National Institute of Mental Health, Director,
Intramural Research Program, NIMH, NIH, Building 10,
Room 4N-224, 9000 Rockville Pike, Bethesda, MD 20892.
Privacy Act Coordinator, NIMH, NIH, 6001 Executive
Blvd., Room 6112, Bethesda, MD 20982.
National Institute of Neurological Disorders and
Stroke, Privacy Act Coordinator, NINDS, NIH,
Neuroscience Center, 6001 Executive Blvd., Suite 3305,
MSC 9531, Bethesda, MD 20892-9531.
Chief, Epilepsy Branch, NINDS, NIH, Neuroscience
Center, 6001 Executive Blvd., Suite 2110, MSC 9523,
Bethesda, MD 20892-9523.
Assistant Director, CNP, DIR, NINDS, NIH, Building 10,
Room 5N226, 10 Center Drive, Bethesda, MD 20892.
Deputy Chief, Laboratory of Central Nervous Systems
Studies, Intramural Research Program, NINDS, NIH,
Building 36, Room 5B21, 9000 Rockville Pike, Bethesda,
MD 20892.
Director, Division of Fundamental Neuroscience and
Developmental Disorders, NINDS, NIH, Neuroscience
Center, 6001 Executive Blvd., Suite 2136, MSC 9527,
Bethesda, MD 20892-9527.
Director, Division of Convulsive, Infectious and Immune
Disorders, NINDS, NIH, Neuroscience Center, 6001
Executive Blvd., Suite 2110, MSC 9521, Bethesda, MD
20892-9521.
Director, Division of Stroke, Trauma, and
Neurodegenerative Disorders, NINDS, NIH, Neuroscience
Center, 6001 Executive Blvd., Suite 2209, MSC 9525,
Bethesda, MD 20892-9525.
Division of Experimental Therapeutics and Clinical
Trials, NINDS, NIH, Neuroscience Center, 6001 Executive
Blvd., Suite 2213, MSC 9520, Bethesda, MD 20892-9520.
National Human Genome Research Institute (NHGRI),
Clinical Director, NHGRI, Bldg. 10, Room 10C101D, 10
Center Drive, Bethesda, MD 20892.
09-25-0202
System name:
Patient Records on PHS Beneficiaries (1935-1974) and Civilly
Committed Drug Abusers (1967-1976) Treated at the PHS Hospitals in
Fort Worth, Texas, or Lexington, Kentucky, HHS/NIH/NIDA.
Security classification:
None.
System location:
National Institute on Drug Abuse, Intramural Research Program,
Johns Hopkins Bayview Medical Center, P.O. Box 5180, Baltimore, MD
21224.
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
Washington National Records Center, 4205 Suitland Road,
Washington, DC 20409.
Iron Mountain, 8200 Preston Court, Suite One, Jessup, MD 20794.
Categories of individuals covered by the system:
Civilly committed narcotic addicts (1967-1976) and adult PHS
beneficiaries (1935-1974) treated at either the PHS hospital in Fort
Worth, Texas, or Lexington, Kentucky.
Categories of records in the system:
Administrative records, such as treatment admission and release
dates, name and address, and other demographic data; medical records,
such as, but not limited to, medical history information, drug abuse/
use data as well as treatment information, any laboratory tests, etc.
Authority for maintenance of the system:
Narcotic Addict Rehabilitation Act of 1966, and Narcotic Addict
Rehabilitation Amendments of 1971, Titles I and III (42 U.S.C. 3411
et seq. and 28 U.S.C. 2901 et seq.), and Public Health Service Act,
sections 321-326, 341(a) and (c) (42 U.S.C. 248-253, 257(a) and (c)).
Purpose(s):
The records were collected originally to monitor the individual's
progress while being treated at either of two PHS hospitals and to
ensure continuity of that care. These systems are now inactive. The
records are used to respond to requests from subject individuals (or
his/her designated representative) to (1) establish eligibility for
certain Federal benefits for the individual or his/her dependent(s),
and (2) provide information to subsequent health care providers at
the request of the individual regarding medical treatment received to
ensure continuity of care.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records at National Institute on Drug Abuse (NIDA) are on
microfilm and contain only part of the admission and discharge
information. The microfilm is stored in a file cabinet in a locked
room. Records sent to Federal Records Center are stored in GSA-
approved storage containers.
Retrievability:
The administrative records and microfilm are filed by patient
name. The medical records are filed either by patient name or by
patient's hospital number with a cross-reference list at NIDA
matching number to name.
Safeguards:
1. Authorized Users: Only the system manager and designated
staff.
2. Physical Safeguards: The microfilm is in a room which has
limited access, or stored at a security coded warehouse. The room is
located in a building with a 24-hour security patrol/television
surveillance system. Sign in and out procedures are used at all
times. The warehouse has security access; records can only be
retrieved by the system manager or designated staff using a
confidential code number. The warehouse is patrolled on a 24-hour
basis with television surveillance.
3. Procedural Safeguards: Only the system manager and his/her
staff have access to the microfilm information and have been trained
in accordance with the Privacy Act.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook.
Retention and disposal:
All administrative and medical records have been retired to a
Federal Records Center. The records collected under the Narcotic
Addict Rehabilitation Act of 1966 will be destroyed when they are 25
years old, which will be in 2001 because the last patient was
released from treatment in 1976. The PHS beneficiaries' records will
be destroyed at the same time. The records will be shredded in 2003
upon written request from the system manager.
System manager(s) and address:
Medical Records Officer, National Institute on Drug Abuse,
Intramural Research Program, Johns Hopkins Bayview Medical Center,
Box 5180, Baltimore, MD 21224.
Notification procedure:
To determine if a record exists, write to the system manager at
the address above. An individual may learn if a record exists about
himself or herself upon written request with a notarized signature.
The request should include, if known: Patient hospital record number,
full name or any alias used, patient's address during treatment,
birth date, veteran status (if applicable) and approximate dates in
treatment, and social security number.
An individual who requests notification of a medical record
shall, at the time the request is made, designate in writing a
responsible representative who will be willing to review the record
and inform the individual of its content at the representative's
discretion.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above, and reasonably identify the record, specify the
information being contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Patients; patients' drug treatment program counselors; court
records; hospital personnel.
Systems exempted from certain provisions of the act:
None.
09-25-0203
System name:
National Institute on Drug Abuse, Intramural Research Program,
Federal Prisoner and Non-Prisoner Research Files, HHS/NIH/NIDA.
Security classification:
None.
System location:
National Institute on Drug Abuse, Intramural Research Program, PO
Box 5180, Baltimore, MD 21224.
Quest, Pathology Building, 1901 Silver Spring Road, Baltimore, MD
21227.
Federal Records Center, 1557 St. Joseph Avenue, East Point, GA
30344.
Washington National Records Center, 4205 Suitland Road,
Washington, DC 20409.
NOVA, Johns Hopkins Bayview Medical Center, Building C, 4940
Eastern Avenue, Baltimore, MD 21224.
Iron Mountain, 8200 Preston Court, Suite One, Jessup, MD 20794.
Categories of individuals covered by the system:
Volunteers, adult males (from 1968 to present), adult females
(beginning in l985) and adolescents (ages 13-18, beginning in 1983),
and children (neonate to 12 beginning in 1989). Clinical research
projects conducted at the Addiction Research Center (ARC). This
system also includes records on adult Federal prisoners involved in
research projects at ARC when located at Lexington, Kentucky, from
1968-1976, and some records from system 09-30-0020 to be used for
statistical research only.
Categories of records in the system:
The categories of records involved are administrative, medical
and research records.
Authority for maintenance of the system:
Public Health Service Act, Section 301(a) (42 U.S.C. 241(a));
sections 341(a) and 344(d) (42 U.S.C. 257(a) and 260(d)); sections
503 and 515 (42 U.S.C. 290aa-2 and 290cc). These sections authorize
the conduct of research in all areas of drug abuse.
Purpose(s):
1. To collect and maintain a data base for research activities at
NIDA/IRP.
2. To enable Federal drug abuse researchers to evaluate and
monitor the subjects' health during participation in a research
project. The areas of research include, but are not limited to,
biomedical, clinical, behavioral, pharmacological, psychiatric,
psychosocial, epidemiological, etiological, statistical, treatment
and prevention of narcotic addiction and drug abuse.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The National Institute on Drug Abuse (NIDA) uses a contractor
to recruit volunteers and to screen these individuals for their
acceptability to participate in specific research projects, and
limits the contractor's access to the records to these procedures.
NIDA also uses a contractor to perform routine medical laboratory
tests on blood and urine samples. These routine tests verify that the
subject is in good health. Both contractors disclose records from
this system only to NIDA and are required to maintain Privacy Act
safeguards with respect to such records.
2. (a) PHS may inform the sexual and/or needle-sharing partner(s)
of a subject individual who is infected with the human
immunodeficiency virus (HIV) of their exposure to HIV, under the
following circumstances: (1) The information has been obtained in the
course of clinical activities at PHS facilities carried out by PHS
personnel or contractors; (2) The PHS employee or contractor has made
reasonable efforts to counsel and encourage the subject individual to
provide the information to the individual's sexual or needle-sharing
partner(s); (3) The PHS employee or contractor determines that the
subject individual is unlikely to provide the information to the
sexual or needle-sharing partner(s) or that the provision of such
information cannot reasonably be verified; and (4) The notification
of the partner(s) is made, whenever possible, by the subject
individual's physician or by a professional counselor and shall
follow standard counseling practices.
(b) PHS may disclose information to State or local public health
departments, to assist in the notification of the subject
individual's sexual and/or needle-sharing partner(s), or in the
verification that the subject individual has, notified such sexual or
needle-sharing partner(s).
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Data may be stored in file folders or on computer disks, magnetic
tapes, or microfilm.
Retrievability:
Administrative and medical records are indexed and retrieved by
the subject's name and identification code number. Research records
are indexed and retrieved by the subject's name and identification
code number.
Safeguards:
1. Authorized Users: Only authorized ARC staff (Principal
Investigator and his/her research team) are allowed access to these
files. The contractor staff has access to the files during the
recruitment/screening process.
2. Physical Safeguards: Files and file rooms are locked after
business hours. Building has electronic controlled entry at all times
with a 24-hour guard/television surveillance system. The computer
terminals are in a further secured area.
3. Procedural Safeguards: All users of personal information in
connection with the performance of their jobs protect information
from unauthorized personnel. Access codes to the research records are
available only to the Principal Investigator and his/her research
team. Access to the records is strictly limited to those staff
members trained in accordance with the Privacy Act. The contractor
staff members are required to secure the information in accordance
with the Privacy Act. ARC Project Officer and contracting officials
will monitor contractor compliance.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook.
In addition, because much of the data collected in these research
projects are sensitive and confidential, special safeguards have been
established. Certificates of confidentiality have been issued under
Protection of Identity--Research Subjects Regulations (42 CFR part
2a) to those projects initiated since February 1980. This
authorization enables persons engaged in research on mental health,
including research on the use and effect of psychoactive drugs, to
protect the privacy of research subjects by withholding their names
or other identifying characteristics from all persons not connected
with the conduct of the research. Persons so authorized may not be
compelled in any Federal, State, or local civil, criminal,
administrative, legislative, or other proceeding to identify such
individuals. In addition, these records are subject to 42 CFR part 2,
the Confidentiality of Alcohol and Drug Abuse Patient Records
Regulations (42 CFR 2.56), which state: ``Where the content of
patient records has been disclosed pursuant to these regulations for
the purpose of conducting scientific research * * * information
contained therein which would directly or indirectly identify any
patient may not be disclosed by the recipient thereof either
voluntarily or in response to any legal process whether Federal or
State.''
Retention and disposal:
Records will be disposed of in accordance with the NIH Records
Control Schedule, i.e., when the records are ten years old or no
longer required for administrative or research purposes.
System manager(s) and address:
Medical Records Officer, NIDA, Intramural Research Program, Johns
Hopkins Bayview Medical Center--Building C, PO Box 5180, Baltimore,
MD 21224.
Notification procedure:
To determine if a record exists, write to the system manager at
the address above. Provide a notarized signature as proof of
identity. This can be waived if the request is made through official
Federal, State, or local channels. The request should include the
patient's register number and/or the number of years of incarceration
(for prisoner subjects), full name at time of participation in the
research project, date(s) of research participation, and title of
research project or name of drug being studied. An individual who
requests notification of a medical record shall, at the time the
request is made, designate in writing a responsible representative
who will be willing to review the record and inform the subject
individual of its contents at the representative's discretion.
A parent or legal guardian who requests notification of an
adolescent's record shall designate a family physician or other
health professional (other than a family member) of the Addiction
Research Center staff to whom the record, if any, will be sent. The
parent or legal guardian must verify in writing the relationship to
the adolescent as well as his/her own identity.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures that have been made of his/her
records, if any.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above and reasonably identify the record, specify the
information being contested, and state the corrective action sought
and reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
The individual; observations and medical recordings (such as
blood pressure, dosage of compound administered, etc.) made by the
Principal Investigator and his/her research team; system of records
number 09-30-0020; drug treatment programs; Bureau of Prisons; case
workers; psychiatrists; research laboratories; and pharmacies and
hospitals. Many of these records are confidential and privileged
communication is guaranteed under Section 344(d) of the PHS Act.
Systems exempted from certain provisions of the act:
None.
09-25-0207
System name:
Subject-Participants in Pharmacokinetic Studies on Drugs of Abuse
and on Treatment Medications, HHS/NIH/NIDA.
Security classification:
None.
System location:
University of California, San Francisco, Langley Porter
Psychiatric Institute, San Francisco, CA 94143.
Categories of individuals covered by the system:
Normal, healthy adults who voluntarily participate in studies on
the pharmacokinetics and pharmacodynamics of psychoactive drugs at
Langley Porter Psychiatric Institute, during the period September
1987 through June 1997.
Categories of records in the system:
Research records on each subject-participant contain the
following information: Name; clinician's records including medical
history, laboratory test results, physical examinations,
psychological profile, and drug use profile; drug study data
including records of drugs administered, exposures to radioactivity,
and drug reactions; and date of study in which the subject
participated.
Authority for maintenance of the system:
Public Health Service Act, sections 301(a), 503 and 405 (42
U.S.C. 241 and 284).
Purpose(s):
The primary purpose of this system is to support research on the
pharmacokinetics and pharmacodynamics of drugs of abuse as well as
treatment drugs. The term ``pharmacokinetics'' refers to the manner
in which the human body processes a drug. ``Pharmacodynamics'' refers
to the manner in which the drug affects the human body.
The clinical investigator used data of a medical nature that is
contained in the system to make determinations regarding drug dosages
and/or radiochemical exposures appropriate to the individual human
subject-participants, in order to preserve and protect the health of
each. The system also provides baseline data for studying the drug
effects.
The Food and Drug Administration (FDA) also may use the records
in routine inspections FDA conducts in accordance with its
responsibilities to develop standards on the composition, quality,
safety, and efficacy of drugs administered to humans, and to monitor
experimental usage of drugs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. We may disclose to a congressional office the record of an
individual in response to a verified inquiry from the congressional
office made at the written request of the individual.
2. NIH contractors, use the records in this system to accomplish
the research purpose for which the records are collected. The
contractors are required to maintain Privacy Act safeguards with
respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The contractor maintains the records on paper in file folders.
Retrievability:
The contractor indexes and retrieves the records by the subject-
participant's name.
Safeguards:
1. Authorized Users: Only the contract Project Director and his/
her research team and the Federal Project Officer and his/her support
staff have access to these records.
2. Physical Safeguards: The contractor keeps all records in a
locked metal file cabinet in premises with limited accessibility.
Only the clinical investigator (Project Director) has the key to the
locked files.
3. Procedural Safeguards: Only the contract staff have access to
the files. Persons other than subject participants who request
individually identifiable data from a record, must provide written
consent from the subject participant permitting the requested
disclosure. The only exception would be for disclosure to persons or
organizations permitted by the Privacy Act, section 3(B) to obtain
personally identifiable data.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook. In addition, the
contract staff complies with contractor's (University of California,
San Francisco) standard procedures for safeguarding data.
Retention and disposal:
The records will be kept no later than June 2002 (five years
after the anticipated completion of the studies). At that time, the
NIDA project officer will authorize in writing the clinical
investigators to destroy the records by shredding or burning.
System manager(s) and address:
Project Officer, Pharmacokinetic Studies on Drugs of Abuse,
Medications Development Division, National Institute on Drug Abuse,
National Institutes of Health, 6001 Executive Blvd., Room 4123, MSC
9551, Rockville, MD 20892-9551.
Notification procedure:
To determine if a record exists, write to the system manager
listed above.
Provide the following information: Subject-participant's full
name and a letter of request (or permission, if the requester is not
the subject-participant) with notarized signature of the individual
who is the subject of the record, approximate date(s) of
experiment(s) in which the individual participated, and drug name (if
known). In addition, an individual who requests notification of, or
access to, a medical record shall, at the time the request is made,
designate in writing a responsible representative who will be willing
to review the record and inform the subject individual of its content
at the representative's discretion.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Contesting record procedure:
Contact the system manager at the address above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, with supporting information to show how the
record is inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
The subject-participants and the contractor personnel conducting
the research studies.
Systems exempted from certain provisions of the act:
None.
09-25-0208
System name:
Drug Abuse Treatment Outcome Study (DATOS), HHS/NIH/NIDA.
Security classification:
None.
System location:
Research Triangle Institute, Center for Social Research and
Policy Analysis, Research Triangle Park, NC 27709.
Categories of individuals covered by the system:
Voluntary adult clients of Federally-funded treatment programs,
including Treatment Alternative Street Crime (TASC) Programs of the
Department of Justice, who requested to be included in TOPS from 1979
through 1986. New data collected from voluntary adults/adolescent
clients of public and private funded-treatment programs beginning in
1991 and will continue through 1995.
Categories of records in the system:
The categories are: Demographic data, treatment outcome data,
treatment process data, client locator information, and personal
identifiers (name and assigned numerical identifier).
Authority for maintenance of the system:
Public Health Service Act, sections 301 and 405 (42 U.S.C. 241
and 284.
Purpose(s):
The purpose of the system is to compile information on drug
abusers in drug abuse treatment programs in order to derive
information on the treatment environments and abusers' behaviors and
characteristics subsequent to treatment. Researchers and drug abuse
service providers may use the aggregate data to address issues and
generate hypotheses to understand better the interactions among the
client and community.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Within the restrictions set forth in HHS regulations
concerning the confidentiality of drug abuse patient records (42 CFR
2.56), we may disclose a record for a research purpose, when the
Department: (a) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (b) has determined that the
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (c) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
(2) remove or destroy the information that identifies the individual
at the earliest time at which removal or destruction can be
accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except: (A) In
emergency circumstances affecting the health or safety of any
individual, (B) for use in another research project, under these same
conditions, and with written authorization of the Department, (C) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(D) when required by law; (d) has secured a written statement
attesting to the recipient's understanding of, and willingness to,
abide by these provisions.
2. The Research Triangle Institute, an NIH contractor, uses the
records in this system to accomplish the research purpose for which
the records are collected. In the event of follow-up studies or
continuation studies because the contract has been terminated for
convenience by the Government, we may disclose records in this system
to a subsequent NIH contractor. We would require the new contractor
to maintain Privacy Act safeguards with respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Interview forms, magnetic tapes, and disks.
Retrievability:
Records are indexed and retrieved by unique alpha numerical
identifier. In order to relate the data collected to specific
individuals, one must use the link file discussed under Safeguards.
Safeguards:
1. Authorized Users: Contractor personnel, the agency project
officer, and agency employees whose duties require the use of the
information in the system.
2. Physical Safeguards: The data management task leader, the
project leader, or the project director provide technical supervision
of all data collection and processing activities. Individually
identified forms are stored in a secure, vault-like room provided for
this purpose. Authorized personnel have access to the room by one
locked door with controlled entry, i.e., only on the written
authority of the professional staff member in charge. Computerized
records are kept in a vault area with limited accession.
3. Procedural Safeguards: Because some of the data collected in
this study, such as data on drug use, are sensitive and confidential,
special safeguards have been established. A Certificate of
Confidentiality has been issued under 42 CFR part 2a. This
authorization enables persons engaged in research on mental health,
including research on the use and effect of psychoactive drugs, to
protect the privacy of research subjects by withholding the names or
other identifying characteristics from all persons not connected with
the conduct of the research. Persons so authorized may not be
compelled in any Federal, State, or local civil, criminal,
administrative, legislative, or other proceedings to identify such
individuals. In addition, these records are subject to 42 CFR part 2,
the Confidentiality of Alcohol and Drug Abuse Patient Records
Regulations (42 CFR 2.56), which state: ``Where the content of
patient records has been disclosed pursuant to (these regulations)
for the purpose of conducting scientific research . . . information
contained therein which would directly or indirectly identify any
patient may not be disclosed by the recipient thereof either
voluntarily or in response to any legal process whether Federal or
State.''
Another safeguard is that the forms containing subject
identification information for client follow-up and data matching
purposes do not include any reference to the purpose of the study.
Identification and location information is kept separate from any
information that would suggest that the respondent has been in a drug
treatment program.
Information on completed forms is entered immediately on the
computer. Completed forms and computerized data are released only to
authorized persons. Only aggregate data are provided and used in the
preparation of necessary and appropriate reports.
A link file system is used. This system has three components: (1)
Personal information, (2) data base information, and (3) the link
file, which contains identifying number pairs which can be used to
match data with individuals. The advantage of this system is that the
data base can be used directly for report generation, etc., without
the use of decrypting subroutines or access to the personal
information or matching link files.
In addition, the computer center being utilized has developed an
extensive security system to protect computer account codes and data.
This system is described in a publication that is available from the
system manager upon request.
We do not anticipate any disclosure of individually identifiable
information to other persons or organizations within the Department
of Health and Human Services. Nor does the contractor provide
individually identification information to the Department of Justice,
with which NIDA has a cooperative agreement for this study.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook. In addition, project
staff complies with the contractor's (Research Triangle Institute)
standard procedures for safeguarding data.
The contractor provides only aggregate information to NIDA.
Retention and disposal:
The contractor destroys interview forms by shredding or burning
immediately after contractor staff have completed and verified direct
entry on magnetic tape or disk storage. The contractor will destroy
individual identification and location data by shredding or burning,
under the explicit written authorization of the system manager, which
is anticipated to be no longer than five years after the termination
of the study unless the information is needed for research purposes.
We will retain aggregate data tapes for research purposes. These
tapes will not have any individually identifiable information. In
accordance with the NIH Records Control Schedule, these tapes will be
retained for five years after completion of the project
(approximately 2000). At that time, the tapes will be retired to the
Federal Records Center and destroyed when they are ten years old or
when they are no longer needed for research purposes.
System manager(s) and address:
Drug Abuse Treatment Outcome Study (DATOS), Project Officer,
Services Research Branch, Division of Clinical and Services Research,
National Institute on Drug Abuse, National Institutes of Health, 6001
Executive Blvd., Room 4222, Bethesda, MD 20892.
Notification procedure:
To determine if a record exists, write to the system manager at
the address above. An individual may learn if a record exists about
himself/herself upon written request, with notarized signature. The
request should include, if known, name of the researcher, location of
the research site, approximate date of data collection, any alias
used, and subject identification number.
An individual who requests notification of a medical record
shall, at the time the request in made, designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of its contents at the
representative's discretion.
A parent or legal guardian who requests notification of an
adolescent's record shall designate a family physician or other
health professional (other than a family member) of the Division of
Clinical Research staff to whom the record, if any, will be sent. The
parent or legal guardian must verify in writing the relationship to
the adolescent as well as his/her own identity.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Persons other than subject individuals, who request individually
identifiable data from a record must provide written consent from the
subject individual permitting the requested disclosure. The only
exception (if not in conflict with confidentiality regulations) would
be for disclosure to persons or organizations permitted by the
Privacy Act, section 3(b), to obtain personally identifiable data.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, with
supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Research subjects, and staff in participating drug abuse
treatment programs, written clinical evaluations, counselors,
psychiatrists, psychotherapists, family members, research assistants,
hospitals.
Systems exempted from certain provisions of the act:
None.
09-25-0209
System name:
Subject-Participants in Drug Abuse Research Studies on Drug
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA.
Security classification:
None.
System location:
Veterans Administration Hospital, Cooperative Studies Program,
Department of Veterans Medical Center, Perry Point, MD 21902.
Dixon and Williams Pharmaceutical, 5775 Hyde Park Circle,
Jacksonville, FL 32210.
Medications Development Division and Division of Clinical
Research, National Institute on Drug Abuse, 6001 Executive Blvd.,
Room 4123, Bethesda, MD 20892.
Veterans Affairs Medical Center, 50 Irving Street, NW,
Washington, DC 20422.
Veterans Affairs Medical Center, University and Woodland Avenues,
Philadelphia, PA 19104.
Veterans Affairs Medical Center, Brentwood Division, Wilshire and
Sawtell Boulevards, Los Angeles, CA 90073.
National Institute on Drug Abuse, Division of Intramural Research
Programs, 4940 Eastern Avenue, Baltimore, MD 21224.
Write to the system manager at the address below for the address
of any new locations where records from this system may be stored.
Categories of individuals covered by the system:
Voluntary adult clients of Federally-funded and other drug abuse
treatment programs who have requested to receive investigational new
or marketed drugs, such as but not limited to, naltrexone, levo-alpha
acetylmethadol (LAAM), or buprenorphine as part of their treatment.
Data collection for the earlier LAAM studies began in 1975 and
continued through September 1979; additional LAAM studies began in
1992 and continued through September 1997, naltrexone studies began
in 1977 and continued through June 1984; and studies for other
investigational new compounds (buprenorphine, gepirone, etc,) began
in 1992 and may continue through calendar year 2005.
Categories of records in the system:
Demographic data, treatment outcome data, treatment process data,
client locator information, and personal identifiers (name and
assigned numerical identifier).
Authority for maintenance of the system:
Public Health Service Act, Sections 301, 464p, and 405 (42 U.S.C.
241, and 284).
Purpose(s):
1. To maintain information on the safety and effectiveness of
drugs for treatment of drug dependence with or without abuse
potential in various treatment environments and modalities and
changes in the behavior and characteristics of drug abusers who
received these substances as part of their treatment regimen.
2. To provide data required by the Food and Drug Administration
(FDA) to support research on drug dependence and potential new drug
applications for various drugs, and to treat drug dependence with or
without abuse potential. A new drug application is a notice to FDA
that a pharmaceutical company believes they have enough data to
demonstrate the safety and efficacy of a substance to satisfy FDA for
marketing the substance. FDA may also use the records in routine
inspections that FDA conducts in accordance with its responsibilities
to develop standards on the composition, quality, safety and efficacy
of drugs administered to humans, and to monitor experimental usage of
drugs.
3. To conduct research on the pharmacology, toxicology, and
behavioral characteristics of drugs of abuse alone or in combination
with proposed treatment drugs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
NIH contractor(s) use the records in the system in order to
accomplish the research and development purposes for which the
records were collected. In the event of a follow-up study or
continuation study, the responsible project officer may disclose
records in this system to a subsequent NIH contractor(s). Any new
contractor(s) is and would be required to maintain Privacy Act
safeguards with respect to such records and to comply with the
confidentiality restrictions of 42 CFR part 2.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Interview and assessment forms, video tapes, magnetic tapes,
disks, and microfiche in boxes in closed cabinets in a locked room
with limited accessibility.
Retrievability:
The records are indexed and retrieved by subject-participant's
name code (i,e., initials--not name) and unique numerical identifier.
In order to relate the data collected to specific individuals,
however, one must use the link file discussed under safeguards.
Safeguards:
1. Authorized Users: For the naltrexone study, the system manager
or Federal Project Officer and only authorized contract staff have
access to the records (computerized and hard copy files) in the
system. The contractor provides only aggregate data in reports to
NIDA, FDA, or the public. Only the NIDA personnel mentioned
previously and selected authorized contract staff have access to the
stored LAAM records.
A certificate of confidentiality has been issued to researchers
conducting the naltrexone study under 42 CFR, part 2, Protection of
Identity--Research Subjects. This authorization enables persons
engaged in research on mental health, including research on the use
and effect of psychoactive drugs, to protect the privacy of research
subjects by withholding the names or other identifying
characteristics from all persons not connected with the conduct of
the research. Persons so authorized may not be compelled in any
Federal, State or local civil, criminal, administrative, legislative,
or other proceedings to identify such individuals. The earlier LAAM
study (from 1975 through 1979) was not conducted under a certificate
of confidentiality. The 1992 LAAM studies were conducted under the
protection afforded by a confidentiality certificate. These
regulations do not prohibit voluntary disclosure by the researcher.
However, the records of these studies also are subject to 42 CFR part
2, the Confidentiality of Alcohol and Drug Abuse Patient Records
Regulations (42 CFR 2.56), which state: ``Where the content of
patient records has been disclosed. Pursuant to (these regulations)
for the purpose of conducting scientific research * * * information
contained therein which would directly or indirectly identify any
patient may not be disclosed by the recipient thereof either
voluntarily of in response to any legal process whether Federal or
State.''
The contractor's institutional review board reviewed and approved
the safeguards described above in accordance with 45 CFR part 46 on
the Protection of Human Subjects.
2. Physical Safeguards: For the naltrexone records, the
contractor(s) stored individually identified forms in a locked room
with controlled entry, i.e., only on written authority of the
professional staff member in charge of data handling and processing).
The contractor staff entered the collected information onto computer
tape or disks as soon after contact with the subject-participant as
possible, and stores the computerized records in a secured area with
access limited as above.
For the LAAM, buprenorphine and other compound records, NIDA
stores the individually identified forms in a lockable cabinet in a
secure room. Only authorized NIDA personnel, i.e., Division of
Clinical Research and Medications Development professional staff and
their support staff (program assistant, clerk-typist, or secretary),
have access to the room with controlled entry. The room is in a
building which has a 24-hour guard/television surveillance system and
has controlled entry (picture identification sign in and out
procedures) before and after normal working hours.
Another safeguard for these studies is that the forms containing
subject identification information do not include any reference to
the purpose of the study. The identification information is separate
from any information that would suggest that the respondent is or has
been in a drug abuse treatment program. In addition, the computer
center being utilized for naltrexone has developed an extensive
security system to protect computer account codes and data.
3. Procedural Safeguards: Access to the computerized records of
the studies (naltrexone and other research) is protected by a
computerized password routine which is changed periodically. In
addition, the project staff complies with the contractor's standard
procedures for safeguarding data. The link file system that
identifies individuals with personal data has three components: (1)
Identification information, (2) data base information, and (3) the
link file, which contains identifying number pairs which match data
with individuals. The advantage of this system is that one may use
the baseline data directly for report generation, etc., without using
the subroutines or accessing the personal information or link files.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook.
Retention and disposal:
The naltrexone staff will destroy identifiable information by
shredding or burning when it is no longer needed for analysis or
research purposes; then the tapes will be erased. NIDA will destroy
individual identification and match-up information from other studies
by shredding or burning five years after FDA completes the review and
approves the new drug applications or when they are no longer needed
for research purposes.
NIDA will retain the aggregate data tapes and/or paper records
from studies for research purposes. These tapes will not have any
individually identifiable information. In accordance with the FDA
regulations governing new drug applications, the aggregate tapes will
be retained for at least two years after FDA approves the new drug
applications. At that time, the tapes will be retired to the Federal
Records Center and destroyed when they are five years old or when
they are no longer needed for research purposes.
System manager(s) and address:
Project Officer, Naltrexone Study, Division of Clinical Research,
National Institute on Drug Abuse, 6001 Executive Blvd., Room 4234,
Bethesda, MD 20892.
Project Officer, LAAM and Other Research Records, Medications
Development Division, National Institute on Drug Abuse, 6001
Executive Blvd., Room 4128, Bethesda, MD 20892.
Notification procedure:
An individual may determine if a record exists about himself/
herself upon written request, with notarized signature if request is
made by mail, or with suitable identification if request is made in
person, to the appropriate system manager at the address above. The
following information should be included, if known: Subject-
participant's full name and a letter of request with notarized
signature of the subject-participant of the record, any alias used,
subject-participant's identification number, name of the researcher,
name of clinic or research center, name of substance, and approximate
date of study participation.
An individual who requests notification of a medical record must,
at the time the request is made, designate in writing a responsible
representative who will be willing to review the record and inform
the subject individual of its contents at the representative's
discretion.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, with
supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Research subject-participants, staff in the participating drug
abuse treatment programs, written clinical evaluations, private
physicians, counselors, psychiatrists, psychotherapists, family
members, research assistants, and hospital records.
Systems exempted from certain provisions of the act:
None.
09-25-0210
System name:
Shipment Records of Drugs of Abuse to Authorized Researchers,
HHS/NIH/NIDA.
Security classification:
None.
System location:
Basic Neurobiology and Biological Systems Research Branch
(BNBSRB), Division of Basic Research, National Institute on Drug
Abuse, 6001 Executive Blvd., Room 4282, MSC 9555, Bethesda, MD 20892-
9555.
Research Triangle Institute, Research Triangle Park, NC 27709.
Categories of individuals covered by the system:
Individual researchers and organizations who are registered with
the Drug Enforcement Administration (DEA), Department of Justice
(DOJ), some since 1966, and who have voluntarily submitted
documentation to the National Institute on Drug Abuse (NIDA) in order
to obtain, through the NIDA Drug Supply Program (DSP), drugs of abuse
for use in a research project.
Categories of records in the system:
While the records in this system are research project-related,
they support the eligibility of individual researchers to receive
drugs of abuse. Types of information contained in the records are:
Researcher's name, curricula vitae, research protocol, DEA and (if
applicable) Nuclear Regulatory Commission registration numbers (when
a radiolabeled compound is requested and shipped), business address
(location of research project) and telephone number, summary of
research project(s), requests for substance(s), name and amount of
each compound requested and shipped, dates material is shipped and
received, shipment numbers, and order form numbers.
Authority for maintenance of the system:
Public Health Service Act, sections 301, and 405 (42 U.S.C. 241
and 284); Controlled Substances Act of 1970 (21 U.S.C. 801 et seq.);
Atomic Energy Act of 1954, as amended, section 81 (42 U.S.C 2111);
and Energy Reorganization Act of 1974, section 201 (42 U.S.C. 5841).
Purpose(s):
To facilitate operation of DSP which is a centralized research
support service through which the United States Government supplies
to the national and international scientific community for research
purposes, most Schedule I and many Schedule II-V controlled and non-
controlled substances as specified in the Controlled Substances Act
(CSA) of 1970 (21 U.S.C. 801 et seq.). Controlled substances are
chemicals and other substances, and their immediate precursors, that
the Attorney General has determined to have such potential for abuse
as to warrant regulation under the CSA. Some of these substances are
radiolabeled materials. Radiolabeled materials are substances to
which a small amount of radioactivity is added for use in various
studies, such as drug metabolism and mechanisms of drug actions.
This system of records was established to facilitate DSP by
enabling NIDA:
1. To verify that requests for drugs of abuse, some of which are
radiolabeled, are from authorized individuals/organizations for use
in a research project;
2. To verify that the amounts of the materials requested by
researchers for animal, in vivo, and in vitro research are justified
and available;
3. To supply controlled substances in amounts approved by the
Food and Drug Administration (FDA) to researchers conducting research
with human subjects;
4. To ship these materials securely in accordance with CSA and
the Atomic Energy Act; and
5. To maintain records of these transactions.
FDA also may use the records in routine inspections in accordance
with FDA's responsibilities to develop standards on the composition,
safety, and efficacy of drugs administered to humans, and to monitor
experimental usage of drugs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. We may disclose the record of an individual to a congressional
office in response to a verified inquiry from the congressional
office made at the written request of the individual.
2. We may disclose information to DEA, DOJ, to enable DEA to
carry out its responsibilities as described in the Controlled
Substances Act of 1970.
3. An NIH contractor routinely uses the records in this system to
ship controlled substances to authorized recipients. Such contractor
is required to maintain Privacy Act safeguards with respect to these
records.
4. An NIH contractor may have access to the records in this
system in the performance of its software modification/correction
tasks specified in its contract. Such contractor is required to
maintain Privacy Act safeguards with respect to these records.
5. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
NIDA maintains ``hard copy'' records in file folders and
automated records on computer disk.
Retrievability:
Authorized NIDA and contractor personnel index and retrieve the
computerized records by a researcher code number assigned by a
computer program at the time a new record is established. Authorized
NIDA personnel index and retrieve ``hard copy'' records by
researcher's name. NIDA maintains a computerized, alphabetical cross-
reference list that matches names and numbers.
Safeguards:
1. Authorized Users: The Chief, BNBSR Branch and his or her
support staff, program assistant and clerk-typist, and the contracts'
project directors and their support staffs have access to the
records.
2. Physical Safeguards: The ``hard copy'' records and main
computer are physically located at the Neuroscience Center, Bethesda,
Maryland.
The computerized records are kept in a room with limited
admittance. The room is locked after working hours. The ``hard copy''
records are stored in locked file cabinets in a room with very
limited admittance. This room is also locked after working hours. The
Neuroscience Center has a 24-hour guard patrol service.
3. Procedural Safeguards: The terminals are housed in a secured
work area with limited admittance. Contract personnel use a password
identification system to obtain access; NIDA changes the passwords
periodically.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook.
Retention and disposal:
NIDA maintains an individual's record for five years after the
researcher's last request for, or shipment of, a drug of abuse. We
consider the record inactive after that, and erase it from the
computer disk by a delete routine. The delete routine automatically
deletes the computerized cross-reference as well. We destroy the
``hard copy'' record by shredding. The system is checked once a year
for inactive records.
System manager(s) and address:
Project Director, Drug Supply Program, BNBSR Branch, Division of
Basic Research, Neuroscience Center, 6001 Executive Blvd., Room 4282,
MSC 9555, Bethesda, MD 20892-9555.
Notification procedure:
To determine if a record exists, write to the system manager at
the address above. An individual may learn if a record exists about
himself or herself upon written request. The request should include
the researcher's name and business address at the time of last
shipment. The request must be signed in ink by the individual
researcher. Verifiable proof of identity is required.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above and reasonably identify the record, specify the
information being contested, the corrective action sought, with
supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Initial source is the individual researcher. Some of the DEA
registration information provided by a researcher is verified through
a DEA computer check. FDA provides information concerning type and
amount of controlled substance(s) to be shipped to an individual
researcher for research projects involving human subjects.
Systems exempted from certain provisions of the act:
None.
09-25-0211
System name:
Intramural Research Program Records of In- and Out-Patients with
Various Types of Alcohol Abuse and Dependence, Relatives of Patients
with Alcoholism, and Healthy Volunteers, HHS/NIH/NIAAA.
Security classification:
None.
System location:
National Institutes of Health, 9000 Rockville Pike, Bethesda, MD
20892. A list of specific project sites is available from the system
manager.
Categories of individuals covered by the system:
In-and out-patients with alcohol abuse and dependence, alcohol-
induced organic brain syndromes; their relatives; and healthy
volunteers.
Categories of records in the system:
Research data of wide variety including biochemical measures,
psychophysiological and psychological tests, questionnaires, clinical
and behavioral observations and interviews, physical examinations,
and correspondence.
Authority for maintenance of the system:
Public Health Service Act, as amended, sections 301 (42 U.S.C.
241) and 510 (42 U.S.C. 290bb). These sections authorize the conduct
of general health research and research into alcoholism and alcohol
abuse.
Purpose(s):
These records are used for diagnosis and treatment of patients
with alcohol abuse and dependence and related conditions; behavioral
research relating to the causes, diagnoses, and treatment of
addictions; and basic research on behavioral and biological
processes.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records in this system are covered by section 527 of the Public
Health Service Act (42 U.S.C. 290ee-3) and 42 CFR, Chapter I,
subchapter A, part 2, on confidentiality of alcohol and drug abuse
patient records. In accordance with these regulations, the records
are confidential and may only be disclosed with the written consent
of the patient with specific restrictions, and without the patient's
consent in the following instances: (1) To medical personnel to the
extent necessary to meet a bona fide emergency; (2) to qualified
personnel for the purpose of conducting scientific research; or (3)
if authorized by an appropriate order of a court of competent
jurisdiction granted after application showing good cause therefore,
after certain considerations, and with appropriate safeguards.
Routine uses of information in this system are limited to the
following:
1. A record may be disclosed for a research purpose, when the
Department: (a) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (b) has determined that the
research purpose: (1) Cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2)
warrants the risk to the privacy of the individual that additional
exposure of the record might bring; (c) has required the recipient to
(1) establish reasonable administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record,
and (2) remove or destroy the information that identifies the
individual at the earliest time at which removal or destruction can
be accomplished consistent with the purpose of the research project,
unless the recipient has presented adequate justification of a
research or health nature for retaining such information, and (3)
make no further use or disclosure of the record except (A) in
emergency circumstances affecting the health or safety of any
individual, (B) for use in another research project, under these same
conditions, and with written authorization of the Department, (C) for
disclosure to a properly identified person for the purpose of an
audit related to the research project, if information that would
enable research subjects to be identified is removed or destroyed at
the earliest opportunity consistent with the purpose of the audit, or
(D) when required by law; (d) has secured a written statement
attesting to the recipient's understanding of, and willingness to
abide by these provisions.
2. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office at the written request of that individual, in
accordance with 42 CFR, chapter I, subchapter A, part 2.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored in file folders, on index cards, computer
tapes and disks, microfiche, microfilm and audio and video tapes.
Normally the factual data, with study code numbers, are stored on
computer tape or disk, while the key to personal identifiers is
stored separately, without factual data, in paper files.
Retrievability:
During data collection stages and follow-up, retrieval by
personal identifier (e.g., name or medical record number) is
necessary. During the data analysis stage, data are normally
retrieved by variables of interest, e.g., age, diagnosis, etc.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for the particular records maintained in each project.
Depending on the sensitivity of the project, additional safeguards
may be added.
1. Authorized Users: Only NIAAA medical and research staff have
access to these records, as authorized by the system manager.
2. Physical Safeguards: Records are stored in locked rooms,
locked file cabinets, and/or secured computer facilities. Personal
identifiers and link codes are separated as much as possible and
stored in locked files.
3. Procedural Safeguards: Collection and maintenance of data are
consistent with legislation and regulations for protection of human
subjects, informed consent, confidentiality, and confidentiality
specific to drug and alcohol abuse patients. Computer data access is
limited through the use of key words, a series of account numbers,
and passwords which are changed frequently and known only to
authorized personnel.
4. Implementation Guidelines: These practices are in compliance
with the standards of Chapter 45-13 of the HHS General Administration
Manual, ``Safeguarding Records Contained in Systems of Records,''
supplementary Chapter PHS hf: 45-13, and the HHS Automated
Information Systems Security Program Handbook.
Retention and disposal:
Records are held for five years after completion of the project,
retired to a Federal Records Center, and subsequently disposed of
after ten years.
System manager(s) and address:
Clinical Director, Laboratory of Clinical Studies, Division of
Intramural Clinical and Biological Research, National Institutes of
Health, Building 10, Room 3B-19, 9000 Rockville Pike, Bethesda, MD
20892.
Notification procedure:
To determine if a record exists, write to the system manager at
the address above. Provide notarized signature as proof of identity.
The request should include as much of the following information as
possible: (a) Full name; (b) nature of illness (if any); (c) title of
study; (d) name of researcher conducting study. An individual who
requests notification of or access to a medical/dental record shall,
at the time the request is made, designate in writing a responsible
representative who will be willing to review the record and inform
the subject individual of its contents at the representative's
discretion.
A parent or guardian who requests notification of child's/
incompetent person's record shall at the time the request is made
designate a family physician or other health professional (other than
a family member) to whom the record, if any, will be sent. The
designee will receive the record in all cases and upon review will
determine whether the record should be made available to the parent
or guardian.
Record access procedure:
Same as Notification Procedure. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request an accounting of disclosures of their records, if any.
Contesting record procedure:
Contact the official at the address specified under Notification
Procedure above and reasonably identify the record, specify the
information being contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information gathered from individuals under study, either patient
or normal subject, contract surveys, hospital records, medical and
nursing staff notes, and from Privacy Act system of records 90-25-
0099, ``Clinical Research: Patient Medical Records, HHS/NIH/CC.''
Systems exempted from certain provisions of the act:
None.
09-25-0216
System name:
Administration: NIH Electronic Directory, HHS/NIH.
Security classification:
None.
System location:
Records are maintained in databases located within the NIH
computer facilities and the files of NIH functional offices required
to identify individuals in order to manage the federal resources and
authorities assigned to them. A current list of sites, including the
address of any Federal Records Center where records from this system
may be stored, is available by writing the System Manager listed
under Notification Procedures below.
Categories of individuals covered by the system:
Users of NIH resources and services including but not limited to:
current and past NIH employees, contractors, tenants of NIH
facilities, participants in the NIH visiting programs, registered
users of NIH computer facilities, grantees, reviewers, council
members, collaborators, vendors, and parking permit holders. This
system does not cover patients and visitors to the NIH Clinical
Center.
Categories of records in the system:
This system is a source system that provides identification data
to a variety of directory services at NIH that share comparable
information and assign or relate dedicated federal resources to
individuals. This system provides for a central directory that allows
NIH to manage NIH corporate business processes and electronic
commerce. The types of personal information in this directory are
necessary to ensure the accurate identification of individuals doing
business in or with the National Institutes of Health. The types of
personal information included in this directory are: Name, alias
names, date of birth, place of birth, Social Security Number, gender,
home address, home phone number, home FAX number, personal pager
number, personal mobile phone number, personal email address,
emergency contacts, photograph, digitized written signature,
digitized biometrics, and NIH-assigned unique identifier. Public data
refers to non-sensitive information readily available to the general
public (e.g., name, building, room number, and work phone). Non-
public data refers to sensitive/confidential information or data for
which access is limited to appropriate staff with a valid need-to-
know in the performance of their official job duties, or as outlined
in the routine uses for disclosure (e.g., SSN, gender, home address,
date of birth, place of birth).
Authority for maintenance of the system:
5 U.S.C. 301 and 302, 44 U.S.C. 3101 and 3102, Executive Order
9397.
Purpose(s):
The purpose is to establish a consolidated and centrally
coordinated electronic directory to support e-government of
administrative business processes; allow effective controls over the
creation, maintenance and use of records in the conduct of current
business; provide for effective management of costs, operation and
interconnectivity of NIH information systems; provide the required
structure for network security; and provide an accurate source of
directory information at the NIH. Data collected is used to build an
NIH centralized source identification directory and provides for
directory security system authentication and authorization and
supports NIH corporate business processes and electronic commerce.
This system of records enables NIH to reliably identify individuals
and those federal resources assigned to them. A NIH unique identifier
(UID) will be assigned to each individual to permit identification of
a single person with their descriptive information and resources
throughout their career.
This system allows for the creation of accurate records for
individuals in the NIH directory and ensures that duplicate data
files are compared, corrected and combined for accuracy, thus
eliminating redundancy. It is the central point of coordination for
other automated systems that manage or track resources, particularly
information security systems.
INTERNAL USE AND ACCESS TO PERSONAL INFORMATION:
Internal use and access to the personal information in this
system will be limited to those with a valid need-to-know in the
performance of their official duties. Typical internal uses of the
system, including categories of users, uses of the data collected and
the need for such use are as follows:
Trans-NIH Human Resource Personnel, Administrative
Officers, and administrative technicians, will access all public and
non-public records for employees and/or NIH affiliates within their
scope of responsibility to access/track staffing information such as
personal/work contact information, physical location, and/or any
other information to facilitate current NIH administrative business
processes.
Information Resources Management staff and Space and
Facility Management personnel will have access to view public data
(building location and work phone information) to coordinate access
for, and the allocation of, telecommunication resources and building
space/access.
Supervisors, Administrative Officers and Administrative
Technicians will have access to emergency contact information to
enable them to contact someone in the event of an emergency.
NIH central services staff, NIH police, and NIH
management will access both public and non-public data to coordinate/
track employee data required for other NIH business processes such as
card key access, ID badges, parking permits, library resources,
census information gathered for reporting requirements, employee
development, training, campus security, and other administrative
processes.
NIH Security Officers, or other incident response
personnel will have access to public/non-public data where NIH deems
it necessary for official investigations or security incidents
involving suspected intrusion, illegal activity, or unauthorized/
unethical misuse of the system of records or data therein.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
records of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. Disclosure may be made to representatives of the General
Services Administration or the National Archives and Records
Administration who are conducting records management inspections
under the authority of 44 U.S.C. 2904 and 2906.
3. Disclosure may be made to agency contractors, experts,
consultants, or volunteers who have been engaged by the agency to
assist in the performance of a service related to this system of
records and who need to have access to the records in order to
perform the activity. Recipients are required to maintain Privacy Act
safeguards with respect to these records.
4. Disclosure may be made to respond to a Federal agency's
request made in connection with the hiring or retention of an
employee, the letting of a contract or issuance of a security
clearance, grant, license, or other benefit by the requesting agency,
but only to the extent that the information disclosed is relevant and
necessary to the requesting agency's decision on the matter.
5. Disclosure may be made to the Department of Justice, or to a
court or other adjudicative body, from this system of records when:
(a) HHS, or any component thereof; or (b) any HHS officer or employee
in his or her official capacity; or (c) any HHS officer or employee
in his or her individual capacity where the Department of Justice (or
HHS, where it is authorized to do so) has agreed to represent the
officer or employee; or (d) the United States or any agency thereof
where HHS determines that the proceeding is likely to affect HHS or
any of its components, is a party to the proceeding or has any
interest in the proceeding, and HHS determines that the records are
relevant and necessary to the proceeding and would help in the
effective representation of the governmental party.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on electronic media such as computer tape
and disk and/or hard-copy. Automated records are stored in controlled
computer areas. Both manual and computerized records will be
maintained in accordance with the standards of Chapter 45-13 of the
HHS General Administration Manual, ``Safeguarding Records Contained
in Systems of Records'', supplementary Chapter PHS hf: 45-13, and the
Department's Automated Information System Security Program Handbook.
Retrievability:
Records are indexed and retrieved by: name, unique identifier,
alias names, and social security number.
Safeguards:
1. Authorized Users: Non-public data on computer files is
accessed by keyword known only to authorized users who are NIH
employees or contractor staff who have a legitimate operational
responsibility to access the data in the performance of their duties
as determined by the System Manager. Staff are only granted access to
those directories or fields for which they have operational
responsibilities. User activity is recorded. Occurrences of non-
routine user or operator activity are recorded. Public data is
controlled by user-defined view via a web-based look-up table. View
of public data is accessible and controlled via the NIH network.
2. Physical Safeguards: Physical access to the computer systems
where records are stored is controlled through the use of door locks
and alarms.
3. Procedural and Technical Safeguards: Access to the non-public
data will be controlled through: password protection, user
authentication, and system administration procedures for user access.
User name and password authentication procedures are in place to
protect non-public data from public view, and to prevent unauthorized
personnel from accessing data. Logical access controls, based on job
function, are in place to authorize and/or restrict the user activity
and view of the data. Persons having access to data are restricted to
a field-by-field confined user interface that permits a controlled,
or narrow ``view'' of the data. Sensitive data transferred between
NIH source databases is secured through encryption or similar manner.
Digital certificates and automated user audit trail capabilities have
been incorporated to ensure data integrity and to detect evidence of
data tampering.
These practices are in compliance with standards of Chapter 45-13
of the HHS General Administration Manual, ``Safeguarding Records
Contained in Systems of Records'', supplementary Chapter PHS hf: 45-
13, and the Department's Automated Information Systems Security
Program Handbook.
Retention and disposal:
Records may be retired to a Federal Records Center and
subsequently disposed of in accordance with the NIH Records Control
Schedule. The Records Control Schedule and disposal standard for
these records may be obtained by writing to the System Manager at the
address below.
System manager(s) and address:
NIH Privacy Act Officer, 6011 Executive Blvd., Suite 601, MSC
7669, Rockville, MD 20892.
Notification procedure:
Write to the System Manager listed above. The requester must
verify his or her identity by providing either a notarization of the
request or a written certification that the requester is who he or
she claims to be and understands that the knowing and willful request
for acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Act, subject to a five
thousand-dollar fine. The request should include (a) Full name, and
(b) address, and (c) year of records in question.
Record access procedures:
Write to the System Manager specified above to attain access to
records and provide the same information as is required under the
Notification Procedures. Requester should also reasonably specify the
record content being sought. Individuals may also request an
accounting of disclosure of their records, if any.
Contesting records procedures:
Address a petition for amendment to the System Manager. All
requests must be in writing. The individual must identify himself/
herself, specify the system of records from which the records are
retrieved, the particular records to be corrected or amended, whether
seeking an addition to or a deletion or substitution for the records,
and the reason for requesting correction or amendment of the record.
Record source categories:
NIH employees, contractors, and other persons who are using or
performing services on behalf of the NIH, and the NIH human resource
databases (i.e., Human Resource Database (HRDB), Fellowship Payment
System (FPS), J.E. Fogarty Database of Foreign Visiting Scientists
(JEFIC), NIH Telecommunications Database (TELCOM), Parking and
Identification Database (PAID), Email Directory and Forwarding
Service (PH directory), and the Integrated Time and Attendance System
(ITAS)).
Systems exempted from certain provisions of the act:
None.
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Public Health Service and its Components
Office of the Assistant Secretary for Health
Table of Contents
09-37-0001 Office of the Assistant Secretary for Health
Correspondence Control System, HHS/OASH/OM.
09-37-0020 Office of Minority Health Grants Records System,
HHS/OASH/OMH.
09-37-0021 Public Health Service Records Related to Inquiries
and Investigations of Scientific Misconduct, HHS/OASH/ORI.
09-37-0022 Records of Health Experts Mantained by the Office
of International Health (OIH), HHS/OASH/OIH.
09-37-0024 Studies of Preventive Medicine, Health Promotion,
and Disease Prevention, HHS/OASH/ODPHP.
09-37-0151 Public Health Service ALERT Records Concerning
Individuals Found to Have Committed Scientific Misconduct in PHS
Sponsored Research, HHS/OASH/ORI.
09-37-0001
System name: Office of the Assistant Secretary for Health
Correspondence Control System, HHS/OASH/OM.
Security classification:
None.
System location:
1. Public Health Service Executive Secretariat, Room 710H,
Hubert H. Humphrey Building, 200 Independence Ave. SW, Washington, DC
20201.
2. Staff offices of the Assistant Secretary for Health. For a
list of addresses, please write to: Policy Coordinator, Office of
Organization and Management Systems, Office of Management, Room 17-
51, Parklawn Building, 5600 Fishers Lane, Rockville, MD 20857.
3. Federal Records Center, 4205 Suitland Road, Washington, DC
20746.
Categories of individuals covered by the system:
Individuals who have contacted either the Assistant Secretary for
Health, the Surgeon General, a Deputy Assistant Secretary, or a PHS
Staff Office Director, or have been contacted in writing by one of
these officials.
Categories of records in the system:
Hard copies of the actual correspondence, 3 x 5 card file, and
computer or word processor printout and tape or disk control system
records of that correspondence.
Authority for maintenance of the system:
5 U.S.C. 301 Departmental Regulations.
Purpose(s):
To control and track all correspondence documents addressed or
directed to the Assistant Secretary for Health or his subordinates as
indicated above, as well as documents initiated by them, in order to
assure timely and appropriate attention.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation,
and HHS determines that the use of such records by the Department of
Justice, the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Correspondence records are maintained in hard copy. Control
records are maintained in 3 x 5 card file and on computer or word
processor printout, tape, and disk.
Retrievability:
Hard copy records are indexed alphabetically by name of addressee
and date of outgoing correspondence; or by name of sender and date of
incoming correspondence; or by subject. Records may also be cross-
referenced.
Safeguards:
1. Authorized Users: Office directors, correspondence assistants,
and professional and support staff with designated functional
responsibilities directly relating to the purpose of the
correspondence.
2. Procedural Safeguards: Confidential and/or sensitive documents
are either handcarried or transmitted in sealed envelopes. Employees
who handle correspondence are instructed to observe established
office procedures to protect correspondence documents from
unauthorized access. The computerized subsystem is protected by
passwords assigned to specific correspondence assistants; passwords
are changed periodically; the password is changed when a
correspondence assistant terminates employment.
3. Physical Safeguards: 24-hour guard service in buildings,
locked rooms after office hours, lockable file cabinets, word
processing disks are off-loaded and stored when not in use.
Retention and disposal:
Records may be retired to a Federal Records Center and
subsequently disposed of in accordance with the Office of the
Assistant Secretary for Health records control schedule. The records
control schedule may be obtained by writing to the appropriate System
Manager at the address for that official which is indicated under
System Location above.
System manager(s) and address:
Policy Coordinator:Director, Office of Organization and
Management Systems, Office of Management, Room 27-51, Parklawn
Building, 5600 Fishers Lane, Rockville, MD 20857.
System manager:1. Director, Public Health Service Executive
Secretariat, Room 710H. Hubert H. Humphrey Building, 200 Independence
Ave., SW, Washington, DC 20201.
The Director of each Office of the Assistant Secretary for Health
staff office is the system manager for the correspondence control
system in his/her office. For the address of the appropriate system
manager, please write to the Polciy Coordinator at the above address.
Notification procedure:
Inquiries should indicate the name of the individual with whom
the Office of the Assistant Secretary for Health corresponded, the
date of the incoming correspondence, if any, and the date of the
outgoing correspondence. Inquiries should be addressed to the
appropriate System Manager, listed above, not to the policy
coordination official.
Record access procedures:
Same as notification procedures. Requesters must state that they
are who they claim to be, and understand that obtaining information
under false pretenses is subject to a maximum statutory penalty of
5,000.00 dollars.
Requesters may also ask for an accounting of disclosures that
have been made of their records, if any.
Contesting record procedures:
Contact the appropriate System Manager at the address for that
official specified under System Location above, and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and the reason for seeking the correction,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Records are derived from incoming correspondence to, and the
outgoing correspondence of, the Assistant Secretary for Health or his
subordinates as indicated above.
Systems exempted from certain provisions of the act:
None.
09-37-0020
System name: Office of Minority Health Grants Records System,
HHS/OASH/OMH.
Security classification:
None.
System location:
Office of Minority Health, Rockwall II Building, Room 1102, 5600
Fishers Lane, Rockville, Maryland 20857. A current list of contractor
sites is available by writing to the address below under SYSTEM
MANAGER. Inactive records are located at the Federal Records Center,
4205 Suitland Road, Suitland, Maryland 20746.
Categories of individuals covered by the system:
Project Grant Program Directors.
Categories of records in the system:
Grant files, including grant applications, grant award notices,
summary comments of peer reviewers, salary information, staffing
lists, general correspondence, and Social Security Numbers
(optional).
Authority for maintenance of the system:
Public Health Service Act Section 301 (42 U.S.C. 242). This
section authorizes support of health-related grants.
Purpose(s):
The information in this system is used to facilitate day-to-day
grants management operations and for purposes of review, analysis,
planning and policy formulation by OMH staff members and by other
components of DHHS.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(2) The Department may disclose information from this system of
records to the Department of Justice, to a court or other tribunal,
when
(a) HHS, or any component thereof; or
(b) Any HHS employee in his or her official capacity; or
(c) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
HHS determines that the use of such records by the Department of
Justice, the court or other tribunal, is relevant and necessary to
the litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
(3) Disclosure may be made to a private firm for the purposes of
providing services related to grant review, or for carrying out
quality assessment, program evaluation, and/or management reviews.
Any such contractors will be required to maintain Privacy Act
safeguards with respect to such records.
(4) Disclosure may be made to qualified experts not within the
definition of Department employees for opinions as a part of the
application review and award process.
(5) Disclosure may be made to a Federal agency, in response to
its request, in connection with the hiring or retention of an
employee, the issuance of security clearance, the reporting of an
investigation of an employee, the letting of a contract, or the
issuance of a license, grant, or other benefit of the requesting
agency, to the extent that the record is relevant and necessary to
the requesting agency's decision on the matter.
(6) Where Federal agencies having power to subpoena other Federal
agencies' records, such as the Internal Revenue Service or Civil
Rights Commission, issue a subpoena to the Department for records in
this system of records, the Department will make such records
available.
(7) Disclosure may be made to the cognizant Audit Agency for
auditing.
(8) In the event that a system of records maintained by the
Department indicates a violation or potential violation of law,
whether civil, criminal, or regulatory in nature, and whether arising
by statute or by regulation, rule or order issued pursuant thereto,
the relevant records in the system of records may be referred as a
routine use, to the appropriate agency, whether Federal (e.g., the
Department of Justice), or State (e.g., the State Attorney General's
office) charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute or rule, regulation or order issued pursuant thereto for
litigation.
(9) Disclosure may be made to the grantee institution in
connection with performance or administration under the terms and
conditions of the award.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Manual files (files folders).
Retrievability:
Retrievable by program director name and grant number.
Safeguards:
1. Authorized Users: Only staff members of the Office of Minority
Health (OMH) have regular access. Staff members of other DHHS
components have access on a need-to-know basis only.
2. Physical Safeguards: Locked file cabinets, locked offices,
general building security.
3. Procedural Safeguards: OMH staff may inspect and review
records, with the approval of Grant Management Branch staff. Other
DHHS staff will be granted access by the System manager only on a
need-to-know basis. Visitors will not be left unattended in the
office containing the files. Grant records are either transmitted in
sealed envelopes or are hand-carried.
Retention and disposal:
Approved grant applications and their respective files are
retained by OMH for one year beyond the termination date of the
project. Disapproved grant applications are held for six months. The
grant files are then retired to a Federal Records Center and
subsequently disposed of in accordance with the PHS/OASH records
control schedule. The records control schedule may be obtained by
writing to the System Manager at the following address.
System manager(s) and address:
Grants Management Officer, Office of Minority Health, PHS, Room
1102, Rockwall II Building, 5600 Fishers Lane, Rockville, MD 20857.
Notification procedure:
To determine if a record exists, write to the System Manager at
the above address. Specify program director's name and/or grant
number.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Positive
identification is required. You may also request an accounting of
disclosures that have been made of your record, if any.
Contesting record procedures:
Contact the official at the address specified under System
Manager above and reasonably identify the record, specify the
information being contested, the corrective action sought, and your
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Grant applications, reports and correspondence from organizations
interested in improving minority health, summary statements from
grant review committees and incoming correspondence from project
staff.
Systems exempted from certain provisions of the act:
None.
09-37-0021
System name:
Public Health Service Records Related to Inquiries and
Investigations of Scientific Misconduct, HHS/OASH/ORI.
Security classification:
None.
System location:
For Intramural and Extramural Research Programs: Office of
Research Integrity, Rockwall II, Suite 700, 5515 Security Lane,
Rockville, Maryland 20852, and at offices for (1) each of the Agency
Extramural Research Integrity Officers (AERIOs), (2) each of the
Agency Research Integrity Liaison Officers (ARILOs), (3) each of the
Agency Intramural Research Integrity Officers (AIRIOs) for those
agencies covered by this notice; (4) each of the NIH Misconduct
Program Offices and (5) the Federal Records Centers for inactive
records.
Categories of individuals covered by the system:
Individuals who are the subject of allegation(s) of scientific
misconduct or related matters. These categories include: (1)
Researchers currently or formerly employed by the Federal Government,
(2) guest researchers, (3) Advisory Committee members, and (4)
investigators or applicants for research grants, research training
grants, fellowships, cooperative agreements or contracts.
Investigators may include principal investigators, co-investigators,
program directors, trainees, recipients of career awards or
fellowships, or other individuals who conduct or are responsible for
research or research training funded by the PHS or who are the
subject of applications for PHS funding.
Categories of records in the system:
This system contains records related to allegations, inquiries,
investigations, findings of misconduct in science, or actions that
PHS has taken in connection with such allegations, inquiries,
investigations or findings. Scientific misconduct is defined as
fabrication, falsification, plagiarism or other practices that
seriously deviate from those that are commonly accepted within the
scientific community for proposing, conducting or reporting research.
It does not include honest error or honest differences in
interpretations or judgements of data.
This system consists of records concerning or collateral to
pending, ongoing or completed inquiries and investigations of alleged
scientific misconduct. It includes information about the individuals
under investigation or under an inquiry; the other PHS agencies or
other federal agencies involved; the organization responsible for
conducting the inquiry or investigation; the funding mechanism
identification number(s) involved; names of individual involved;
names of witnesses; general nature of the allegation; and the
documentation used in the inquiry or investigation, including
relevant research data and reagents, proposals, publications, copies
of relevant publications by persons under investigation,
qualification statements and curriculum vitae of expert consultants,
correspondence, memoranda of telephone calls, summaries of
interviews, social security numbers, interim and final reports
prepared by the institution, Office of Research Integrity (ORI),
Departmental Appeals Board (DAB) and other related data.
Authority for maintenance of the system:
The authorities for maintaining the system are Sections 215(b),
301 and 493 of the Public Health Service Act; 42 U.S.C. 216(b), 241,
and 289b; 5 U.S.C. 301, and 44 U.S.C. 3101, 42 CFR part 50, subpart
A; 45 CFR part 76.
Purpose(s):
The purposes of this system are to (1) enable PHS agencies to
discharge effectively their responsibilities in managing PHS
intramural and extramural research programs and in the application,
award, and administration of research and training awards,
cooperative agreements and contracts while protecting the rights and
privacy of the individuals under investigation and the
confidentiality of information sources; (2) determine whether there
has been scientific misconduct in PHS supported research; (3) assure
the institutions applying for or receiving PHS funds have appropriate
mechanisms for dealing with allegations of scientific misconduct and
the protection of whistleblowers; (4) determine whether results or
reports of PHS-related research are falsified, fabricated,
misrepresented, or plagiarized so that PHS can notify the scientific
community or others who may rely on the results; (5) serve as a
working file and enable the ORI to inform PHS agency officials of the
status and results of inquiries and investigations so that they may
take actions appropriate to each case; (6) investigate allegations of
misconduct and take appropriate remedial and corrective actions with
respect to individuals who are found to have committed misconduct;
and (7) ensure that inquiries and investigations are timely,
thorough, complete and objective in accordance with applicable
Federal regulations and procedures.
Routine uses of records maintained in the system including
categories of users and purposes of such uses:
Any disclosure pursuant to these routine uses will be limited to
the information necessary to accomplish the purpose of the
disclosure:
1. To the Department of Justice, or to a court or other tribunal,
when (a) the Department of Health and Human Services (HHS), or any
component thereof; or (b) any HHS employee in his or her official
capacity; or (c) any (HHS) employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) the United States or
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, court or other tribunal
is relevant and necessary to the litigation and would help in the
effective representation of the government party, provided, however,
that in each case HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
2. To qualified expert(s) for the purpose of obtaining the
expert's assistance on matters pertinent to the inquiry,
investigation, or related legal proceeding.
3. To responsible officials of the awardee institutions or
organizations, when in connection with an inquiry, investigation or
finding of misconduct by an individual previously or currently
employed by or affiliated with the institution or organization, a PHS
agency makes a finding or takes an action potentially affecting
research and research training awards to the institution or
organization.
4. To other Federal Agencies who have supported, are supporting
or are considering support of a research grant, fellowship,
cooperative agreement or contract with an affected individual or
institution or which have utilized or relied on the relevant research
to the extent that the record is relevant and necessary to the
Agency's decision on the matter after there is an initial
institutional or agency finding of misconduct.
5. To any person able to provide information in an inquiry,
investigation or related proceeding, including the relevant PHS-
supported institution(s), Federal, State and local agencies, and the
person(s) making the allegation, provided however, that in each case
HHS determines that such disclosure is necessary in order to conduct
a thorough and fair investigation into allegations of scientific
misconduct.
6. Upon request to a State licensing board or certifying body
conducting a review of the individual to aid the board or body in
meeting its responsibility to protect the health of the population in
its jurisdiction or the integrity of the profession after there is an
agency finding of misconduct or remedial actions have been imposed.
7. To Institutional Review Boards, research-sponsoring
institutions, individual research subjects, and the public, regarding
information obtained or developed through the investigation that, in
PHS's judgement, may have implications for individuals' health or for
their participation in a research study. The subject of the
investigation will be provided with a copy of the information that is
released.
8. When a record on its face, or in conjunction with other
records, indicates a violation or potential violation of law, whether
civil, criminal or regulatory in nature, and whether arising by
general statute or particular program statute or by regulation, rule
or order issued pursuant there to, disclosure may be made to the
appropriate agency, whether Federal, foreign, state, local, or
tribal, or other public authority responsible for enforcing
investigating or prosecuting such violation or charged with enforcing
or implementing the statute, or rule, or regulation, or order issued
pursuant thereto, if the information disclosed is relevant to any
enforcement, regulatory, investigative or prosecutive responsibility
of the receiving entity.
9. To agency contractors who have been engaged by the agency to
assist in the performance of a service related to this system of
records and who need to have access to the records in order to
perform the activity. Recipients shall be required to comply with the
requirements of the Privacy Act of 1974.
10. To notify professional journals, news media, other
publications and the public concerning misconduct findings and the
need to correct falsified, fabricated, plagiarized or otherwise
misrepresented research results or reports after there is a final
agency finding of scientific misconduct or remedial actions have been
imposed. No information will be released that would reveal a
confidential source.
11. To the General Services Administration (GSA), after there is
a final agency action to debar, for the purpose of distributing and
publishing that decision to debar.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders and on computer discs.
Retrievability:
Records are retrieved by name of the individual who is the
subject of an allegation, inquiry or investigation.
Safeguards:
1. Authorized users: Extramural and intramural records in ORI are
available to the system manager, to the Director, ORI, and to other
appropriate ORI staff when they have a need to know. Records are
available to the system manager, to the Deputy Director for
Intramural Research, and to other appropriate HHS officials,
including the Agency Research Integrity Liaison Officer (ARILOs), the
Agency Intramural Research Integrity Officer (AIRIOs), and the
Misconduct Program Officers (MPOs) located in the Bureaus, Centers,
and Divisions of the NIH that are associated with the allegation,
inquiry or investigation when there is a need to know in the
performance of their duties.
2. Procedural safeguards: For records located in the ORI, access
is strictly controlled by the system manager and the Director, ORI.
For records located at the other sites, access is strictly controlled
by the PHS Agency Heads, Deputy Director for Intramural Research, the
ARILOs, the AIRIOs, AERIO, and MPOs and other appropriate PHS
officials in their respective offices. HHS employees who receive
disclosures from this system are informed that the information is
confidential. All questions and inquiries from any party should be
addressed to the system manager.
3. Physical safeguards: ORI records are kept in locked file
cabinet in a room that is locked during non-working hours. Access to
this room is restricted to specific personnel. The ORI office is
protected by access and intrusion alarms at the front and emergency
entrances. Access to computer files are protected through passwords
and user-invisible encryption. Special measures commensurate with the
sensitivity of the record are taken to prevent unauthorized copying
or disclosure of the records. Records at other locations are
protected from unauthorized access by PHS Agency heads, the Deputy
Director Intramural Research, the AERIO's ARILOs, MPOs, or AIRIOs.
Retention and disposal:
Allegation, inquiry and investigative files are retained and
disposed of in accordance with the OASH Record Control Schedule.
System manager(s) and address:
Director, Division of Research Investigations, Office of Research
Integrity, Rockwall II, Suite 700, 5515 Security Lane, Rockville,
Maryland 20852.
Notification procedure:
This system is exempt from access; however, consideration will be
given to requests addressed to the system manager. For general
inquiries, state your name, the name of the institution, and the date
of the award.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought.
Contesting record procedures:
Exempt. However, consideration will be given requests addressed
to the system manager. Requests for corrections should reasonably
identify the record and specify the information to be contested, the
corrective action sought and the reasons for the corrections with
supporting justification.
Record source categories:
Information in this system is obtained: (1) Directly from the
individual, (2) derived from materials supplied by the individual,
(3) from information supplied by the institutions, informants,
witnesses, and others, and (4) from existing government files.
Systems exempted from certain provisions of the act:
This system is exempted under subsections (k)(2) and (k)(5) of
the Privacy Act from access, notification, correction, and amendment
provisions of the Privacy Act (5 U.S.C. 552a (c)(3), (d)(1)-(4),
(e)(4)(G)-(H), and (f)).
09-37-0022
System name: Records of Health Experts Maintained by the Office
of International Health (OIH), HHS/OASH/OIH.
Security classification:
None.
System location:
Office of International Health, Office of the Assistant
Secretary for Health/HHS, 5600 Fishers Lane, room 18-87, Rockville,
Maryland 20857.
Devres, Inc., 7201 Wisconsin Avenue, suite 500, Bethesda,
Maryland 20814.
Logical Technical Services, Inc., 7222 47th Street, suite 100,
Chevy Chase, Maryland 20815.
Categories of individuals covered by the system:
Experts who have responded to inquiry(s) of interest to provide
short-term technical assistance in health disciplines identified by
the Office of International Health.
Categories of records in the system:
Name, address, work and home telephone numbers, technical
expertise, language capability, international experience, schools and
degrees received, professional affiliations, principal publications,
references, curricula vitae, travel records, payment records for
consultants, Social Security number, and passport number, including
date and place issued.
Authority for maintenance of the system:
42 U.S.C. 2421, regarding International Cooperation, and the
Foreign Assistance Act.
Purpose(s):
The purpose of this system is:
(1) To locate experts with a particular area of expertise to
respond to requests for technical assistance from AID/Washington or
from an USAID overseas Mission; (2) to participate in cooperative
bilateral health programs of the Public Health Service; (3) to
communicate areas of expertise to the cooperating country to
facilitate travel arrangements; (4) to monitor payments; and, (5) to
coordinate the location of experts with various components of the
Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
2. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
3. OIH contracts with a contractor, Devres, Inc., and a
subcontractor, Logical Technical Services, Inc., to obtain the
services of experts. Relevant records will be disclosed to the
contractor/subcontractor or may be developed by the contractor/
subcontractor for use in such requests. The contractor shall be
required to maintain Privacy Act safeguards with respect to such
records.
4. Information in this system of records is used by the
contractor/subcontractor to prepare W-2 and 1099 Forms to submit to
the Internal Revenue Service and applicable State and local
governments those items to be included as income to an individual.
5. Disclosure may be made to AID/Washington and to USAID overseas
Missions, and/or the American Embassy, in response to a request under
the ANE-OIH agreement for technical assistance.
6. Information may be disclosed to foreign governments, in the
form of official cable transmissions, to inform the foreign
government of a proposed candidate for an assignment and to obtain
necessary foreign government clearance.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored in file folders, on index cards, computer
tapes and disks, microfiche, microfilm.
Retrievability:
Information will be retrieved by name, technical expertise,
language capability, and/or international expertise.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
follows:
1. Authorized Users: OIH, HCFA, Devres and LTS employees involved
with the AID-OIH interagency agreement, and the OIH-HCFA
subagreement, concerning health care financing issues are authorized
users as designated by the System Manager.
2. Physical Safeguards: Records are stored in locked rooms,
locked file cabinets, and/or secured computer facilities.
3. Procedural Safeguards: Contractors who maintain records in
this system are instructed to make no further disclosure of the
records except as authorized by the System Manager and permitted by
the Privacy Act. Privacy Act requirements are specifically included
in the Devres contract. HHS project directors, contract officers, and
project officers oversee compliance with these requirements.
4. Implementation Guidelines: DHHS Chapter 45-13 and
supplementary Chapter PHS.hf: 45-13 of the General Administration
Manual, and Part 6, ``ADP System Security'' in the HHS Information
Resource Management Manual.
Retention and disposal:
Records will be retained until the termination of the interagency
agreements and will be disposed of in accordance with the OASH
disposal standard.
System manager(s) and address:
Deputy Director, Office of International Health, 5600 Fishers
Lane, Room 18-87, Rockville, Maryland 20857.
Notification procedure:
To determine whether a record exists, write to the OIH System
Manager at the address above. Provide notarized signature as proof of
identity. The request should include as much of the following
information as possible: (a) Full name; (b) identification of
assignment; and (c) approximate date(s) of participation.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosures that have been made of
their records, if any.
Contesting record procedures:
Contact the System Manager and reasonably identify the record,
specify the information being contested, and state the corrective
action sought and the reason(s) for requesting the correction, along
with supporting justification to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information gathered from individual experts and from assignment
or travel documents.
Systems exempted from certain provisions of the act:
None.
09-37-0024
System name:
Studies of Preventive Medicine, Health Promotion, and Disease
Prevention, HHS/OASH/ODPHP.
Security classification:
None.
System location:
Records are located at the Office of Disease Prevention and
Health Promotion (ODPHP) and Contractor research facilities that
collect or provide research data for this system. Primary record
storage sites are listed in Appendix I. A current list of additional
contractor sites is available by writing to the System Manager at the
address below.
Categories of individuals covered by the system:
Patients (adults and children) of the clinicians participating in
these studies; individuals who are representative of the general
population or of special groups including, but not limited to: Normal
controls, normal volunteers, family members and relatives; providers
of services.
Categories of records in the system:
The system contains records about individuals as relevant to
these studies: (1) Medical records (treatment, laboratory screening
and diagnostic tests, and preventive services); (2) clinician surveys
(use of screening, counseling and preventive services); and (3)
patient surveys (height, weight, race/ethnicity, health behavior,
health conditions). Examples of information include, but are not
limited to: Patient or provider name, study identification number,
address, relevant telephone numbers, Social Security Number
(voluntary), date of birth, weight, height, sex, race; medical,
psychological and dental information, laboratory and diagnostic
testing results; registries; social, economic and demographic data;
health services utilization; immunization status; insurance and
hospital cost data, employers; characteristics and activities of
health care providers.
Authority for maintenance of the system:
Authorization to collect these data is provided under section 301
of the Public Health Service Act (42 U.S.C. 241), General Powers and
Duties of Public Health Service.
Purpose(s):
The purpose of this system of records is to enable the study of
the impact of preventive medicine interventions and public education
efforts of health service delivery, patient behavior, and health
outcome. Information from the system of records will be shared within
the Department of Health and Human Services (DHHS) with such Public
Health Service (PHS) agencies as the Centers for Disease Control and
Prevention (CDC) including the National Center for Health Statistics
(NCHS), the Health Resource Services Administration (HRSA), the
Indian Health Service (IHS), the National Institutes for Health
(NIH), the Agency for Health Care Policy and Research (AHCPR), and
the Health Care Financing Administration (HCFA).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; e.g., disclosure of alcohol or drug
abuse patient records will be made only in accordance with the
restrictions of confidentiality statutes and regulations (42 U.S.C.
290 (dd-2), 42 U.S.C. 241 and 405, 42 CFR part 2), and where
applicable, no disclosures will be made inconsistent with an
authorization of confidentiality under 42 U.S.C. 242a and 42 CFR part
2a; (B) has determined that the research purpose (1) cannot be
reasonably accomplished unless the record is provided in individually
identifiable form, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring; (C)
has required the recipient to (1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, (2) remove or destroy
the information that identifies the individual at the earliest time
at which removal or destruction can be accomplished consistent with
the purpose of the research project, unless the recipient has
presented adequate justification of a research or health nature for
retaining such information, and (3) make no further use or disclosure
of the record except (a) in emergency circumstances affecting the
health or safety of any individual, (b) for use in another research
project, under these same conditions, and with written authorization
of the Department, (c) for disclosure to a properly identified person
for the purpose of an audit related to the research project, if
information that would enable research subjects to be identified is
removed or destroyed at the earliest opportunity consistent with the
purpose of the audit, or (d) when required by law; and (D) has
secured a written statement attesting to the recipient's
understanding of, and willingness to abide by, these provisions.
Examples of organizations and agencies of which records from this
system may be disclosed include, but are not limited to Health
Maintenance Organizations (HMOs) and other service providers
participating in the studies and various federal and state agencies,
such as the Veteran's Administration, branches of the Armed Forces,
and state and local health department.
2. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from a
congressional office made at the written request of that individual.
3. In the event of litigation, where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, for example, in defending a claim against
the Public Health Service, based upon an individual's mental or
physical condition and alleged to have arisen because of activities
of the Public Health Service in connection with such an individual,
the Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense, provided such disclosure is compatible
with the purpose for which the records were collected.
4. ODPHP may contract with a private firm for the purpose of
collecting, analyzing, aggregating, or otherwise refining records in
this system. Relevant records may be disclosed to such contractor.
The contractor shall be required to maintain Privacy Act safeguards
with respect to such records.
5. Disclosure may be made to organizations deemed qualified by
the Secretary to carry out quality assessments, medical audits or
utilization review.
6. Information from this system may be disclosed to Federal
agencies, State agencies (including the Motor Vehicle Administration
and State vital statistics offices), private organizations, and other
third parties (such as current or prior employers, acquaintances,
relatives), in order to obtain information on morbidity and mortality
experiences and to locate individuals for follow-up studies. Social
Security numbers may be disclosed to the Social Security
Administration to ascertain disabilities and/or location of
participants. Social Security numbers may also be given to other
Federal agencies, and State and local agencies for purposes of
locating individuals for participation in follow-up studies.
7. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for PHS who do not technically have the status
of agency employees, if they need the records in the performance of
their agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored in hard copy, index cards, file folders,
computer tapes and disks (including optical disks), photography
media, microfiche, microfilm, and audio and video tapes. Typically,
factual data with study code numbers are stored on computer tape or
disk, while the key to personal identifiers is stored separately,
without factual data, in locked paper files.
Retrievability:
During data collection stages and follow-up retrieval is by
personal identifier (e.g., name, Social Security Number, medical
record or study identification number etc.). During the data analysis
stage, data are normally retrieved by the variables of interest
(e.g., diagnosis, age, occupation).
Safeguards:
1. Authorized Users: Access to identifiers and to link files is
strictly limited to the authorized personnel whose duties require
such access. Procedures for determining authorized access to
identified data are established as appropriate for each location.
Personnel, including contractor personnel, who may be so authorized
include those directly involved in data collection and in the design
of research studies, e.g., interviewers and interviewer supervisors;
project managers, and statisticians involved in designing sampling
plans.
Other one-time and special access by other employees is granted
on a need-to-know basis as specifically authorized by the System
Manager.
Researchers authorized to conduct research will typically access
the system through the use of encrypted identifiers sufficient to
link individuals with records in such a manner that does not
compromise confidentiality of the individual.
2. Physical Safeguards: Records are stored in locked rooms,
locked file cabinets, and/or secured computer facilities. Personal
identifiers and link files are separated as much as possible and
stored in locked files. Computer data access is limited through the
use of key words known only to authorized personnel.
A separate key list linking ID codes to respondents will be
maintained by the contractor conducting the survey, during the data
collection period in order to permit follow-up with non-respondents.
This key list will be kept in a locked file when not actively in use.
As soon as data cleaning is completed this key list will be
destroyed. No data that could be used to identify respondents will be
entered on the computer database.
Likewise the name of individual settings will not appear on data
collection forms or the computerized database. Again a separate key
matching the ID code to the hospital name will be maintained during
the course of data collection in order to permit follow-up of non-
respondents. They key listing will be kept in a secure location when
not actively in use, and destroyed as soon as the data cleaning is
completed.
3. Procedural Safeguards: Collection and maintenance of data is
consistent with legislation and regulations regarding the protection
of human subjects, informed consent, and confidentiality. When
anonymous data is provided to research scientists for analysis, study
numbers which can be matched to personal identifiers will be
eliminated, scrambled, or replaced by the agency or contractor with
random numbers which cannot be matched. Contractors who maintain
records in this system are instructed to make no further disclosure
of the records. Privacy Act requirements are specifically included in
contracts for survey and research activities related to this system.
The ODPHP project officers and contract officers oversee compliance
with these requirements.
Retention and disposal:
The records are maintained with individual identifiers only until
analysis and follow-up are completed, generally a two- to three-year
period. Removal or disposal of identifiers will be done according to
the storage medium (e.g., erase computer tape, shred, pulp or burn
paper records etc.). A staff person designated by the System Manager
or an authorized Contractor will oversee and confirm the disposal in
writing. Long-term retention is only in aggregate form without
individual identifiers in accordance with the OASH Records
Disposition Schedule.
System manager(s) and address:
Senior Policy Advisor, Office of Disease Prevention and Health
Promotion, 2132 Switzer Building, 330 C Street, SW, Washington, DC
20201.
Notification procedure:
To determine if a record exists, write to the System Manager
listed above. Notification requests should include: Individual's
name; current address; date of birth; date, place and nature of
participation in the research study; address at the time of
participation. The System Manager may accept a written certification
that the requester is who he or she claims to be and understands that
the knowing and willful request for acquisition of a record
pertaining to an individual under false pretenses is a criminal
offense under the Act, subject to a five thousand dollar fine.
An individual who requests notification of, or access to, a
medical/dental record shall, at the time the request is made,
designate in writing a responsible representative who will be willing
to review the record and inform the subject individual of its
contents at the representative's discretion. The representative may
be a physician, or other health professional, or other responsible
individual. The subject individual will be granted direct access
unless it is determined that such access is likely to have a adverse
effect on him or her. In this case, the medical/dental record will be
sent to the designated representative.
Individuals will be informed in writing if the record is sent to
the representative.
A parent or guardian who requests notification of, or access to,
a child's or incompetent person's medical record shall designate a
family physician or other health professional (other than a family
member) to whom the record, if any, will be sent. The parent or
guardian must verify relationship to the child or incompetent person
as well as his or her own identity.
Record access procedure:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An individual
may also request an accounting of disclosures of his/her record, if
any.
Contesting record procedure:
Contact the appropriate official at the address specified under
Notification Procedures above and reasonably identify the record,
specify the information being contested, and state the corrective
action sought and the reason(s) for requesting the correction, along
with supporting justification to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
The system contains information obtained directly from the
subject individual by interview (face-to-face or telephone), written
questionnaire, or observations. Information is also obtained from
other sources, including but not limited to: Referring physicians;
hospitals; State and local health agencies; relatives; guardians;
schools, employers; and clinical research records.
Systems exempted from certain provisions of the act:
None.
Appendix I: System Location Sites
Office of Disease Prevention and Health Promotion
(ODPHP), 2132 Switzer Building, 330 C Street, SW,
Washington, DC 20201
Battelle Memorial Institute, Centers for Public Health
Research and Evaluation, 2101 Wilson Boulevard, Suite
800, Arlington, VA 22201
Battelle Memorial Institute, Centers for Public Health
Research and Evaluation, Room 100E, 505 King Avenue,
Columbus, OH 43201-2693
Battelle/SRA, 401 North Lindbergh Boulevard, Suite 330,
St. Louis, MO 63141-7816
09-37-0151
System name:
Public Health Service ALERT Records Concerning Individuals Found
to Have Committed Scientific Misconduct in PHS Sponsored Research,
HHS/OASH/ORI.
Security classification:
None.
System location:
Office of Research Integrity, Public Health Service, Rockwall II,
suite 700, 5515 Security Lane, Rockville, Maryland 20852.
Categories of individuals covered by the system:
Subjects may include (1) researchers currently or formerly
employed by the Federal Government; (2) individuals being considered
for appointment to Public Health Service (PHS) advisory committees;
(3) investigators on research grants, fellowships, cooperative
agreements, or contracts awarded by any PHS agency,
(``Investigators'' may include principal investigators, co-
investigators, program directors, trainees, recipients of career
awards or fellowships, or other individuals who conduct or are
responsible for research or research training funded by PHS); (4)
research investigators, such as guest workers, not employed by PHS
but who conduct research in PHS facilities or are closely associated
with research conducted by PHS; (5) other individuals, such as
subgrantees, subcontractors or assistants on research or research
training grants, contracts or cooperative agreements, who by
training, experience, occupation or other qualifications are
potential candidates for research or research training grants,
contracts, cooperative agreements or other benefits.
Such individuals would be subjects of records in this system if
they fall within the following categories:
(1) ORI has made a finding of scientific misconduct concerning
the individual;
(2) The individual is the subject of administrative actions
imposed as a result of a determination that scientific misconduct has
occurred. Such administrative actions include but are not limited to:
(a) Restrictions on specific activities or expenditures under an
active award, (b) a requirement for special reviews of all requests
for funding; (c) actions affecting eligibility for appointment as an
individual or member of a committee providing advice to PHS; (d)
debarment from participation in covered transactions which may
include grants, contracts, and cooperative agreements; (e) suspension
or termination of an active award; (f) special restrictions on
regulated research, such as disqualification by the Food and Drug
Administration (FDA) from use of investigational drugs or other
products, or other restrictions place on such use; and (g)
termination of employment or other disciplinary action against an
employee of PHS.
(3) The individual has agreed to a voluntary corrective action as
a result of an investigation of scientific misconduct.
(4) ORI has received a report of an investigation by an
institution in which there is a finding of scientific misconduct
concerning the individual and ORI has determined that PHS has
jurisdiction.
(5) The FDA has determined after an investigation that there is
sufficient reason to believe that official action is warranted
against the individual for violation of FDA regulations governing
research.
Categories of records in the system:
This system contains records relating to findings of scientific
misconduct and to actions that PHS has taken in connection with such
findings including voluntary exclusion agreements. This information
is limited to (1) the ORI Case Reference number, (2) the name of the
subject of the investigation, (3) the individual's social security
number, (4) the date of birth of the individual, (5) the type of
misconduct, (6) the institution that conducted the investigation, (7)
a summary of the administrative actions imposed as a result of the
misconduct and the effective and expiration dates, (8) the involved
PHS support and the involved PHS agencies or funding components
including identification of the specific office responsible for the
investigation, (9) the record creation date, and (10) the last entry
date. Scientific misconduct is defined as fabrication, falsification,
plagiarism or other practices that seriously deviate from those that
are commonly accepted within the scientific community for proposing,
conducting or reporting research. It does not include honest error or
differences in interpretations or judgement of data.
Authority for maintenance of the system:
Authority for this system comes from the legislation which
authorizes PHS to make awards for biomedical and behavioral research
and research training, and from PHS's concomitant responsibility to
assure both that funds disbursed under awards are spent for
authorized purposes and that recipients of such funds conform to all
appropriate laws and regulations. (5 U.S.C. 301; 29 U.S.C. 669; 42
U.S.C. 241, 242b, 242c, 2421, 242m, 247c, 281-289h, 285n, 285n-2,
285o, 285o-2, 300a-2, 300b-1-b-3, 300c-12, 300z-7, as these
provisions relate to biomedical and behavioral research and research
training).
Purpose(s):
This system of records enables PHS agencies to discharge
effectively their responsibilities in the award and administration of
research and training grants, cooperative agreements and contracts,
while protecting the privacy and other rights of individuals. The PHS
ALERT system is used to collect, control and disseminate to PHS
agency officials on a need-to-know basis information that: (1) The
PHS has made a finding of scientific misconduct or (2) the PHS has
imposed administrative action(s) at the conclusion of an
investigation for scientific misconduct; or (3) has received a report
of an investigation by an institution in which there is a fining of
scientific misconduct and ORI has determined that the PHS has
jurisdiction, or (4) the FDA has determined after an investigation
that there is sufficient reason to believe that official action is
warranted against such persons for violation of FDA regulations
governing research or (5) an individual has agreed to a voluntary
corrective action relative to findings of scientific misconduct.
Specifically,
(1) PHS records the existence of such administrative actions in
the system so that PHS agencies can track and implement the
administrative actions, for example by refusing to accept an
application or proposal from a debarred person. In addition, PHS
informs members of technical merit review groups of actions taken if
the disclosure is necessary to ensure an unbiased review by providing
an accurate account of the case, for example, when information
concerning the conduct investigated has been disclosed by other
sources, such as the press or other communications media.
(2) The ORI will transmit the names and, if available, the SSN or
date of birth of those individuals against whom there was a finding
of scientific misconduct and administrative action(s) to the Division
of Research Grants (DRG), National Institutes of Health (NIH) and to
other appropriate officials within the PHS. DRG will use this file to
screen automatically PHS research contract and grant award records;
applications for PHS funding of research grants, fellowships and
cooperative agreements; and nominations/appointments to PHS advisory
committees.
(3) If the ORI's review of the institutional investigation
findings or the Departmental Appeals Board (DAB) hearing on the
findings fail to confirm misconduct (a) the individual's name is
removed from the PHS ALERT system of records and the individual is
notified in writing; (b) responsible PHS agency officials are
notified of the outcome; (c) if any interim administrative actions
had been imposed, they are withdrawn.
(4) Appropriate agency officials are notified of additions to the
PHS ALERT for the purpose of communicating and disseminating
information about scientific misconduct.
(5) PHS Committee Management Officers are notified of
administrative actions restricting or prohibiting PHS advisory
service in order to assist in the appointment of candidates for the
advisory committees.
(6) Upon request, the System Manager may disclose information to
PHS agency officials who are considering hiring a subject individual.
(7) Upon request, the System Manager may disclose information in
the PHS ALERT to contracting officers in order to assist them in the
award of a contract.
Routine use of records maintained in the system, including
categories of users and the purposes of such uses:
1. PHS may notify responsible officials of the awardee
institutions or organizations when, in connection with an ORI review
of an institution's investigation or a finding of scientific
misconduct by an individual employed by or affiliated with the
institution or organization, a PHS agency takes an action affecting
research and research training awards to the institution or
organization. Information disclosed will be limited to the name of
the subject individual, description of the action and the reason for
it.
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
3. Disclosure may be made from this system of records to the
Department of Justice, or to a court or other tribunal, when (a) HHS,
or any component thereof; or (b) any HHS employee in his or her
official capacity or (c) any HHS employee in his or here individual
capacity where the Department of Justice, (or HHS, where it is
authorized to do so) has agreed to represent the employee; or (d) the
United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components is a
party to litigation, and HHS determines that the use of such records
by the Department of Justice, court or other tribunal is relevant and
necessary to the litigation and would help in the effective
representation of the governmental party, provided, however, that in
each case, HHS determines that such disclosure is compatible with the
purpose for which the records were collected.
4. Disclosure may be made via an electronic bulletin board to
institutions, organizations and persons connected to the electronic
bulletin boards outside the DHHS and components within the DHHS of
the names of individuals against whom there was a finding of
scientific misconduct and an imposition of administrative actions
including voluntary exclusion agreements. The information will enable
applicant institutions to enforce PHS administrative actions within
their institutions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in file folders and computer disks.
Retrievability:
Records are retrieved by name of the individual who is the
subject of an ORI investigation or review of an institution's
investigation or subject to an administrative action.
Safeguards:
1. Authorized users: Records are available only to the system
manager, Director of Division of Policy and Education (DPE), ORI, or
designee. Any disclosure to other individuals must be authorized by
the Director, DPE.
2. Procedural safeguards: Access to records is strictly
controlled by the system manager and the officials specified under
``Authorized Users.'' Individuals who receive disclosures from this
system before there is a final agency finding, are informed that the
information is confidential.
3. Physical safeguards: Sensitive records stored in file folder
and on computer discs are kept in locked file cabinets in areas which
are locked when not in use. Special measures, commensurate with the
sensitivity of the records, are taken to prevent unauthorized copying
or disclosure of records.4
These practices are in compliance with the standards of chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records contained in Systems of Records,'' supplementary Chapter PHS
hf: 45-13, and the Department's Automated Information System Security
Handbook.
Retention and disposal:
Records are retained and disposed of in accordance with the OASH
Records Control Schedule. If an institutional finding of scientific
misconduct is reversed by ORI or DAB, the PHS ALERT records are
destroyed. If an investigation results in an official administrative
action or voluntary exclusion agreements, a record of such
administrative action is maintained for the duration of the
administrative action and then destroyed.
System manager(s) and address:
PHS ALERT System Manager, Division of Policy and Education,
Office of Research Integrity, Rockwall II, suite 700, 5515 Security
Lane, Rockville, MD 20852.
Notification procedure:
Individuals are routinely notified in writing when they become
the subject of a record in this system, unless a law enforcement
agency has instructed PHS not to do so. Subject individuals are also
informed routinely when their records are deleted from the system.
Record access procedure:
Individuals may write to the system manager at the address above
and provide their full name and the name of this Privacy Act system
of records to request a copy of the record. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request a listings of accountable disclosures that have been
made of their records, if any.
Contesting record procedure:
Individuals may write to the system manager and reasonably
identify the record and the information being contested; and state
the reasons for requesting the change, along with supporting
information to show that the record is untimely, incomplete,
irrelevant, or inaccurate. The right to contest records is limited to
information which is incomplete, irrelevant, incorrect or untimely
(obsolete).
Record source categories:
Information in these records is obtained from awardee
institutions or organizations, and PHS agencies and organizations
responsible for investigations.
Systems exempted from certain provisions of the Act
None.
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
Table of Contents
System Number and System Name:
09-90-0001 Telephone Directory/Locator System, HHS/OS/ASMB/
OMAS.
09-90-0002 Investigatory Matrial Compiled for Security and
Suitability Purposes, HHS/OS/OIG.
09-90-0003 Criminal Investigative Files of the Inspector
General, HHS/OS/OIG.
09-90-0005 Safety Management Information System (HHS Accident,
Injury, and Illness Reporting System), HHS/OS/ASMB/Office of Safety
and Occupational Health.
*09-90-0006 Applicants for Employment Records, HHS/OS/ASPER.
*09-90-0007 Complaints and Inquiries Records--Miscellaneous,
HHS/OS/ASPER.
*09-90-0008 Conflict of Interest Records, HHS/OS/ASPER.
*09-90-0009 Discrimination Complaints Records, HHS/OS/ASPER.
*09-90-0010 Employee Assistance Program (EAP) Records, HHS/OS/
ASPER/OHR.
*09-90-0011 Employee Appraisal Program Records, HHS/OS/ASPER.
*09-90-0012 Executive Development Records, HHS/OS/ASPER.
*09-90-0013 Federal Employees Occupational Health Program
Records, HHS/OS/ASPER.
*09-90-0014 Grievances Filed Under Part 771 of 5 CFR, HHS/OS/
ASPER.
*09-90-0015 Grievance Records Filed Under Procedures
Established by Labor-Management Negotiations, HHS/OS/ASPER.
*09-90-0016 HHS Motor Vehicle Operator Records, HHS/OS/ASPER.
*09-90-0018 Personal Records in Operating Offices, HHS/OS/
ASPER.
*09-90-0019 Special Employment Program Records, HHS/OS/ASPER.
*09-90-0020 Suitability for Employment Records, HHS/OS/ASPER.
*09-90-0021 Training Management Information System, HHS/OS/
ASPER.
*09-90-0022 Volunteer EEO Support Personnel Records, HHS/OS/
ASPER.
**09-90-0023 Departmental Parking Control Policy and Records
Systems, HHS/OS/ASMB/FE.
*09-90-0024 Financial Transactions of HHS Accounting and
Finance Offices, HHS/OS/ASMB.
09-90-0025 Central Registry of Individuals Doing Business with
HHS, HHS/OS/ASMB 2.
09-90-0027 Congressional Correspondence Unit, HHS/OS/ASL.
09-90-0028 Biographics and Photographs of HHS Officials, HHS/
OS/ASPA.
*09-90-0036 Employee Suggestion Program Records, HHS/OS/ASPER.
09-90-0037 Secretariat's Correspondence Control System, HHS/
OS/ES.
09-90-0038 Secretary's Official Files, HHS/OS/ES.
09-90-0039 National Disaster Claims Processing System.
09-90-0041 Consumer Mailing List, HHS/OS/OCA.
09-90-0046 Consumer Complaint Correspondence System, HHS/OS/
OCA.
09-90-0049 Departmental Appeals Board Case and Appeal Records,
HHS/OS/DAB.
09-90-0050 Case Information Management System, HHS/OS/OCR.
09-90-0051 Complaint Files and Log, Office of Management and
Administration, HHS/OS/OCR/OMA.
*09-90-0058 Freedom of Information Case File and
Correspondence Control Index, HHS/OS/ASPA/FOIA.
*09-90-0059 Federal Advisory Committee Membership Files, HHS/
OS/ASPER.
09-90-0062 Administrative Claims, HHS/OS/OGC.
09-90-0064 Litigation Files, Administrative Complaints, and
Adverse Personnel Actions, HHS/OS/OGC.
09-90-0065 Conflict of Interest-Standards of Conduct Records,
HHS/OS/OGC.
09-90-0066 OGC Attorney Applicant Files, HHS/OS/OGC.
09-90-0067 Invention Reports Submitted to the Department of
Health and Human Services by its Employees, Grantees and Fellowship
Recipients and Contractors, HHS/OS/OGC.
09-90-0068 Federal Private Relief Legisltion, HHS/OS/OGC.
*09-90-0069 Unfair Labor Practice Records, HHS/OS/ASPER.
09-90-0071 Social Security Code Cards, HHS/OS/OGC.
09-90-0072 Congressional Grants Notification Unit, HHS/OS/ASL.
09-90-0074 Location and Collection System (LCS), HHS, OCSE.
09-90-0075 MBTA Prepaid Pass Program Participants, HHS/BOI/
ARD.
09-90-0078 SSI/OPM Temporary Matching File, HHS/OS/OIG.
09-90-0079--Welfare Fraud Detection File, HHS/OS/OIG.
09-90-0080 The Secretary's Advisory Committee Candidate Files,
HHS/OS/ES.
09-90-0083 JOBS Evaluation Data System, HHS/OS/ASPE.
*09-90-0095 Management Information System Efficiency Reporter
(MISER), HHS/ASPER/OPSI and OCAM.
09-90-0100 Civil and Administrative Investigative Files of the
Inspector General.
09-90-0101 Health Care Program Violations, HHS/OS/OIG.
09-90-0102 Federal Personnel/HHS or HHS Funded Benefit and
Loan Temporary Matching File, HHS/OS/OIG.
09-90-0103 Healthcare Integrity and Protection Data Bank
(HIPDB), HHS/OIG.
09-90-0150 Research and Demonstration Data System, HHS/OCSE.
09-90-0200 Child Care Subsidy Program Records, HHS.
09-90-1101 Optional Form 55 Cards Issuance Log, HHS/OS/RIX/
ORD/DAS.
09-90-1200 Workplace Violence Prevention Team (WVPT) Records,
HHS/OS/ASMB/OHR.
09-90-9999 Automated Litigation Tracking System, HHS/OS/OGC.
*Systems are Department-wide with Office of the Secretary
policy guidance but with local operational control.
09-90-0001
System name: Telephone Directory/Locator System, HHS/OS/ASMB/
OMAS.
Security classification:
None.
System location:
Operating Offices and Facility Complexes of the Department--
Employee Locators and Offices of Administrative or Management
Services.
Categories of individuals covered by the system:
Current employees of the Department and vendor or other Federal
employees located in Department operating offices and facility
complexes.
Categories of records in the system:
Name, title, agency office address, agency mailing address,
telephone number, standard administrative code, and social security
number.
Authority for maintenance of the system:
5 U.S.C. 301, 40 U.S.C. 486(c).
Purpose(s):
The records are used to develop and maintain current employee
locator and directory listings. The locator listings are used by the
HHS information centers, mailrooms, and others specifically for the
purpose of locating employees and for routing mail. The directory
listings are used to produce departmental telephone directories on an
as needed basis.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions..
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Variously stored in card files, computer printouts, paper forms,
magnetic tape.
Retrievability:
Alphabetically by employee name in certain instances, also by
agency and/or title. Some large systems use the SSN as control to
update, change or delete information on individuals no longer within
this system of records.
Safeguards:
Only authorized personnel have access to master lists which
contain social security numbers.
Retention and disposal:
Retained as long as individual is employed by or associated with
the Department, then information deleted from files by appropriate
method.
System manager(s) and address:
Telecommunications management officials of the Department--See
Appendix.
Notification procedure:
Direct inquiries to appropriate systems manager identified in
Appendix.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7), Federal Register, October 8,
1975, page 47411.)
Record source categories:
Individual employee.
Systems exempted from certain provisions of the act:
None.
Appendix
Department Policy Coordinator:
Telecommunications Management Officer, Department of Health,
and Human Services, Office of the Assistant Secretary for Management
and Budget, Office of Management Analysis and Systems, 200
Independence Avenue, SW, Washington, DC 20201.
PHS Policy Coordinator:
Telecommunications Management Officer, Office of the Assistant
Secretary for Health, Office of Management, Office of Organization
and Management Systems, Division of Management Sciences and Systems,
5600 Fishers Lane, Rockville, MD 20857.
Operating System Managers:
Office of the Secretary, Deputy Director, Division of
Administrative Services, Office of Management Services, 330
Independence Ave., SW, Room 1739, Washington, DC 20201.
Human Development Services, Director, Division of
Administrative Services, 200 Independence Ave., SW, Room 309B,
Washington, DC 20201.
Public Health Service, Chief, Communications Section,
Administrative Services Center, 5600 Fishers Lane, Rockville, MD
20857.
Public Health Service, Centers for Disease Control, Chief,
Communications Records and Space Branch, 1600 Clifton Road, Atlanta,
GA 30333.
Public Health Service, Food and Drug Administration, Chief,
Services Management Section, Division of Management Services, 5600
Fishers Lane, Rockville, MD 20857.
Public Health Service, Chief, General Services Branch, USPHS
Hospital, Carville, LA 70721.
Health Care Financing Administration, Director, Division of
Communications Services, 591 East High Rise Bldg., 6325 Security
Blvd., Baltimore, MD 21207.
Social Security Administration, Communications Systems Branch,
6401 Security Boulevard, Room 1-N-9--Annex, Baltimore, MD 21235.
Region I, HHS Director, Division of Administrative Services,
JFK Federal Building, Boston, MA 02203.
Region II, HHS Director, Division of Administrative Services,
26 Federal Plaza, New York, NY 10007.
Region III, HHS Director, Division of Administrative Services,
3535 Market Street, Philadelphia, PA 19101.
Region IV, HHS Director, Division of Administrative Services,
101 Marietta Tower, Suite 1502, Atlanta, GA 30323.
Region V, HHS Director, Division of Administrative Services,
300 South Wacker Drive, Chicago, IL 60606.
Region VI, HHS Director, Division of Administrative Services,
1200 Main Tower, Dallas, TX 75202.
Region VII, HHS Director, Division of Administrative Services,
601 East 12th Street, Kansas City, MO 64106.
Region VIII, HHS Director, Division of Administrative Services,
1961 Stout Street, Denver, CO 80294.
Region IX, HHS Director, Division of Administrative Services,
50 United Nations Plaza, San Francisco, CA 94102.
Region X, HHS Director, Division of Administrative Services,
1321 Second Avenue, Seattle, WA 98101.
09-90-0002
System name: Investigatory Material Compiled for Security and
Suitability Purposes, HHS/OS/OIG.
Security classification:
None for the system; however, a portion of the records within the
system are classified at the level of Confidential and Secret.
System location:
Security and Protection Division, Room 523B, Humphrey Building,
U.S. Department of Health and Human Services, 200 Independence
Avenue, SW, Washington, DC 20201.
Categories of individuals covered by the system:
Prospective, current, and, former employees and others doing
business with the Department.
Categories of records in the system:
Personnel security and suitability investigations.
Authority for maintenance of the system:
Executive Orders 10450 and 12356.
Purpose(s):
Records in this system are maintained to assist the Secretary and
other responsible officials in determining whether the appointment
and retention of HHS employees is clearly consistent with the
national security and whether they are otherwise suitable for
employment. This system contains records of certain applicants to and
employees of each Department component. See also ``Retrievability''
below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records may be used as follows:
(1) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(2) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(3) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(4) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(5) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense provided such
disclosure is compatible with the purpose for which the records were
collected.
(6) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained in security type vaults or safes or
lock bar file cabinets with manipulation proof combination locks.
Retrievability:
The records are alphabetically indexed by name and date of birth
of the individual subject of the file or by cross reference to
another file. Access within HHS is limited to the Secretary, and on a
need-to-know basis to other Department officials having program
management responsibility.
Safeguards:
Direct access is restricted to authorized OIG staff; access
within HHS is limited to the Secretary, Under Secretary and other
officials and employees on a need-to-know basis. Access to the safes
in which the records are stored is limited to those OIG employees
with appropriate security clearances and the lock combination.
Retention and disposal:
Security investigative records on individuals who occupy
sensitive positions are maintained during the term of their
employment. Other security and suitability investigative records are
maintained for ten years if subject to EO 10450. Other files may be
destroyed after three years.
System manager(s) and address:
Director, Security and Protection Division, Office of
Investigations, OIG, Room 523B, Humphrey Bldg., U.S. Department of
Health and Human Services, 200 Independence Avenue, SW, Washington,
DC 20201.
Notification procedure:
Exempt. However, consideration will be given requests addressed
to the system manager. For general inquiries, include the name and
date of birth, and employment or other affiliation with the
Department.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought.
Contesting record procedures:
Exempt. However, consideration will be given requests addressed
to the systems manager. Requests for correction should reasonably
identify the record and specify the information to be contested, the
corrective action sought and the reasons for the correction with
supporting justification.
Record source categories:
Federal, state or local agencies maintaining civil, criminal,
suitability or other relevant enforcement information or other
pertinent information correspondence and material or data obtained
during the course of the conduct of the investigations.
Systems exempted from certain provisions of the act:
Exempt from certain provisions of the Act under 5 U.S.C.
552a(k)(5). Pursuant to 45 CFR 5b.11(b)(2)(iv)(A), this system is
exempt from the following subsections of the Act: (c)(3), (d)(1)-(4),
and (e)(4) (G) and (H).
09-90-0003
System name: Criminal Investigative Files of the Inspector
General, HHS/OS/OIG.
Security classification:
None.
System location:
Office of the Inspector General, HHS Room 5250 Wilbur J. Cohen
Bldg., 330 Independence Ave., SW, Washington, DC 20201
Region 1, Office of Investigations (OI), OIG, PO Box 8767,
Government Center Station, Boston, Massachusetts 02114
Region 2, OI, OIG, PO Box 3209, Church Street Station, New York,
New York 10008
Region 3, OI, OIG, PO Box 8049, Philadelphia, Pennsylvania 19101
Region 4, OI, OIG, PO Box 2288, Atlanta, Georgia 30301
Region 5, OI, OIG, PO Box 2197, Chicago, Illinois 60690
Region 6, Room 4-E-1B, 1100 Commerce Street, Dallas, Texas 75242
Region 7, OI, OIG, PO Box 2692, Denver, Colorado 80201
Region 9, OI, OIG, PO Box 42516, San Francisco, California 94101
Washington Field Office, Room 5728 Cohen Bldg., 330 Independence
Ave., SW, Washington, DC 20201
Categories of individuals covered by the system:
Individuals relevant to a criminal investigation, including but
not limited to the subjects of an investigation, complainants, and
key witnesses where necessary for future retrieval.
Categories of records in the system:
Criminal investigative files and extracts from that file
consisting of a computerized case management and tracking file.
Authority for maintenance of the system:
The Inspector General Act of 1978, 5 U.S.C. App. 3, authorize
Inspectors General to conduct, supervise and coordinate
investigations relating to the programs and operations of their
respective agencies.
Purpose(s):
Pursuant to the Inspector General Act of 1978, 5 U.S.C. App. 3,
this system is maintained for the purpose of conducting, documenting,
and tracking investigations conducted by the OIG or other
investigative agencies regarding HHS programs and operations,
documenting the outcome of OIG reviews of allegations and complaints
received concerning HHS programs and operations, aiding in
prosecutions brought against the subjects of OIG investigations,
maintaining a record of the activities which were the subject of
investigations, reporting the results of OIG investigations to other
Departmental components for their use in operating and evaluating
their programs and in imposition of civil or administrative
sanctions, and acting as a repository and source for information
necessary to fulfill the reporting requirements of 5 U.S.C. App. 3.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
a. Information from this system of records may be disclosed to
any other federal agency or any foreign, state, or local government
agency responsible for enforcing, investigating, or prosecuting
violations of administrative, civil, or criminal law or regulation
where that information is relevant to an enforcement proceeding,
investigation, or prosecution within the agency's jurisdiction.
b. Information from this system of records may be disclosed to
(1) the Department of Justice in connection with requests for legal
advice and in connection with actual or potential criminal
prosecutions or civil litigation pertaining to the Office of
Inspector General, and (2) a Federal or State grand jury, a Federal
or State court, administrative tribunal, opposing counsel, or
witnesses in the course of civil or criminal proceedings pertaining
to the Office of Inspector General.
c. Information from this system of records may be disclosed to a
federal, state, or local agency maintaining civil, criminal or other
relevant enforcement records or other pertinent records such as
current licenses, if necessary to obtain a record relevant to an
agency decision concerning the hiring or retention of an employee,
the issuance of a license, grant or other benefit.
d. Information from this system of records may be disclosed to a
federal agency in response to its request in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
e. Relevant information may be disclosed from this system of
records to the news media and general public where there exists a
legitimate public interest, e.g., to provide information on events in
the criminal process, such as indictments, and where necessary for
protection from imminent threat to life or property.
f. Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service,
issue a subpoena to the Department for records in this system of
records, the Department will make such records available.
g. When the Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system, relevant records will be
disclosed to such contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
h. Disclosures may be made to organizations deemed qualified by
the Secretary to carry out quality assessments.
i. Information from this system of records may be disclosed in
the course of employee discipline of competence determination
proceedings.
j. Disclosures may be made to a Congressional office from the
record of an individual in response to an inquiry from the
Congressional office made at the request of that individual.
k. Information from this system of records may be disclosed to
the Department of Justice, to a judicial or administrative tribunal,
opposing counsel, and witnesses, in the course of proceedings
involving HHS, an HHS employee (where the matter pertains to the
employee's official duties), or the United States, or any agency
thereof where the litigation is likely to affect HHS, or HHS is a
party or has an interest in the litigation and the use of the
information is relevant and necessary to the litigation.
l. Information from this system of records may be disclosed to a
Federal, State or local agency maintaining pertinent records, if
necessary to obtain a record relevant to a Department decision
concerning the hiring or retention of an employee, the issuance of a
security clearance, the letting of a contract, or the issuance of a
license, grant, or other benefit.
m. Information from this system of records may be disclosed to
third party contacts, including public and private organizations, in
order to obtain information relevant and necessary to the
investigation of potential violations in HHS programs and operations,
or where disclosure would enable the OIG to identify violations in
HHS programs or operations or otherwise assist the OIG in pursuing
on-going investigations.
n. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records, which take the form of index cards, investigative
reports, micro computer disks, computer main frame files and computer
printed listings are maintained under secure conditions in limited
access areas. Written documents and computer disks are maintained in
secure rooms, in security type safes or in lock bar file cabinets
with manipulation proof combination locks. Computer main frame files
are on-line in guarded, combination locked computer rooms.
Retrievability:
Records are retrieved by manual or computer search of indices
containing the name or Social Security number of the individual to
whom the record applies. Records may be cross-referenced by case or
complaint number.
Safeguards:
Records are maintained in a restricted area and accessed only by
Department personnel. Access within OIG is strictly limited to
authorized staff members. All employees are given instructions on the
sensitivity of such files and the restrictions on disclosure. Access
within HHS is strictly limited to the Secretary, Under-Secretary, and
other officials and employees on a need-to-know basis. All main frame
computer files and printed listings are safeguarded in accordance
with the provisions of the National Institute of Standards and
Technology Federal Information Processing Standards 41 and 31, and
the HHS Information Resources Management Manual, Part 6, ``ADP
Systems Security.''
Retention and disposal:
Investigative files are retained for 10 years after completion of
the investigation and/or actions based thereon. Paper and computer
indices are retained permanently. The records control schedule and
disposal standards may be obtained by writing to the System Manager
at the address below.
System manager(s) and address:
Inspector General, Room 5250 Wilbur J. Cohen Building, Department
of Health and Human Services, 330 Independence Avenue, SW,
Washington, DC 20201.
Notification procedure:
Exempt, however consideration will be given requests addressed to
the system manager. For general inquiries, it would be helpful if the
request included date of birth and Social Security number as well as
the name of the individual.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought.
Contesting record procedures:
Contact the system manager at the address specified above, and
reasonably identify the record, specify the information to be
contested, and the corrective action sought with supporting
justification.
Record source categories:
The OIG collects information from a wide variety of sources,
including information from the Department and other Federal, State,
and local agencies, witnesses, complainants and other nongovernmental
sources.
Systems exempted from certain provisions of the act:
Pursuant to subsection (j)(2) of the Privacy Act, 5 U.S.C.
552a(j)(2), the Secretary has exempted this system from the access,
amendment, correction, and notification provisions of the Act, 5
U.S.C. 552a(c)(3), (d)(1)-(4), (e)(3), and (e)(4)(G) and (h).
09-90-0005
System name: Safety Management Information System (HHS Accident,
Injury and Illness Reporting System), HHS/OS/ASMB/OFE/OSOH.
Security classification:
None.
System location:
At Departmental, Regional and Headquarters facilities (see
Appendix.
Categories of individuals covered by the system:
1. HHS employees, including both civilian and commissioned corps
personnel, who are involved in an accident which arises out of and in
the course of their employment whether occurring on HHS premises or
not and results in:
a. A fatality.
b. Lost workdays beyond the day in which the accident occurred.
c. Nonfatal injuries which result in transfer to another job,
termination of employment, medical treatment other than first aid,
loss of consciousness or restriction of work or motion.
d. A possible tort claim.
e. A claim for compensation.
f. Property damage in excess of 50.00 dollars..
g. Interrupts or interferes with the orderly progress of work of
other employees.
h. Radiation over exposure.
i. Biological exposure resulting in lost time of accidental
release of biologicals where the public may be over-exposed.
2. Visiting scientists, contractor personnel, hospitalized
patients, out-patients, employees of other Federal agencies, state or
local governments or members of the public who suffer injury, illness
or property damage on or in HHS premises or as a result of HHS
activities.
Categories of records in the system:
This system consists of a variety of information and supporting
documentations resulting from the reporting and investigation of
accidents which have resulted in injury, illness, property damage or
the interruption or interference with the orderly progress of work.
The records contain information about individuals involved in or
experiencing accidents including but not limited to the severity of
the injury, whether consciousness was lost, the type of injury,
culmination of any injury, days lost from work if any, the nature of
the injury, illness or disease, the body part affected, causal
factors, weather factors, agency of accident, whether unsafe
mechanical, physical, or personal acts or factors were involved, the
accidents area of origin and if fire was involved, the type and form
of materials involved. Property damage (both public and private) is
noted through the property sequence number, who owned the property
involved, property damage and actual or estimated monetary loss, the
HHS installation number if appropriate and the year of manufacture or
construction if appropriate. Identifiers relating to a particular
accident include the organization, case number assigned, date and
time of occurrence, state or territory, site, type and classification
of accident, estimated amount of tort claims if appropriate, name of
individual(s) involved, the social security number, sex, age, grade
series and level, CSC series, address, other Departments notified of
accident, duty status, activity at time of accident and time on duty
before accident. Management's evaluation and corrective action taken
or proposed is also noted.
Authority for maintenance of the system:
Section 19 of the Occupational Safety and Health Act of 1970
(Pub. L. 91-596); U.S.C. 7902; 29 CFR part 1960; Executive Order No.
12196.
Purpose(s):
The purpose of the system is to comply with the reporting and
statistical analyses requirements of section 19 of the Occupational
Safety and Health Act of 1970 (Pub L. 91-596) as amended (29 U.S.C.
668); U.S.C. 7902; 29 CFR part 1960; Executive Order 12196 and such
other purposes as are described under routine uses of this system
notice. The Safety Management Information System is a Department-wide
system utilized by all organizational components of the Department.
Thus in addition to the routine uses subsequently noted in this
system notice there may be other ad hoc disclosures within the
Department on an official business ``need to know'' basis.
a. Establish a written record of the causes of accidents.
b. Provide information to initiate and support corrective or
preventive action.
c. Provide statistical information relating to accidents
resulting in occupational injuries, illnesses, and/or property
damage.
d. Provide management with information with which to evaluate the
effectiveness of safety management programs.
e. Provide the means for complying with the reporting
requirements of Section 19 of the Occupational Safety and Health Act
of 1970 and such other reporting requirements as may be required by
legislative or regulative requirements.
f. Provide such other summary descriptive statistics and
analytical studies as necessary in support of the function for which
the records are collected and maintained including general requests
for statistical information without personal identification of
individuals.
g. Information in these records is used by or may be disclosed
to: a. The Office of Safety and Occupational Health, Office of the
Secretary, HHS in the review of accident experience data to determine
the adequacy of corrective actions, the effect of codes, standards
and guides, the consolidation, summarization and dissemination of
accident experience data throughout HHS and other Government
Departments and agencies as needed or required. b. The supervisor,
administrative officer or other official initiating and accident
report, including each succeeding reviewing official in the chain of
command through which the report passes to insure that corrective
action, as needed and appropriate, is taken. c. Appropriately
appointed Safety Directors, Officers, or others with safety
responsibilities within the Department in the verifying, assembling,
analyzing, summarizing and disseminating data concerning the accident
experience in their areas of responsibility and the initiation of
appropriate corrective action.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
A. To request from a Federal, state, local agency or private
sources information relevant to the investigation of an accident and/
or corrective action.
B. To respond to an inquiry from a member of Congress made on
behalf of a constituent.
C. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim if successful, is
likely to directly affect the operations of the Department of any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
D. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether federal, or foreign, charged with
the responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
E. In the event that a system of records maintained by this
agency to carry out its function indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use to
the appropriate agency, whether state or local charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
F. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are or may be maintained on magnetic tapes, punchcards,
lists, forms, discs, computer storage, in file folders, binders and
index cards.
Retrievability:
1. At the Department level, the system is completely computerized
with no other records normally maintained or retained in the Office
of Safety and Occupational Health. Since individual indentifiers such
as name, case number, and social security number are not within the
computer storage banks, special programming would be required to
extract individual records based on case number. Normal output
consists of statistical reports and surveys including those required
by the Department of Labor and Statistical Analysis in support of the
Department occupational safety and health program for dissemination
to the Principal Operating Components, Regions and Staff Offices.
2. The Principal Operating Components of the Department, their
sub-components, Regional Offices and Staff Offices may maintain
original or copies of the accident reports and supporting
documentation by name, social security number, case number or cross
reference.
Safeguards:
Access to and use of those records is made available to those
personnel having a legitimate need for the information (those whose
duties require review or access) including inspecting or evaluating
personnel. Records, which under the law, may not be disclosed such as
information pertinent to national security or trade secrets are
maintained separately, adequately safeguarded and released only in
accordance with the law. When there is doubt regarding the release of
information, the matter will be referred, in advance of release, to
the Office of the General Counsel, HHS.
Retention and disposal:
All accident reports, records, logs, and other information
relating to an accident are retained by the Principal Operating
Components and their agencies, the Regional Offices and the Office of
the Secretary for at least five years following the end of the
calendar year in which the accident occurred. Specific occupational
safety and health standards (such as the standards, covering the
handing of carcinogenic chemicals) may be required to be kept for up
to twenty years. Records may be retained indefinitely.
System manager(s) and address:
Director, Office of Safety and Occupational Health, Department
of Health and Human Services, 330 Independence Avenue, SW,
Washington, DC 20201.
Notification procedure:
Individuals wishing to inquire whether this system of records
contains information about them should address their inquiries to one
of the following as appropriate:
1. If employed or formerly employed in a HHS Regional Office, the
Regional Occupational Safety and Health Manager of the Region
involved (see list and addresses under appendix).
2. If employed or formerly employed in a HHS Principal Operating
Component or sub-agency, a staff office or the Office of the
Secretary, the Occupational Safety and Health Manager of the
component where employed with the exception of the Food and Drug
Administration (see list and addresses under appendix). The contact
for the Food and Drug Administration is:
Privacy Act Coordinator, Food and Drug Administration, 5600
Fishers Lane, Rockville, Maryland 20857.
Individuals requesting information about this system of records
should provide their full name, social security number, name and
address of office and agency in which currently or formerly employed
and the accident(s) case number if known.
Record access procedures:
Individuals wishing to gain access to or contest their records
should contact the following in person or writing as appropriate;
with the exception of Food and Drug Administration. See
``Notification'' above.
1. If employed or formerly employed in an HHS Regional Office,
the Regional Occupational and Health Manager of the Region involved
(see list and addresses under appendix).
2. If employed or formerly employed in an HHS Principal Operating
Component or sub-agency, a staff office or the Office of the
Secretary, the Occupational Safety and Health Manager of the
component where employed. (See list and addresses under appendix.)
Individuals requesting information in this system of records should
provide their full name, social security number (on a purely
voluntary basis), case number if known, time and brief description of
the accident in which they were involved and the name and address of
office in which employed. (Access procedures are in accordance with
Department Regulations (45 CFR 5b.5(a)(2)), Federal Register, October
8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7), Federal Register, October 8,
1975, page 47411.)
Record source categories:
The information in this system is obtained from the following
sources: (1) The individual to whom the record pertains; (2)
witnesses to the accident; (3) investigation officials (Federal,
state, local); (4) medical personnel seeing the individual as a
result of the accident; (5) supervisory personnel; (6) reviewing
officials; (7) personnel offices; (8) investigative material
furnished by Federal, state, or local agencies; (9) on site
observations.
Systems exempted from certain provisions of the act:
None.
Appendix
Region I, HHS Regional Safety and Occupational Health Manager,
John F. Kennedy Federal Building--Room 1503, Government Center,
Boston, Massachusetts 02203.
Region II, HHS Regional Safety and Occupational Health Manager,
Federal Building--Room 3835, 26 Federal Plaza, New York, New York
10007.
Region III, HHS Regional Safety and Occupational Health
Manager, 3535 Market Street, Philadelphia, Pennsylvania 19101.
Region IV, HHS Regional Safety and Occupational Health Manager,
Suite 1503--101 Marietta Tower, Atlanta, Georgia 30323.
Region V, HHS Regional Safety and Occupational Health Manager,
300 South Wacker Drive--35th Floor, Chicago, Illinois 60606.
Region VI, HHS Regional Safety and Occupational Health Manager,
1200 Main Tower Bldg., Dallas, Texas 75202.
Region VII, HHS Regional Safety and Occupational Health
Manager, 601 East 12th Street--Room 566, Kansas City, Missouri 64106.
Region VIII, HHS Regional Safety and Occupational Health
Manager, 1961 Stout Street--Room 11037, Denver, Colorado 80202.
Region IX, HHS Regional Safety and Occupational Health Manager,
Federal Office Building--Room 8, 50 United Nations Plaza, San
Francisco, California 94102.
Region X, HHS Regional Safety and Occupational Health Manager,
Arcade Plaza--Room 6003, 1321 Second Avenue, Seattle, Washington
98101.
Health Care Financing Administration: Safety Officer, A-1 Gwynn
Oak Building, 1710 Gwynn Oak Avenue, Woodlawn, Md. 21207.
Social Security Administration: Director, Occupational Health
Management, Rm. 8, Second Floor, Link Bldg., 6401 Security Boulevard,
Baltimore, Maryland 21235.
Office of the Secretary, HHS Safety Officer, 1073 HHS-N,
Department of Health and Human Services, 330 Independence Avenue SW,
Washington, DC 20201.
Public Health Service: Director, Division of Health Facilities
Planning, Room 18-42--Parklawn Building, 5600 Fishers Lane,
Rockville, Maryland 20857.
Alcohol, Drug Abuse, and Mental Health Administration: Safety
Officer, Room 12C26--Parklawn Building, 5600 Fishers Lane, Rockville,
Maryland 20857.
Center for Disease Control: Chief, Office of Biosafety, Bldg.
4--Room 232, 1600 Clifton Road NE., Atlanta, Georgia 30333.
Food and Drug Administration: Privacy Act Coordinator,
Rockville, Maryland 20857.
Health Resources Administration: Safety Officer, Rm. 129,
Federal Center Bldg. 2, 3700 East-West Highway, Hyattsville, Md.
20782.
National Institutes of Health: Chief, Occupational Safety and
Health Branch, DS, ORS, Building 13, Room 3K04, 9000 Rockville Pike,
Bethesda Maryland 20205.
09-90-0006
System name: Applicants for Employment Records, HHS/OS/ASPER.
Security classification:
None.
System location:
This system is located in personnel offices and other offices of
the Department authorized to receive applications for employment. See
Appendix 1.
Categories of individuals covered by the system:
Persons who have applied for Federal employment or are employed
in the Federal service.
Categories of records in the system:
These records contain information relating to the education and
training; employment history and earnings; appraisal of past
performance; convictions and offenses against the law; results of
written tests; appraisal of potential; honors, awards or fellowships;
military service; veterans preference, birthplace; birth date; social
security number,; and home address of persons who have applied for
Federal employment or are employed in the Federal service and
correspondence related thereto. These records may also include
information concerning the date of application, qualification status,
employment consideration, priority grouping, and other information
relating to the consideration of the individual for employment.
Authority for maintenance of the system:
5 U.S.C. 1302, 3301, 3302, Executive Order 10577.
Purpose(s):
Records in this system are used to determine individuals'
eligibility and evaluate their qualifications for placement in
positions within the Department. These records are maintained in each
component of the Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records may be used: (1) To respond to requests for
information from the Office of Personnel Management, Members of
Congress, or other inquiries from outside the Department, to the
extent their request is compatible with the purpose for which the
records are maintained.
(2) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(3) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense provided such
disclosure is compatible with the purpose for which the records were
collected.
(4) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(5) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(6) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(7) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(8) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 provides that the
agency will disclose personal records relevant to the organization's
mission, records in this system of records may be disclosed to such
organization.
(9) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(10) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on magnetic tapes, discs, drums, punched
cards, microfiche, cards, lists, and forms.
Retrievability:
Records are indexed by any combination of name, birth date,
social security number and identification number.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access. Personnel screening is
employed to prevent unauthorized disclosure.
Retention and disposal:
Records are retained until the applicant is selected for a
position, or for two years. After the applicant is selected for a
position, the records are filed in the Official Personnel Folder
which is retained until the employee leaves the Department. If the
applicant is not selected for a position within two years, the
records are destroyed. (See HHS Personnel Instruction 293-1, Exhibit
X293-1-1, item 15.)
System manager(s) and address:
Personnel Officers of the Department. See Appendix 1.
Notification procedure:
Personnel office to which application is made (see Appendix 1).
Individual should provide name, date of birth, social security
number, approximate date of record and title of position for which
application was made.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is provided by the
individual to whom it applies, is derived from information he or she
supplied; or is obtained from information supplied by others.
Systems exempted from certain provisions of the act:
None.
Appendix 1
Personnel Offices in Department of Health and Human Services
Office of the Assistant Secretary for Personnel Administration,
Department of Health and Human Services, 200 Independence Avenue, SW,
Washington, DC 20201
Headquarters Personnel Offices:
Personnel Officer, Division of OS Personnel, Office of the
Secretary, Department of Health and Human Services, Room 4361--4th
Floor, 330 Independence Avenue, SW, Washington, DC 20201
Personnel Officer, Office of Human Development Services,
Department of Health and Human Services, Room 351D, Humphrey
Building, 200 Independence Ave., SW, Washington, DC 20201
Director, Office of Management, Budget and Personnel (OMBP),
Social Security Administration, Department of Health and Human
Services, Room 718, Altmeyer Building, 6401 Security Boulevard,
Baltimore, Maryland 21235
Personnel Officer, Office of Hearings and Appeals, Social
Security Administration, Department of Health and Human Services,
Room 201, 3833 North Fairfax Drive, Arlington, Virginia 22203
Director, Division of Human Resources, Heath Care Financing
Administration, Department of Health and Human Services, Room G-H-5,
East Low Rise Building, 6325 Security Blvd., Baltimore, Maryland
21207
Personnel Officer, Office of Community Services, Department of
Health and Human Services, Room 531, 1200 19th Street, NW.,
Washington, DC 20506
Director, Office of Personnel Management, Public Health
Service, Department of Health and Human Services, Room 18A-55,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857
Director, Office of the Assistant Secretary for Health,
Personnel Operations Office, Department of Health and Human Services,
Room 17-34, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland
20857
Director, Division of Personnel Management, Alcohol, Drug Abuse
and Mental Health Administration, Department of Health and Human
Services, Room 1295, Parklawn Building, 5600 Fishers Lane, Rockville,
Maryland 20857
Personnel Director, Personnel Management Office, Centers for
Disease Control, Department of Health and Human Services, Building 1,
Room 153A, 1600 Clifton Road, NE, Atlanta, Georgia 30333
Personnel Officer, Division of Personnel Management, Food and
Drug Administration, Department of Health and Human Services, Room
4B-21, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland
20857
Director, Division of Personnel, Health Resources and Services
Administration, Department of Health and Human Services, Room 14A-55,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857
Director, Division of Personnel Management, National Institutes
of Health, Department of Health and Human Services, Room 21, Building
1, 9000 Rockville Pike, Bethesda, Maryland 20205
Personnel Officer, Personnel Office, National Library of
Medicine, Department of Health and Human Services, 8600 Rockville
Pike, Room M-105, Bethesda, Maryland 20209
Chief, Personnel Management Branch, National Cancer Institute,
Department of Health and Human Services, Room 3A19, Building 31, 9000
Rockville Pike, Bethesda, Maryland 20205
Chief, Personnel Management Branch, National Heart and Lung
Institute, Department of Health and Human Services, Room 5A32,
Building 31, 9000 Rockville Pike, Bethesda, Maryland 20205
Personnel Officer, Saint Elizabeths Hospital, ADAMHA,
Department of Health and Human Services, Room 120, E-Building, 2700
Martin Luther King Avenue, SE., Washington, DC 20032
Personnel Director, Bureau of Health Manpower, Department of
Health and Human Services, Room 5B-44, Building 31, 9000 Rockville
Pike, Bethesda, Maryland 20015
Regional Personnel Offices:
Regional Personnel Officer, Region I, Department of Health and
Human Services, John F. Kennedy Federal Building, Government Center--
Room 1503, Boston, Massachusetts 02203
Regional Personnel Officer, Region II, Department of Health and
Human Services, Federal Building, Room 39-100, 26 Federal Plaza, New
York, New York 10278
Personnel Liaison Unit, Suite 610, Housing Investment Building,
416 Ponce de Leon Avenue, Hato Rey, Puerto Rico 00918
Regional Personnel Officer, Region III, Department of Health
and Human Services, 3535 Market Street, Room 9460, Philadelphia,
Pennsylvania 19101
Regional Personnel Officer, Region IV, Department of Health and
Human Services, Suite 1601, 101 Marietta Tower, Atlanta, Georgia
30323
Regional Personnel Officer, Region V, Department of Health and
Human Services, 31st Floor, 300 S. Wacker Drive, Chicago, Illinois
60606
Regional Personnel Officer, Region VI, Department of Health and
Human Services, 18th Floor, 1200 Main Tower Bldg., Dallas, Texas
75202
Personnel Officer, National Institute of Environmental Health
Services, Department of Health and Human Services, PO Box 12233,
Research Triangle Park, North Carolina 27709
Regional Personnel Officer, Region VII, Department of Health
and Human Services, Room 468, 601 E. 12th Street, Kansas City,
Missouri 64106
Regional Personnel Officer, Region VIII, Department of Health
and Human Services, Room 1031, Federal Office Building, 1961 Stout
Street, Denver, Colorado 80294
Regional Personnel Officer, Region IX, Department of Health and
Human Services, 50 United Nations Plaza, San Francisco, California
94102
Regional Personnel Officer, Region X, Department of Health and
Human Services, Room 6039 Arcade Plaza Building, 1321 Second Avenue,
Mail Stop 627, Seattle, Washington 98101
Other Personnel Offices:
Chief, Personnel Office, Cleveland Branch Office, Region V,
Department of Health and Human Services, 14600 Detroit Avenue, Room
500, Cleveland, Ohio 44107
Southern California Operating Center, Region IX, 24000 Avila
Road, 4th Floor, Laguna Niguel, California 92677
Personnel Officer, U.S. Public Health Service Hospital,
Personnel Section, Department of Health and Human Services, Carville,
Louisiana 70721
Personnel Officer, Indian Health Service, Personnel Management
Branch, Department of Health and Human Services, PO Box 2143,
Billings, Montana 59103
Personnel Officer, Indian Health Service, Personnel Section,
Department of Health and Human Services, 4005 Federal Office
Building, 500 Gold Avenue, SW, Albuquerque, New Mexico 87101
Personnel Officer, Indian Health Service, Personnel Management
Branch, Department of Health and Human Services, 115 4th Avenue, SE.,
Aberdeen, South Dakota 57401
Personnel Officer, Indian Health Service, Personnel Management
Branch, Department of Health and Human Services, 801 East Indian
School Road, Phoenix, Arizona 85014
Personnel Officer, Indian Health Service, Personnel Branch,
Department of Health and Human Services, 388 Old Post Office and
Courthouse, Oklahoma City, Oklahoma 73102
Personnel Officer, Alaska Area Office, Indian Health Service,
Department of Health and Human Services, PO Box 7-741, Anchorage,
Alaska 99501
Personnel Officer, Indian Health Area Office, Office of
Personnel, Department of Health and Human Services, Room 200, 921 SW.
Washington Street, Portland, Oregon 97205
Personnel Officer, Indian Health Service, Office of Personnel,
Department of Health and Human Services, PO Box G, Window Rock,
Arizona 86515
Personnel Officer, Addiction Research Center, National
Institute of Drug Abuse, ADAMHA, Department of Health and Human
Services, PO Box 12390, Lexington, Kentucky 40511
Personnel Officer, National Institute for Occupational Safety
and Health, Department of Health and Human Services, Room 540, U.S.
Post Office and Courthouse, 5th and Walnut Street, Cincinnati, Ohio
45202
Chief, Personnel Branch, Mid-Atlantic Program Service Center,
Social Security Administration, Department of Health and Human
Services, PO Box 14008, Philadelphia, Pennsylvania 19108
Chief, Personnel Branch, Northeastern Program Service Center,
Social Security Administration, Department of Health and Human
Services, 9605 Horace Harding Expressway, Flushing, New York 11368
Chief, Personnel Branch, Southeastern Program Service Center,
Social Security Administration, Department of Health and Human
Services, 2001 12th Avenue, North, Birmingham, Alabama 35285
Chief, Richmond Personnel Operations Center, Western Program
Service Center, Social Security Administration, Department of Health
and Human Services, PO Box 2431, Richmond, California 94802
Chief, Personnel Branch, Great Lakes Program Service Center,
Social Security Administration, Department of Health and Human
Services, 165 North Canal Street, Chicago, Illinois 60606
Chief, Personnel Branch, Mid-America Program Service Center,
Social Security Administration, Department of Health and Human
Services, PO Box 15186, Kansas City, Missouri 64106
Personnel Officer, Albuquerque Data Operations Center, Social
Security Administration, Department of Health and Human Services, PO
Box 4429, Station ``A'', Albuquerque, New Mexico 87106
Personnel Officer, Salinas Data Operations Center, Social
Security Administration, Department of Health and Human Services, 100
East Alvin Drive, Salinas, California 93906
Chief, Personnel Branch, Wilkes-Barre Data Operations Center,
Social Security Administration, Department of Health and Human
Services, V.A. Bldg., Rm. 512, 19 North Main Street, Wilkes-Barre,
Pennsylvania 18701
09-90-0007
System name: Complaints and Inquiries Records--Miscellaneous,
HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1 and offices of operating officials in
organizational units serviced by those personnel offices.
Categories of individuals covered by the system:
Current and former employees of the Department.
Categories of records in the system:
This system consists of records relating to an individual's
employment status or conduct while employed by the Department.
Examples of these records include: Correspondence from employees,
Members of Congress, and members of the public alleging misconduct by
an employee of the Department, miscellaneous complaints not covered
by the Department's formal or informal grievance procedure, informal
complaints handled by labor union officials, and miscellaneous debt
correspondence received from creditors.
Authority for maintenance of the system:
Executive Orders 11222, 10561 and 11491.
Purpose(s):
Records in this system are maintained to initiate, investigate
and resolve various complaints and inquiries made by or against
Department employees. See also ``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in these records may be used:
(1) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(2) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(3) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(4) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(5) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(6) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(7) Office of Personnel Management, Merit Systems Protection
Board (including its Office of the Special Counsel), Equal Employment
Opportunity Commission, the Federal Labor Relations Authority
(including the General Counsel of the Authority and the Federal
Service Impasses Panel) the Federal Mediation and Conciliation
Service, and to an arbitrator, in carrying out their functions.
(8) To respond to Members of Congress and members of the public
with regard to complaints or inquiries presented by them.
(9) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(10) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(11) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Filed in folders and index cards.
Retrievability:
Records are filed by name. Records are used to produce summary
descriptive statistics and analytical studies in support of the
functions for which the records are collected and maintained and for
related personnel management functions or pay studies; and for other
purposes compatible with the intent for which the records system was
created.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access.
Retention and disposal:
Records are retained until there is no further administrative
need for them, the individual leaves the Department, or one year has
elapsed, and are then destroyed. (See HHS Personnel Instruction 293-
1, Exhibit X293-1-2, item 7.)
System manager(s) and address:
Personnel Officers shown in Appendix 1 to Applicants for
Employment Records. HHS System 09-90-0006, who service organizational
units in which individuals are employed.
Notification procedure:
Operating officials in organizational unit in which employee is
employed or personnel officers shown as systems managers in Appendix
1 Applicants for Employment Records, HHS System 09-90-0006.
Individuals should provide name, organization in which employed, and
date of birth.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is obtained: (1) Directly
from the individual, or (2) derived from information supplied by the
individual, or (3) from information supplied by members of the
public, other employees, Members of Congress, Department management
officials, or (4) from police and court records relevant to the
complaint about the employee.
09-90-0008
System name: Conflict of Interest Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel Offices of the Department (See Applicants for
Employment Records, HHS System 09-90-0006, Appendix 1) or authorized
approving officials to be identified by those Personnel Offices.
Categories of individuals covered by the system:
Incumbents of Department positions the duties of which are of
such a nature that incumbent's outside activities may come in
conflict with the incumbent's official duties.
Categories of records in the system:
This system consists of a variety of records relating to an
employee's conduct and outside activities. In addition to the name of
the employee, position title, grade, salary, pay plan, and employing
organization, the system includes information about outside
employment, outside compensation and related information.
Authority for maintenance of the system:
Executive Order 11222.
Purpose(s):
Records in this system are used to determine whether an
employee's financial interests or outside activities are in conflict
with the employee's duties as a Federal employee. Records are
maintained in each component of the Department. See also
``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system of records may be used: (1) By the
Office of Personnel Management, Merit Systems Protection Board
(including its Office of the Special Counsel), Equal Employment
Opportunity Commission, and the Federal Labor Relations Authority
(including the General Counsel of the Authority and the Federal
Service Impasses Panel) the Federal Mediation and Conciliation
Service, and to an arbitrator, in carrying out their functions.
(2) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(3) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(4) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(5) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issued a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(6) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(7) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(8) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(9) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Conflict of Interest Records are maintained in file folders.
Retrievability:
Records are retrievable by name. They may be used for production
of summary descriptive statistics and analytical studies in support
of the functions for which the records are collected and maintained
and for other purposes compatible with the intent for which the
records system was created.
Safeguards:
These records are treated as controlled for Official Use Only and
made available only to persons specifically authorized to receive
them.
Retention and disposal:
Records are retained until 2 years after the individual
discontinues the activity for which approval was required, or until
the individual leaves the Department, and are then destroyed. (See
HHS Personnel Instruction 293-1, Exhibit X293-1-1, item 25.)
System manager(s) and address:
Personnel Offices of the Department shown in Appendix 1 to
Applicants for Employment Records, HHS System 09-90-0006.
Notification procedure:
For incumbents who are in position under the Executive Schedule;
Office of the Secretary Staff Office Heads; or Principal Regional
Officials contact: Deputy Assistant Secretary for Personnel, Office
of Personnel, Department of Health and Human Services, 200
Independence Avenue, SW, Washington, DC 20201.
For incumbents of positions in the Food and Drug Administration,
contact: Director, Policy Management Staff, HFA-20, Food and Drug
Administration, 5600 Fisher Lane, Rockville, Maryland 20857.
For incumbents of other positions included in this records
system, contact the Personnel Office shown in Appendix 1 to
Applicants for Employment Records, HHS System 09-90-0006, which
services the organizational units in which the individual is
employed. The individual should indicate name, position title, grade
and series, and organization in which located.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual, or (2) derived from information supplied by the
individual, or (3) supplied by Department officials or other persons
such as trustee, attorney, accountant, relative.
09-90-0009
System name: Discrimination Complaints Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Office of the Deputy Assistant Secretary for EEO, 200
Independence Avenue, SW, Washington, DC 20201.
Offices of designated EEO Officers.
See Appendix 1 for exact locations.
Categories of individuals covered by the system:
Individuals, classes of individuals or organizations which have
consulted an EEO Counselor regarding discrimination on the basis of
race, color, religion, sex, national origin, physical disability or
age because of a determination or decision made by a Department
official or which have filed a formal allegation of discrimination.
Categories of records in the system:
This system of records contains information or documents
concerning pre-complaint processing and formal allegations of
discrimination. The records consist of counselors' reports, the
initial allegations, letters or notices to the individual or
organization, materials placed into the record to support or refute
the decision or determination, statements of witnesses, investigative
reports, instructions about action to be taken to comply with
decisions, and related correspondence, opinions, recommendations, and
final administrative actions.
Authority for maintenance of the system:
Executive Order 11478, 42 USC 2000e and 29 USC 633a.
Purpose(s):
These records are used to initiate, investigate, and resolve
discrimination complaints within the Department. They are maintained
in each component of the Department. See also ``Retrievability''
below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records and information in the records may be used:
(1) To respond to a request from a Member of Congress regarding
the status of an appeal, complaint or grievance;
(2) To refer to Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) the Federal Mediation and
Conciliation Service, and to an arbitrator, in carrying out their
functions;
(3) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule regulation or order issued pursuant
thereto.
(4) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(5) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(6) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(7) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(8) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(9) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(10) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of the individual.
(11) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(12) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are maintained in file folders, binders, and index
cards.
Retrievability:
These records are indexed by the names of the individuals or
organizations on whom they are maintained. They may be used as a data
source for management information for production of summary
descriptive statistics and analytical studies in support of the
function for which the records are collected and maintained, or for
related personnel management functions or manpower studies; and to
locate specific individuals for personnel research or other personnel
management functions.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access.
Retention and disposal:
The records are retained for four years after final disposition,
and are then destroyed. (See HHS Personnel Instruction 293-1, Exhibit
X293-1-1, item 26a(1).)
System manager(s) and address:
See Appendix 1.
Notification procedure:
Individuals and organizations which consulted an EEO counselor or
filed a formal allegation of discrimination are aware of that fact.
They may write the appropriate system manager indicated below or the
general coordinator if the immediate system manager is unknown,
regarding the existence of such records pertaining to them. The
inquirers, as appropriate, should provide their name, date of birth,
agency in which employed or agency in which the situation arose if
different from employing agency, the approximate date, and the kind
of action taken, when making inquiries about records.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reason for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
a. Individual to whom the record pertains.
b. Department or other officials.
c. Statements from employees or other witnesses.
d. Official documents relating to the counseling or formal
allegation.
e. Correspondence from specific organizations or persons.
Appendix 1
List of Locations and System Managers for EEO Matters General
Coordinator:
Deputy Assistant Secretary for EEO, Room 509F, 200 Independence
Avenue, SW, Washington, DC 20201
System Managers
Office of the Secretary, EEO Officer, Room 541F, Humphrey
Building, 200 Independence Ave., SW, Washington, DC 20201
Regional Offices
Region I
EEO Officer, Room 2411, JFK Federal Building, Boston,
Massachusetts 02203
Region II
EEO Officer, Room 3838-D, 26 Federal Plaza, New York, New York
10278
Region III
EEO Officer, Room 9200, 11460 Market Street, Philadelphia,
Pennsylvania 19101
Region IV
EEO Officer, 19th Floor, 101 Marietta Tower, Atlanta, Georgia
30323
Region V
EEO Officer, 35th Floor, 300 S. Wacker Drive, Chicago, Illinois
60606
Region VI
EEO Officer, Room 904, 1114 Commerce Street, Dallas, Texas
75202
Region VII
EEO Officer, Room 616D, 601 East 12th Street, Kansas City,
Missouri 64106
Region VIII
EEO Officer, Room 1089, Federal Office Building, 1961 Stout
Street, Denver, Colorado 80294
Region IX
EEO Officer, Room 413, 50 United Nations Plaza, San Francisco,
California 94102
Region X
EEO Officer, Room 6132, Arcade Plaza Building, 1321 Second
Avenue, Mail Stop 629, Seattle, Washington 98101
Operating Divisions and Agencies
Social Security Administration, EEO Officer, Room 739,
Administration Building, 6401 Security Boulevard, Baltimore, Maryland
21235
Health Care Financing Administration, EEO Officer, Room 793,
East High Rise Building, 6401 Security Blvd., Baltimore, Maryland
21235
Assistant Secretary for Health, EEO Officer, Room 9-A-54,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857
Health Resources and Services Administration, EEO Officer, Room
14A-31, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland
20857
Food and Drug Administration, EEO Officer, Room 12-B-03,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857
Alcohol, Drug Abuse and Mental Health Administration, EEO
Officer, Room 17-C-20, Parklawn Building, 5600 Fishers Lane,
Rockville, Maryland 20857
National Institutes of Health, EEO Officer, Room 2-B-40,
Building 31, National Institutes of Health, Bethesda, Maryland 20205
Centers for Disease Control
EEO Officer, Room 2405, Building 1, 1600 Clifton Road, NE.,
Atlanta, Georgia 30333
Office of Human Development Services, EEO Officer, Room 336E,
Humphrey Building, 200 Independence Ave., SW., Washington, DC 20201
09-90-0010
System name:
Employee Assistance Program (EAP) Records, HHS/OS/ASMB/OHR.
System location:
Office designated to provide counseling and/or other EAP services
for employees of HHS and their family members and employees of other
federal agencies contracting with HHS for EAP services and their
family members. Since there are thousands of counselors available to
provide EAP services, contact the appropriate system manager in
Appendix 1 for more details about specific locations.
Categories of individuals covered by the system:
This system covers the records of any HHS employee and their
family member(s) using the services of the EAP. It also covers the
records of any other federal employee and their family member(s)
whose agency has contracted with HHS for EAP services. (The remainder
of this notice will refer to all persons covered by the system as
``EAP client(s)''.)
Categories of records in the system:
This system contains a written or electronic record on each EAP
client. These record typically contain demographic data such as
client name, date of birth, grade, job title, home address, telephone
numbers, and supervisor's name and telephone number. The system
includes records of services provided by HHS staff and services
provided by contractors.
Certain clinical information is also normally maintained in each
record including a psychosocial history, assessment of personal
problem(s), information regarding referrals to facilities in the
community, and all intervention outcomes.
If the client was referred to the EAP by a supervisor due to work
performance or conduct problems or if there is anther reason to be
concerned about these issues, the record may contain information such
as leave usage, work quality, inappropriate behavior, and reason for
referral. It may also contain information about previous and on-going
supervisory/organizational interventions to correct the problem.
When the client was referred to the EAP because of a positive
drug or alcohol test (as required by the drug-free workplace
provisions or Department of Transportation regulations), the record
will also contain information about substance abuse assessment,
treatment, aftercare, and substance use monitoring results.
Authority for maintenance of the system:
5 U.S.C. 7361, 7362, 7901, 7904; 44 U.S.C. 3101.
Purpose(s):
The information contained in each record is a documentation of
the nature and extent of the client's problem(s). This information is
necessary for the clinician to formulate and implement an
intervention plan for resolving the problem(s). When the intervention
plan includes referral(s) to the treatment or other facilities
outside the EAP, the record also documents this referral information.
The information contained in each record is also used for
monitoring the client's progress in resolving the problems(s).
Anonymous information from each record is also used to prepare
statistical reports and conduct research that help with program
management.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) HHS contemplates that it will contract with a private
organization, individual, or other group such as an EAP consortium,
for the purpose of providing EAP services for HHS employees and their
family members and/or for employees of other Federal agencies and
their family members. Relevant records will be disclosed to, as well
as created and maintained by these contractors.
(2) HHS may disclose information from this system of records for
litigation purposes when
(A) HHS, or any of its components, or
(B) Any HHS employee in his or her official capacity, or
(C) Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee, or
(D) The United States or any agency thereof where HHS determines
that the litigation is likely to affect HHS or any of its components
is a party to litigation, and HHS determines that such use of
records is relevant and necessary to the litigation and would help in
the effective representation of the government party. The disclosure
may be made to the Department of Justice. Except where the records
are covered by the Confidentiality of Alcohol and Drug Abuse Patient
Records regulations, 42 CFR part 2, the disclosure may be made to a
court or other tribunal, or to another party before such tribunal.
Any disclosure of records covered by 42 CFR part 2 must be pursuant
to a qualified service organization agreement that meets the
requirements of that part and must also comply with all other aspects
of those regulations. The EAP Team Leader (in ASMB) must personally
approve any disclosure made under this routine use based on his or
her determination that it is compatible with the purpose for which
the records were collected.
(3) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in written folders, computers, and on index
type cards. The are stored according to a number of physical
safeguards described below.
Retrievability:
Records are retrieved by a case code number, unique to the client
utilizing the program. These numbers are cross-indexed by name.
Safeguards:
(1) Authorized users: Access to these records is limited to EAP
Administrators who work directly with clients of the program and
their immediate staffs (including counselors, secretaries, and
contract or consortia administrators, counselors or secretaries). HHS
EAP Administrators and HHS EAP headquarters staff in OS/ASMB/OHR as
well as EAP Administrators and Coordinators from other federal
agencies who contract with HHS, whether or not they directly provide
clinical services, may have access to the records for the purposes of
program evaluation, destroying records at the end of the period of
maintenance, and transferring records from one contractor to another.
(2) Physical safeguards: All records are stored in metal filing
cabinets equipped with at least combination locks, and preferably
locking crash bars. These file cabinets are in secured areas,
accessible only to EAP staff, and are locked when not in use.
Computers containing records are discrete from other computer systems
and/or are password protected. Computers are also stored in secured
areas, accessible only to the EAP staff. Records are always
maintained separate from other systems of record.
(3) Procedural safeguards: All persons having access to these
records shall already have been trained in the proper handling of
records covered by the Privacy Act and 42 CFR part 2 (Confidentiality
of Alcohol and Drug Abuse Patient Records).
These acts restrict disclosures to unique situations, such as
medical emergencies, except where the client has consented in writing
to such disclosure. Clients of the EAP will be informed in writing of
the confidentiality provisions. Secondary disclosure of information
which was released is prohibited without client consent.
Retention and disposal:
Records are retained until three years after the client has
ceased contact with the EAP or until any litigation is finally
resolved. This will be true whether or not the client has terminated
employment with HHS or another agency contracting with HHS for EAP
services.
Some HHS EAPs provide Substance Abuse Professional evaluations as
part of Department of Transportation regulations. These records will
be retained for five years after contact with the program has ceased
or any litigation is completed.
Files on HHS employees and their family members will be destroyed
only by an HHS EAP Administrator, with a witness present, and only
after the required period of maintenance. The witness must be an HHS
employee familiar with handling confidential records and, whenever
possible, another EAP staff member. This includes electronic
deletions. Written records will be destroyed by shredding or burning.
Records located away from the EAP Administrator's site shall be
transferred to the EAP Administrator in the confidential manner
required by HHS and GSA policies. The case coding number of the
destroyed record will be maintained on a list of other destroyed case
coding numbers. No other information about EAP clients may be
maintained once these files have been destroyed.
System manager(s) and address:
The records of individuals participating in the EAP are managed
by the EAP Administrators in the various regional and headquarters
offices (Appendix 1).
Notification procedure:
If an HHS employee and/or family member wishes to inquire about
his or her record, a written inquiry should be addressed to the HHS
system manager responsible for the area where the counseling was
provided (see Appendix 1). The individual should provide his or her
name, organization where employed, date of birth, location of
counseling, and approximate date of counseling. If a third party is
making the request, a written consent from the client must accompany
the request.
If an inquiry is made from an employee and/or family member from
another federal agency serviced by the HHS EAP, a written inquiry
shall be made using the same procedures described above. If the
agreement to obtain services from HHS has terminated, the request
should be made through the designated EAP representative at the other
Federal agency.
In some limited situations, an EAP record is considered a medical
record. A client who requests notification or access to a medical
record shall, at the time the request is made, designate in writing a
responsible individual who would be willing to review the record.
Upon receiving a request, the EAP Administrator shall weigh the need
for disclosure against the potential injury to the EAP client, to
other affected persons, to the physician-patient relationship, and to
the treatment services. The EAP Administrator will then determine
whether to disclose the record directly to the client or to the
designated individual. If disclosed to the designated individual, he
or she will inform the client of its content but only at his or her
discretion.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought.
Contesting record procedures:
Contact the EAP Administrator at the address found in Appendix 1,
and reasonably identify the record and specify the information to be
contested. State the corrective action sought and the reasons for the
correction.
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual using the program, or (2) supplied by a member of
the employee's family, or (3) derived from information supplied by
the employee, or (4) supplied by sources to/from whom the individual
has been referred for assistance, or (5) supplied by Department
officials (including drug testing officers), or (6) supplied by EAP
counselors, or (7) supplied by other sources involved with the case.
Systems exempted from certain provisions of the act:
None.
Appendix 1
All Regional Offices (except CDC and NIH)
Employee Assistance Program Team Leader, Office of the
Secretary, ASMB, HHS EAP Headquarters, 200 Independence
Avenue, SW, Room 5-35E, Washington, DC 20201
Centers for Disease Control and Prevention
CDC Employee Assistance Program Administrator,
Personnel Management Office, 1600 Clifton Road, NE,
Mail Stop K17, Atlanta, GA 30333
Southwest Complex
Employee Assistance Program Administrator, Program
Support Center, 330 C Street, SW, Room 1036 Washington,
DC 20201
Health Care Financing Administration
HCFA Employee Assistance Program Administrator, 7500
Security Boulevard, C2-15-05, Baltimore, MD 21244
National Institutes of Health
NIH Employee Assistance Program Administrator, Building
31, Room 1C02, 9000 Rockville Pike, Bethesda, MD 20892
Parklawn/Hyattsville Complex
Employee Assistance Program Team Leader, Office of the
Secretary, ASMB, HHS EAP Headquarters, 200 Independence
Avenue, SW, Room-35E, Washington, DC 20201
09-90-0011
System name: Employee Appraisal Program Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1 and operating offices in organizational
units serviced by those personnel offices.
Categories of individuals covered by the system:
Current Federal employees of the Department.
Categories of records in the system:
This system contains information which includes employee's name,
SSN, employing organization, grade, title, series, and materials
relating to the evaluations of employee's performance.
Authority for maintenance of the system:
5 U.S.C. 4302, 5 U.S.C. 3301, 5 U.S.C. 3302, Executive Order
10577.
Purpose(s):
These records are used as a basis for awards, promotions, and
other recognition, reduction-in-force standing, adverse actions,
retention during probation, and other personnel actions. These
records are maintained in each component of the Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in these records may be used:
(1) By the Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) the Federal Mediation and
Conciliation Service, and to an arbitrator in carrying out their
functions;
(2) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(3) A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(4) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(5) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(6) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(7) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(8) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(9) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(10) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, on magnetic tape, and on
punch cards.
Retrievability:
Records are retrievable by name or social security number.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access.
Retention and disposal:
Appraisals and satisfactory rating are retained until a new
appraisal or rating is issued, 2 years have elapsed, or the
individual leaves the Department, and are then destroyed.
Unsatisfactory and outstanding ratings are filed in the Official
Personnel Folder which is retained until the individual leaves the
Department. (See HHS Personnel Instruction 293-1, Exhibit X293-1-2,
Item 10.)
System manager(s) and address:
Personnel Officers shown in Applicants for Employment Records,
HHS System 09-90-0006, Appendix 1.
Notification procedure:
Same as above. Employee should provide name, social security
number and organization in which employed.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record or specify the
information to be contested and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is provided by the
individual, derived from information supplied by the individual or
supplied by Department officials.
09-90-0012
System name: Executive Development Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1.
Categories of individuals covered by the system:
Members of the Senior Executive Service, supergrade employees
(GS-16-18) and equivalents, incumbents of managerial positions and
employees in grades GS-13-15 who have applied for Executive
Development Programs.
Categories of records in the system:
This system consists of a variety of records relating to an
employee's application for, and participation in, the executive
development program. In addition to the employee's name, the system
contains the employee's title, grade and salary, Social Security
Account Number, organization in which employed, date of entry into
the Executive Development Program, training needs while participating
in the program, individual's development plan, basis for
participation in the Executive Development Program.
Authority for maintenance of the system:
5 U.S.C. 4101 et. seq.
Purpose(s):
These records are used to document employee's application for and
participation in the executive development program. They may be used
as a basis for promotion, transfer, or reassignment. These records
are maintained in each component of the Department. See also
``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system of records is used:
(1) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(2) A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(3) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(4) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(5) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(6) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(7) By the Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, and the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) in carrying out their functions.
(8) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(9) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(10) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information in this system of records is maintained in file
folders, magnetic tape, punch cards, and forms.
Retrievability:
Records are indexed by name and Social Security Account Number.
They may be used as base for preparing management, budgetary or
statistical reports to support organizational planning or manpower
utilization studies.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access. Personnel screening is
employed to prevent unauthorized disclosure.
Retention and disposal:
Records of an unsuccessful applicant are retained for 60 days
after notification that he or she was not selected for participation,
and are then destroyed. Records of a participant are retained for 5
years after the individual has ceased to participate in the program,
and are then destroyed.
System manager(s) and address:
Heads of personnel offices which service the organizational unit
in which the individual is employed. See Applicants for Employment
Records, HHS System 09-90-0006, Appendix 1.
Notification procedure:
Same as above. Individuals should include their name, grade,
title, and organization when contacting the system manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410).
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411).
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual, or (2) derived from information supplied by the
individual, or (3) supplied by Department officials.
09-90-0013
System name: Federal Employees Occupational Health Program
Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1 and designated offices performing
occupational health services for employees in organizations serviced
by those personnel offices.
Categories of individuals covered by the system:
Current Federal employees of the Department
Categories of records in the system:
This system consists of a variety of records relating to an
employee's participation in the Federal ccupational Health Program at
units other than those operated by the Division of Federal Employee
Health, Public Health Service. Examples of information which may be
included in this system are the employee's name, SSN, date of birth,
weight, height, medical history, blood type, nature of injury or
complaint, type of treatment/medication received, examination
findings, and laboratory results.
Authority for maintenance of the system:
5 U.S.C 7901 et seq., Pub. L. 79-658.
Purpose(s):
These records are used to document visits by employees to health
units. They serve as the record of injuries and illnesses and
treatment given. Information from this system may be used by
Department officials in connection with fitness for duty
examinations. These records are maintained in each component of the
Department. See also ``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system of records may be used:
(1) By authorized medical personnel in connection with the
performance of their official duties.
(2) By the Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, and the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) in carrying out their functions.
(3) By the Department of Labor in connection with a claim filed
by an employee for compensation for job-related injury or disease.
(4) By private contractors engaged in providing medical services
under Federal contract.
(5) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(6) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(7) A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(8) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(9) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(10) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(11) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(12) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(13) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(14) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in file folders, punch cards and data tape.
Retrievability:
Records are retrievable by name, date of birth, and SSN.
Information from this system may be used for preparing statistical or
summary reports about employee participation in the Federal
Occupational Health Program.
Safeguards:
During the employment of the individual, medical records are
maintained in files separate from the Official Personnel Folder and
are located in lockable metal containers or in secured rooms with
access limited to those whose official duties require access.
Retention and disposal:
Records are retained until the individual leaves the Department.
If they have no long-term value they are destroyed at this time. If
they have continuing value they may be combined with the Official
Personnel Folder which is forwarded to the Federal Personnel Records
Center or to the new employing agency, as appropriate. (See FPM
Supplement 293-31, Subchapter 5-7 for contents of the Official
Personnel Folder.)
System manager(s) and address:
Personnel Officers shown in Applicants for Employment Records,
HHS System 09-90-0006, Appendix 1, who service organizational units
in which the individual is employed.
Notification procedure:
Inquiries should be addressed to the office where occupational
medical services are provided. The individual should include name,
SSN, title and organization. An individual who requests notification
of or access to a medical record shall, at the time the request in
made, designate in writing a responsible representative who will be
willing to review the record and inform the subject individual of its
contents at the representative's discretion. (These notification and
access procedures are in accordance with Department Regulations (45
CFR 5b.6), Federal Register, October 8, 1975, page 47411.)
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the corrective. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual, or (2) derived from information supplied by the
individual, or (3) supplied by the medical officer or nurse providing
treatment or medication, or (4) supplied by the individual's private
physician.
09-90-0014
System name: Grievances filed under part 771 of 5 CFR, HHS/OS/
ASPER.
Security classification:
None.
System location:
Office of Personnel Systems Integrity, Department of Health and
Human Services, Room 2046, Switzer Building, 330 Independence Ave.,
SW, DC 20201. Personnel Offices shown in Applicants for Employment
Records, HHS System 09-90-0006, Appendix 1 and offices of operating
officials in organizational units serviced by those personnel
offices.
Categories of individuals covered by the system:
Department employees individually or as a group who have
requested personal relief in a matter of concern or dissatisfaction
which is subject to the control of Department management.
Categories of records in the system:
Information or documents relating to the grievance and personal
relief sought; documented materials used in consideration of the
grievance, and correspondence related to disposition of the
grievance.
Authority for maintenance of the system:
5 U.S.C. 1302, 3301, 3302; Executive Order 10577.
Purpose(s):
Records in this system are used to initiate, consider, and
resolve employee grievances filed under part 771 of 5 CFR. These
records are maintained in each component of the Department. See also
``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system of records may be used:
(1) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(2) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(3) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(4) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(5) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(6) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 provides that the
agency will disclose personal records relevant to the organization's
mission, records in this system of records may be disclosed to such
organization.
(7) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(8) By the Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, and the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) in carrying out their function.
(9) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(10) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(11) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained in file folders, binders and index
cards.
Retrievability:
Records are indexed by name of individual filing the grievance.
Information from this system may be used by Department officials for
preparing statistical summary or management reports.
Safeguards:
Records maintained by management are stored in secured rooms with
access limited to those whose official duties require access.
Retention and disposal:
Records are retained for 3 years after the grievance case is
closed, and are then destroyed. (See HHS Personnel Instruction 293-1,
Exhibit X293-1-1, item 31a.)
System manager(s) and address:
Heads of personnel offices which service organizational units in
which employees who submit informal grievances are located. See
Applicants for Employment Records, HHS System 09-90-0006, Appendix 1.
Notification procedure:
Individuals who have filed grievances are aware of that fact and
have been provided information in writing concerning the disposition
of the grievance. They may contact the official who signed the
written notice, or the System Manager indicated above. They should
provide their name, organization in which employed and date of birth
and approximate date of the filing of the grievance.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual, or (2) derived from information supplied by the
individual, or (3) supplied by Department officials.
09-90-0015
System name: Grievance Records Filed Under Procedures
Established by Labor-Management Negotiations, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1 and offices of operating officials in
organizational units serviced by those personnel offices.
Categories of individuals covered by the system:
Current Federal employees of the Department covered by a
collective bargaining agreement.
Categories of records in the system:
This system of records consists of a variety of records relating
to an employee's grievance filed under procedures established by
labor-management negotiations. Examples of information which may be
included in this system of records are the employee's name, SSN,
grade, job title, testimony of witnesses, material placed into the
record to support the decision, the arbitrator's decision, the
arbitrator's report, and a record of an appeal to the Federal Labor
Relations Authority.
Authority for maintenance of the system:
Title 5, United States Code, Chapter 71.
Purpose(s):
Records in this system are used to initiate, consider, and
resolve employee grievances filed under procedures established by
labor-management negotiations. These records are maintained in each
component of the Department. See also ``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system may be released to:
(1) The Office of Personnel Management, Merit Systems Protection
Board (including its office of the Special Counsel), and the Equal
Employment Opportunity Commission, in carrying out their functions.
(2) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(3) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(4) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concering the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(5) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(6) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(7) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(8) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(9) The Department of Labor.
(10) The Federal Labor Relations Authority including the General
Counsel of the Authority and the Federal Service Impasses Panel.
(11) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(12) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his her individual
capacity where the Justice Department has agreed to represent such
employee, the Department may disclose such records as it deems
desirable or necessary to the Department of Justice to enable that
Department to present an effective defense, provided such disclosure
is compatible with the purpose for which the records were collected.
(13) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders.
Retrievability:
Records are retrievable by name. Information from this system may
be used by Department officials for preparing statistical summary or
management reports.
Safeguards:
Records maintained by management are stored in secured rooms with
access limited to those whose official duties require access.
Retention and disposal:
As negotiated by the local parties to the contract. If not
covered by contract, records are retained for 3 years after the
grievance case is closed and are then destroyed. (See HHS Personnel
Instruction 293-1, Exhibit X293-1-1, item 31a.)
System manager(s) and address:
Personnel Officers shown in Applicants for Employment Records,
HHS System 09-90-0006, Appendix 1 who service the organizational unit
in which the individual is employed.
Notification procedure:
Same as above. Individuals should include their name, grade,
title and organizational unit when contacting the system manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411)
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual, or (2) derived from information supplied by the
individual, or (3) supplied by testimony of witnesses, or (4)
supplied by union officials, or (5) supplied by Department officials.
Systems exempted from certain provisions of the act:
None.
09-90-0016
System name: HHS Motor Vehicle Operator Records, HHS/OS/ASPER.
System location:
None.
System location:
Personnel offices of the Department shown in Applicants For
Employment Records, HHS System 09-90-0006, Appendix 1. Issuing
Officers for Motor Vehicle Operator Identification Cards and motor
pool managers within the organizations serviced by the above
personnel offices.
Categories of individuals covered by the system:
All Department employees who are required to operate motor
vehicles regularly or incidentally in carrying out their official
duties.
Categories of records in the system:
This system consists of a variety of records related to the
issuance of a Government Motor Vehicle Operator's permit. In addition
to the name of the employee, the system includes information about
the employee's birthplace, SSN, employing organization, number of
years driven, type of vehicles operated, current driver's license,
number, state issuing driver's license, date license expires,
restrictions of state license, sex, date of birth, color or hair,
color of eyes, weight, height, records of violations, arrests, and
accidents. These records also include expiration dates of Motor
Vehicle Operator permit, any limitations imposed on its use and the
results of the annual review of each driving record.
Authority for maintenance of the system:
40 U.S.C. 471.
Purpose(s):
These records are used as a basis for issuing a SF-46 ``U.S.
government Motor Vehicle Operator's Identification Card'', to
evaluate its use, and to revoke it when appropriate. These records
are maintained in each component of the Department. See also
``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system of records may be used:
(1) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(2) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(3) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(4) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(5) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(6) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(7) By the Office of Personnel Management in carrying out its
functions.
(8) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(9) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(10) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in Official Personnel Folder, in file folders, and index
cards.
Retrievability:
Records are retrievable by name. They may also be used for
production of summary descriptive statistics and analytical studies
in support of the functions for which the records are collected and
maintained and for related personnel management functions.
Safeguards:
Access to and use of these records are limited to personnel whose
official duties require such access. Personnel screening is employed
to prevent unauthorized disclosure.
Retention and disposal:
Records are retained for three years after the individual's
government motor vehicle operator's permit expires, or the individual
leaves the Department, and are then destroyed. (See HHS Personnel
Instruction 293-1, Exhibit S293-1-1, item 24.)
System manager(s) and address:
Personnel Officers of the Department shown in Applicants for
Employment Records, HHS System 09-90-0006, Appendix 1.
Notification procedure:
Personnel officers in organizational units in which employed or
systems managers shown above. Individual should provide name and
organization in which employed.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2), Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the officials at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7), Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information contained in this system of records is obtained: (1)
From information supplied by the individual, or (2) derived from
information supplied by the individual, or (3) from information
supplied by officials of the Department.
Systems exempted from certain provisions of the act:
None.
Appendix 1
Office of the Secretary
Payroll Liaison Officer, Room 4355 HHS North Bldg., 330
Independence Ave., SW, Washington, DC 20201
Health Care Financing Administration
Payroll Liaison Officer, HCFA, East Low Rise Building, PO Box
17255, Baltimore, MD 21203
Office of Human Development Services
Payroll Liaison Officer, Room 347 D, Hubert H. Humphrey Building,
200 Independences Ave., SW, Washington, DC 20201
Office of Child Support Enforcement
Payroll Liaison Officer, Room 1010 Beltway View Bldg., 6110
Executive Blvd, Rockville, MD 20852.
Social Security Administration Headquarters
Payroll Liaison Officer, SSA Headquarters, Room L 1100 West Low
Rise Bldg., 6401 Security Blvd., Baltimore, MD 21235
Payroll Liasion Officer, SSA, ORS, Universal Bldg., Room 934,
1975 Connecticut Ave., NW, Washington, DC 20009
Regional Offices
Region I, Payroll Liaison Officer, JFK Federal Bldg., Room 1503,
Government Center, Boston, MA 00203
Region II, Payroll Liaison Officer, Personnel Support Branch,
Room 39-120, 26 Federal Plaza, New York, NY 10007
Region III, Payroll Liaison Officer, PO Box 13716, Philadelphia,
PA 19101
Region IV, Payroll Liaison Officer, 101 Marietta Tower, Suite
1601, Atlanta, GA 30331
Region V, Office of Personnel 31st Floor, Payroll Liaison
Officer, 300 South Wacker Drive, Chicago, IL 60606
Region VI, Regional Personnel Office, Room 1035, 1200 Main
Street, Dallas, TX 75020
Region VII, Payroll Liaison Officer, Retional Personnel Office,
601 E 12th Street, Kansas City, MO 64106
Region VIII, Payroll Liaison Officer, Federal Office Building,
Room 1028, 19th and Stout Street, Denver, CO 80294
Region IX, Regional Personnel Office, Room 138A, 50 United
Nations Plaza, San Francisco, CA 94102
Region X, Payroll Liaison Officer, Regional Personnel, Arcade
Plaza Bldg., Mail Stop 627, 1321 Second Avenue, Seattle, WA 98007
Regional Personnel Branch Office, Payroll Liaison Officer, 24000
Avila Road, 5th Floor, Laguna Niguel, CA 92677
Regional Personnel Branch Office, Payroll Liaison Officer, 1301
Superior Avenue--Suite 240, Cleveland, OH 44114
Social Security Administration Program Centers
Mid Atlantic, Payroll Liaison Officer, Program Service Center, PO
Box 3579, Philadelphia, PA 19122
Great Lakes, Payroll Liaison Officer, Program Service Center, 600
West Madison St., Chicago, IL 60606
Southeastern, Payroll Liaison Officer, Birmingham Program Service
Center, PO Box 10364, Birmingham, AL 35202
North Eastern Payroll Liaison Officer, Program Service Center,
9605 Horace Harding Expressway, Flushing, NY 11368
Mid-American, Payroll Liaison Officer, Program Service Center,
601 East 12th Street, Kansas City, MO 64106
Western, Payroll Liaison Officer, Richmond Personnel Operations
Center, Program Service Center, PO Box 2431, Richmond, CA 94802
Social Security Administration District Offices
New York, SSA, Payroll Liaison Officer, 26 Federal Plaza, Room
40-114, New York, NY 10007
Philadelphia,SSA, Payroll Liaison Officer, PO Box 13716,
Philadelphia, PA 19101
Chicago, SSA, Payroll Liaison Officer, 300 South Wacker Drive,
Chicago, IL 60606
Kansas City, SSA, Payroll Liaison Officer, 601 E 12th Street,
Kansas City, MO 64106
San Francisco, Payroll Liaison Officer, Room 138A, 50 United
Nations Plaza, San Francisco, CA 94102
Cleveland, SSA, Payroll Liaison Officer, 1301 Superior Avenue--
Suite 240, Cleveland, OH 44114
SSA, Wilkes Barre Data Operations Center, Room 903, VA Bldg., 19
N. Main Street, Wilkes Barre, PA 18701
SSA Data Operations Center, Payroll Liaison Officer, PO Box 4429,
Station A, Albuquerque, NM 87106
Boston, SSA, Payroll Liaison Officer, SSA, Room 1105, JFK Bldg.,
Government Center, Boston, MA 02203
Atlanta, SSA, Payroll Liaison Officer, 101 Marietta Tower, Suite
1601, Atlanta, GA 30331
Dallas, SSA, Payroll Liaison Officer, Room 1035, 1200 Main
Street, Dallas, TX 75020
Denver, SSA, Payroll Liaison Officer, Federal Office Building,
Room 1196, 19th and Stout Street, Denver, CO 80294
Seattle, SSA, Payroll Liaison Officer, Regional Personnel, Arcade
Plaza Bldg., Mail Stop 627, 1321 Second Avenue, Seattle, WA 98007
SSA, Record Center, PO Box 25, Boyers, PA 16020
SSA Data Operations Center, Payroll Liaison Officer, 100 East
Alvin Drive, Salinas, CA 93906
SSA, Office of Hearings and Appeals, Room 102, Braedon Building,
3833 Fairfax Drive, Arlington, VA 22203
Public Health Service
Center for Disease Control, Payroll Liaison Officer, Personnel
Management Office, 1600 Clifton Road NE, Atlanta, GA 30333
National Institute of Environmental Health Services Payroll
Liaison Officer, PO Box 12233, Research Triangle Park, NC 27709
Food & Drug Administration, Payroll Liaison Officer, HFA 125
Parklawn Bldg., Room 1182, 5600 Fishers Lane, Rockville, MD 20857
Alcohol, Drug Abuse and Mental Health Administration, Payroll
Liaison Officer, Room 1397, Parklawn Bldg., 5600 Fishers Lane,
Rockville, MD 20857
National Institute of Health, Payroll Liaison Officer, Bldg. 31,
Room B1B 30, 9000 Rockville Pike, Bethesda, MD 20014
Health Resources and Services Admin & Office of Asst. Sec. for
Health, Payroll Liaison Officer, Room 1649, Parklawn Bldg., 5600
Fishers Lane, Rockville, MD 20852
CDC, NIOSH, Payroll Liaison Officer, Financial Management Branch,
Parklawn Bldg. 8A-10, 5600 Fishers Lane, Rockville, MD 20857
Indian Health Service
Payroll Liaison Officer, Indian Health Service Area Office, Room
215, Federal Building, Aberdeen, SD 57401
Payroll Liaison Officer, Albuquerque Indian Health Service,
Federal Office Building and U.S. Courthouse, Room 4005, 500 Gold SW.,
Albuquerque, NM 87101
Payroll Liaison Officer, Alaska Area Native Health Service, Area
Personnel and Training Branch, PO Box 7-741, Anchorage, AK 99501
Payroll Liaison Officer, Phoenix Area Indian Health Service, 3738
N. 16th Street, Suite A. Phoenix, AZ 85014
Payroll Liaison Officer, Oklahoma City Area Indian Health
Service, 388 Old Post Office & Courthouse Bldg., Oklahoma City, OK
73102
Payroll Liaison Officer, Indian Health Service, 1220 SW. 3rd
Avenue, Room 476, Portland, OR 97204
Payroll Liaison Officer, Indian Health Service Area Office, PO
Box 2143, Billings, MT 59101
Payroll Liaison Officer, Navajo Area Indian Health Service, PO
Box G, Attn: Financial Management Branch, Window Rock, AZ 86515
Payroll Liaison Officer, Indian Health Service, Data Processing
Center, 2401 12th Street NW.--Room 3N, Alburquerque, NM 87198
Payroll Liaison Officer, Phoenix Indian Medical Center, 4212 N.
16th St., Phoenix, AZ 85016
Payroll Liaison Officer, Office of Research and Development, PO
Box 11340, Tucson, AZ 85734
Payroll Liaison Officer, Gallup Indian Medical Center, PO Box
1337, Gallup NM
Public Health Service Hospitals
Payroll Liaison Officer, St Elizabeth's Hospital, Room 101 E.
Building, 2700 Martin Luther King Ave., SE, Washington, DC 20032
Payroll Liaison Officer, USPHS Hospital, Carville, LA 70721
09-90-0018
System name: Personnel Records in Operating Offices, HHS/OS/
ASPER.
Security classification:
None.
System location:
Operating Offices of the Department at the organizational level
of the individual's employment. Such offices are located within
organizational components serviced by personnel offices shown in
Applicants for Employment Records, HHS System 09-90-0006, Appendix 1.
Categories of individuals covered by the system:
Current employees of the Department.
Categories of records in the system:
This system consists of a variety of records relating to
personnel actions and determinations made about an individual while
employed. These records may contain information about an individual
relating to name; birth date; home address; telephone number;
emergency address; social security number; veterans preference;
tenure; work connected injuries; employment history; qualifications
background; past and present salaries, grades and position titles;
training; awards and other recognition; counseling; performance
appraisal; conduct; pay and leave; and data documenting reasons for
personnel actions, decisions or recommendations made about an
employee; and background data and documentation leading to an adverse
action or other personnel action being taken against an employee.
Authority for maintenance of the system:
5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521 and
Executive Order 10561.
Purpose(s):
These records are used by operating officials in carrying out
their personnel management responsibilities. They may be used in this
connection in recommending or taking personnel actions such as
appointments, promotions, reassignments, within-grade increases,
adverse actions; as a basis for employee training, recognition, or
disciplinary actions; and as a basis for staffing and budgetary
planning and control, organizational planning, and manpower
utilization purposes. These records are maintained in each component
of the Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in these records may be used:
(1) By the Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, and the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) in carrying out their functions.
(2) In the event an appeal is made outside the Department,
records which are relevant may be referred to the appropriate agency
charged with rendering a decision on the appeal.
(3) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(4) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(5) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(6) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(7) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(8) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(9) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(10) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(11) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(12) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, magnetic tape, and index
cards.
Retrievability:
Records are indexed by any combination of name, birth date,
social security number, or identification number.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access.
Retention and disposal:
Records are retained until there is no further administrative
need to retain them, or the individual leaves the jurisdiction of the
operating office, and are then either destroyed, or, if appropriate,
are combined with the Official Personnel Folder, which is forwarded
to the hiring Federal agency or, if the employee is leaving Federal
service, to the National Personnel Records Center.
System manager(s) and address:
Personnel Officers of the Department. See Applicants for
Employment Records, HHS System 09-90-0006, Appendix 1.
Notification procedure:
Immediate supervisors of individuals or the administrative
offices of the organizational units in which employed. The system
manager shown above may also provide further information concerning
the existence of this system of records. Individuals should provide
their name, social security number, and organization in which
employed.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.).
Record source categories:
Information in this system of records either comes from the
individual to whom it applies, is derived from information supplied
by the individual, or is provided by Department officials.
Systems exempted from certain provisions of the act:
None.
Note.--When supervisors/managers retain personal
``supervisory'' notes, i.e., information on employees, over which the
agency exercises no control and does not require in its performance
appraisal system, which remain for the personal use of the author and
are not provided to any other persons, which are retained or
discarded at the author's sole discretion, and which are not used in
appraising an employee or in determining any rights, benefits or
privileges of an employee, such notes are mere extensions of the
supervisor's memory which are not subject to the Privacy Act and,
therefore, not considered part of this system. If any of the above
conditions are broken, these notes are no longer mere extensions of
the supervisor's memory and become records subject to the Privacy Act
in this system notice or another appropriate system notice.
09-90-0019
System name: Special Employment Program Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel Offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1 and operating offices in organizational
units services by those personnel offices.
Categories of individuals covered by the system:
Current Federal employees of the Department who are participating
in special employment programs.
Categories of records in the system:
This system consists of a variety of records relating to an
employee's participation in special employment programs such as the
Upward Mobility College, START, STRIDE, ACCESS, Worker Trainee
Opportunity, Junior Fellows, Management Intern, Personnel Intern and
the HHS Fellows Program. Examples of information which this records
system may contain include the employee's name, SSN, program enrolled
in, employing agency, grade, job title, job series, sex, date of
birth, status, education background, handicap code, application for
employment, position description, assignment evaluations, Veterans
preference, job counseling records, and letters of reference and
recommendations.
Authority for maintenance of the system:
5. U.S.C. 1301, 3301, 7151 et seq., Executive Order 11813.
Purpose(s):
Records are used by personnel offices and operating officials to
select individuals for and monitor their progress in special
employment programs; employee development and career planning; and as
a basis for taking personnel actions. These records are maintained in
each component of the Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system may be used:
(1) By the Office of Personnel Management, Merit Systems
Protection Board (including its Office of the Special Counsel), Equal
Employment Opportunity Commission, and the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) in carrying out their functions.
(2) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(3) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(4) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use to the appropriate agency, whether
state or local charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(5) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(6) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(7) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(8) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(9) In the event of litigation where the defendent is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purposes for which the records
collected.
(10) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information in this system of records is maintained in file
folders, data tape and punch cards.
Retrievability:
Records are retrievable by name and SSN.
Safeguards:
Access and use of these records are limited to those persons
whose official duties require such access.
Retention and disposal:
Records are retained for two years after the individual's
participation in a special placement program ends, and are then
destroyed. (See HHS Personnel Instruction 293-1, Exhibit X293-1-2,
item 9.)
System manager(s) and address:
Personnel Officers shown in Applicants for Employment Records,
HHS System 09-90-0006, Appendix 1, who service organizational units
in which the participant is employed.
Notification procedure:
Same as above. Individuals should include their name, SSN, grade,
title, and organization when contacting the system manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.).
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.).
Record source categories:
Information in this system of records is: (1) Supplied directly
by the individual, or (2) derived from information supplied by the
individual, or (3) supplied by Department officials.
09-90-0020
System name: Suitability for Employment Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel Offices listed in ``Applicants for Employment Records''
HHS System 09-90-0006, Appendix I.
Categories of individuals covered by the system:
Employees of the Department and applicants for employment.
Categories of records in the system:
This system consists of a variety of records relating to an
individual's suitability for employment in terms of character,
reputation and fitness, including letters of reference, and responses
to pre-employment inquiries. National Agency Checks and inquiries
material received from the Office of Personnel Management, the Merit
Systems Protection Board, and the U.S. Office of Special Counsel
relating to nonsensitive positions, qualifications and character
investigations, and other information which may relate to the
suitability of the individual for the position.
Authority for maintenance of the system:
5 U.S.C. 3301, 3302, 7301; Executive Order 10577; Executive Order
11222.
Purpose(s):
Records in this system are used by the designated appointing and
selecting authorities to make determinations concerning the
individual's suitability for employment. These records are maintained
at ASPER, OPDIV Headquarters and field offices, and Regional
Personnel Offices.
Routine uses of records maintained in the system, including
categories of users and the purposes of such use:
1. Information in these records may be used by the Office of
Personnel Management, Merit Systems Protection Board, U.S. Office of
Special Counsel, Equal Employment Opportunity Commission, and the
Federal Labor Relations Authority (including the General Counsel of
the Authority and the Federal Service Impasses Panel) in carrying out
their functions.
2. In the event that this system of records indicates a violation
or potential violation of law, whether civil, criminal or regulatory
in nature, and whether arising by general statute or particular
program statute, or by regulation, rule or order issued pursuant
thereto, the relevant records in the system of records may be
referred, as a routine use, to the appropriate agency, whether
federal, state, local, or foreign, charged with the responsibility of
investigating or prosecuting such violation or charged with enforcing
or implementing the statute, or rule, regulation or order issued
pursuant thereto.
3. In the event the Department deems it desirable or necessary in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
4. A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
5. When federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
6. When a contract between a component of the Department and a
labor organization recognized under 5 U.S.C. Chapter 71 provides that
the agency will disclose personal records relevant to the
organization's mission, records in this system of records may be
disclosed to such organization.
7. The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
8. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
9. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
10. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders and in electronic form.
Retrievability:
Records are indexed by any combination of name, date of birth,
Social Security Number, or identification number.
Safeguards:
1. Authorized Users: Data in electronic form are accessed by
passwords known only to those whose official duties require access.
2. Physical Safeguards: File cabinets and rooms where records are
stored are locked when not in use. During regular business hours,
rooms are unlocked but are controlled by on-site personnel.
3. Procedural and Technical Safeguards: A password is required to
access files maintained in electronic form. Passwords are changed
frequently. All users of the information (see Authorized Users,
above) protect information from public view and from unauthorized
personnel entering an unsupervised office.
These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding
Records Contained in Systems of Records,'' and the Department's
Automated Information System Security Program Handbook, and the
National Institute of Standards and Technology Federal Information
Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Retention and disposal:
Records from the Office of Personnel Management, the Merit
Systems Protection Board, and the U.S. Office of Special Counsel
concerning applicants for or incumbents of nonsensitive positions,
are retained until a decision is reached on whether to hire or retain
the applicant or incumbent, and are then destroyed. Other records in
this system are retained until there is no further administrative
need for them, the individual leaves the Department, or three years
have elapsed, whichever is later, and are then destroyed. Paper
copies are destroyed by shredding. Computer files are destroyed by
deleting the record from the file.
System manager(s) and address:
Heads of personnel offices which service organizational units in
which the individual is employed or in which he/she applied for
employment. See Applicants For Employment Records, HHS, System 09-90-
0006, Appendix 1.
Notification procedures:
To determine if a record exists, write to the System Manager as
indicated above. The requester must verify his or her identity by
providing either a notarization of the request or a written
certification that the requester is who he or she claims to be. The
request should include the requester's name, date of birth, and
organization in which employed or to which he or she applied for
employment. The requester must understand that knowing and willful
request for a record pertaining to an individual under false
pretenses is a criminal offense under the Act, subject to a five
thousand dollar fine.
Record access procedures:
To obtain access to records, write to the System Manager as
indicated above to obtain access to records and provide the same
information as is required under the Notification Procedures.
Requesters should reasonably specify the record contents being
sought. Individuals may also request an accounting of disclosure of
their records, if any.
Contesting record procedures:
Records that contain information that is inaccurate, incomplete,
untimely, or irrelevant may be contested. To contest such
information, individuals should contact the System Manager specified
above. They should reasonably identify the record, specify the
information contested, the corrective action sought, and state their
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information contained in the system is obtained from:
b Applications and other personnel and security forms furnished
by the individual.
b Information furnished by other Federal agencies.
b Information provided by sources such an employers, schools,
references, former employers.
Systems exempted from certain provisions of the act:
Individuals will be provided information from the above system
except when in accordance with the provisions of 5 U.S.C. 552a(k)(5):
1. disclosure of such information would reveal the identity of a
source who furnished information to the Government under an express
promise that the identity of the source would be held in confidence;
or 2. if the information was obtained prior to the effective date of
section 3, Pub. L. 93-579, disclosure of such information would
reveal the identity of a source who provided information under an
implied promise that the identity of the source would be held in
confidence. (45 CFR 5b.11.)
09-90-0021
System name: Training Management Information System, HHS/OS/
ASPER.
Security classification:
None.
System location:
Office of the Assistant Secretary for Personnel Administration,
Department of Health and Human Services, 200 Independence Ave., SW,
Washington, DC 20201.
Personnel offices shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1.
Categories of individuals covered by the system:
All employees who receive training in a course which was more
than 8 hours in length and which was authorized under the authority
of the Government Employees Training Act.
Categories of records in the system:
The Training Management Information System consists of a variety
of records relating to training received by an employee. In addition
to the name of the employee, the system includes information about
the employee's Social Security Account Number, position title, grade,
salary, pay plan, series, tenure, years of continuous service, nature
of training taken, cost of training and dates of training.
Authority for maintenance of the system:
5 U.S.C. 4101 et seq., Executive Order 11348.
Purpose(s):
Records in this system are used to maintain a history of employee
training, to help determine future training needs, to evaluate the
Department's training program, and for audit and budgetary planning
purposes. These records are maintained in each component of the
Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system of records is used:
(1) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records, in the system of records may
be referred, as a routine use, to the appropriate agency, whether
federal, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, or rule, regulation or order issued
pursuant thereto.
(2) A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employees, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(3) In the event that this system of records indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule or order issued
pursuant thereto, the relevant records in the system of records may
be referred, as a routine use of the appropriate agency, whether
state or local charged with the responsibility of investigating or
presecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
(4) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(5) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(6) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(7) By the Office of Personnel Management in carrying out its
functions.
(8) To other Federal agencies or private organizations to
authorize training.
(9) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
Congressional office made at the request of that individual.
(10) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(11) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Data tape.
Retrievability:
Records are indexed by any combination of name, birth date, SSN
or transaction number.
Safeguards:
The information is available only to authorized personnel.
Personnel screening is used to prevent unauthorized disclosure.
Retention and disposal:
Records are retained in the automated data file until the
individual leaves the Department.
System manager(s) and address:
Deputy Assistant Secretary for Personnel
Office of the Assistant Secretary for Personnel Administration
Department of Health and Human Services,
200 Independence Avenue, SW,
Washington, DC 20201.
Notification procedure:
Contact the Deputy Assistant Secretary for Personnel or the
personnel office shown in Applicants for Employment Records, HHS
System 09-90-0006, Appendix 1, which services the organizational unit
in which the individual is employed. The individual should indicate
name, position title, grade and series and organization in which
located.
Record access procedures:
Same as notification procedures. Requester should also reasonably
specify the record contents being sought. (These access procedures
are in accordance with Department Regulations (45 CFR 5b.5(a)(2))
Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify, the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register. October 8, 1975, page 47411.)
Record source categories:
Information in this system of record is: (1) Supplied directly by
the individual, or (2) derived from information supplied by the
individual, or (3) supplied by Department or by source of training
officials.
Systems exempted from certain provisions of the act:
None.
09-90-0022
System name: Volunteer EEO Support Personnel Records, HHS/OS/
ASPER.
Security classification:
None.
System location:
Office of the Deputy Assistant Secretary for EEO, 200
Independence Avenue, SW, Washington, DC 20201.
Office of the designated EEO Officers. See Discrimination
Complaints Records System. HHS System 09-90-0009, Appendix 01 for
exact locations.
Categories of individuals covered by the system:
Individuals who have volunteered or have been proposed for duty
as EEO Counselors and discrimination complaint investigators on a
part-time basis.
Categories of records in the system:
This system of records contains information or documents
concerning the personal characteristics of EEO counselors and
investigators. The records consist of the name and other identifying
data, title, location, training received, information concerning
qualifying background, case assignments, and evaluations of EEO
counselors and investigators serving on a part-time basis, and
related information.
Authority for maintenance of the system:
Executive Order 11478, Pub. L. 92-261, Pub. L. 93-259.
Purpose(s):
These records are used to identify, locate, and determine the
availability of volunteer counselors and investigators for
assignment; to determine training needs of counselors and
investigators. These records are maintained in each component of the
Department. See ``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records and information in the records may be used:
(1) To provide resource to another Federal Agency, in response to
its request for loan of investigators or counselors.
(2) A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(3) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(4) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 or 5 U.S.C. Chapter 71
provides that the agency will disclose personal records relevant to
the organization's mission, records in this system of records may be
disclosed to such organization.
(5) The Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise, refining records in this system. Relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
(6) By the Office of Personnel Management, Merit Systems
Protection Board (including its office of the Special Counsel), Equal
Employment Opportunity Commission, and the Federal Labor Relations
Authority (including the General Counsel of the Authority and the
Federal Service Impasses Panel) in carrying out their functions.
(7) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(8) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
(9) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are maintained in file folders, binders and index
cards.
Retrievability:
These records are indexed by the names of the individuals on whom
they are maintained. They may be used: To provide information for
production of summary descriptive statistics and analytical studies
in support of the function for which the records are collected and
maintained, or for related personnel management functions or manpower
studies; and to locate specific individuals for personnel research or
other personnel management functions.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require access.
Retention and disposal:
The records are maintained up to one year after volunteer has
terminated his services, at which time they are destroyed.
System manager(s) and address:
See Discrimination Complaints Records System, HHS System 09-90-
0009, Appendix 1 for General Coordinator and appropriate Immediate
System Manager.
Notification procedure:
Individuals who have volunteered or been proposed as counselor or
investigators are aware of that fact and the information contained in
the record. They may, however, write the immediate system manager or
coordinator indicated above regarding the existence of such records
pertaining to them. The inquirers, as appropriate, should provide to
the immediate system manager or coordinator, their name, agency in
which they were proposed or served when making inquiries about
records.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.)
Record source categories:
a. Individuals to whom the record pertains
b. Department or other officials
c. Official documents relating to appointments and case
assignments as counselors and investigators
d. Correspondence for specific persons or organizations
e. Formal reports submitted by the individual in the performance
of official volunteer work.
Systems exempted from certain provisions of the act:
None.
09-90-0023
System name: Departmental Parking Control Policy and Records
Systems, HHS/OS/ASMB/OFE.
Security classification:
None.
System location:
Director, Office of Facilities Engineering, Room 4700 North
Building, HHS/Office of the Secretary, 330 Independence Ave., SW,
Washington, DC 20201. Offices of Manager for Parking Control at HHS
facilities where parking is provided.
Categories of individuals covered by the system:
All HHS employees as well as any carpool member utilizing HHS
parking facilities.
Categories of records in the system:
This system includes the following information on all persons
applying for a parking permit: Name, office room number, office phone
number, agency, home address, and automobile license number, and
where applicable, physicians statement in support of handicapped
parking assignments and query to supervisors in support of
handicapped parking assignments.
Authority for maintenance of the system:
63 Stat. 377; 41 CFR 101-20.111.
Purpose(s):
To establish policy governing the acquisition and allocation of
Federal parking facilities and the establishment and determination of
charges to be paid for the use of such parking by Federal employees,
contractor employees and other facility tenants.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual. In the event of
litigation where the defendant is (a) the Department, any component
of the Department, or any employee of the Department in his or her
official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense, provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in binders in file cabinets and/or magnetic
tapes and disks as appropriate.
Retrievability:
Records maybe accessed by the various categories contained
therein. The purpose of the Departmental Parking Policy is to provide
standards for apportionment and assignment of parking spaces on
Department-managed and Department-controlled property and on property
assigned to the Department by GSA or any other Agency and to allocate
and check parking spaces assigned to government vehicles, visitors,
handicapped personnel, key personnel, car-pools, and others.
Safeguards:
Access to and use of these records are limited to personnel whose
official duties require such access. Security Safeguards meet the
requirements of Part 6, ADP System Security, of HHS's ADP System
Manual A mini computer is maintained in a secured area with access
limited to authorized personnel. Tapes and disc's are stored in
locked cabinets.
Retention and disposal:
Superseded policy materials are maintained by the Director,
Office of Facilities Engineering for historical purposes; Records at
other HHS locations are maintained until the Parking Control purpose
has been met and the records are then destroyed.
System manager(s) and address:
Director, Office of Facilities Engineering, Room 4700 North
Building, HHS/Office of the Secretary, 330 Independence Avenue, SW,
Washington, DC 20201.
Notification procedure:
Access to these records may be obtained by request in writing to:
Office of Manager for Parking Control at HHS facility where the HHS
parking is provided.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Records are developed from information supplied by applicants
and, for handicapped parking assignments, by physicians and
supervisors.
Systems exempted from certain provisions of the act:
None.
09-90-0024
System name:
Financial Transactions of HHS Accounting and Finance Offices,
HHS/OS/ASMB.
Security classification:
None.
System location:
See Appendix 1.
Memoranda copies of claims submitted for reimbursement of travel
and other expenditures while on official business may also be
maintained at the administrative and/or program office of the HHS
employee. Records concerning outstanding debts may also be maintained
at the program office or by the designated claims officer apart from
the finance office.
Categories of individuals covered by the system:
All persons who receive a payment from the Operating Divisions
(OPDIV) Headquarters, Area and District offices and all persons owing
monies to these HHS components. Persons receiving payments include,
but are not limited to, travelers on official business, grantees,
contractors, consultants, and recipients of loans and scholarships.
Persons owing monies include, but are not limited to, persons who
have been overpaid and who owe HHS a refund and persons who have
received from HHS goods or services for which there is a charge or
fee (e.g., Freedom of Information Act requesters).
Categories of records in the system:
Name, identification number, address, purpose of payment,
accounting classification and amount paid. Also, in the event of an
overpayment and for outstanding loans, grants or scholarships, the
amount of the indebtedness, the repayment status and the amount to be
collected. In the event of an administrative wage garnishment,
information about the debtor's employment status and disposable pay
available for withholding will be maintained.
Authority for maintenance of the system:
Budget and Accounting Act of 1950 (Pub. L. 81-784); Debt
Collection Act of 1982 (Pub. L. 97-365); Debt Collection Improvement
Act of 1996 (Pub. L. 104-134, sec. 31001).
Purpose(s):
These records are an integral part of the accounting systems at
OPDIVs Headquarters and specific Area and District locations. The
records are used to keep track of all payments to individuals,
exclusive of salaries and wages, based upon prior entry into the
systems of the official commitment and obligation of government
funds. When a person is to repay funds advanced as a loan or
scholarship, etc., the records will be used to establish a receivable
record and to track repayment status. In the event of an overpayment
to a person, the record is used to establish a receivable record for
recovery of the amount claimed. The records are also used internally
to develop reports to the Internal Revenue Service (IRS) and
applicable State and local taxing officials of taxable income. This
is a Department-wide notice of payment and collection activities at
all locations listed in Appendix 1.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Records will be routinely disclosed to the Treasury Department
in order to effect payment.
2. Records may be disclosed to members of Congress concerning a
Federal financial assistance program in order for members to make
informed opinions on programs and/or activities impacting on
legislative decisions. Also, disclosure may be made to a
congressional office from an individual's record in response to an
inquiry from the congressional office made at the request of the
individual in order to be responsive to the constituency.
3. In the event HHS deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
4. A record from this system may be disclosed as a ``routine
use'' to a Federal, State or local agency maintaining civil, criminal
or other relevant enforcement records or other pertinent records,
such as current licenses, if necessary to obtain a record relevant to
an agency decision concerning the hiring or retention of an employee,
the issuance of a security clearance, the letting of a contract or
the issuance of a license, grant or other benefit.
5. A record from this system may be disclosed to a Federal
agency, in response to its request, in connection with the hiring or
retention of an employee, the issuance of a security clearance, the
reporting of an investigation of an employee, the letting of a
contract or the issuance of a license, grant or other benefit by the
requesting agency, to the extent that the record is relevant and
necessary to its decision on the matter.
6. Where Federal agencies having the power to subpoena other
Federal agencies' records, such as the Internal Revenue Service (IRS)
or the Civil Rights Commission, issue a subpoena to HHS for records
in this system of records, HHS will make such records available,
provided however, that in each case, HHS determines that such
disclosure is compatible with the purpose for which the records were
collected.
7. Where a contract between a component of HHS and a labor
organization recognized under E.O. 11491 provides that the agency
will disclose personal records relevant to the organization's
mission, records in the system of records may be disclosed to such
organization.
8. A record may be disclosed to the Department of Justice, to a
court, or other tribunal, or to another party before such tribunal,
when: (1) HHS, or any component thereof; (2) Any HHS employee in his/
her official capacity; (3) Any HHS employee in his/her individual
capacity where the Department of Justice (or HHS, where it is
authorized to do so) has agreed to represent the employee; or (4) the
United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the tribunal, or the other party is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
9. A record about a loan applicant or potential contractor or
grantee may be disclosed from the system of records to credit
reporting agencies to obtain a credit report in order to determine
the person's credit worthiness.
10. When a person applies for a loan under a loan program as to
which the OMB has made a determination under I.R.C. 6103(a)(3), a
record about his/her application may be disclosed to the Treasury
Department to find out whether he/she has a delinquent tax account,
for the sole purpose of determining the person's creditworthiness.
11. A record from this system may be disclosed to the following
entities in order to help collect a debt owed the United States:
a. To another Federal agency so that agency can effect a salary
offset;
b. To the Treasury Department or another Federal agency in order
to effect an administrative offset under common law or under 31
U.S.C. 3716 (withholding from money payable to, or held on behalf of,
the individual);
c. To the Treasury Department to request the person's mailing
address under I.R.C. 6103(m)(2) in order to help locate the person or
to have a credit report prepared;
d. To agents of HHS and to other third parties, including credit
reporting agencies, to help locate the person or to obtain a credit
report on him/her, in order to help collect or compromise a debt;
e. To debt collection agents or contractors under 31 U.S.C. 3718
or under common law to help collect a past due amount or locate or
recover debtors' assets;
f. To the Justice Department for litigation or for further
administrative action; and
g. To the public, as provided by 31 U.S.C. 3720E, in order to
publish or otherwise publicly disseminate information regarding the
identity of the person and the existence of a nontax debt.
Disclosure under part (d) and (g) of this routine use is limited
to the individual's name, address, social security number, and other
information necessary to identify the person. Disclosure under parts
(a)-(c) and (e) is limited to those items; the amount, status, and
history of the claim; and the agency or program under which the claim
arose. An address obtained from IRS may be disclosed to a credit
reporting agency under part (d) only for purposes of preparing a
credit report on the individual.
12. A record from this system may be disclosed to another Federal
agency that has asked HHS to effect an administrative offset under
common law or under 31 U.S.C. 3716 to help collect a debt owed the
United States. Disclosure under this routine use is limited to: Name
and address, Social Security number, and other information necessary
to identify the individual; information about the money payable to or
held for the individual; and other information concerning the
administrative offset.
13. Disclosure with regard to claims or debts arising under or
payable under the Social Security Act may be made from this system to
``consumer reporting agencies'' as defined in the Fair Credit
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection
Act of 1986 (31 U.S.C. 3701(a)(3)). The purpose of this disclosure is
to aid in the collection of outstanding debts owed the Federal
Government. Disclosure of records is limited to the individual's
name, address, Social Security number, and other information
necessary to establish the individual's identity; the amount, status
and history of the claim; and the agency or program under which the
claim arose.
14. Information in this system of records is used to prepare W-2s
and 1099 Forms to submit to the Internal Revenue Service and
applicable State and local governments items considered to be
included as income to a person: Certain travel related payments to
employees, all payments made to persons not treated as employees
(e.g., fees to consultants and experts), and amounts written-off as
legally or administratively uncollectible, in whole or in part.
15. A record may be disclosed to banks enrolled in the Treasury
Credit Card Network to collect a payment or debt when the person has
given his/her credit card number for this purpose.
16. Records may be disclosed to a contractor (and/or to its
subcontractor) who has been engaged to perform services on an
automated data processing (ADP) system used in processing financial
transactions. The contractor may have been engaged to develop, modify
and test a new ADP system, including both software and hardware
upgrades or enhancements to such a system; perform periodic or major
maintenance on an existing ADP system; audit or otherwise evaluate
the performance of such an ADP system; and/or operate such a system.
17. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
18. A record from this system may be disclosed to any Federal
agency or its agents in order to participate in a computer matching
of a list of debtors against a list of Federal employees. Disclosure
of records is limited to debtors' names, names of employers,
taxpayers identifying numbers, addresses (including addresses of
employers), and dates of birth, and other information necessary to
establish the person's identity.
19. A record may be disclosed to a commercial reporting agency
that a person is responsible for a current claim, in order to aid in
the collection of claims, typically by providing an incentive to the
person to repay the claim or a debt timely. Disclosure of records is
limited to information about a person as is relevant and necessary to
meet the principal purpose(s) for which it is intended to be used
under the law.
20. A record from this system may be disclosed to the Treasury
Department or to an agency operating a Debt Collection Center
designated by the Treasury in order to effect a collection of past
due amounts.
21. If HHS decides to sell a debt pursuant to 31 U.S.C. 3711(I),
a record from the system may be disclosed to purchasers, potential
purchasers, and contractors engaged to assist in the sale or to
obtain information necessary for potential purchasers to formulate
bids and information necessary for purchasers to pursue collection
remedies.
22. If HHS decides to administratively garnish wages of a
delinquent debtor under the wage garnishment provision in 31 U.S.C.
3720D, a record from the system may be disclosed to the debtor's
employer. This disclosure will take the form of a wage garnishment
order directing that the employer pay a portion of the employee/
debtor's wages to the Federal Government. Disclosure of records is
limited to debtor's name, address, and social security number.
Disclosure to consumer reporting agencies:
Disclosure pursuant to 5 U.S.C. 552a(b)(12): Disclosure may be
made from this system to ``consumer reporting agencies,'' as defined
in 31 U.S.C. 3701(a)(3). The purpose of this disclosure is to aid in
the collection of outstanding debts owed to the Federal Government,
typically, to provide an incentive for debtors to repay their debts
timely, by making these debts part of their credit records.
Disclosure of records is limited to the individual's name,
address, social security number, and other information necessary to
establish the individual's identity; the amount, status and history
of the claim; and the agency or program under which the claim arose.
The disclosure will be made only after the procedural requirements of
31 U.S.C. 3711(e) have been followed.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Hard copy documents are maintained in file folders at agency
headquarters and area/district office sites; and on computer disc
pack and magnetic tape at central computer sites.
Retrievability:
This varies according to the particular accounting system within
the HHS Operating Divisions, Area and District Offices. Usually the
hard copy document is filed by name within accounting classification.
Computer records may be indexed by social security number and voucher
number. Intra-departmental uses and transfers concern the validation
and certification for payment, and for HHS internal audits.
Safeguards:
1. Authorized Users: Employees and officials directly responsible
for programmatic or fiscal activity, including administrative and
staff personnel, financial management personnel, computer personnel,
and managers who have responsibilities for implementing HHS funded
programs.
2. Physical Safeguards: File folders, reports and other forms of
personnel data, and electronic diskettes are stored in areas where
fire and life safety codes are strictly enforced. All documents and
diskettes are protected during lunch hours and nonworking hours in
locked file cabinets or locked storage areas. Magnetic tapes and
computer matching tapes are locked in a computer room and tape vault.
3. Procedural Safeguards: Password protection of automated
records is provided. All authorized users protect information from
public view and from unauthorized personnel entering an office. The
safeguards described above were established in accordance with HHS
Chapter 45-13 of the General Administration Manual; and the HHS ADP
System Manual Part 6, ``ADP Systems Security.''
Retention and disposal:
Records are purged from automated files once the accounting
purpose has been served; printed copy and manual documents are
retained and disposed of in accordance with General Accounting Office
principles and standards as authorized by the National Archives and
Records Administration.
System manager(s) and address:
Department of Health and Human Services, DHHS, Assistant
Secretary for Management and Budget, Office of the Secretary, Room
510A, Hubert H. Humphrey Building, Washington, DC 20201.
Notification procedure:
Inquiries should be made, either in writing or in person, to the
organizations listed under ``Location'' in Appendix 1, with the
exception of Food and Drug Administration records. For those records,
contact: FDA Privacy Act Coordinator (HFW-30), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857.
The individual making the inquiry must show proof of identity
before information is released. Give name and social security number,
purpose of payment or collection (travel, grant, etc.) and, if
possible, the agency accounting classification.
Record access procedures:
Same as notification procedures. Requesters should also clearly
specify the record contents being sought, and may include a request
for an accounting of disclosures that have been made of their
records, if any. (These access procedures are in accordance with HHS
regulations (45 CFR 5b.5(a)(2)).)
Contesting record procedure:
Contact the official at the address specified under notification
procedure above, and reasonably identify the record and specify the
information being contested, the corrective action sought, and the
reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Travel vouchers submitted by the individual; grant, contract and
loan award document; delinquent loan, grant and scholarship record;
consultant invoice of services rendered; and application for travel
advance.
Systems exempted from certain provisions of the act:
None.
Appendix 1--Location
Indian Health Service Area Offices (IHS)
Aberdeen Area Indian Health Service, Federal Building, 115
Fourth Avenue, Southeast, Aberdeen, SD 57401
Alaska Area Indian Health Service, 4141 Ambassador Drive,
Anchorage, AK 99508-5928
Albuquerque Area Indian Health Service, 5338 Montgomery Blvd.,
NE, Albuquerque, NM 87109-1311
Bemidji Area Indian Health Service, 522 Minnesota Ave., NW,
Bemidji, MN 56601
Billings Area Indian Health Service, 2900 4th Avenue North,
Billings, MT 59101
California Area Indian Health Service, 1825 Bell Street,
Sacramento, CA 95825-1097
Nashville Area Indian Health Service, 711 Stewarts Ferry Pike,
Nashville, TN 37214-2634
Navajo Area Indian Health Service, P.O. Box 9020, Window Rock,
AZ 86515-9020
Oklahoma City Area Indian Health Service, Five Corporate Plaza,
3625 NW 56th Street, Oklahoma City, OK 73112
Phoenix Area Indian Health Service, Two Renaissance Square, 40
North Central Avenue, Phoenix, AZ 85004
Portland Area Indian Health Service, 1220 S.W. Third Avenue--
Room 476, Portland, OR 97204-2892
Tucson Area Indian Health Service, 7900 South ``J'' Stock Road,
Tucson, AZ 97204-2892
Food and Drug Administration District Offices (FDA)
Food and Drug Administration, FDA, 60 Eighth Street, NE,
Atlanta, GA 30309
Food and Drug Administration, FDA, Boston District Office, One
Montvale Avenue, Stoneham, MA 62180
Food and Drug Administration, FDA, 599 Delaware Avenue,
Buffalo, NY 14202
Food and Drug Administration, FDA, Room 700, Federal Office
Building, 850 3rd Avenue (at 30th Street), Brooklyn, NY 11232
Food and Drug Administration, FDA, 61 Main Street, West Orange,
NJ 07052
Food and Drug Administration, FDA, Room 1204, US Customhouse,
2nd and Chestnut Streets, Philadelphia, PA 19106
Food and Drug Administration, FDA, 900 Madison Avenue,
Baltimore, MD 21201
Food and Drug Administration, FDA, San Juan District Office, PO
Box 5719 PTA, De Tierra Station, San Juan, PR 00906-5719
Food and Drug Administration, FDA, Room 1222, Main Post Office
Building, 433 West Van Buren Street, Chicago, IL 60607
Food and Drug Administration, FDA, 1560 East Jefferson Avenue,
Detroit, MI 48207
Food and Drug Administration, FDA, 1141 Central Parkway,
Cincinnati, OH 45202
Food and Drug Administration, FDA, 240 Hennepin Avenue,
Minneapolis, MN 55401
Food and Drug Administration, FDA, 3032 Bryan Street, Dallas,
TX 75204
Food and Drug Administration, FDA, 4298 Elysian Fields, New
Orleans, LA 70122
Food and Drug Administration, FDA, National Center for
Toxicological Research, Jefferson, AR 72079
Food and Drug Administration, FDA, 1009 Cherry Street, Kansas
City, MO 64106
Food and Drug Administration, FDA, US Courthouse and Courthouse
Building, 1114 Market Street, Room 1002, St. Louis, MO 63101
Food and Drug Administration, FDA, Building 20, Denver Federal
Center, PO Box 25087, Denver, CO 80255-0087
Food and Drug Administration, FDA, Federal Office Building,
Room 506, 50 United National Plaza, San Francisco, CA 94102
Food and Drug Administration, FDA, 1521 West Pico Boulevard,
Los Angeles, CA 90015
Food and Drug Administration, FDA, 22201 23rd Avenue, SE,
Bothell, WA 98021-4421
Food and Drug Administration, FDA, Headquarters Office, 5600
Fishers Lane, Room 11-83, Parklawn Building, Rockville, MD 20857
Centers for Disease Control and Prevention (CDC)
Centers for Disease Control and Prevention, CDC, Accounting
Section (CO-5), Robert A. Taft Laboratories, 4676 Columbia Parkway,
Cincinnati, OH 45226
Centers for Disease Control and Prevention, CDC
--and--
Agency for Toxic Substances and Disease Registry (ATSDR)
Financial Management Office, 1600 Clifton Road NE, (M/S D-04),
Atlanta, GA 30333
Health Care Financing Administration (HCFA)
Health Care Financing Administration, HCFA, Room C3-0927, 7500
Security Boulevard, Baltimore, MD 21244
National Institutes of Health (NIH)
National Institutes of Health, NIH, Building 1, Room 222, Rocky
Mountain Laboratory, Hilton, MT 59840
National Institutes of Health, NIH, National Institute of
Mental Health, WAW Building, Room 562, St. Elizabeth's Hospital,
Washington, DC 20032
National Institutes of Health, NIH, Frederick Cancer Research
Facility, Fort Detrick Building, Room 427, Frederick, MD 21702-1201
National Institutes of Health, NIH, National Institutes of
Environmental Health Sciences, Room B2-03, Building 101, Research
Triangle Park, NC 27709
National Institutes for Health, NIH, National Institute on Drug
Abuse, Addiction Research Center, Building C, Room 248, 4940 Eastern
Avenue, Baltimore, MD 21224
National Institutes for Health, NIH, Headquarters Office,
Operations Accounting Branch, Building 31, Room B1-B63, 9000
Rockville Pike, Bethesda, MD 20892-0134
Program Support Center (PSC)
Program Support Center, PSC, Division of Fiscal Services, 5600
Fishers Lane, Room 16-05, Rockville, MD 20857
Individual records of the following HHS Operating Divisions may
be obtained from the Program Support Center (PSC):
1. Administration for Children and Families (ACF)
2. Administration on Aging (AoA)
3. Agency for Health Care Policy and Research (AHCPR)
4. Health Resources and Services Administration (HRSA)
5. Indian Health Service (IHS)
6. Substance Abuse and Mental Health Services Administration
(SAMHSA)
7. Office of the Secretary (OS)
Substance Abuse and Mental Health Services Administration
(SAMHSA)
In addition to the individual records maintained by the PSC,
travel-related records for SAMHSA employees may also be obtained from
the following SAMHSA program offices:
Office of the Administrator, Substance Abuse and Mental Health
Services Administration, Room 12-107, Parklawn Building, 5600 Fishers
Lane, Rockville, Maryland 20857
Office of Applied Studies, Substance Abuse and Mental Health
Services Administration, Room 16-105, Parklawn Building, 5600 Fishers
Lane, Rockville, Maryland 20857
Office of Program Services, Division of Administrative
Services, Substance Abuse and Mental Health Services Administration,
Room 6-101, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland
20857
Center for Substance Abuse Prevention, Substance Abuse and
Mental Health Services Administration, Room 9D10, Rockwall II
Building, 5600 Fishers Lane, Rockville, Maryland 20857
Center for Substance Abuse Treatment, Substance Abuse and
Mental Health Services Administration, Room 10-75, Rockwall II
Building, 5600 Fishers Lane, Rockville, Maryland 20857
Center for Mental Health Services, Substance Abuse and Mental
Health Services Administration, Room 15-105, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857
09-90-0025
System name: Central Registry of Individuals Doing Business With
HHS, HHS/OS/ASMB 2.
Security classification:
None.
System location:
Division of Financial Operations and Fiscal Procedures, Room
739D1, Humphrey Building, 200 Independence Avenue, SW, Washington, DC
20201.
Categories of individuals covered by the system:
Individuals who are the recipients of Federal Domestic Assistance
Grants, or of contracts awarded by HHS.
Categories of records in the system:
An index of names, addresses and identification number (SSN) of
the individual doing business with HHS. No other personally
identifiable data are maintained. The index is termed public
information since data relative to Federal Domestic Assistance and
Contracts are public information.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
This registry is maintained to provide a standard code to
uniquely identify entities, including individuals, together with
mailing address and other characteristic data to all principal
operating components, agencies, regional offices and staff offices of
the Department. The use of a single code per entity in all
Departmental data systems enhances communication with an entity, as
well diminishing the need to maintain duplicative data and files at
various locations. Major categories of entities in the central file
are those awarded contracts and awarded grants under Federal Domestic
Assistance programs. Only those persons in the Department with a
``need to know'' have access to the published registry and to the
automated records.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
a. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
b. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
c. In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
d. A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
e. Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
f. Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 provides that the
agency will disclose personal records relevant to the organization's
mission records in this system of records may be disclosed to such
organization.
g. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Hard copy code booklets are manually filed at agency and regional
office sites; and on disc pack and magnetic tapes at central computer
sites.
Retrievability:
Record may be found in the Code Book by either name or social
security number; record in the disc pack and on magnetic tape is
indexed by social security number. The Code Book provides a listing
of data processing numbers for grant, contract and financial
transactions. These numbers are used to access the name and address
of the individual in the Automated Library (Central Registry). The
information is used for check preparation, reports, mailings, etc.
Safeguards:
Safeguards to insure integrity of records, and that required to
provide protection against loss by accident or carelessness.
Retention and disposal:
Records are purged from the automated file each two years; only
persons actively dealing with HHS remain on file. Code Books are
replaced each year. Inactive books are destroyed.
System manager(s) and address:
Deputy Assistant Secretary, Finance, Department of HHS, Office
of the Secretary, Room 705D1, Humphrey Building, 330 Independence
Avenue, SW, Washington, DC 20201.
Notification procedure:
Inquiries are to be made, either in writing or in person, to the
organization listed under ``location''. Give name and social security
number.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under System
Location, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Grant and Contract documents. Names, social security numbers and
addresses are provided by the individual when applying for a grant or
contract from the Department.
Systems exempted from certain provisions of the act:
None.
09-90-0027
System name: Congressional Correspondence Unit, HHS/OS/ASL.
Security classification:
None.
System location:
Room 435G Humphrey Building, 200 Independence Avenue, SW,
Washington, DC 20201
Categories of individuals covered by the system:
Members of Congress indexed by name.
Categories of records in the system:
Control information recording, direct inquiries and referrals of
constituents' inquiries from Members of Congress, and responses to
those inquiries, regarding the Department's activities, including,
but not necessarily limited to: a. General program activities of the
Department; b. individual case problems of named persons, families or
institutions; c. employment or appointment interests. Control slips
identifying the correspondent, the constituent on whose behalf the
inquiry is made, the constituent's social security number if inquiry
relates to a social security case, and a summary of the subject
matter of the inquiry.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
To provide response to inquiries from a member of Congress made
on behalf of a constituent regarding the Department's activities,
including, but not limited to general program activities of the
Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Inquiries which do not pertain to HHS, but fall under the
jurisdiction of another Federal Agency, are transferred to that
Agency with a request that a direct response be provided to the
correspondent. Disclosure may be made to a congressional office from
the record of an individual in response to an inquiry from the
congressional office made at the request of that individual. In the
event of litigation where the defendant is (a) the Department, any
component of the Department, or any employee of the Department in his
or her official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Maintained on magnetic (floppy) disks.
Retrievability:
Records are indexed alphabetically by name of the Members of
Congress. Inquiries are forwarded to the HHS Agency which has
jurisdiction over the subject matter for preparation of a response.
Safeguards:
Records are kept in office with access limited to those whose
official duties require access.
Retention and disposal:
Records are reviewed biannually, and maintained for two years.
System manager(s) and address:
Director, Congressional Liaison Office, Office of the Assistant
Secretary for Legislation, Room 417 H Humphrey Bldg, 200 Independence
Avenue, SW, Washington, DC 20201.
Notification procedure:
System Manager; address same as above. The name of the person who
corresponded with the Department with reference to the constituent
and the approximate date of that correspondence must be provided.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
The information in CCU files is provided by the correspondent and
by the agency which prepares the final response.
Systems exempted from certain provisions of the act:
None.
09-90-0028
System name: Biographies and Photographs of HHS Officials, HHS/
OS/ASPA.
Security classification:
None.
System location:
Office of the Assistant Secretary for Public Affairs, News
Division, Room 638E, Humphrey Building, 200 Independence Avenue, SW,
Washington, DC 20201 (see Appendix 1 following)
Categories of individuals covered by the system:
HHS employees in key management and technical positions, such as
the Secretary, Under Secretary, Assistant Secretaries, Deputy
Assistant Secretaries, Commissioners, Regional Directors, Deputy
Regional Directors, Agency Heads, Unit Managers.
Categories of records in the system:
Biographical files consist of approved, printed personal and
professional resumes and standard portrait pictures and biographical
and professional questionnaires providing name, title, office
location, telephone number, date of appointment to HHS, home address,
home telephone, date of birth, place of birth, marital status,
spouse's name, children's names, children's date of birth, education,
military service, professional career data, professional
affiliations, publications and articles authored, awards, citations,
prizes and honors received, civic, social and fraternal associations,
outside interests, such as hobbies, sports, recreation.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
These records are maintained and made available to staff of the
Department who have a need for photographs or background information
on top officials of HHS.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request to that individual. In the event of
litigation where the defendant is (a) the Department, any component
of the Department, or any employee of the Department in his or her
official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in individual and combined files and
stored in standard five-drawer file cabinets in offices listed under
System Location.
Retrievability:
Records are indexed by the name in alphabetical order, of those
in higher management and technical positions with the remainder
combined in a `miscellaneous' folder or folders. These records are
made available to staff of the Department who have a need for photos
of background information on these officials.
Safeguards:
Files are maintained in the offices of Public Affairs and
requests are honored `on a need to know' basis only.
Retention and disposal:
Records are periodically updated as circumstances warrant
relative to promotions, reassignment, resignations, death.
System manager(s) and address:
Same as in Location above and Appendix 1.
Notification procedure:
Contact System Managers in areas where individual is employed.
Addresses same as above with the exception of Food and Drug
Administration, contact: FDA Privacy Coordinator (HF-50), Food and
Drug Administration, 5600 Fishers Lane, Rockville, Md. 20857.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Information contained in the biographies comes from the
individuals whose biographies they form and from other material
furnished by agency public information offices. The biographies are
cleared with the individuals whose biography they represent prior to
release to the public and the news media.
Systems exempted from certain provisions of the act:
None.
Appendix 1
Public Affairs Officer, Alcohol, Drug Abuse, and Mental Health
Administration, Room 60-15, 5600 Fishers Lane, Rockville, Maryland
20857.
Public Affairs Officer, Center for Disease Control, Room 2067,
Building 1, 1600 Clifton Road, Atlanta, Georgia 30333.
Public Affairs Officer, Food and Drug Administration, Room
15B42, 5600 Fishers Lane, Rockville, Maryland 20857.
Public Affairs Officer, Health Resources Administration, Room
1030, Center Building, 3700 East-West Highway, Rockville, Maryland
20782.
Public Affairs Officer, Health Services Administration, Room
14A55, 5600 Fishers Lane, Rockville, Maryland 20857.
Public Affairs Officer, National Institutes of Health, Room
309, Building I, 9000 Rockville Pike, Bethesda, Maryland 20014.
Director, Public Health Services, Office of Public Affairs,
Room 721H, HHH Bldg., 200 Independence Ave., SW, Washington, DC
20201.
Public Affairs Officer, Health Care Financing Administration,
Room 4244 HHS North, Humphrey Building, 330 Independence Ave. SW,
Washington, DC 20201.
Public Affairs Officer, Social Security Administration, Rm 900
Altmeyer Bldg., 6401 Security Boulevard, Baltimore, Maryland 21235.
Public Affairs Officer, Department of Health and Human
Services, John F. Kennedy Federal Building, Government Center,
Boston, Massachusetts 02203.
Public Affairs Officer, Department of Health and Human
Services, Federal Building, 26 Federal Plaza, New York, New York
10007.
Public Affairs Officer, Department of Health and Human
Services, PO Box 13716, Philadelphia, Pennsylvania 19101.
Public Affairs Officer, Department of Health and Human
Services, 101 Marietta Towers, Suite 1403, Atlanta, Georgia 30323.
Public Affairs Officer, Department of Health and Human
Services, 300 South Wacker Drive, 35th Floor, Chicago, Illinois
60606.
Public Affairs Officer, Department of Health and Human
Services, 1200 Main Tower Building, 11th Floor, Dallas, Texas 75202.
Public Affairs Officer, Department of Health and Human
Services, 601 East 12th Street, Kansas City, Missouri 64106.
Public Affairs Officer, Department of Health and Human
Services, 19th and Stout Sts., RM10006, Fed Ofc. Bldg., Denver,
Colorado 80294.
Public Affairs Officer, Department of Health and Human
Services,
Federal Office Building, 50 United Nations Plaza, San
Francisco, California 94102.
Public Affairs Officer, Department of Health and Human
Services, 2901 Third Avenue, Seattle, Washington 98121.
09-90-0036
System name: Employee Suggestion Program Records, HHS/OS/ASPER.
Security classification:
None.
System location:
This system is located in employee suggestion offices of the
Department. See Appendix 1 for exact locations.
Categories of individuals covered by the system:
Individuals who have made suggestions in OS and in Operating
Divisions of the Department; and/or suggestions made by individuals
in other Federal Departments requiring an HHS evaluation.
Categories of records in the system:
Suggestions, evaluations of suggestions, name and address of
individuals submitting suggestions, other identifying information
such as salary and grade, including position title, and, optionally,
a social security account number.
Authority for maintenance of the system:
5 U.S.C. 4501 et seq.
Purpose(s):
Records in this system are used to control, evaluate, and make
award determinations on employee suggestions. These records are
maintained in each component of the Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
To the Office of Personnel Management for information, possible
award. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual. In the
event of litigation where the defendant is (a) the Department, any
component of the Department, or any employee of the Department in his
or her official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense, provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained in standard sized file cabinets.
Retrievability:
The records are indexed in alphabetical order by the name of the
employee submitting the suggestion.
Safeguards:
Direct access restricted to authorized staff.
Retention and disposal:
After final action, suggestion records are maintained for two
years and then destroyed.
System manager(s) and address:
See Appendix 1 for overall system manager and immediate system
managers.
Notification procedure:
Contact the appropriate system manager indicated in Appendix 1.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411).
Record source categories:
Incoming suggestions, responses, evaluations and other material
obtained during course of adjudication.
Appendix 1
List of System Managers and Locations for Employee Suggestion
Matters.
Overall System Manager:
Employee Suggestion Officer, Room 1232, Switzer Building, 330 C
St., SW, Washington, DC 20201
Immediate System Managers:
Employee Suggestion Officer, Social Security Administration, G-
110 West High Rise, Baltimore, Maryland 21235
Employee Suggestion Officer, Health Care Financing
Administration, GP3, East Low Rise, 6401 Security Blvd., Baltimore,
Maryland 21235
Employee Suggestion Officer, Office of Human Development
Services, Humphrey Building, Room 345D, 200 Independence Ave. SW,
Washington, DC 20201
PHS OASH Employee Suggestion Officer, 17-75 Parklawn Building,
Rockville, Maryland 20857
CDC Employee Suggestion Officer, 1600 Clifton Road NE.,
Building 1, 6062, Atlanta, Georgia 30333
FDA Employee Suggestion Officer, 5600 Fishers Lane, Room 9-57,
Rockville, Maryland 20857
HRSA Employee Suggestion Officer, Room 14A-30 Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857
ADAMHA Employee Suggestion Officer, 12C-05 Parklawn Building,
5600 Fishers Lane, Rockville, Maryland 20857
NIH Employee Suggestion Officer, Building 31, Room 3-B-07,
Bethesda, Maryland 20205
Regional Employee Suggestion Officer, Region I, Department of
Health and Human Services, John F. Kennedy Federal Building,
Government Center--Room 2411, Boston, Massachusetts 02203
Regional Employee Suggestion Officer, Region II, Department of
Health and Human Services, Regional Personnel Office, Operations
Branch II, Room 39-120, 26 Federal Plaza, New York, New York 10007
Employee Suggestion Officer, Region III, Department of Health
and Human Services, 3535 Market Street, Room 9400, Philadelphia,
Pennsylvania 19101
Employee Suggestion Officer, Region IV, Department of Health
and Human Services, 101 Marietta Towers, Room 1601, Atlanta, Georgia
30323
Employee Suggestion Officer, Region V, 31st Floor, 300 S.
Wacker Drive, Chicago, Illinois 60606
Employee Suggestion Officer, Region VI, Department of Health
and Human Services, 1200 Main Towers, Room 1000, Dallas, Texas 75202
Employee Suggestion Officer, Region VII, Department of Health
and Human Services, Room 468, 601 E. 12th Street, Kansas City,
Missouri 64106
Employee Suggestion Officer, Region VIII, Department of Health
and Human Services, Federal Office Building, Room 1031, 1961 Stout
Street, Denver, Colorado 80294
Employee Suggestion Officer, Region IX, Department of Health
and Human Services, Federal Office Building, Room 419, 50 United
Nations Plaza, San Francisco, California 94102
Employee Suggestion Officer, Region X, Department of Health and
Human Services, Arcade Plaza, Room 6039, 1321 Second Avenue, Seattle,
Washington 98101
09-90-0037
System name: Secretariat Correspondence Control System, HHS/OS/
ES.
Security classification:
None.
System location:
Room 602C, Humphrey Bldg., 200 Independence Avenue SW,
Washington, DC 20201.
Categories of individuals covered by the system:
Individuals who have contacted the Secretary, the Under
Secretary, or other HHS officials, or who have been contacted in
writing to them.
Categories of records in the system:
Control information from the Secretary's, Under Secretary's, or
other HHS officials' correspondence to include a subject narrative,
organization drafting the response, and type of action required from
the Department. This information is contained on hardcopy printouts,
computer magnetic tape, and computer disk units.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
To provide for the Secretary, the Assistant Secretaries, and the
Operating Divisions the capability to control, track and update
document records as the documents are processed within the
Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual. In the event of
litigation where the defendant is (a) the Department, any component
of the Department, or any employee of the Department in his or her
official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained as follows: Hardcopy printouts are stored
in standard file cabinets in a locked area; computer records are
stored on either magnetic tape resident in a computer tape library,
or, an on-line computer disk unit at the operational computer site.
Retrievability:
Records are indexed chronologically by date of correspondence and
also by name, subject and numerical control number. Records are
available to staff responsible for preparation of responses to
inquiries and to the staff of the Executive Secretariat(s). Records
are used for control and reference purposes in staffing out issues
and correspondence of concern to the Secretary, the Under Secretary,
or operational divisions/staff office heads.
Safeguards:
Direct access is limited to the staff of the Executive
Secretariat and OP DIV. staff control personnel to both hardcopy and
computer resident records. Access is limited during non-working hours
to the hardcopy records to these individuals with keys to both the
file cabinets and rooms where the records are stored. Remote computer
terminal locations are protected with individual user identification
numbers and passwords to the computer system. Where possible,
computer terminal locations are locked during non-working hours.
Retention and disposal:
Hard copy records are retired to the National Archives after
three years. Control records are maintained for three years. Computer
records are purged after correspondence is finalized to a history
file.
System manager(s) and address:
Executive Secretary to the Department, Room 636G, Humphrey
Bldg., 200 Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Inquiries should be addressed to the System Manager. The inquirer
should indicate the individual with whom the Secretary, Under
Secretary, or OP DIV. staff office head corresponded, the date of the
incoming correspondence and the date of the outgoing correspondence
from the Secretary, the Under Secretary, of OP DIV. staff office
head. Address is same as above.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Computer records are derived from the incoming correpondence for
the Secretary and the Under Secretary.
Systems exempted from certain provisions of the act:
None.
09-90-0038
System name: Secretary's Official Files, HHS/OS/ES.
Security classification:
None.
System location:
Room 636G, Humphrey Building, 200 Independence Avenue, SW,
Washington, DC 20201.
Categories of individuals covered by the system:
Individuals who have contacted the Secretary or the Under
Secretary or who have been contacted in writing by them.
Categories of records in the system:
Hard copies of documents signed or initialed by the Secretary or
the Under Secretary.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
The Secretary's Official Files are maintained to preserve the
historical record of actions taken by the decisions made by the
Secretary and the Under Secretary of the Department of Health and
Human Services.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual. In the event of
litigation where the defendant is (a) the Department, and component
of the Department, or any employee of the Department, or any employee
of the Department in his or her official capacity; (b) the United
States where the Department determines that the claim, if successful,
is likely to directly affect the operations of the Department or any
of its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense provided such
disclosure is compatible with the purpose for which the records were
collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are maintained in hard copy filed in standard file
cabinets.
Retrievability:
Records are indexed by subject, name, organization, and key
words. Records are available to the staff of the Executive
Secretariat and the Immediate Office of the Secretary for reference
purposes in staffing out issues of concern to the Secretary of the
Under Secretary.
Safeguards:
Direct access is limited to the staff of the Executive
Secretariat. Access is limited during non-working hours to
individuals with keys to the file room.
Retention and disposal:
Records are maintained for three years and are then sent to the
National Archives.
System manager(s) and address:
Executive Secretary to the Department, Room 636G, Humphrey
Building, 200 Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Inquiries should be addressed to the system manager at the above
address. The inquirer should indicate the subject matter of the issue
involved, the date of the subject documents, and the author and/or
addresses.
Record access procedures:
Same as above.
Contesting record procedures:
Same as above. In addition indicate corrective action sought and
reason for corrections with supporting justification.
Record source categories:
Records are derived from documents signed or initialed by the
Secretary of the Under Secretary.
Systems exempted from certain provisions of the act:
None.
09-90-0039
System name:
National Disaster Claims Processing System.
Security classification:
None
System location:
Office of Emergency Preparedness (OEP), 12300 Twinbrook Parkway,
Rockville, MD 20852.
Categories of individuals covered by the system:
Individuals requiring definitive medical care at an NDMS hospital
as the result of a medical condition caused by, or exacerbated by, a
natural or technical disaster, or a terrorist act.
Categories of records in the system:
Medical claims data will be in uniform claim forms accepted by
the Health Care Financing Administration (HCFA) for institutional and
non-institutional claims. Records will
[[Page 44349]]
include: Beneficiaries Name, Social Security Number, Address, Dates
of Care, DRG/CPT, Provider Name, Provider Address, HIPAA Provider
Number, Amount Billed, Amount Allowed, Other Insurance Payment, and
Amount to be paid. In addition information from the providing
hospital including the Employer Identification Number (EIN) and
information for submitting electronic payment will be collected.
Authority for maintenance of the system:
The authority for maintaining this system of records is from 42
U.S.C. 243(c)(1).
Purpose(s):
To justify and document reimbursement payments for services
provided in connection with the National Disaster Medical System
(NDMS).
Routine uses of records maintained in the system, including
categories of users and the PURPOSES OF SUCH USE:
1.To a Congressional Office from the records of an individual in
response to an inquiry made from the Congressional Office made at the
request of that individual.
2. To the Department of Justice (DOJ), court or other tribunal,
or to another party before such tribunal, when:
a. HHS or any component thereof; or
b. Any HHS employee in his or her official capacity; or
c. Any HHS employee in his or her individual capacity where the
Department of Justice (or HHS where it is authorized to do so) has
agreed to represent employee; or
d. The United States or any Agency thereof, where HHS determines
that the litigation is likely to affect HHS or any of it's
components; is a party to litigation or has an interest in such
litigation, and HHS determines that the use of such records by the
Department of Justice, the tribunal, or other party is relevant and
necessary to the litigation and would help in the effective
representation of the governmental party, however, that in each case,
HHS determines that each disclosure is compatible with the purpose
for which the records were collected.
3. To a contractor for the purpose of collating, analyzing,
aggregating, or otherwise refining or processing records in this
system, or for developing, modifying, and/or manipulating it with
automatic data processing (ADP) software. Data would also be
available to users incidental to consultation, programming,
operation, user assistance, or maintenance for an ADP or
telecommunications system containing or supporting records in the
system.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of records in the system:
Storage:
Paper and computer form.
Retrievability:
Information will be retrieved by beneficiary's name; and may be
sorted by medical diagnosis, geographical area, or medical provider.
Safeguards:
1. Authorized Users: Only HHS personnel or HHS contract personnel
whose duties require the use of the system may access the data. In
addition, such HHS personnel or contractors are advised that the
information is confidential and the criminal sanctions for
unauthorized disclosure of private information may be applied.
2. Physical Safeguards: Physical paper records are stored in
locked files cabinets or secured areas.
3. Procedural Safeguards: Employees who maintain records in the
system are instructed to grant access only to authorized users. Data
stored in computers are accessed through the use of passwords known
only to authorized personnel. Contractors who use records in this
system are instructed to make no further disclosure of the records
except as authorized by the system manager and permitted by the
Privacy Act. Privacy Act language is in contracts related to this
system.
4. Implementation Guidelines: HHS Chapter 45-13 of the General
Administration Manual, ``Safeguarding Records Contained in Systems of
Records and the HHS Automated Information Systems Security Program
Handbook, Information Resources Management Manual.''
Retention and disposal:
Disposition of records is according to the National Archives and
Records Administration (NARA) guidelines, as set forth in the Office
of Emergency Preparedness Records Management Manual.
System manager(s) and address:
Chief, National Disaster Medical System Branch, Office of
Emergency Preparedness, 12300 Twinbrook Parkway, Suite 360,
Rockville, Maryland 20852.
Notification procedure:
Inquiries and requests for system records should be addressed to
the system manager at the address indicated above. The requestor must
specify the name, address, and health insurance number.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. These procedures
are in accordance with HHS Regulations at 45 CFR 5b.5(a)(2) and 45
CFR 5b.6
Contesting record procedures:
Contact the system manager named above and reasonably identify
the record and specify the information to be contested. State the
reason for contesting the record (e.g., why it is inaccurate,
irrelevant, incomplete, or not current), the corrective action being
sought, and give any supporting justification. (These procedures are
in accordance with HHS Regulations 45 CFR 5b.7.)
Record source categories:
Information contained in these records will be obtained from NDMS
hospitals seeking reimbursement for treatment provided to disaster
victims.
Systems exempted from certain provisions of the act:
None.
09-90-0041
System name: Consumer Mailing Lists, HHS/OS/OCA.
Security classification:
None.
System location:
1009 Premier Bldg., 1725 Eye Street, NW, Washington, DC 20201.
Categories of individuals covered by the system:
Individual consumers media representatives, academicians,
librarians, business and government officials.
Categories of records in the system:
Names and address of individuals and organizations.
Authority for maintenance of the system:
Executive Order 011583 of February 24, 1971 and Reorganization
Plan 01 of 1953.
Purpose(s):
Used by the United States Office of Consumer Affairs Consumer
Information staff to distribute information on current consumer
topics to consumers, academicians, librarians, business, government
and the media.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Used by the OCA, Consumer Information staff to distribute
information on current consumer topics to consumers, academicians,
librarians, business, government and the media. Disclosure may be
made to a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual. In the event of litigation the defendant,
is (a) the Department, any component of the Department, or any
employee of the Department in his or her official capacity; (b) the
United States where the Department determines that the claim, if
successful is likely to directly affect the operations of the
Department or any of its components; or (c) any Department employee
in his or her individual capacity where the Justice Department has
agreed to represent such employee, the Department may disclose such
records as it deems desirable or necessary to the Department of
Justice to enable that Department to present an effective defense
provided such disclosure is compatible with the purpose for which the
records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Conventional file cabinets and computers.
Retrievability:
By name, organization, and Zip Code.
Safeguards:
Personnel screening during working hours and secured building
after working hours.
Retention and disposal:
Files are updated periodically and disposed of through normal
trash and erasure of computer tapes.
System manager(s) and address:
Director, Consumer Information, 1009 Premier Bldg., 1725 Eye
Street, NW, Washington, DC 20201.
Notification procedure:
Director, Office of Management and Consumer Complaints, 1009
Premier Bldg., 1725 Eye Street, NW, Washington, DC 20201.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Correspondence and telephone calls from individual consumers,
business, academicians, librarians, and government officials.
Systems exempted from certain provisions of the act:
None.
09-90-0046
System name: Consumer Complaint Correspondence System, HHS/OS/
OCA.
Security classification:
None.
System location:
1009 Premier Bldg., 1725 Eye Street, NW, Washington, DC 20201.
Categories of individuals covered by the system:
Individual consumers.
Categories of records in the system:
Correspondence concerning consumer complaints referred to OCA by
Congressional offices or White House and other consumer complaint
correspondence.
Authority for maintenance of the system:
Executive Order 011583, February 24, 1981; Reorganization Plan 01
of 1953.
Purpose(s):
Resolution of individual citizen complaints through referral to
other Federal agencies, non-Federal governments, voluntary groups and
private business firms.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Resolution of individual citizen complaints through referral to
other Federal agencies, non-Federal governments, voluntary groups and
private business firms. Disclosure may be made to a congressional
office from the record of an individual in response to an inquiry
from the congressional office made at the request of that individual.
In the event of litigation the defendant is (a) the Department, any
Component of the Department, or any employee of the Department in his
or her official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Individual files in cabinets.
Retrievability:
Correspondence referred to other Federal offices is not
maintained. Correspondence referred to non-Federal parties is stored
only by sequential file number. Correspondence referred from
Congressional offices is retrievable by name of member of Congress
and reference to a sequential file number.
Safeguards:
Personnel screening during working hours and secured building
after working hours.
Retention and disposal:
Records are retained for not less than one or more than two
years.
System manager(s) and address:
Director, Office of Management and Consumer Complaints, 1009
Premier Bldg., 1725 Eye Street, NW, Washington, DC 20201.
Notification procedure:
System manager. Address is same as above.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Correspondence and telephone calls from individual consumers.
Systems exempted from certain provisions of the act:
None.
09-90-0049
System name: Departmental Appeals Board Case and Appeal Records,
HHS/OS/DAB.
Security classification:
None.
System location:
Rm. 637D, Hubert H. Humphrey Building, 200 Independence Ave., SW,
Washington, DC 20201.
Categories of individuals covered by the system:
Individuals who are parties in matters before the Departmental
Appeals Board (DAB), or who are requesting review or consideration of
a matter by DAB.
Categories of records in the system:
This includes, but is not limited to, pleadings, formal filings,
evidence, and other records relevant to the issues being adjudicated
or mediated by the DAB and/or its personnel.
Authority for maintenance of the system:
The matters adjudicated, decided, and considered by the DAB arise
under some or all of the following authorities:
(1) 42 U.S.C. 1320a-7;
(2) 42 U.S.C. 1320a-7a, 42 U.S.C. 1320b-10, 42 U.S.C.13951, 42
U.S.C. 1395u, 42 U.S.C. 1395cc, 42 U.S.C. 1395dd, 42 U.S.C. 11131, 42
U.S.C. 11137, 31 U.S.C. 3801;
(3) 42 U.S.C. 1320c-5;
(4) 5 U.S.C. 504;
(5) 42 U.S.C. 2000e-16, 29 U.S.C. 631 and 633A, 29 U.S.C. 791;
(6) 5 U.S.C. 301, 42 U.S.C. 289b;
(7) 42 U.S.C. 2000d, 42 U.S.C. 216b, 20 U.S.C. 1405, 29 U.S.C.
794, 42 U.S.C. 290dd, 21 U.S.C. 1174, 20 U.S.C. 1081, 42 U.S.C. 6101;
(8) 42 U.S.C. 1395w-2;
(9) Matters arising under direct discretionary grants awarded to
an individual by the Secretary or her designee, including, but not
limited to: 42 U.S.C. 216, 42 U.S.C. 241, 42 U.S.C. 242a, 42 U.S.C.
263d, 42 U.S.C. 280b-5, 42 U.S.C. 300a-2, 42 U.S.C. 300a-4, 42 U.S.C.
4585, 42 U.S.C. 300d-4, 21 U.S.C. 1177, 42 U.S.C. 242n, 42 U.S.C.
300z-7, 42 U.S.C. 242c, 42 U.S.C. 242b, 42 U.S.C. 280b-4, 42 U.S.C.
287a, 42 U.S.C. 300b-1;
(10) 42 U.S.C. 1396i, 42 U.S.C. 1395y;
(11) 42 U.S.C. 1395i-3, 42 U.S.C. 1396r, 42 U.S.C. 1395rr, 42
U.S.C. 1395bbb, 42 U.S.C. 263a;
(12) 42 U.S.C. 1320b-8;
(13) 5 U.S.C. 5514; and
(14) Such other matters that may be added to the Board's
jurisdiction after submission of this notice.
Purpose(s):
The records are used to track and decide matters that are before
the DAB and to develop a body of case law that can guide persons and
agency components in the future with respect to matters that are
before or might come before the DAB.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:.
Information may be disclosed:
1. The Board will disclose the status of a pending or past
matter, and similar docket information, to any person making an
inquiry about such information, to apprise the public of the status
and progress of matters before the Board.
2. To the Department of Justice, to a court or other tribunal, or
to another party before such tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employees in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Justice Department (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to the litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, the tribunal, or other
party is relevant and necessary to the litigation and would help in
the effective representation of the governmental party provided
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
3. To a Congressional office, from the record of an individual in
response to an inquiry from that congressional office made at the
request of that individual;
4. To the public and commercial reporters after a decision is
final, for the purpose of distributing and publishing the final DAB
decision;
5. To the third party contacts, including public and private
organizations, in order to obtain information relevant or necessary
to the proceedings, such as the subpoena of documents or witensses,
or, in the case of medical practitioners, inquiry into State
licensing proceedings; and
6. The Board will disclose records in the Board's administrative
case file to persons requesting such records or to persons attending
Board hearings, to apprise the public of the basis on which the Board
makes its decisions.
7. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are maintained in file folders, binders, and
computer disks and tapes.
Retrievability:
These records are retrieved by the names of the non-governmental
party or by docket or decision numbers.
Safeguards:
Access to and use of these records are limited to those persons
whose official duties require such access. Paper records are
maintained in file cabinets and offices that only authorized
individuals may have access to; computer records are maintained on
computer systems and disks that only authorized individuals may use.
Retention and disposal:
Once a matter is closed, the files are stored and maintained in
the DAB file room for a period of time not exceeding seven years.
After that time, the files are turned over to the Office of the
Secretary, HHS Records Management Officer, Rm. G322A, Switzer Bldg.,
330 C St., SW, Washington, DC 20201. The records are then transferred
to the Washington National Records Center, Washington, DC 20409,
where they are kept for an additional 20 years, after which time they
are destroyed. DAB has the option for retaining its written
decisions, but not its files, indefinitely, until such time as they
have no precedential value.
System manager(s) and address:
Chair, Departmental Appeals Board, Room 637D, HHH Building, 200
Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Individuals inquiring whether this system of records contains
information about them should contact the System Manager indicated
above. It is necessary to provide the following information
respecting the individual when making inquiries about records:
a. Full name;
b. Date of birth;
c. Kind of action taken by the agency;
d. Date and location of the filing of the case, appeal or other
matter befor ethe DAB; and
e. If appropriate, the DAB docket or decision number.
Record access procedure:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought.
Contesting record procedure:
Contact the official at the address specified under notification
procedures, reasopnably identify the record, and specify the
information to be contested and corrective action sought with the
supporting justification.
Record source categories:
Information in this system is obtained from:
a. The individuals to whom the record pertains;
b. Agency officials and documents;
c. The testimony, affidavits and statements of witnesses;
d. The documents, received testimony, exhibits and submissions of
the parties involved in the matter.
Systems exempted from certain provisions of the Act:
None.
09-90-0050
System name: Case Information Management System, HHS/OS/OCR.
Security classification:
None.
System location:
See System Manager and Appendix 1.
Categories of individuals covered by the system:
Persons filing complaints with the Office for Civil Rights.
Categories of records in the system:
Name, characteristics of the complaint and critical events in
OCR's processing of the complaints.
Authority for maintenance of the system:
Title VI of the 1964 Civil Rights Act; Sections 799A and 855 of
the Public Health Service Act; Section 504 of the 1973 Rehabilitation
Act; the Age Discrimination Act; The Equal Employment Opportunity
Provisions of the Public Telecommunications Financing Act of 1978;
Title VI and Title XVI of the Public Health Service Act (the
``community services obligation'' of facilities funded under the
Act); Title IX of the 1972 Education Amendments; Section 407 of the
Drug Abuse Office and Treatment Act; and Section 321 of the
Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and
Rehabilitation Act of 1970.
Purpose(s):
The system is designed to report the status of all complaints
currently being investigated by OCR.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense provided such
disclosure is compatible with the purpose for which the records were
collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic disc and tape.
Retrievability:
Records are indexed by case or complaint number, but may be
recalled by name, address, or any other recipient characteristic by
OCR staff engaged in compliance activities.
Safeguards:
The physical data processing storage is controlled by HHS which
enforces appropriate security measures. This agency references data
through communication terminals with access controlled by passwords.
The Department's ADP Systems Manual, Part 6, ADP Systems Security,
govern the control.
Retention and disposal:
Indefinite retention. Disposal by electronic erasure.
System manager(s) and address:
Deputy Director, Office for Program Operations, Office for
Civil Rights, 330 Independence Avenue SW, Washington, DC 20201.
And, Regional Directors, see Appendix 1.
Notification procedure:
Contact System Manager (above), or Regional Director (see
Appendix 1). Include name and address of complainant, and name of the
recipient against which the allegation was filed.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Request should
be made to the system manager in the regional office where the record
is most likely to be kept (determined by location of the institution
or facility against which the allegation was originally filed). When
this location is in doubt request should be made to the Deputy
Director, Office of Compliance and Enforcement, (see above, System
Manager).
Contesting record procedures:
Contact the official(s) at the address specified under system
manager or Appendix 1, and reasonably identify the record and specify
the information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Information in complaint investigation files.
Systems exempted from certain provisions of the act:
None.
Appendix Number 1- System Locations
This system is located at HHS offices in the following cities.
Region I, Regional Director, OCR/DHHS, 140 Federal Street--14th
Floor, Boston, MA 02110.
Region II, Regional Director, OCR/DHHS, 26 Federal Plaza--Room
3900, New York, NY 10278.
Region III, Regional Director, OCR/DHHS, 3535 Market Street--
Post Office Box 13716, Philadelphia, PA 19101.
Region IV, Regional Director, OCR/DHHS, 101 Marietta Street--
Suite 2806, Atlanta, GA 30323.
Region V, Regional Director, OCR/DHHS, 300 South Wacker Drive--
32nd Floor, Chicago, IL 60606.
Region VI, Regional Director, OCR/DHHS, 1200 Main Tower Bldg.--
Room 1900, Dallas, TX 75202.
Region VII, Regional Director, OCR/DHHS, 601 E. 12th Street--
Room 248, Kansas City, MO 64106.
Region VIII, Regional Director, OCR/DHHS, Federal Office
Building, 1961 Stout Street--Room 1326, Denver, CO 80294.
Region IX, Regional Director, OCR/DHHS, 1275 Market Street--
14th Floor, San Francisco, CA 94103.
Region X, Regional Director, OCR/DHHS, 1321 Second Avenue--MS/
723, Seattle, WA 98101.
09-90-0051
System name: Complaint Files and Log, Office of Management and
Administration, HHS/OS/OCR.
Security classification:
None.
System location:
See Appendix 1, System 09-90-0050.
Categories of individuals covered by the system:
Individuals who file complaints alleging discrimination under the
statutes identified below (Authority for Maintenance).
Categories of records in the system:
Complaint allegations, information gathered during the complaint
investigation, findings, and results of the investigation, and
correspondence relating to the investigation.
Authority for maintenance of the system:
Title VI of the 1964 Civil Rights Act; Sections 799 A and 855 of
the Public Health Service Act; Section 504 of the 1973 Rehabilitation
Act; the Age Discrimination Act; The Equal Employment Opportunity
Provisions of the Public Telecommunications Financing Act of 1978;
Title VI and Title XVI of the Public Health Service Act Title IX of
the 1972 Education Amendments; Section 407 of the Drug Abuse Office
and Treatment Act; and Section 321 of the Comprehensive Alcohol Abuse
and Alcoholism Prevention, Treatment, and Rehabilitation Act of 1970.
Purpose(s):
This file system is designed to store the results of all OCR
regional investigations, for retrieval of information on the
resolutions of complaints. Files are maintained to record the results
of the complaint investigations so that OCR can determine if there
was discrimination as charged in the original complaint.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Files may be reviewed by the Department of Justice, the Equal
Employment Opportunity Commission, or other Federal and State
agencies when necessary to complete an investigation, enforce the
statutes, or assure proper coordination.
OCR may contract with a private firm for the purpose of
collating, analyzing, aggregating, or otherwise refining records in
this system. Relevant records will be disclosed to such a contractor.
The contractor shall be required to maintain Privacy Act safeguards
with respect to such records.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department or any employee of the
Department in his or her official capacity (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any its
components or (c) any Department employee in his or her individual
capacity where the Justice Department has agreed to represent such
employee, the Department may disclose such records as it deems
desirable or necessary to the Department of Justice to enable that
Department to present an effective defense provided such disclosure
is compatible with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders and file cards.
Retrievability:
By name for use by OCR staff in complaint investigations.
Safeguards:
Printed materials are filed in lockable cabinets. The
Department's ADP Systems Manual, Part 6, ADP Systems Security, govern
the control. Categories of users include OCR investigators, team
leaders, branch chiefs, division directors, PRMs unit staff, Office
of Compliance and Enforcement staff.
Retention and disposal:
2 years from date complaint is closed.
System manager(s) and address:
Deputy Director, Office for Program Operations, Office for
Civil Rights, 330 Independence Avenue, SW, Washington, DC 20201.
And Regional Directors, see Appendix 1 to Case Information
Management System HHS OS/OCR System 09-90-0050.
Notification procedure:
Contact system manager (above) or Regional Directors (see
Appendix 1). Include name and address of complainant, a copy or
summary of allegations contained in the original complaint, name of
the institution against which the allegation was filed, and the date
of the original allegation.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Request should
be made to the system manager in the regional office where the record
is most likely to be kept (determined by location of the institution
or facility against which the allegation was originally filed.) When
this location is in doubt request should be made to the Deputy
Director, Office of Compliance and Enforcement, Washington, DC (see
above, System Manager).
Contesting record procedures:
Contact the official(s) at the address specified under system
manager or Appendix 1, and reasonably identify the record and specify
the information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) T4Federal Register, October 8,
1975, page 47411.)
Record source categories:
Complaint and information filed with the Department by or on
behalf of the individual complainant, also data provided by the
alleged discriminator and other parties.
Systems exempted from certain provisions of the act:
None.
09-90-0058
System name: Freedom of Information Case Files and
Correspondence Control Log, HHS/OS/ASPA/FOIA.
Security classification:
None.
System location:
Freedom of Information/Privacy Act Division, Room 645F Humphrey
Building, 200 Independence Avenue SW, Washington, DC 20201 (see
Appendix I, following, for additional locations).
Categories of individuals covered by the system:
Individuals or organizations requesting access to inspect and/or
copy records of the Department under provisions of the Freedom of
Information Act.
Categories of records in the system:
Name, address, and other individually identifying information
about the requester, the request, and records reflecting processing
of the request.
Authority for maintenance of the system:
Freedom of Information Act, 5 U.S.C. 552.
Purpose(s):
Records are used by the Freedom of Information staff involved in
FOIA correspondence and processing, as well as by appeals officials
and members of the Office of General Counsel.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records may be disclosed from this system for routine uses to:
1. The Department of Justice for the purpose of obtaining advice
as to whether or not the records should be disclosed.
2. A contractor for the purpose of collating, aggregating,
analyzing, or otherwise refining records in this system. The
contractor shall be required to maintain Privacy Act safeguards in
working with such records.
3. A congressional office from the record of an individual in
response to a verified inquiry from the congressional office made at
the written request of that individual.
4. The Department of Justice, or to a court or other tribunal or
to another party before such tribunal, when (a) HHS, or any component
of HHS; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof, where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court, the tribunal,
or other party is relevant and necessary to the litigation and would
help in the effective representation of the governmental party,
provided, however, that in each case HHS determines that such
disclosure is compatible with the purpose for which the records were
collected.
5. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The original, or a copy, of the incoming request and the written
response are maintained in case file folders and stored in metal file
cabinets. Cross-reference data is maintained in a correspondence
control log stored in a personal computer and printed as hard copy on
paper as needed.
Retrievability:
Records are almost always retrieved by the name of the individual
who made the FOIA request during a given calendar year. In addition,
each request is assigned a case file number that identifies the year
in which the request was made and the number of the request. For
example, 89-432. Records also can be retrieved by this case file
number.
Safeguards:
1. Authorized Users: Access is limited to involved program
officials, FOIA staff, appeals officials, and members of the Office
of General Counsel who are involved in the processing of FOIA
requests and appeals.
2. Physical Safeguards: The case file folders are stored in file
cabinets in secure areas that are either occupied by staff personnel
involved in processing FOIA requests and appeals or locked up during
non-working hours, or whenever staff are not present in these areas.
In addition, entrance to the buildings where case files are
maintained is controlled by security guards.
3. Procedural Safeguards: Access to records is limited to those
staff members who are familiar with both the FOIA and the Privacy
Act. System Managers are held responsible for safeguarding the
records under their control.
Retention and disposal:
The National Archives and Records Administration issues General
Records Schedules that provide disposition authorization for records
common to several or all agencies of the Federal Government. Schedule
14 (June 1988) sets forth detailed disposition requirements for FOIA
records.
1. Case files are retained for two years and then destroyed when
access to all requested records is granted.
2. Case files are destroyed after six years when access to all or
part of the records is denied.
3. In the event of an appeal, the files are destroyed six years
after final determination by the Department, or three years after
final adjudication by the courts, or six years after the time at
which a requester could file suit, whichever is later.
4. Correspondence control logs are destroyed six years after the
date of last entry.
System manager(s) and address:
Director, Freedom of Information/Privacy Act Division, 645F
Humphrey Building, 200 Independence Avenue, SW, Washington, DC 20201
(See Appendix I, following, for additional system managers.)
Notification procedure:
System managers. Addresses same as above.
Record access procedures:
A person may request access to these records in writing, in
person, or by telephone to the system managers listed above and in
Appendix I. The managers may require proof of identity whenever they
are in doubt about the identity of the person making the request.
Contesting record procedures:
A person may contest information in these records by contacting
the system managers listed above and in Appendix I, and by
identifying the information contested; the corrective action sought;
and reasons for requesting the correction, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Individuals and organizations making requests under the FOIA, and
components of the Department and other agencies that search for and
provide the records and related correspondence that are maintained in
the case files.
Systems exempted from certain provisions of the act:
None.
Appendix I
HHS Freedom of Information Officer, Room 645F Humphrey Building,
200 Independence Avenue SW, Washington, DC 20201. Tel: (202) 472-
7453.
SSA Freedom of Information Officer, Room 4-H-8 Annex Building,
6401 Security Boulevard, Baltimore, Maryland 21235. Tel: (301) 965-
3962.
HCFA Freedom of Information Officer, Room 100 Professional
Building, Office of Public Affairs, 6660 Security Blvd, Baltimore,
Maryland 21207. Tel: (301) 966-5352.
PHS Freedom of Information Officer, Room 13-C-24 Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857. Tel: (301)
443-5252.
FDA Freedom of Information Officer, HFW-35, Room 12A16 Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857. Tel: (301)
443-1813.
NIH Freedom of Information Officer, National Institutes of
Health, Building 31, Room 2B39, 9000 Rockville Pike, Bethesda,
Maryland 20892. Tel: (301) 496-5633.
CDC Freedom of Information Officer, Centers for Disease Control,
1600 Clifton Road, NE, Atlanta, Georgia 30333. Tel: (404) 639-2388.
HRSA Freedom of Information Officer, Room 1443 Parklawn Building,
5600 Fishers Lane, Rockville, Maryland 20857. Tel: (301) 443-2086.
ADAMHA Freedom of Information Officer, Room 12-C-15, Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857. Tel: (301)
443-3783.
IHS Freedom of Information Officer, Room 5-A-39 Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857. Tel: (301)
443-3593.
09-90-0059
System name: Federal Advisory Committee Membership Files, HHS/
OS/ASPER.
Security classification:
None.
System location:
Department and component committee management offices. See
Appendix 1.
Categories of individuals covered by the system:
Individuals who have been or are presently members of or are
being considered for membership on advisory committees within the
jurisdiction of the Department of Health and Human Services.
Additionally the system of records contains information about members
of the public who have requested that they receive various
publications through the inclusion of their names and addresses on
various mailing lists.
Categories of records in the system:
Information maintained on those individuals who have requested
participation on mailing lists is limited to name and mailing
address. Information maintained on individuals who are past, present,
or recommended members of advisory committees subject to this notice
consists of one or more of the following name, title, sex, place and
date of birth, home address, business address, organizational
affiliation, phone number, degrees held, general educational
background, ethnic background, resume, curriculum vitae, dates of
term on advisory committee, status on advisory committee, reason for
leaving advisory committee, previous or current membership on other
advisory committees, special qualifications of the individual for the
advisory committee membership, source who recommended the individual
for membership on advisory committee and miscellaneous
correspondence. Additionally, memoranda justifying the individual's
selection are included in the file in cases in which the individual
has served repetitively on advisory committees, has not had a one-
year break in service on advisory committees, or where various
statutory or other requirements for advisory committee membership
cannot be met.
Authority for maintenance of the system:
Federal Advisory Committee Act (5 U.S.C. App. I et seq.).
Purpose(s):
Records in this system are used in the administration and
management of Federal advisory committees in the Department,
including the preparation of reports; quarterly alphabetical listings
of past, present, and recommended advisory committee members; lists
of vacancies, acceptances, and separations; and documentation of
nominations. These records are maintained in each component of the
Department. See also ``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Annual Report to the President; administrative reports to OMB and
GSA.
In the event that this system of records indicates a violation or
potential violation of law, whether civil, criminal or regulatory in
nature, and whether arising by general statute or particular program
statute, or by regulation, rule or order issued pursuant thereto, the
relevant records in the system of records may be referred, as a
routine use, to the appropriate agency, whether federal, or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation or order issued pursuant thereto.
In the event the Department deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
is components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in hard-copy filed in file cabinets, on
index cards, on magnetic tape, or in computer storage.
Retrievability:
For the most part records are maintained in an alphabetical index
by name of the individual. Certain files are based on other factors,
e.g., Advisory Committee name, with a cross index based on an
alphabetical listing of individuals. Certain other records are
retrievable by individually identifiable computer identification
codes. Certain of the mailing lists which are maintained are indexed
by ZIP Code and within zone by alphabetical listing by name of the
individual. Records from the system are available to the staffs of
the respective Advisory Committees, the Committee Management
Officers, the Departmental Committee Management Officer and other
Departmental staff on a need-to-know basis.
Safeguards:
Direct access to records is restricted to authorized personnel
through locked files, rooms, and buildings as well as building pass
and security guard sign-in systems. Certain facilities are also
protected by closed circuit television systems. Computer systems are
secured through locked magnetic tape libraries as well as lockword-
password computer access systems.
Retention and disposal:
Retention is variable from one year to permanent retention
depending upon the type of record, e.g., names of former members of
advisory committees are retained permanently. Certain records are
disposed of by referral to the Federal Records Center. Others are
disposed of as trash by the system manager or office of security
depending upon the confidentiality of the information contained on
the record.
System manager(s) and address:
See Appendix 1.
Notification procedure:
Same as above with the exception of Food and Drug Administration,
contact: FDA Privacy Coordinator (HF-50), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20852.
Verification of identification of individuals inquiring as to
information contained in this System shall be in accordance with the
procedures outlined in regulations published by the Department of
Health and Human Services to implement the Privacy Act.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested, and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.)
Record source categories:
The vast majority of information contained in records on
individuals is obtained directly from the individual. Other
information in the form of references and recommendations is obtained
from other private individuals, program personnel, biographical
reference books, private organizations, former employers, regional
office of HHS, Members of Congress, and other government sources.
Appendix 1
Department of Health and Human Services, Department Committee
Management Officer, Mary Switzer Building, Room 2319, 330
Independence Ave., SW, Washington, DC 20201
Alcohol, Drug Abuse, and Mental Health Administration, Office
of the Administrator, Committee Management Officer, Room 13-103, 5600
Fishers Lane, Rockville, Maryland 20857
Centers for Disease Control, Committee Management Officer,
Management Analysis Branch, Building 4, Room 225, 1600 Clifton Road,
NE, Atlanta, Georgia 30333
Food and Drug Administration, Office of Management and
Operations, Division of Management Systems and Policy, Committee
Management Office, Room 12-21, 5600 Fishers Lane, Rockville, MD 20857
Health Care Financing Administration, Records Committee
Management Officer, Bay A-1, 1710 Gwynn Oak Avenue, Baltimore,
Maryland 21235
Health Resources and Services Administration, Office of Program
Policy Coordination, Committee Management Officer, Parklawn Building,
Room 14-05, 5600 Fishers Lane, Rockville, Maryland 20857
National Institutes of Health, Committee Management Officer,
National Institutes of Health, Building 01, Room 303, Bethesda,
Maryland 20205
Social Security Administration, OMBP, Office of Management,
Budget and Personnel, Committee Management Officer, Room 828,
Altmeyer Building, 6401 Security Boulevard, Baltimore, Maryland 21235
Office of the Assistant Secretary for Health, OASH Committee
Management Officer, Parklawn Building, Room 17-69, 5600 Fishers Lane,
Rockville, Maryland 20857
Office of the Assistant Secretary for Planning and Evaluation,
Committee Management Officer, Room 405-F, HHH Building, 200
Independence Ave., SW, Washington, DC 20201
Office of the Assistant Secretary for Human Development
Services, Committee Management Officer, Room 308-E, HHH Building, 200
Independence Ave., SW, Washington, DC 20201
09-90-0062
System name: Administrative Claims, HHS/OS/OGC.
Security classification:
None.
System location:
See Appendix.
Categories of individuals covered by the system:
HHS employees, recipients of Federal assistance under HHS funded
programs, and members of the public who have a claim against HHS or
against whom HHS has a claim--Federal Torts Claims Act, Military
Personnel and Civilian Employees Claims Act, Federal Claims
Collection Act, Federal Medical Care Recovery Act, Act for Waiver of
Overpayment of Pay.
Categories of records in the system:
Information that is pertinent to the particular claim being
asserted, including accident reports, hospital records, charges for
medical services, certifications of overpayment, certifications of
indebtedness, audits of payroll accounts during periods of
overpayments, earning and leave statements, claims officers
memorandum, final determinations made on claims, identity of debtors
and information pertaining to how debts arose.
Authority for maintenance of the system:
Federal Tort Claims Act, 28 U.S.C. 261-2680, 1346(b); Waiver of
Overpayment of Pay Act, 5 U.S.C. 5584; Military Personnel and
Civilian Employees Claims Act, 31 U.S.C. 240-243; Federal Claims
Collection Act, 31 U.S.C. 951-953; Federal Medical Care Recovery Act,
42 U.S.C. 2651-2653.
Purpose(s):
To adjudicate claims asserted by or against the Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records from this system may be disclosed as follows: 1. Federal,
State, and local government agencies, private individuals, private
and public hospitals, allegedly negligent parties, private attorneys,
insurance companies, individual law enforcement officers, tribal
officials, and other persons with relevant information for the
purpose of investigating, settling, or adjudicating claims and
subsequent litigation action.
2. To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
3. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
4. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether local, state, federal, or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation or order issued pursuant thereto.
5. In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
6. To a federal, state or local agency maintaining civil,
criminal or other pertinent records, such as current licenses, if
necessary to obtain a record relevant to a DHHS decision concerning
the hiring or retention of an employee, the issuance of a security
clearance, the letting of a contract, or the issuance of a license,
grant or other benefit.
7. To a federal agency, in response to its request, in connection
with the hiring or retention of an employee, the issuance of a
security clearance, the reporting of an investigation of an employee,
the letting of a contract, or the issuance of a license, grant, or
other benefit by the requesting agency, to the extent that the record
is relevant and necessary to the requesting agency's decision on the
matter.
8. To the Department of Justice or other appropriate federal
agencies in defending claims against the United States when the claim
is based upon an individual's mental or physical condition and is
alleged to have arisen because of activities of the Public Health
Service in connection with such individual.
9. A record from this system may be disclosed to the following
entities in order to help collect a debt owed the United States:
a. To another Federal agency so that agency can effect a salary
offset;
b. To another Federal agency so that agency can effect an
administrative offset under common law or under 31 U.S.C. 3716
(withholding from money payable to, or held on behalf of, the
individual);
c. To the Treasury Department to request his/her mailing address
under I.R.C. 6103(m)(2) in order to locate him/her or in order to
have a credit report prepared;
d. To agents of the Department and to other third parties to help
locate him/her in order to help collect or compromise a debt;
e. To debt collection agents under 31 U.S.C. 3718 or under common
law to help collect a debt; and
f. To the Justice Department for litigation or further
administrative action.
Disclosure under part (d) of this use is limited to the
individual's name, address, Social Security Number, and other
information necessary to identify him/her. Disclosure under parts
(a)-(c) and (e) is limited to those items; the amount, status, and
history of the claim; and the agency or program under which the claim
arose. An address obtained from IRS may be disclosed to a credit
reporting agency under part (d) only for purposes of preparing a
commercial credit report on the individual. Part (a) applies to
claims or debts arising under or payable under the Social Security
Act if and only if the employee consents in writing to the offset.
10. A record from this system may be disclosed to another federal
agency that has asked the Department to effect an administrative
offset, under common law or under 31 U.S.C. 3716, to help collect a
debt owed the United States. Disclosure under this routine use is
limited to: Name, address, Social Security Number, and other
information necessary to identify the individual; information about
the money payable to or held for the individual; and other
information concerning the administrative offset.
11. Disclosures with regard to claims or debts arising under or
payable under the Social Security Act may be made from this system to
``consumer reporting agencies'' as defined in the Fair Credit
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection
Act of 1966 (31 U.S.C. 3701(a)(3)). However, this disclosure will not
be made with regard to debts from overpayments to beneficiaries under
Title II (Old-Age, Survivors, and Disability Insurance) and Title XVI
(Supplemental Security Income) of this Act. The purpose of this
disclosure is to aid in the collection of outstanding debts owed to
the Federal Government. Disclosure of records is limited to the
individual's name, address, Social Security number, and other
information necessary to establish the individual's identity; the
amount, status, and history of the claim; and the agency or program
under which the claim arose.
12. When a debt becomes legally or administratively uncollectible
in whole or in part, a record may be disclosed to the Internal
Revenue Service to report the written-off part as income.
13. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Disclosure to consumer reporting agencies:
Disclosures pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal
Claims Collections Act of 1966 (31 U.S.C. 3701(a)(3)). The purpose of
this disclosure is to aid in the collection of outstanding debts owed
to the Federal Government, typically, to provide an incentive for
debtors to repay delinquent Federal Government debts by making these
debts part of their credit records. Disclosure of records is limited
to the individual's name, adddress, Social Security number, and other
information necessary to establish the individual's identity; the
amount, status, and history of the claim; and the agency or program
under which the claim arose. This disclosure will be made only after
the procedural requirements of 31 U.S.C. 3711(f) have been followed.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Legal size files in filing cabinets.
Retrievability:
Retrieved by name of the non-Government party, whether claimant,
plaintiff, or alleged debtor. In some instances, these records are
retrievable by cross reference to index cards, containing name of the
party involved and the subject matter.
Safeguards:
Office buildings in which files are kept are locked after the
close of the business day. These files are only accessible to General
Counsel staff and designated claims program specialists in the Public
Health Service and Social Security Administration.
Retention and disposal:
The records are maintained for an indefinite duration.
System manager(s) and address:
The agency official responsible for the system policies and
practices outlined above is:
The General Counsel, Department of Health and Human Services,
Office of the General Counsel, Room 722A, Humphrey Building, 200
Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Any inquiries regarding this system of records should be
addressed to the System Manager. An individual who requests
notification of or access to a medical record shall, at the time the
request is made, designate in writing a responsible representative
who will be willing to review the record and inform the subject
individual of its contents at the representative's discretion. (These
notification and access procedures are in accordance with Department
Regulations (45 CFR 5b.6) Federal Register, October 8, 1975, page
47411.)
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under System
Manager(s) Address above, and reasonably identify the record, specify
the information to be contested, and specify the corrective action
sought, with supporting justification (i.e., how it is inaccurate,
irrelevant, not timely, or incomplete). (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.)
Record source categories:
The information in this system comes from a number of sources
including private individuals, private and public hospitals, doctors,
law enforcement agencies and officials, private attorneys, accident
reports, third parties, claimants or beneficiaries and their
relatives, other Federal agencies, State and local governments,
agencies and instrumentalities.
Systems exempted from certain provisions of the act:
None.
Appendix
Office of the General Counsel--Headquarters Offices, Department
of Health and Human Services, Humphrey Building, Room 722A. 200
Independence Avenue, SW, Washington, DC 20201
Office of the General Counsel, Regional Attorney--Region I,
Department of Health and Human Services, John F. Kennedy Federal
Building, Government Center, Boston, Massachusetts 02203.
Office of the General Counsel, Regional Attorney--Region II,
Department of Health and Human Services, Room 3914, 26 Federal Plaza,
New York, New York 10007.
Office of the General Counsel, Regional Attorney--Region III,
Department of Health and Human Services, PO Box 13716, Philadelphia,
Pennsylvania 19104.
Office of the General Counsel, Regional Attorney--Region IV,
Department of Health and Human Services, Suite 201, 101 Marietta
Tower, Atlanta, Georgia 30323.
Office of the General Counsel, Regional Attorney--Region V,
Department of Health and Human Services, 300 South Wacker Drive, 18th
Floor, Chicago, Illinois 60606.
Office of the General Counsel, Regional Attorney--Region VI,
Department of Health and Human Services, Room 1330, 1200 Main Tower
Building, Dallas, Texas 75202.
Office of the General Counsel, Regional Attorney--Region VII,
Department of Health and Human Services, Room 601, 601 East 12th
Street, Kansas City, Missouri 64106.
Office of the General Counsel, Regional Attorney--Region VIII,
Department of Health and Human Services, Room 11443, Federal Office
Building, 19th and Stout Streets, Denver, Colorado 80294.
Office of the General Counsel, Regional Attorney--Region IX,
Department of Health and Human Services, 50 Fulton Street, San
Francisco, California 94102.
Office of the General Counsel, Regional Attorney--Region X,
Department of Health and Human Services, MS 624 Arcade Plaza
Building, 1321 Second Avenue, Seattle, Washington 98101.
Director, Division of Public Health Service Claims, Room 17A-17
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857.
SSA Claims Officer, Social Security Administration, 2F7 Annex
Building, 6401 Security Blvd., Baltimore, Maryland 21235.
09-90-0064
System name: Litigation Files, Administrative Complaints, and
Adverse Personnel Actions, HHS/OS/OGC.
Security classification:
None.
System location:
See Appendix on the Administrative Claims System, 09-90-0062.
Categories of individuals covered by the system:
The individuals on whom records are maintained in this system are
individuals who are involved in litigation with the Department or the
United States (regarding matters within the jurisdiction of the
Department) either as plaintiffs or as defendants in both civil and
criminal matters, and individuals who either file administrative
complaints with the Department or are the subjects of administrative
complaints initiated by the Department, except claims which are the
subjects of records maintained in the Administrative Claims System,
09-90-0062.
Categories of records in the system:
These records contain information pertaining to the subject
matter of the litigation, administrative complaint, or adverse
personnel action. Such records would include complaints, litigation
reports, administrative transcripts, various litigation documents,
investigative materials, correspondence, briefs, court orders and
judgments, and in cases where personal injury is involved,
principally malpractice cases, evaluations by physician specialists
(Public Health Service, Armed Forces, Institute of Pathology).
Authority for maintenance of the system:
The authority for maintaining this system are the various
statutes, regulations, rules or orders pertaining to the subject
matter of the litigation, administrative complaint or adverse
personnel action, (e.g., Public Health Service Act, Social Security
Act, Civil Rights Act, Federal Food, Drug and Cosmetic Act).
Purpose(s):
To represent the Department and its components in court cases and
administrative proceedings.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual. In the event of
litigation where the defendant is (a) the Department, any component
of the Department, or any employee of the Department in his or her
official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense provided such disclosure is compatible
with the purpose for which the records were collected.
In the event that a system of records maintained by this agency
to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether Federal, or foreign, charged with
the responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
In the event the Department deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
A record from this system of records may be disclosed as a
``routine use'' to a Federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
Federal agency, response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
In the event that a system of records maintained by this agency
to carry out its function indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use to
the appropriate agency, whether state or local charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
To the Department of Justice or other appropriate Federal
agencies in defending claims against the United States when the claim
is based upon an individual's mental or physical condition and is
alleged to have arisen because of activities of the Public Health
Service in connection with such individual.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records consist of legal size files stored in file
cabinets.
Retrievability:
These records are retrievable by name of the plaintiff or the
first plaintiff if there is more than one, or by the name of the
first defendant if the plaintiff is the United States. In the case of
adverse personnel actions, records are retrievable by name of the
individual involved.
Safeguards:
Office buildings in which these records are maintained are locked
after the close of the business day. These records are only
accessible by General Counsel staff.
Retention and disposal:
These records are maintained for an indefinite duration.
System manager(s) and address:
The agency official responsible for the system policies and
practices outlined above is:
The General Counsel, Department of Health and Human Services,
Office of the General Counsel, Hubert H. Humphrey Building, Room
722A, 200 Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Any inquiries regarding these systems of records should be
addressed to the System Manager. An individual who requests
notification of or access to a medical record shall, at the time the
request is made, designate in writing a responsible representative
who will be willing to review the record and inform the subject
individual of its contents at the representative's discretion. (These
notification and access procedures are in accordance with Department
Regulations (45 CFR 5b.6) Federal Register, October 8, 1975, page
47411.).
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.).
Contesting record procedures:
Contact the official at the address System Manager(s) and Address
above, and reasonably identify the record and specify the information
to be contested and corrective action sought with supporting
justification. (These procedures are in accordance with Department
Regulations (45 CFR 5b.7) Federal Register, October 8, 1975, page
47411.).
Record source categories:
The information for this system is obtained through a number of
sources including the exchange of legal pleadings, documents, formal
and informal discovery, program offices and component agencies,
private attorneys, State and local governments, their agencies and
instrumentalities, and officers of other Federal agencies and the
individuals involved.
Systems exempted from certain provisions of the act:
None.
09-90-0065
System name: Conflict of Interest--Standards of Conduct Records,
HHS/OS/OGC.
Security classification:
None.
System location:
See appendix on the Administrative Claims System, 09-90-0062.
Categories of individuals covered by the system:
Information about current and past HHS employees who are or have
been the subject of conflict of interest or standards of conduct
inquiries or determinations.
Categories of records in the system:
These records include information relating to acceptance or offer
of gifts, entertainment and favors, outside employment; financial
interests; use of government funds, property or official information;
partisan political activity; or other matters relating to ethical
standards of conduct.
Authority for maintenance of the system:
18 U.S.C. 202, 203, 205, 207, 208, 209; Executive Order 11222;
and, 5 CFR 735.104, 45 CFR part 73.
Purpose(s):
To maintain such information about employees or former employees
of the Department who have been the subjects of standards of conduct
or conflict of interest inquiries.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
In the event that a system of records maintained by this agency
to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether Federal, or foreign charged with
the responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
In the event the Department deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
A record from this system of records may be disclosed as a
``routine use'' to a Federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
Federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
In the event that a system of records maintained by this agency
to carry out its function indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use to
the appropriate agency, whether state or local charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
To the Department of Justice or other appropriate Federal
agencies in defending claims against the United States when the claim
is based upon an individual's mental or physical condition and is
alleged to have arisen because of activities of the Public Health
Service in connection with such individual.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are kept in legal size files in filing cabinets.
Retrievability:
These records are retrievable by name in most cases. In some
instances, these records are retrievable by cross reference to index
cards containing the name of the party involved and the subject
matter.
Safeguards:
These records are only accessible to General Counsel staff.
Office buildings in which these records are maintained are locked
after the close of the business day.
Retention and disposal:
The records are maintained for an indefinite duration.
System manager(s) and address:
The agency official responsible for the systems policies and
practices outlined above is:
The General Counsel, Department of Health and Human Services,
Office of the General Counsel, Humphrey Building, Room 722A, 200
Independence Ave., SW, Washington, DC 20201.
Notification procedure:
Any inquiries regarding these system of records should be
addressed to the System Manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the System Manager(s) and Address
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
The information contained in this system comes from the
individuals involved and from appropriate Department officials.
Systems exempted from certain provisions of the act:
None.
09-90-0066
System name: OGC-Attorney Applicant Files, HHS/OS/OGC.
Security classification:
None.
System location:
See Appendix on the Administrative Claims System. 09-90-0062
Categories of individuals covered by the system:
Current Attorney Applicants for positions in the Office of the
General Counsel.
Categories of records in the system:
The Attorney Applicant system consists of a variety of records
relating to persons applying for attorney positions. These records
contain information about an individual's birth date; home address;
telephone number; social security number; educational background
(e.g., law schools attended and grades); past work experience;
writing samples furnished on request; recommendations from past
employers and academic officials.
Authority for maintenance of the system:
5 U.S.C. 3301 et seq.
Purpose(s):
To maintain current information concerning individuals interested
in employment with the Office of General Counsel.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual. In the event of
litigation where the defendant is (a) the Department, any component
of the Department, or any employee of the Department in his or her
official capacity; (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components; or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense, provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are maintained in file folders, alphabetized by
name, and in some cases the records are separated by individual law
school affiliation and by the date the application is received. In
some instances records are located in lockable conserva-file cabinets
and in a locked secured room with access limited to those officials
whose duties require access. In other instances records are
maintained in file rooms or with other Office of the General Counsel
files.
Retrievability:
These records are retrievable by name.
Safeguards:
Access is limited to those HHS officials whose duties require
access.
Retention and disposal:
These records are retained in a current system for one year, and
in some instances two years, after which time they are discarded.
System manager(s) and address:
The agency official responsible for the systems policies and
practices outlined above is:
The General Counsel, Department of Health and Human Services,
Office of the General Counsel, Humphrey Building, Room 722A, 200
Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Any inquiries regarding these systems of records should be
addressed to the System Manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410).
Contesting record procedures:
Contact the official at the address specified under System
Manager(s) and Address above, and reasonably identify the record and
specify the information to be contested and corrective action sought
with supporting justification. (These procedures are in accordance
with Department Regulations (45 CFR 5b.7) Federal Register, October
8, 1975, page 47411).
Record source categories:
Information in this system of records comes from the individual
to whom it applies law school officials and past employers.
Systems exempted from certain provisions of the act:
None.
09-90-0067
System name: Invention Reports Submitted to the Department of
Health and Human Services by its Employees, Grantees, Fellowship
Recipients, and Contractors, HHS/OS/OGC.
Security classification:
None.
System location:
Office of the General Counsel, Patent Branch, Westwood Building--
Room 5A03, 5333 Westbard Avenue, Bethesda, Maryland 20016.
Categories of individuals covered by the system:
Department employees, investigators funded under HHS research
grants, fellowship awardees, investigators funded under HHS research
contracts.
Categories of records in the system:
Invention reports.
Authority for maintenance of the system:
45 CFR parts 6, 7, and 8, E.O. 9865, E.O. 10096.
Purpose(s):
To maintain the information and patent records for the entire
Department.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Department of Justice Claims Section for purpose of defending the
Government in litigation.
Scientific personnel, both in this agency, and other Government
agencies, and in non-Governmental organizations such as Universities,
who possess the expertise to understand the invention and evaluate
its importance as a scientific advance.
Contract patent counsel and their employees and foreign contract
personnel retained by the Department for patent searching and
prosecution in both the United States and foreign Patent Offices.
All other Government agencies whom we contact regarding possible
use, interest in, or ownership rights in our inventions.
Prospective licensees or technology finders who may further make
the invention available to the public through sale, use or
publication.
Parties, such as supervisors of inventors, whom we contact to
determine ownership rights, and those parties contacting us to
determine the Government's ownership.
The United States and foreign Patent Offices for our filing of
patent applications. Disclosure may be made to a congressional office
from the record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, if
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are kept in individual file folders.
Retrievability:
Indexed by both inventor's name and case identification number.
Safeguards:
During normal business hours a member of the staff of the Patent
Section regulates the availability of the files. During evening and
weekend hours, the building is closed, with a guard at the front
entrance, and only personnel authorized to be in the building are
permitted entry.
Retention and disposal:
The records are maintained here for the life of any patent issued
(seventeen years), for seven years for any invention which is not
patented, and they are sent to the Federal Records Center for
retention when they are no longer required here.
System manager(s) and address:
Patent Counsel, Department of Health and Human Services,
Westwood Building--Room 5A03, 5333 Westbard Avenue, Bethesda,
Maryland 20016.
Notification procedure:
An individual is required to provide his own name together with
that of any other individual who contributed to the making of an
invention, on which the system contains a record. Any inquiries
regarding these systems of records should be addressed to the System
Manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under System
Manager(s) and Address above, and reasonably identify the record and
specify the information to be contested and corrective action sought
with supporting justification. (These procedures are in accordance
with Department Regulations (45 CFR 5b.7) Federal Register, October
8, 1975, page 47411.)
Record source categories:
The information comes from the inventors, their supervisors,
other scientists with expertise in the particular area of the
invention, scientific publications, newspapers, contract patent
counsel who have searched and/or prosecuted the invention, and
commercial organizations.
Systems exempted from certain provisions of the act:
None.
09-90-0068
System name: Federal Private Relief Legislation, HHS/OS/OGC.
Security classification:
None.
System location:
This system is located in the:
Division of Legislation,
Office of the General Counsel,
Office of the Secretary,
Room 427 D, Humphrey Building,
Department of Health and Human
Services,
200 Independence Ave., SW,
Washington, DC 20201.
Categories of individuals covered by the system:
Private individuals, groups, or institutions for whom a United
States Congressman or Senator has introduced a private relief bill.
Categories of records in the system:
Background which gives rise to the individual's, group's or
institution's claim for private relief legislation.
Authority for maintenance of the system:
5 U.S.C. 301; OMB Circular A-19.
Purpose(s):
To respond to Congressional requests for information regarding
private relief legislation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The information is used to prepare reports to the Congress, most
commonly to the Judiciary Committees of the Senate and the House of
Representatives, which reports are thereafter made available to the
public under the provisions of 5 U.S.C. 552. In connection with the
preparation of those reports, the information contained in this
system of records will, as a routine use be disclosed to officers and
employees of the Office of Management and Budget in connection with
the review of private relief legislation as set forth in OMB Circular
No. A-19 at various stages of the legislative coordination and
clearance process as set forth in that Circular, and may, as a
routine use, be disclosed to officers or employees of agencies (as
defined in 5 U.S.C. 551(i) and 552(e) other than the agency that
maintains the record. Disclosure may be made to a congressional
office from the record of an individual in response to an inquiry
from the congressional office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper records in file folders kept in legal size filing cabinets.
Retrievability:
By bill number using card systems maintained by name and by
subject.
Safeguards:
Immediate access to these records are only by authorized staff.
Building is locked at close of business.
Retention and disposal:
Retained indefinitely either at System Location or at Federal
Record Center where files are sent on a regular predetermined
schedule.
System manager(s) and address:
Chief, Legislative Reference and Control Service,
Division of Legislation,
Office of the General Counsel,
Department of Health and Human Services,
Room 427 D, Humphrey Building, 200 Independence Avenue, SW,
Washington, DC 20201.
Notification procedure:
Any inquiries regarding the records in question should be made to
the System Manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the offical at the address specified under System
Managers and Address above, and reasonably identify the record and
specify the information to be contested and corrective action sought
with supporting justification. (These procedures are in accordance
with Department Regulations (45 CFR 5b.7) Federal Register, October
8, 1975, page 47411.)
Record source categories:
The information in this system comes from the Operating Divisions
of the Department, the Public Health Service Agencies, the Office of
the Secretary, Congressional Committees, individual Congressmen and
Senators, and, in some cases, the subject individual, group, or
institution.
Systems exempted from certain provisions of the act:
None.
09-90-0069
System name: Unfair Labor Practice Records, HHS/OS/ASPER.
Security classification:
None.
System location:
Personnel Offices of the Department shown in Applicants for
Employment Records, HHS System 09-90-0006, Appendix 1 and offices of
operating officials in organizational units serviced by those
Personnel Offices.
Categories of individuals covered by the system:
Current HHS employees and union officials.
Categories of records in the system:
This system of records consists of a variety of records relating
to an unfair labor practice charge. Examples of information which may
be included in this system are the employee's name, Social Security
Number, grade, job title, employment history and a variety of work
and personnel records associated with the charges and required under
proceedings established by Title 5, United States Code, Chapter 71
and Department of Labor Regulations.
Authority for maintenance of the system:
Executive Order 11491, as amended, 5 U.S.C. Chapter 71.
Purpose(s):
These records are used to initiate, make a determination on, and
document a decision made on unfair labor practice charges filed by an
employee or union official. These records are maintained in each
component of the Department. See also ``Retrievability'' below.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information in this system may be released to:
1. Office of Personnel Management, Merit Systems Protection Board
(including its Office of the Special Counsel), Equal Employment
Opportunity Commission, and the Federal Labor Relations Authority
(including the General Counsel of the Authority and the Federal
Service Impasses Panel) in carrying out their functions;
2. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
3. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosures is compatible with the purpose for which the records were
collected.
4. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders.
Retrievability:
Records are retrievable by name. Information from this system may
be used by Department officials for preparing statistical summary or
management reports.
Safeguards:
Records are stored in lockable metal file cabinets. Access to and
use of these records are limited to personnel who have a need for the
records in performance of official duties.
Retention and disposal:
The case files are maintained as long as they may be pertinent
for purposes of precedent or as management information devices. When
no longer useful for such purposes, they are destroyed.
System manager(s) and address:
Personnel Officer shown in Appendix 1 of Applicants for
Employment Records, HHS System 09-90-0006, who services the
organizational unit in which the individual is employed.
Notification procedure:
Contact the systems manager and provide name, approximate date of
record, the unfair labor practice charge as specified by the
complainant, and management component in which the charge was filed.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and state the corrective action sought
and the reasons for the correction. (These procedures are in
accordance with Department Regulations (45 CFR 5b.7) Federal
Register, October 8, 1975, page 47411.)
Record source categories:
Information in this system of records is:
1. Supplied directly by the individual, or
2. Derived from information supplied by the individual, or
3. Supplied by testimony of witnesses, or
4. Supplied by union officials, or
5. Supplied by Department officials.
Systems exempted from certain provisions of the act:
None.
09-90-0071
System name: Social Security Code Cards, HHS/OS/OGC.
Security classification:
None.
System location:
Office of the Regional Attorney, Department of Health and Human
Services, 19th and Stout Streets, Denver, Colorado 80294.
Categories of individuals covered by the system:
Individuals referred to in this system are Social Security
claimants or wage-earners who have been the subject of Social
Security Precedent opinions.
Categories of records in the system:
The information in this system consists of the name of the
individual on a 3x5 card and a code which cross references to the
location of the actual opinion. These cards are separate and distinct
from the digest cards which are distributed nationally by the Office
of the General Counsel.
Authority for maintenance of the system:
44 U.S.C. 3101.
Purpose(s):
To enable a researcher to obtain the appropriate Social Security
precedent opinion which may be cited in subsequent opinions.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The subject information is kept on 3x5 cards which are kept in an
office locked after the close of the business day. The opinions which
are cross-referenced by the cards are kept in the files in the same
office.
Retrievability:
Retrievable by name. These cards are used to enable the
researcher to obtain the appropriate Social Security precedent
opinion which may then be cited in subsequent opinions distributed
within OGC and SSA.
Safeguards:
Office locked at the close of the business day.
Retention and disposal:
Retained indefinitely either at system location or at Federal
Records Center where files are sent on a regular predetermined
schedule.
System manager(s) and address:
The agency official responsible for the system policies and
practices outlined above is:
Regional Attorney, Department of HHS, 19th and Stout Streets,
Denver, Colorado 80294.
Notification procedure:
Any inquiries regarding the records in question should be made at
the above address where the records are kept. Required identifying
information will be in keeping with Departmental requirements.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under System
Managers and Address above, and reasonably identify the record and
specify the information to be contested and corrective action sought
with supporting justification. (These procedures are in accordance
with Department Regulations (45 CFR 5b.7) Federal Register, October
8, 1975, page 47411.)
Record source categories:
The information on the cards is gleaned from precedent opinions
nationwide as well as those issued from Region VIII.
09-90-0072
System name: Congressional Grants Notification Unit, HHS/OS/ASL.
Security classification:
None.
System location:
Room 417, H Humphrey Building, 200 Independence Avenue, SW,
Washington, DC 20201
Categories of individuals covered by the system:
Members of Congress.
Categories of records in the system:
Notification form of grants or contract awards made by HHS. The
form contains the name and address of the project director, the
purpose of the grant or contract, and the HHS program involved.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
To provide timely notification to members of Congress of HHS
grants and contract awards being made in their Districts.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual. In the event of
litigation where the defendant is (a) the Department, any component
of the Department, or any employee of the Department in his or her
official capacity, (b) the United States where the Department
determines that the claim, if successful, is likely to directly
affect the operations of the Department or any of its components, or
(c) any Department employee in his or her individual capacity where
the Justice Department has agreed to represent such employee, the
Department may disclose such records as it deems desirable or
necessary to the Department of Justice to enable that Department to
present an effective defense, provided such disclosure is compatible
with the purpose for which the records were collected.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Paper files are maintained in standard file cabinets.
Retrievability:
Files are indexed by States Congressional Districts with the name
of the Congressional Representative of that District on the file.
Records are retrieved by name. The staff uses this system for the
following purposes: (1) To answer questions in the short term about
amounts of HHS grant funds going into areas of the country according
to congressional districts. (2) To verify that actual notification to
members offices of awards has been made.
Safeguards:
These records are public information and available on request.
Retention and disposal:
Grant notification files are discarded after two calendar years.
System manager(s) and address:
Director, Congressional Liaison, Office of the Assistant
Secretary for Legislation, Room 417H, HHH Bldg., 200 Independence
Avenue, SW, Washington, DC 20201.
Notification procedure:
Same as above. The Congressional District or name of the
Congressional Representative of that district and the approximate
date of the award must be provided.
Record access procedures:
Address same as above.
Contesting record procedures:
Address same as above.
Record source categories:
Agencies within the Department making the grant/contract awards.
Systems exempted from certain provisions of the act:
None.
09-90-0074
System name:
Location and Collection System (LCS), HHS, OCSE.
Security classification:
None.
System location:
Office of Child Support Enforcement, 370 L'Enfant Promenade, SW.,
4th Floor East, Washington, DC 20447; Social Security Administration,
6200 Security Boulevard, Baltimore, Maryland 21235.
Categories of individuals covered by the system:
Records will be maintained to locate individuals for the purpose
of establishing parentage, establishing, setting the amount of,
modifying, or enforcing child support obligations, or enforcing child
custody or visitation orders and may include (1) information on, or
facilitate the discovery of, or the location of any individuals: (A)
Who are under an obligation to pay child support or provide child
custody or visitation rights; (B) against whom such an obligation is
sought; (C) to whom such an obligation is owed including the
individual's social security number (or numbers), most recent
address, and the name, address, and employer identification number of
the individual's employer; and (D) who have or may have parental
rights with respect to a child; (2) information on the individual's
wages (or other income) from, and benefits of, employment (including
rights to enrollment in group health care coverage); (3) information
on the type, status, and amount of any assets or debts owed to or by
such an individual; and (4) information on certain Federal
disbursements payable to a delinquent obligor which may be offset for
the purpose of collecting past-due child support.
Categories of records in the system:
Specific records retained in the LCS system are: The name of
noncustodial or custodial parent or child, Social Security number
(when available), date of birth, place of birth, sex code, State case
identification number, local identification number (State use only),
State or locality originating request, date of origination, type of
case (TANF, non-TANF full-service, non-TANF locate only, parental
kidnapping); home address, mailing address, type of employment, work
location, annual salary, pay rate, quarterly wages, medical coverage,
benefit amounts, type of military service (Army, Navy, Marines, Air
Force, not in service), retired military (yes or no), Federal
employee (yes or no), recent employer's address, known alias (last
name only), date requests sent to State and Federal agencies or
departments (SSA, Treasury, DoD/OPM, VA, USPS, FBI, and SESAs), dates
of Federal agencies' or departments' responses, date of death, record
identifier; employee's SSN, SSN verification indicator and any
corrected SSN, employee first name, middle name, last name, employee
address(es), date of birth (optional), employee date of hire
(optional), employee State of hire, wage amount, quarter paid,
reporting period; employer name, Federal Employer Identification
Number or Federal Information Processing System Code, State Employee
Identification Number of Federal Information Processing System Code,
employer address, employer foreign address, employer optional
address, and employer optional foreign address; multistate employer
name, address and Federal Identification Number; employee SSN,
employee first name, middle name, last name, employee address(es),
date of birth (optional), date of hire (optional), State of hire
(optional), employee wage amount, quarter paid, reporting period;
unemployment insurance record identifier, claimant SSN, SSN
verification indicator and any corrected SSN; claimant first name,
middle name, claimant address, SSA/VA benefit amount, unemployment
insurance benefits amount, reporting period, quarter paid, payer
State, date report processed; State code, local code, case number,
arrearage amount, collection amount, adjustment amount, return
indicator, transfer State, street address, city and State, zip code,
zip code 4, total debt, number of adjustments, number of collections,
net amount, adjustment year, tax period for offset, type of offset,
offset amount, submitting State FIPS, locate code, case ID number,
case type, and court/administrative order indicator. Records used to
aid State Child Support Enforcement Agencies in obtaining information
from multistate financial institutions may include institution
name(s), name control, Taxpayer Identification Number(s), year,
month, service bureau indicator, transfer agent indicator, foreign
corporation indicator, reporting agent/transmitter, address(es), file
indicator, record type, payee last name control, SSN(s), payee
account number, account full legal title (optional), payee foreign
country indicator (optional), payee names, addresses, account
balances (optional), trust fund indicator, account balance indicator
(optional), account update indicator, account type, date of birth.
Individuals will be fully informed of the uses and disclosures of
their records.
Authority for maintenance of the system:
Legal authority for maintenance of the system is contained in
sections 452 and 453 of the Social Security Act that require the
Secretary of the Department of Health and Human Services to establish
and conduct the Federal Parent Locator Service, a computerized
national location network which provides address and social security
number information to authorized persons, primarily for the purposes
of establishing and collecting child support obligations.
Purpose(s):
The primary purpose of the Location and Collection System is to
improve States' abilities to locate parents and collect child
support.
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
The routine uses of records maintained in the LCS are as follows:
(1) Request the most recent home and employment addresses and SSN of
the noncustodial or custodial parents from any State or Federal
government department, agency or instrumentality which might have
such information in its records; (2) provide the most recent home and
employment addresses and SSN to State Child Support Enforcement (CSE)
agencies under agreements covered by section 463 of the Act (42
U.S.C. 663) for the purpose of locating noncustodial parents or
children in connection with activities by State courts and Federal
attorneys and agents charged with making or enforcing child custody
determinations or conducting investigations, enforcement proceedings
or prosecutions concerning the unlawful taking or restraint of
children; (3) provide the most recent home and employment addresses
and SSN to agents and attorneys of the United States, involved in
activities in States which do not have agreements under section 463
of the Act for purposes of locating noncustodial parents or children
in connection with Federal investigations, enforcement proceedings or
prosecutions involving the unlawful taking or restraint of children;
(4) provide to the State Department the name and SSN of noncustodial
parents in international child support cases, and in cases involving
the Hague Convention on the Civil Aspects of International Child
Abduction; (5) provide to State agencies data in the NDNH portion of
this system for the purpose of administering the Child Support
Enforcement program and the Temporary Assistance for Needy Families
(TANF) program; (6) provide to the Commissioner of Social Security
information for the purposes of verifying reported SSNs, verifying
eligibility and/or payment amounts under the Supplemental Security
Income (SSI) program, and for other purposes; (7) provide to the
Secretary of the Treasury information in the NDNH portion of this
system for purposes of administering advance payments of the earned
income tax credit and verifying a claim with respect to employment in
a tax return; (8) provide to researchers new hire data for research
efforts that would contribute to the TANF and CSE programs.
Information disclosed may not contain personal identifiers; (9)
provide to State CSE agencies, or any agent of an agency that is
under contract with the State CSE agency, information which will
assist in locating individuals for the purposes of establishing
paternity and for establishing, modifying, and enforcing child
support obligations; (10) disclose to authorized persons as defined
in section 463(d)(2) of the Act (42 U.S.C. 663(d)(2)) records for the
purpose of locating individuals and enforcing child custody and
visitation orders; (11) disclose to the State agency administering
the Medicaid, Unemployment Compensation, Food Stamp, SSI and
territorial cash assistance programs new hire information for income
eligibility verification; (12) disclose to State agencies
administering unemployment and worker's compensation programs new
hire information to assist in determining the allowability of claims;
(13) disclose information to the Treasury Department in order to
collect past due child support obligation via offset of tax refunds
and certain Federal payments such as: Federal salary, wage and
retirement payments; vendor payments; expense reimbursement payments,
and travel payments; (14) disclose to the Secretary of State
information necessary to revoke, restrict, or deny a passport to any
person certified by State CSE agencies as owing a child support
arrearage in an amount specified in section 452(k) of the Act; and
(15) disclose to States information pertaining to multistate
financial institutions which has been provided by such institutions
in order to aid State Child Support Enforcement Agencies; and (16)
disclose to the Department of Education information in the NDNH
portion of this system for purposes of enforcing obligations on loans
under title IV of the Higher Education Act of 1965 that are in
default or for collecting overpayments of grants awarded under this
Act.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The Location and Collection System records are maintained on disc
and computer tape, and hard copy.
Retrievability:
System records can be accessed by either a State assigned case
identification number or Social Security Number.
Safeguards:
1. Authorized Users: All requests from the State IV-D Agency must
certify that: (1) They are being made to locate noncustodial and
custodial parents for the purpose of establishing paternity or
securing child support, or in cases involving parental kidnapping or
child custody and visitation determinations and for no other purpose;
(2) the State IV-D agency has in effect protective measures to
safeguard the personal information being transferred and received
from the Federal Parent Locator Service; and (3) the State IV-D
Agency will use or disclose this information for the purposes
prescribed in 45 CFR 303.70.
2. Physical Safeguards: For computerized records electronically
transmitted between Central Office and field office locations
(including organizations administering HHS programs under contractual
agreements), safeguards include a lock/unlock password system. All
input documents will be inventoried and accounted for. All inputs and
outputs will be stored in a locked receptacle in a locked room. All
outputs will be labeled ``For Official Use Only'' and treated
accordingly.
3. Procedural and Technical Safeguards: All Federal and State
personnel and contractors are required to take a nondisclosure oath.
A password is required to access the terminal. All microfilm and
paper files are accessible only by authorized personnel who have a
need for the information in the performance of their official duties.
These practices are in compliance with the standards of Chapter 45-13
of the HHS General Administration Manual, ``Safeguarding Records
Contained in Systems of Records,'' and the Department's Automated
Information System Security Program Handbook.
Retention and disposal:
Quarterly wage data and unemployment data supplied to the LCS
which, within 12 months, has not produced a match as a result of any
information comparison will not thereafter be used for child support
enforcement purposes. Quarterly wages and unemployment data and new
hire information will be deleted from the database 24 months after
the date of entry. An information comparison will be retained for 24
months. Sample data will be retained only long enough to complete
research authorized under section 453(j)(5) of the Act. Tax refund
and administrative offset information will be maintained for six
years in an active master file for purposes of collection and
adjustment. After this time, records of cases for which there was no
collection will be destroyed. Records of cases with a collection will
be stored on-line in an inactive master file. Records pertaining to
passport denial will be updated and/or deleted as obligors meet
satisfactory restitution or other State approved arrangements.
Records of information provided to authorized users will be
maintained only long enough to communicate the information to the
appropriate State or Federal agent. Thereafter, the information
provided will be destroyed. However, records pertaining to the
disclosures, which include information provided by States, Federal
agencies contacted, and an indication of the type(s) of information
returned, will be stored on a history tape and in hard copy for five
years and then destroyed. Records of information provided by
financial institutions for the purpose of facilitating matches will
be maintained only long enough to communicate the information to the
appropriate State agent. Thereafter, the information provided will be
destroyed. However, records pertaining to the disclosures, which
include information provided by States, Federal agencies contacted,
and an indication of the type(s) of information returned, will be
stored on a history tape and in hard copy for five years and then
destroyed.
System manager(s) and address:
Associate Commissioner for Automation and Program Operations,
Office of Child Support Enforcement, Administration for Children and
Families, 370 L'Enfant Promenade, SW, 2nd Floor West, Washington,
D.C. 20447.
Notification procedures:
To determine if a record exists, write to the Systems Manager at
the address listed above. The Privacy Act provides that, except under
certain conditions specified in the law, only the subject of the
records may have access to them. All requests must be submitted in
the following manner: identify the system of records you wish to have
searched, have your request notarized to verify your identity,
indicate that you are aware that the knowing and willful request for
or acquisition of a Privacy Act record under false pretenses is a
criminal offense subject to a $5,000 fine. Your letter must also
provide sufficient particulars to enable OCSE to distinguish between
records on subject individuals with the same name.
Record access procedures:
Write to the Systems Manager specified above to attain access to
records. Requesters should provide a detailed description of the
record contents they are seeking.
Contesting record procedure:
Contact the official at the address specified under System
Manager above, and identify the record and specify the information to
be contested and corrective action sought with supporting
justification to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Information is obtained from departments, agencies, or
instrumentalities of the United States or any State and from multi-
state financial institutions.
System exempted from certain provisions of the act:
None.
09-90-0075
System name: MBTA Prepaid Pass Program Participants, HHS/RO1/
ARD.
Security classification:
None.
System location:
HHS Office of Director for Administrative Support Center,
Room 2411, JFK Federal Building,
Boston, Massachusetts 02203.
Categories of individuals covered by the system:
Any HHS employee who is participating in the MBTA Pass Program.
Categories of records in the system:
Name, Department, SSN, Credit Union Account Number, Type of Plan,
and signature of employee.
Authority for maintenance of the system:
Executive Order 011491.
Purpose(s):
To promote employee participation in the President's Energy
Program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(a) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual; and
(b) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
3 x 5 cards in file box.
Retrievability:
By name.
Safeguards:
Office doors locked during nonworking hours.
Retention and disposal:
Kept as long as employee is a participant in the Program.
Cancellation cards are kept for six months after month cancelled;
then destroyed.
System manager(s) and address:
Secretary to Director for Administrative Support Center HHS,
Room 2411, JFK Federal Building, Boston, Massachusetts 02203.
Notification procedure:
Address: Same as above. Identifying Information: Name, Social
Security Number (on a purely voluntary basis).
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought (These access
procedures are in accordance with Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
Supplied by employee.
Systems exempted from certain provisions of the act:
None.
09-90-0078
System name: SSI/OPM Temporary Matching File, HHS/OS/OIG.
Security classification:
None
System location:
Office of the Inspector General HHS, Room 2111, SSA Annex,
Baltimore, Md. 21235.
Categories of individuals covered by the system:
All Federal employees covered under Office of Personnel
Management Central Personnel Data File (CPDR) who are also included
in the Supplementary Security Income (SSI) file of the Social
Security Administration.
Categories of records in the system:
Office of Personnel Management Central Personnel Data File
extract including name of employee, date of birth, Social Security
Number, work status, pay grade and duty station, and Supplementary
Security Income Record File data including names, Social Security
Number, address, SSI application data, disability data, income and
resource data and payment data used in the administration of the SSI
program.
Authority for maintenance of the system:
Pub. L. 94-505.
Purpose(s):
This system of records is maintained to facilitate the comparison
of records to identify those Federal employees who may also be
receiving SSI benefits concurrently. This is in accordance with the
statutory requirement in Pub. L. 94-505 that the Inspector General
prevent and detect fraud and abuse in the Department's programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
In the event that a system of records maintained by this agency
to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the
relevant, records in the system of records may be referred, as a
routine use, to the appropriate agency, whether Federal, or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
A record from this system of records may be disclosed as a
``routine use'' to a Federal, State or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant, or other
benefit.
A record from this system of records may be disclosed to a
Federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department, or any employee of the Department in his or her official
capacity; (b) the United States where the Department determines that
the claim, if successful, is likely to directly affect the operations
of the Department or any of its components; or (c) any Department
employee in his or her individual capacity where the Justice
Department has agreed to represent such employee, the Department may
disclose such records as it deems desirable or necessary to the
Department of Justice to enable that Department to present an
effective defense, provided such disclosure is compatible with the
purpose for which the records were collected.
A record from this system may be disclosed as a ``routine use''
to a Federal, State or local agency maintaining pertinent records if
necessary to obtain a record relevant to a Department decision
concerning the determination of initial or continuing eligibility for
program benefits.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are stored on computer tape files and computer
printed listings.
Retrievability:
The records are retrieved by computer using Social Security
Number as the principal matching criterion. We disclose the records
within the Department to the Social Security Administration for
investigation and redetermination of SSI benefits.
Safeguards:
Direct access is restricted to authorized staff members of the
Office of the Inspector General. Access within HHS is limited to
those employees who are directly involved in the matching program on
a need-to-know basis. Computer files and printed listing are
maintained in security type safes or lock bar file cabinets. They are
safeguarded in accordance with the provisions of the National Bureau
of Standards Federal Information Processing Standards 41 and 31, and
the HHS Information Processing Standards, HHS ADP System Manual Part
6, ``ADP Systems Security.'' All computer tapes are password
protected prohibiting unauthorized access.
Retention and disposal:
In instances of computer matching of files, only those records
which meet predetermined criteria are maintained. All records which
do not meet these criteria are destroyed. All original source
computer tapes will be returned within 60 days. All records obtained
as a result of the matching program will be degaussed as soon as
possible within 6 months except for those records which are necessary
to the completion of pending law enforcement activities or
administrative activities of the matching program. Paper listings
will be either shredded or burned.
System manager(s) and address:
Inspector General/Deputy Inspector General, Room 5262, North
Building, U.S. Department of Health and Human Services, 330
Independence Avenue SW, Washington, DC 20201.
Notification procedure:
Contact: Privacy Act Officer, Office of the Inspector General,
Department of Health and Human Services, Room 5267, North Building,
330 Independence Avenue SW, Washington, DC 20201.
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification.
Record source categories:
Records are furnished from the Central Personnel Data File (CPDF)
maintained by the U.S. Office of Personnel Management and from the
Supplemental Security Income Record (SSR) maintained by the Social
Security Administration, Department of Health and Human Services.
Systems exempted from certain provisions of the act:
None.
09-90-0079
System name: Welfare Fraud Detection File, HHS/OS/OIG.
Security classification:
None.
System location:
At headquarters and regional offices of the OIG Audit Agency,
Department of Health and Human Services. See Appendix.
Categories of individuals covered by the system:
Recipients of the Aid to Families with Dependent Children (AFDC)
Program.
Categories of records in the system:
The system consists of the AFDC recipient records maintained by
the State Welfare Agencies. Records contain information on those
individuals receiving AFDC payments for themselves or as a payee for
dependent children under their guardianship. Records contain
information on name, address, date of birth, social security number,
sex, names of dependent children, their dates of birth and sex, and
monthly grant amount.
Authority for maintenance of the system:
Pub. L. 94-505, October 15, 1976.
Purpose(s):
This system of records is maintained to facilitate the
development of a multiple fraud detection program for the Aid to
Families with Dependent Children (AFDC) Program. The program has as
its major function the identification of cases which through
misrepresentation are on the welfare rolls illegally.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department, or any employee of the Department in his or her official
capacity; (b) the United States where the Department determines that
the claim, if successful, is likely to directly affect the operations
of the Department or any of its components; or (c) any Department
employee in his or her individual capacity where the Justice
Department has agreed to represent such employee, the Department may
disclose such records as it deems desirable or necessary to the
Department of Justice to enable that Department to present an
effective defense, provided such disclosure is compatible with the
purpose for which the records were collected.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
The record from this system may be disclosed as a ``routine use''
to a Federal, State, or local agency maintaining pertinent records if
necessary to obtain a record relevant to a Department decision
concerning the determination of initial or continuing eligibility for
program benefits.
In the event that a system of records maintained by this agency
to carry out its function indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use to
the appropriate agency, whether state or local charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
federal agency, in response to its request in connection with the
hiring or retention f an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
In the event the Department deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
Where federal agencies having the power to subpoena other federal
agencies' records, such as the Internal Revenue Service or the Civil
Rights Commission, issue a subpoena to the Department for records in
this system of records, the Department will make such records
available.
When the Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are stored on computer tape files and computer
printed listings.
Retrievability:
The records in this system are retrieved by computer and manually
using name or social security number.
Safeguards:
Access to and use of these records is restricted to those
personnel having a legitimate need for the information including HHS
Office of the Inspector General personnel and other relevant
Departmental and State personnel. Access will be provided outside of
the Office of the Inspector General only in those instances where
additional information is needed from another agency (e.g., the
Social Security Administration or the State Welfare Agency) or where
referrals for investigation are warranted. All computer files and
printed listings are safeguarded in accordance with the provisions of
the National Bureau of Standards Federal Information Processing
Standards 41 and 31, and the HHS Information Processing Standards,
HHS ADP Systems Manual, Part 6, ``ADP Systems Security.'' All
computer tapes are password protected prohibiting unauthorized
access. Once the program is completed, all computer tapes will be
returned to their source, erased or degaussed, and printed listings
destroyed.
Retention and disposal:
Records will be updated periodically and source computer tapes
will be either returned to the States or destroyed. All computer work
tapes will be erased or degaussed, and printed listings destroyed.
System manager(s) and address:
Inspector General/Deputy Inspector General, Room 5262, North
Building, U.S. Department of Health and Human Services, 330
Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Individuals wishing to inquire whether this system of records
contains information about them should address their inquiries
providing their name and social security number to: Privacy Act
Officer, Office of Inspector General, Department of Health and Human
Services, Room 5267, North Building, 330 Independence Avenue, SW,
Washington, DC 20201.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above, and reasonably indentify the record and specify the
information to be contested and corrective action sought with
supporting justification.
Record source categories:
State Welfare Agencies which maintain files of AFDC program
recipients.
Systems exempted from certain provisions of the act:
None.
Appendix
OIG Audit Agency, Room 5769, North Building, U.S. Department of
Health, Education, and Welfare, 330 Independence Avenue, SW,
Washington, DC 20201.
Region I:
OIG Audit Agency, Bulfinch Building, 15 New Chardon Street,
Boston, Massachusetts 02114.
Region II:
OIG Audit Agency, Federal Building, 26 Federal Plaza, New York,
New York 10007.
Region III:
OIG Audit Agency, 3535 Market Street, Gateway Building, Room
6100, Philadelphia, Pennsylvania 19101.
Region IV:
OIG Audit Agency, 101 Marietta Tower, Suite 1402, Atlanta,
Georgia 30323.
Region V:
OIG Audit Agency, 300 South Wacker Drive, Chicago, Illinois
60606.
Region VI:
OIG Audit Agency, 1100 Commerce Street, Room 4-E10, Dallas,
Texas 75242.
Region VII:
OIG Audit Agency, 601 East 12th Street, Kansas City, Missouri
64106.
Region VIII:
OIG Audit Agency, 1185 Federal Building, 1981 Stout Street,
Denver, Colorado 80294.
Region IX:
OIG Audit Agency, Federal Office Building, Room 171, 50 United
Nations Plaza, San Francisco, California 94102.
Region X:
OIG Audit Agency, Arcade Plaza Building, Room 6087, 1321 Second
Avenue, Seattle, Washington 98101.
09-90-0080
System name: The Secretary's Advisory Committee Candidate Files,
HHS/OS/ES.
Security classification:
None.
System location:
Department of Health and Human Services, Immediate Office of the
Secretary, Special Assistant to the Secretary for Advisory
Committees, Room 602E, Humphrey Building, 200 Independence Avenue SW,
Washington, DC 20201.
Computer site and location: ADP Network Services, Inc., 40 2nd
Avenue, Waltham, Mass 02154.
Categories of individuals covered by the system:
Individuals who are being considered for membership on advisory
committees within the jurisdiction of the Department of Health and
Human Services.
Categories of records in the system:
Information maintained on individuals recommended as members of
Advisory Committees subject to this notice consists of one or more of
the following: Name, title, sex, physically disabled indicator, place
and date of birth, home address, business address, organizational
affiliation, ethnic background, resume, curriculum vitae, dates of
term(s) on advisory committee, current status on advisory committee,
reason for leaving advisory committee, previous or current membership
on other advisory committees, special qualifications of the
individual for the advisory committee membership, source who
recommended the individual for membership on advisory committee and
miscellaneous correspondence. Additionally, letters of recommendation
are included in the file.
Authority for maintenance of the system:
5 U.S.C. 3301.
Purpose(s):
To provide the Secretary with the capability to search a file of
candidate resumes for positions on HHS advisory committees.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
a. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law. Whether civil, criminal or regulatory in nature,
and whether arising by general statute of particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether federal, or foreign, charged with
the responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, or rule,
regulation or order issued pursuant thereto.
b. In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
c. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
d. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
e. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in hard-copy stored in file cabinets, on
index cards, on magnetic tape, or in computer storage.
Retrievability:
For the most part records are maintained in an alphabetical index
by name of the individual. Certain files are based on other factors,
e.g., Advisory Committee name, with a cross index based on an
alphabetical listing of individuals. Certain other records are
retrievable by individually identifiable computer identification
codes, last name, first name, sex, handicapped indicator,
professional expertise and ethnic background. All fields within the
individual computer record can be accessed by the computer system
language, and are available for administrative purposes via on-line,
interactive terminals either in hard-copy or electronic visual
display devices for reports. Records of candidates for Advisory
Committees will be created and maintained on the data base which is
accessible by on-line, interactive computer technology. Uses include
special administrative reports, quarterly alphabetical listings of
past, present, and recommended members of Advisory Committees,
computer lists of vacancies, acceptances, separations, active
members, statistical reports by sex, youth, geographical location,
etc.; documentation of nominations; and other administrative needs.
Safeguards:
Direct access to records is restricted to authorized personnel
through locked files, rooms, and buildings as well as building pass
and security guard-sign-in systems. Certain facilities are also
protected by closed circuit television systems. Computer systems are
secured through locked magnetic tape libraries as well as lockword-
password computer access systems.
Retention and disposal:
Retention is variable from one year to permanent retention
depending upon the type of record, e.g., names of former members of
advisory committees are retained permanently. Records are disposed of
as trash by the system manager or Office of Security depending on the
confidentiality of the information contained on the record.
System manager(s) and address:
Special Assistant to the Secretary for Advisory Committee, Room
602E, Humphrey Building, 200 Independence Avenue, SW, Washington, DC
20201.
Notification procedure:
Write to the Systems Manager at the above address.
Verification of identification of individuals inquiring as to
information contained in this system of records will be required by
the submission of full last name, first name, and address of
residence.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. (These access
procedures are in accordance with the Department Regulations (45 CFR
5b.5(a)(2)) Federal Register, October 8, 1975, page 47410.)
Contesting record procedures:
Contact the official at the address specified under notification
procedures above, and reasonably identify the record and specify the
information to be contested and corrective action sought with
supporting justification. (These procedures are in accordance with
Department Regulations (45 CFR 5b.7) Federal Register, October 8,
1975, page 47411.)
Record source categories:
The vast majority of information contained in records on
individuals is obtained directly from the individual. Other
information in the form of references and recommendations is obtained
from other private individuals, program personnel, biographical
reference books, private organizations, former employers, regional
offices of HHS, Members of Congress, and other government sources.
Systems exempted from certain provisions of the act:
None.
09-90-0083
System name: JOBS Evaluation Data System.
Security classification:
None.
System location:
Manpower Demonstration Research Corporation (MDRC), 3 Park
Avenue, New York, NY 10016
Deloitte and Touche, 2 Oliver Plaza, Pittsburgh, PA 15222
Response Analysis Corporation, 377 Wall Street, Princeton, NJ
08542-0158
Participating Sites (See list below)
Categories of individuals covered by the system:
The system will include records on a sample of approximately
48,000 individuals in 7 to 9 sites who were AFDC recipients or
applicants at the time of selection of the research sample and who
were eligible to receive JOBS services. Certain categories of records
will be collected for all sample members, while others will be
collected only for subsamples in selected sites.
Categories of records in the system:
In each of the evaluation sites, clients will be randomly
assigned to either treatment or control groups through a computerized
assignment system by the contractor. Similar data will be collected
for members of both treatment and control groups in the research
sample. Categories of records collected from administrative records,
surveys, and testing include client identifiers (including name,
social security number, etc.); demographic characteristics; family
status; labor market status; educational status; public assistance
status; program status; total income and poverty status; attitudes
toward work, welfare, parenting, and jobs; motivational, self-
descriptive, and work-related factors; program participation;
educational and training utilization; school performance and
developmental status of children; and factors related to child care
use.
Authority for maintenance of the system:
Authority is provided by the Family Support Act, Pub. L. 100-485,
section 203(c), 42 U.S.C. 681 note, which calls for an evaluation to
determine the effectiveness of different approaches to assisting
welfare applicants and recipients.
Purpose(s):
The purpose of the JOBS Evaluation Data System is to build and
expand on prior and in-progress research in order to determine which
program approaches work best for different subgroups of welfare
applicants and recipients. The evaluation will contain three main
study areas: an impact analysis, an implementation and process study,
and a benefit-cost analysis. Other analyses, such as studies of
performance standards, will also be conducted. Numerous reports on
the findings (in aggregate form only) will be issued over the course
of the multi-year evaluation.
The impact study will examine the effects of various JOBS program
approaches on individuals' employment status and earnings levels,
receipt and amount of AFDC payments, income levels, and educational
attainment, in up to ten sites (and on literacy, basic mathematics
achievement, and the development of children in three of the ten
sites). The research will provide important information to policy
makers who need to decide which services to emphasize for which
populations in JOBS in the future.
The implementation and process analysis--the second major
evaluation study area--is intended to inform the impact analysis and
assess the feasibility and replicability of different approaches. It
will do this by examining how various JOBS approaches are implemented
in each site, individuals' patterns of participation in JOBS and
other services available in the community, the relationship between
participation and individuals' baseline characteristics, and the site
contexts.
The cost-effectiveness study--the third major study area--will
estimate the total costs of the various JOBS approaches in each site
as well as the costs of particular activities or components within
each approach. These costs will then be compared to program benefits,
as estimated through the impact study, to determine the relative
cost-effectiveness of different JOBS approaches.
Routine uses or records maintained in the system, including
categories of users and the purposes of such uses:
The following routine uses for the system are proposed:
1. Information may be disclosed to the Department of Justice, to
a court or other tribunal, or to another party before such tribunal,
when
b DHHS, or any component thereof; or
b Any DHHS employee in his or her official capacity; or
b Any DHHS employee in his or her individual capacity where the
Department of Justice (or DHHS, where it is authorized to do so) has
agreed to represent the employee; or
b The United States or any agency thereof where DHHS determines
that the litigation is likely to affect DHHS or any of its
components, is a party to litigation or has an interest in such
litigation, and DHHS determines that the use of such records by the
Department of Justice, the tribunal, or the other party is relevant
and necessary to the litigation and would help in the effective
representation of the governmental party, provided, however, that in
each case, DHHS determines that such disclosure is compatible with
the purpose for which the records were collected.
2. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
3. The evaluation project is being performed under a contract.
Records may be disclosed to employees of the contractor who need the
record in performing their duties related to the contract. The
contractor will be required to maintain Privacy Act safeguards with
respect to such records.
4. Records may be disclosed to the contractor and its
subcontractors for purposes of collecting, collating, analyzing,
aggregating or otherwise refining records in this system. The
contractor and its subcontractors shall be required to maintain
Privacy Act safeguards with respect to such records.
5. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic tape and disk, paper records.
Retrievability:
The research sites will provide DHHS's contractor with
identifying information on each sample member at the time of random
assignment, which will be maintained in automated and paper files at
the contractor's location. For all sample members, these identifiers
will be used to access administrative records, as described above,
and to add to files containing survey and test data.
The contractor will assign a sample identifier to each sample
member and any personal identifiers will be encrypted on the research
files. Thus, the identifiers will be used only for data collection
and validation purposes. Once the files are created, the sample ID
will be used for maintenance of the research files, with the
identifiers encrypted. A master ``decryption'' routine will be
maintained to link the files. Access to this file will be restricted
to contractor staff who need to use this routine to validate data.
Safeguards:
The following safeguards are routinely employed by DHHS and the
contractor to insure confidentiality:
b All contract staff sign an agreement to comply with the
corporate policies on data security and confidentiality;
b All data, both paper files and computerized files, are kept in
secure areas, with access limited on a need to know basis, using
locked files, password controls and encryption routines;
b Merged data sources will have identifying information encoded
to preclude overt identification of individuals;
b All reports, tables and printed materials will present only
aggregate information;
b Compilations of individualized data will not be provided to
agencies at the research sites; and
b Confidentiality agreements will be executed with any
participating subcontractors and consultants who must obtain access
to the detailed files.
Any users of the files in the future will be held to the same
confidentiality and use restrictions outlined above.
Retention and disposal:
Data will be maintained for at least seven years or as long as it
serves legitimate research purposes related to the evaluation.
Data disposal will consist of shredding all individual records
(and certifying) and destroying computer files, other than the Public
Use File, which will not contain identifiable individual data.
System manager(s) and address:
Assistant Secretary for Planning and Evaluation, Department of
Health and Human Services, 200 Independence Avenue, SW, Washington,
DC 20201.
Notification procedures:
To determine if a record exists, write to the system manager at
the address indicated above. Provide notarized signature as proof of
identity. The request should specify the name or identification
number and the time period of association with the JOBS Evaluation.
Record access procedures:
Same as notification procedure. Requestors should also reasonably
specify the record contents being sought. (These procedures are in
accordance with Departmental Regulations (45 CFR 5b.5(a)(2)).
Contesting record procedures:
Contact the System Manager named above, reasonably identify the
record(s), and specify the information to be contested. State the
reason for contesting it (e.g., why it is inaccurate, irrelevant,
incomplete, or not current). (These procedures are in accordance with
Departmental Regulations (45 CFR 5b.7)).
Record source categories:
Information for individuals will be collected from local social
services agency records, including benefit payment and claims files,
from service providers and from interviews with sample members and
their children.
Systems exempted from certain provisions of the act:
None.
List of Participating Sites:
Michigan--Kent and Wayne Counties:
Director, Bureau of Employment Services, Michigan
Department of Social Services, 235 South Grand Avenue,
Lansing, MI 48909
Ohio--Franklin County:
Director, Ohio Department of Human Services, Office of
Welfare Reform, 30 East Broad Street, 31st floor,
Columbus, OH 43266
Georgia--Fulton County:
Director, Division of Family and Children Services,
Georgia Department of Human Resources, 878 Peachtree
Street, NE., Atlanta, GA 30309
Oklahoma--Oklahoma City, Cleveland and Pottawatomie Counties:
Program Support Supervisor, Oklahoma Department of
Human Services, Family Support Services Division, PO
Box 25352, Oklahoma City, OK 73125
California--Riverside County:
Associate Program Analyst, GAIN and Employment
Operations Bureau, California Department of Social
Services, 744 P Street, MS-6136, Sacramento, CA 95814
Oregon--Washington and Multnomah Counties:
Program Analyst--JOBS unit, Adult and Family Services
Division, Oregon Department of Human Resources, 415
Public Service Building, Salem, OR 97310
Systems exempted from certain provision of the Act:
None.
09-90-0095
System name: Management Information System Efficiency Reporter
(MISER), HHS/ASPER/OHR.
Security classification:
None.
System location:
Computer files are stored at these locations: (1) Division of
Computer Research and Technology, National Institutes of Health,
Building 12-A, Bethesda, Maryland 20205 and (2) Social Security
Administration (SSA), EEO Office, 811 Altmeyer Building, 6401
Security Boulevard, Baltimore, Maryland 21235. Paper files may be
stored at the above locations as well as at the Management
Information and Operations Support Staff Unit, Room 2412, Switzer
Building, 330 C Street, SW, Washington, DC 20201.
Categories of individuals covered by the system:
Applicants for employment and current or former employees, who
have a formal grievance, grievance reconsideration, merit system/
prohibited personnel practice complaint, or EEO complaint against the
agency or agency official investigators, examiners, contractors, and/
or clerical support personnel, who are involved in case processing.
Categories of records in the system:
The automated and manual system consists of a variety of records
pertaining to EEO complaints, HHS grievances, grievance
reconsiderations, investigations of merit systems violations and
prohibited personnel practices. In addition to the employees's name
as a personal identifier, this system includes information such as
Social Security account number, position title, grade, and series,
organizational locations; race, sex, type of case; issue; basis;
action on case; dates filed and received; processing events; names of
staff involved in case processing and weekly, monthly, and yearly
production data. These records also include documentary and physical
evidence, correspondence, information from personnel files,
affidavits, investigative reports, analytical papers, computer discs,
tapes, and hard copy reports. The system includes EEO--case racking
data of other components.
Authority for maintenance of the system:
Executive Order 11478, 42 U.S.C. 200e 29 U.S.C. 833a, 5 U.S.C.
1302, 3301, 3302, Executive Order 10577, Executive Order 11767.
Purpose(s):
Information in this system of records is used in locating problem
areas for personnel management evaluation, analyzing causes of
lowered morale among Department employees, recommending policy
regarding investigation and processing of complaints, case management
and control, human resources planning, and to documnt investigations
of merit systems and prohibited personnel practices complaints.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosures may be made:
1. To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
2. To the Department of Justice for the purpose of obtaining its
advice, when desirable or necessary, to determine whether particular
records are required to be disclosed under the Freedom of Information
Act.
3. In the event of litigation where the defendant is (a) The
Department of Health and Human Service (HHS), any component of HHS or
any employee of HHS in his or her official capacity; (b) the United
States where HHS determines that the claim, is successful, is likely
to directly affect the operations of HHS or any of its components; or
(c) any HHS employee in his or her individual capacity where the
Justice Department has agreed to represent such employee. HHS may
disclose such record as it deems desirable or necessary to the
Department of Justice to enable that Department to present an
effective defense, provided such disclosure is compatible with the
purpose for which the records were collected.
4. To Equal Employment Opportunity Commission to refine the
complaints processing procedure and to provide technical assistance
to Federal agencies the Departments as it relates to the efficiency
and effectiveness of their complaints systems.
5. To the Office of Management and Budget to make a detailed and
accurate assessment of the complaint program's cost effectiveness.
6. To the Merit Systems Protection Board (including its Office of
the Special Counsel) to investigate alleged violations of merit
system principles.
7. To the Office of Personnel Management (OPM) to carry out
personnel management evaluations.
8. Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Magnetic tapes, disks, cassette tapes, bound notebooks, paper
forms, and index cards in locked file cabinets.
Retrievability:
Information is retrieved by names, docket numbers, or other data
elements (e.g., type of case, organizational unit, dates).
Safeguards:
Safeguards are established in accordance with Part 6, ADP Systems
Manual. Access to and use of these records is limited to those
persons whose official duties require such access. Records are kept
in locked files or a locked room. Data stored in the automated system
is accessed through the use of passwords known only to authorized
personnel.
Retention and disposal:
Manual and automated records are destroyed by shredding or
erasing after periods varying from one to five years after resolution
or final disposition of the complaint or grievance.
System manager(s) and address:
Director, Office of Human Relations, Room 508-E, Hubert H.
Humphrey Building, 200 Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Exempt. However, consideration will be given to requests
addressed to the System Manager.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record being sought.
Contesting record procedures:
Exempt. However, consideration will be given to a request written
to the system manager. Request should specify the information to be
contested, and state the corrective action sought and the
justification for the correction.
Record source categories:
Information is either provided by the individual to whom EEO
complaint, grievance, grievance reconsideration, merit system and
prohibited personnel practice complaints apply; derived from
information supplied by others; or is supplied by documents related
to the investigation. Record sources may include a confidential
source.
Systems exempted from certain provisions of the act:
Records in the system of records will be exempt from the
provisions of the Privacy Act concerning: Making the accounting of
certain disclosures available; providing notification access and
amendment; and the corresponding provisions of the Department's
Privacy Act regulation (45 CFR part 5b). This exemption is based on 5
U.S.C. 552a(k)(2).
09-90-0100
System name: Civil and Administrative Investigative Files of the
Inspector General.
Security classification:
None.
System location:
Office of the Inspector General, Department of Health and Human
Services, 330 Independence Avenue, SW., Washington, DC 20201.
Categories of individuals covered by the system:
HHS employees and former employees; HHS grantees; contractors,
sub-contractors and their employees; employees of state agencies and
Medicare carriers and intermediaries; Medicare and Medicaid
providers; recipients under programs administered or funded by the
Department; and others doing business with the Department.
Categories of records in the system:
Civil and administrative investigative records.
Authority for maintenance of the system:
Pub. L. 94-505; sec. 1128A of the Social Security Act.
Purpose(s):
Pursuant to Pub. L. 94-505, this system is maintained for the
purpose of conducting and documenting civil and administrative
investigations conducted by OIG or other investigative agencies
regarding HHS programs and operations, documenting the results of OIG
reviews of allegations and complaints received concerning HHS
programs, HHS personnel or former personnel, aiding in administrative
proceedings or civil suits brought against the subjects of OIG
investigations, maintaining a record of the activities which were the
subject of civil and administrative investigations, reporting the
results of civil and administrative investigations to other
departmental components for their use in evaluating their programs
and in imposition of civil or administrative sanctions, and acting as
a repository and source for information necessary to fulfill the
reporting requirements of 42 U.S.C. 3524. This system is also
maintained for the purpose of conducting and documenting the results
of reviews, including computer matches, which identify individuals
who are not entitled to benefits under programs financed by the
Department, whether administered by federal, state or local
government agencies, or who are delinquent on loan payments due under
federally funded programs.
Routine uses of records maintained in the system including
categories of users and the purposes of such uses:
These records may be used as follows:
(1) In the event that this system of records maintained by this
Agency to carry out its functions, indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
whether arising by general statute or particular program statute, or
by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether federal, foreign, state, or local,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation or order issued pursuant thereto where such
responsibility rests outside of OIG.
(2) Disclosures may be made to federal, state, or local agencies
where disclosure is necessary in order to obtain records relevant and
necessary to a civil or administrative investigation of the Office of
Inspector General.
(3) Disclosures may be made to a federal agency where records in
this system of records pertain to an applicant for employment, or to
a current employee of that agency where the records are relevant and
necessary to an agency decision with regard to the hiring or
retention of an employee or disciplinary or other administrative
action concerning an employee.
Disclosures may be made to a federal agency in response to its
request in connection with the issuance of a security clearance, the
award of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
(4) Disclosures may be made to the Office of Personnel Management
or the Merit Systems Protection Board (including the Office of the
Special Council) of information relevant and necessary to carrying
out their functions.
(5) Disclosures may be made to third party contacts where the
party contacted may have information needed to establish or verify
information relevant and necessary to a civil or administrative
investigation by the OIG or in preparation for proceedings pursuant
to section 1128A of the Social Security Act, and ``Civil Money
Penalties''.
(6) Disclosures may be made to federal, state, or local agencies,
or to other entities administrating federally funded programs where
necessary to take action based on an OIG investigation or audit which
identifies individuals not entitled to program benefits or
individuals delinquent on loan payments under federally funded
programs.
(7) Disclosures may be made when the Department contemplates that
it will contract with private firms for the purpose of collating,
analyzing, aggregating or otherwise refining records. Disclosures
will also be made to independent auditors who by contract carry out
audits on behalf of the Department. Such contractors will be required
to maintain Privacy Act safeguards with respect to such records.
(8) Where federal agencies having the power to subpoena other
federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
(9) In the event the Department deems it desirable or necessary,
in determining whether particular records are required to be
disclosed under the Freedom of Information Act, disclosure may be
made to the Department of Justice for the purpose of obtaining its
advice.
(10) In event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems necessary to the Department of Justice to enable that
Department to present an effective defense.
(11) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
(12) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records, which take the form of index cards, investigtive
reports, printed material, computer tape files, computer-generated
printouts and other audit and investigative workpapers are stored in
(1) secured areas, (2) locked rooms, and/or (3) locked cabinets.
Retrievability:
Records are retrieved by manual or computer search of
alphabetical or numerical indices or cross-indices.
Safeguards:
Direct access is restricted to authorized staff members of the
OIG; access within HHS is limited to the Secretary, Under Secretary,
and other officials and employees on a need to know basis. All
computer files are safeguards as described under Storage and in
accordance with the provisions of the National Bureau of Standards
Federal Information Processing Standards 41, and HHS Information
Processing Standards, HHS ADP Systems Manual, Part 6,``ADP Systems
Security''. We protected all computer tapes by the use of passwords
to prohibit unauthorized access.
Retention and disposal:
Investigative files are retained for 6 years after completion of
the investigation and/or actions based thereon. Index and cross-
reference cards are retained permanently. In instances of computer
matching of files, only those records which meet predetermined
criteria for investigation are maintained. All records which do not
meet these criteria are destroyed.
System manager(s) and address:
Inspector General/Deputy Inspector General, Room 5250, North
Building, U.S. Department of Health and Human Services, 330
Independence Avenue, SW., Washington, DC 20201.
Notification procedure:
Exempt. However, consideration will be given requests addressed
to the system manager. For general inquires, include the name and
date of birth of the individual.
Record access procedures:
Same as notification procedures. Requestors should also
reasonably specify the record contents being sought.
Contesting record procedures:
Exempt. However, consideration will be given requests addressed
to the systems manager. Requests for correction should reasonbly
identify the record and specify the information to be contested, the
corrective action sought and the reasons for the correction with
supporting justification.
Record source categories:
Department and other federal, state, and local government
records; interviews of witnesses; documents and other materials
furnished by nongovernmental sources. Sources may include
confidential sources.
Systems exempted from certain procisions of the act:
Exempted from certain provisions of the Act under 5 U.S.C.
552a(k)(2). Pursuant to 45 CFR 5b.11(b)(2)(ii)(D, this system is
exempt from the following subsections of the Act: (c)(3), (d) (1)-
(4), and (e)(4) (G) and (H).
09-90-0101
System name:
Health Care Program Violations.
Security classification:
None.
System location:
This system is located in the Office of Inspector General,
Department of Health and Human Services, 330 Independence Avenue,
SW., Washington, DC 20201. The database for this system, known as the
List of Excluded Individuals/Entities (LEIE), is on a local area
network in the Wilber H. Cohen Building, 330 Independence Avenue,
SW., Washington, DC. The system is operated by the Office of
Inspector General.
Categories of individuals and entities covered by the system:
Individuals and entities covered by this system are employees and
former employees, HHS grantees, contractors, sub-contractors and
their employees; employees of State agencies and Medicare carriers
and intermediaries; Medicare and Medicaid providers; recipients under
programs administered or funded by the Federal and State programs;
and others involved in health care. It includes individuals and
entities who have been excluded from participation in the Medicare,
Medicaid, and all Federal health care programs as defined in section
1128B(f) of the Social Security Act. The individuals would include
physicians, nurses, pharmacists, dentists, therapists, suppliers and
private citizens receiving Federal payments for the furnishing of
items or services covered by any Federal or private program.
Categories of records in the system:
The Health Care Program Violations System contains public
information on individuals and entities which have been excluded from
participation in the Medicare, Medicaid, and all other Federal health
care programs (after August 1997, in accordance with Pub. L. 105-33),
including names, publicly available Social Security numbers,
individual Social Security numbers (and Employer Identification
numbers, if applicable), aliases and ``doing-business-as,''
addresses, and other available unique identifiers related to fraud,
waste and abuse; occupations and specialties, and institutional
affiliations; type and date of exclusion.
Authority for maintenance of the system:
5 U.S.C. App. 3.
Purpose(s):
The Health Care Program Violations System is used to protect
program beneficiaries and to reduce fraud and abuse in Federal health
care programs by providing a clearinghouse of public information on
individuals and entities excluded from health care programs.
Routine uses of records maintained in the system, including
categories of users and purposes of such uses:
1. Information maintained by this system may be disclosed, as a
routine use, to Federal, State, local, public and private agencies
and organizations, as follows:
a. Agencies or organizations which reimburse or regulate
individuals or entities with respect to the furnishing of health-
related services or items.
b. Agencies or organizations which license, certify, or otherwise
regulate the health-related activities of individuals and entities
which provide health care services or items, to alert them to
possibly disqualifying actions, practices or conditions.
c. Agencies or organizations charged with investigating or
prosecuting possible violations indicated in items a and b.
d. Agencies and their agents or representatives enforcing
debarments, suspensions and exclusions under the Federal Acquisition
Streamlining Act of 1994.
e. Upon written request, agencies and/or their contractors or
organizations seeking information in connection with the hiring or
retention of an employee, the issuance of a security clearance, the
reporting of an investigation of an employee, the awarding of a
contract, or the issuance of a license, grant or other benefit by the
requesting agency, to the extent that the record is relevant and
necessary to the requesting agency's decision on the matter.
f. Professional and business organizations concerned with
standards and conduct of individuals and entities engaged in
providing health care items and services.
g. Scholars or other researchers investigating trends and
characteristics in the health care field.
2. Disclosure may be made to a Congressional office from the
record of an individual or entity in response to an inquiry from the
Congressional office made at the request of that individual or
entity.
3. In the event of litigation, information from the system of
records may be disclosed to the Department of Justice, to a judicial
or administrative tribunal, opposing counsel, and witnesses, in the
course of proceedings involving HHS, any HHS employee (where the
matter pertains to the employee's official duties), or the United
States, or any agency thereof where the litigation is likely to
affect HHS, or HHS is a party or has an interest in the litigation
and the use of the information is relevant and necessary to the
litigation.
Policies and practices for storing, retrieving, revealing,
retaining, and disposing of records in the system:
Storage:
Paper records, which includes program exclusion case files, are
kept in files and file folders. Electronic records are stored on hard
or floppy disks and tapes.
Retrievability:
The agency retrieves records from files indexed alphabetically by
geographic region. Both paper records and electronic records are
retrievable by agency-assigned internal case control numbers, name,
personal identifier fields such as date of birth, UPIN, Social
Security or Employer Identification number, address, specialty/
occupation, program violated, date of exclusion, and type of
exclusion.
Indirect access to the database on public records fields is
available to the general public on the OIG's Internet site (http://
www.dhhs.gov/progorg/oig).
Safeguards:
Paper records are stored in secured cabinets behind a locked door
with access limited to authorized personnel. Computer based records
are available only to authorized users and are safeguarded in
accordance with the provisions of the National Bureau of Standards
Federal Information Processing Standards 41 and 31, and the HHS
Information Processing Standards, HHS ADP Systems Manual, Part 6,
``ADP Systems Security.'' All computer tapes are password protected
prohibiting unauthorized access.
Retention and disposal:
The OIG maintains the hardcopy records and files for one year,
after which they are transferred to the Federal Records Center for an
additional 5 years. The electronic records system is maintained for
an indefinite period of time.
System manager(s) and address:
The Systems Manager is an employee of Office of Investigations,
Office of Inspector General, Department of Health and Human Services,
330 Independence Avenue, SW., Washington, DC 20201. The OIG web site
is managed by the Office of Information Technology, Office of
Inspector General, at this same address.
Notification procedure:
An individual who wishes to be notified whether the system
contains a record should make a request electronically to the OIG web
site at http://www.dhhs.gov/progorg/oig.
[[Page 9868]]
Media inquiries should be directed to the HHS/OIG External Affairs
Office, 330 Independence Avenue, SW., Washington, DC 20201. Requests
for written documentation should be submitted in writing, together
with a printout from the OIG web site identifying the individual or
entity, to the Office of Investigations, Health Care Administrative
Sanctions, Room N2-01-26, 7500 Security Boulevard, Baltimore, MD
21244-1850.
Record access procedure:
Same as notification procedure.
Contesting record procedures:
An individual who wishes to contest the record procedures should
contact the Office of Health Care Administrative Sanctions, Office of
Investigations, Office of Inspector General, Department of Health and
Human Services, Room N2-01-26, 7500 Security Boulevard, Baltimore, MD
21244-1850. The individual or entity should reasonably identify the
record and specify the information to be contested, the corrective
action sought and the reasons for the correction, with supporting
documentation.
Record source categories:
The sources are Government and private agencies and
organizations.
Systems exempted from certain provisions of the act:
None.
09-90-0102
System name: Federal Personnel/HHS or HHS Funded Benefit and
Loan Program Temporary Matching File, HHS/OS/OIG.
Security classification:
None.
System location:
Office of the Inspector General, DHHS, Room 5262, North
Building, 330 Independence Avenue, SW, Washington, DC 20201.
Categories of individuals covered by the system:
Federal personnel (employees, retirees, and survivors) who are
also included in HHS or HHS funded benefit and loan program record
files.
Categories of records in the system:
Federal personnel records including name, social security number,
date of birth, sex, work status, pay grade, duty station, OPM claim
number, health benefit enrollment code, retirement date, annuity
rate, pay status of case, correspondence address, zip code, and HHS
or HHS funded benefit and loan program records including name, social
security number, date of birth, address, and data used to determine
eligibility.
Authority for maintenance of the system:
Pub. L. 94-505.
Purpose(s):
This system of records is maintained to facilitate the comparison
of records to identify those federal employees, federal retirees, or
their survivors who may also be receiving assistance under an HHS or
HHS funded benefit or loan program. These records will then be used
for the purpose of reviewing eligibility and identifying any debts
owed under these programs.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records may be used as follows:
1. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred, as a routine use,
to the appropriate agency, whether Federal, foreign, State or local,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation or order issued pursuant thereto where such
responsibility rests outside of OIG.
2. A record from this system of records may be disclosed as a
``routine use'' to a Federal, State or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee or disciplinary or other administrative
action concerning an employee, the issuance of a security clearance,
the letting of a contract, or the issuance of a license, grant, or
other benefit.
3. A record from this system of records may be disclosed to a
Federal agency in connection with the hiring or retention of an
employee or disciplinary or other administrative action concerning an
employee, the issuance of a security clearance, the reporting of an
investigation of an employee, the letting of a contract, or the
issuance of a license, grant, or other benefit by the agency, to the
extent that the record is relevant and necessary to the agency's
decision on the matter.
4. Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual.
5. In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department, or any employee of the Department in his or her official
capacity; (b) the United States where the Department determines that
the claim, if successful, is likely to directly affect the operations
of the department or any of its components; or (c) any Department
employee in his or her individual capacity where the Justice
Department has agreed to represent such employee, the Department may
disclose such records as it deems desirable or necessary to the
Department of Justice to enable that Department to effectively
represent such party, provided such disclosure is compatible with the
purpose for which the records were collected.
6. A record from this system may be disclosed as a ``routine
use'' to a Federal, State, or local agency maintaining pertinent
records if necessary to obtain a record relevant to a Department
decision concerning the determination of initial or continuing
eligibility for program benefits.
7. Disclosures may be made to the Office of Personnel Management
or the Merit Systems Protection Board (including the Office of the
Special Counsel) of information relevant and necessary to carrying
out their functions.
8. Disclosures may be made to third party contacts where the
party contacted may have information needed to establish or verify
relevant information.
9. Disclosures may be made to Federal, State, and local agencies
or to other agencies administrating federally funded programs where
necessary to take action with regard to individuals not entitled to
program benefits or individuals delinquent on loan payments under
federally funded programs.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records are stored on computer tape files and computer
printed listings.
Retrievability:
The records are retrieved by computer using Social Security
Number as the principal matching criterion.
Safeguards:
Direct access is restricted to authorized staff members of the
Office of the Inspector General. Access within HHS is limited to
those employees who are directly involved in the matching program on
a need-to-know basis. Computer files and printed listing are
maintained in security type safes or lock bar file cabinets. They are
safeguarded in accordance with the provisions of the National Bureau
of Standards Federal Information Processing Standards 41 and 31, and
the HHS Information Processing Standards, HHS ADP Systems Manual,
Part 6, ``ADP Systems Security.'' All computer tapes are password
protected prohibiting unauthorized access.
Retention and disposal:
In instances of computer matching of files, only those records
which meet predetermined criteria are maintained. All records which
do not meet these criteria are destroyed. All original source
computer tapes will be returned within 60 days. All records obtained
as a result of the matching program will be degaussed as soon as
possible within 6 months except for those records which are necessary
to the completion of pending law enforcement activities or
administrative activities of the matching program. Paper listings
will be either shredded or burned.
System manager(s) and address:
Inspector General/Deputy Inspector General, Room 5246, North
Building, U.S. Department of Health and Human Services, 330
Independence Avenue, SW, Washington, DC 20201.
Notification procedure:
Contact: Richard McGowan, Public Affairs Officer, Office of
Inspector General, Department of Health and Human Services, Room
5267, North Building, 330 Independence Avenue, SW, Washington, DC
20201.
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought.
Contesting record procedures:
Contact the official at the address specified under notification
procedure above, and reasonably identify the record and specify the
information to be contested, the corrective action sought and the
reasons for the correction with supporting justification.
Record source categories:
Records are furnished from the Central Personnel Data File (CPDF)
maintained by the Office of Personnel Management, from other Federal
agency personnel records systems, and from HHS or HHS-funded program
records systems.
Systems exempted from certain provisions of the act:
None.
09-90-0103
System name:
Healthcare Integrity and Protection Data Bank (HIPDB), HHS/OIG.
Security classification:
None.
System location:
The HIPDB will always be operated and maintained by a contractor.
The SRA Corporation (the Contractor) currently operates and maintains
the HIPDB under contract with the Bureau of Health Professions
(BHPr), Health Resources and Services Administration (HRSA) who,
under a memorandum of understanding with the Office of Inspector
General (OIG), will operate the system. Records are found at the
following address: Healthcare Integrity and Protection Data Bank,
4350 Fairs Lakes Court North, Suite 400, Fairfax, Virginia 22033. The
program will publish any changes in the location of the system in the
Federal Register.
Categories of individuals covered by the system:
The system of records will cover the following categories of
individuals:
Health care practitioners, including physicians,
dentists, and all other health care practitioners (such as nurses,
optometrists, pharmacists, and podiatrists), licensed or otherwise
authorized by a State to provide health care services.
Health care suppliers who furnish or provide access to
health care services, supplies, items or ancillary services
(including, but not limited to, individuals who deliver health care
services and are not required to obtain State licensure or
authorization, durable medical equipment suppliers and manufacturers;
pharmaceutical suppliers and manufacturers; health record services
which prepare and store medical, dental and other patient records;
health data suppliers; and billing and transportation service
suppliers), and any individual under contract to provide health care
supplies, items or ancillary services, and any individual providing
health benefits whether directly, or indirectly through insurance,
reimbursements or otherwise (including insurance producers, such as
agents, brokers, and solicitors).
These individuals must be the subject of the following final
adverse actions: (1) Civil judgments in Federal or State court
related to the delivery of a health care item or service; (2) Federal
or State criminal convictions related to the delivery of a health
care item or service; (3) actions by Federal or State agencies
responsible for the licensing and certification of health care
providers, suppliers, or practitioners; (4) exclusion from
participation in Federal or State health care programs; and (5) other
adjudicated actions or decisions, such as the removal of a physician
from a health plan network via an adjudicated action.
Categories of records in the system:
This system will contain the following types of records:
1. Information on an individual who is the subject of a civil
judgment or criminal conviction related to the delivery of a health
care item or service includes--
Full name; other name(s) used, if known; Social Security
number; date of birth; gender; home address; occupation; organization
name and type, if known; work address, if known; National Provider
Identifier (NPI) (when issued by HCFA); Unique Physician
Identification number(s), if known; Drug Enforcement Administration
(DEA) registration number(s), if known; name of each professional
school attended and the year of graduation, if known; for each
professional license, certification or registration: the license,
certification, or registration number, the field of licensure,
certification, or registration, and the name of the State or
Territory in which the license, certification or registration is
held, if known;
With respect to the judgment/sentence: The court or
judicial venue in which action was taken; docket or court file
number; name of the primary prosecuting agency or Civil Plaintiff;
prosecuting agency's case number; statutory offense and counts; date
of judgment/sentence; length of the sentence; amount of judgment,
restitution or other orders; nature of offense upon which the action
was based; description of acts or omissions and injuries upon which
the action was based; investigative agencies involved, if known, and
investigative agencies' case/file number, if known; whether such
action is on appeal; and
With respect to the reporting entity: Name; title;
address, and telephone number of the reporting entity.
2. Information on an individual who is the subject of a licensure
action taken by Federal or State licensing and certification
agencies, an adjudicated action or decision, or an individual
excluded from participation in a Federal or State health care
program. This information includes--
Full name; other name(s) used, if known; Social Security
number or Federal Employer Identification number; date of birth; date
of death, if deceased; gender; home address; occupation; organization
name and type, if known; work address, if known; physician specialty,
if applicable; NPI (when issued by HCFA); Unique Physician
Identification number(s), if known; DEA registration number(s), if
known; name of each professional school attended and the year of
graduation, if known; for each professional license, certification or
registration: The license, certification, or registration number, the
field of licensure, certification, or registration, and the name of
the State or Territory in which the license, certification or
registration is held, if known;
With respect to final adverse action: A description of
the acts or omissions or other reason for the action; date the action
was taken, its effective date and duration; classification of the
action in accordance with a reporting code adopted by the Secretary;
amount of monetary penalty, assessment or restitution, and name of
the office or program that took the adverse action; and
With respect to the reporting entity: Name; title;
address, and telephone number of the reporting entity.
3. Inquiry file includes copies of all inquiries received by the
HIPDB.
Authority for maintenance of the system:
Section 1128E(b)(5) of the Social Security Act (the Act)
authorizes the collection and maintenance of records of civil
judgments against a health care provider, supplier or practitioner in
Federal or State court related to the delivery of a health care item
or service; Federal or State criminal convictions against a health
care provider, supplier or practitioner related to the delivery of a
health care item or service; actions by Federal or State agencies
responsible for the licensing and certification of health care
providers, suppliers or practitioners; exclusion of a health care
provider, supplier or practitioner from participation in Federal or
State health care programs; and any other adjudicated actions or
decisions established by the Secretary in regulation (45 CFR part
61).
Purpose(s):
The purposes of the system are to:
1. Receive from Government agencies and health plans information
on certain final adverse actions (excluding settlements in which no
findings of liability have been made) taken against health care
providers, suppliers, or practitioners; and
2. Disseminate such data to Government agencies and health plans,
as authorized by the Act.
A government agency includes, but is not limited to (1) the
Department of Justice; (2) the Department of Health and Human
Services; (3) any other Federal agency that either administers or
provides payment for the delivery of health care services (including,
but not limited to, the Department of Defense and the Department of
Veterans Affairs); (4) State law enforcement agencies; (5) State
Medicaid Fraud Control Units; and (6) other Federal or State agencies
responsible for the licensing and certification of health care
providers, suppliers, or licensed health care practitioners.
Health plan means a plan, program or organization that provides
health benefits, whether directly or through insurance, reimbursement
or otherwise, and includes, but is not limited to (1) a policy of
health insurance; (2) a contract of a service benefit organization;
(3) a membership agreement with a health maintenance organization or
other prepaid health plan; (4) a plan, program or agreement
established, maintained or made available by an employer or group of
employers, a practitioner, provider or supplier group, third-party
administrator, integrated health care delivery system, employee
welfare association, public service group or organization, or
professional association; and (5) an insurance company, insurance
service, self-insured employer or insurance organization which is
licensed to engage in the business of selling health care insurance
in a State and which is subject to State law that regulates health
insurance.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Data may be disclosed to:
1. A health plan requesting data concerning a health care
provider, supplier, or practitioner for the purposes of preventing
fraud and abuse activities and/or improving the quality of patient
care, and in the context of hiring or retaining providers, suppliers
and practitioners that are the subjects of reports.
2. Government agencies, as defined in 45 CFR 61.3, requesting
data concerning a health care provider, supplier or practitioner for
the purposes of preventing fraud and abuse activities and/or
improving the quality of patient care, and in the context of hiring
or retaining the providers, suppliers and practitioners that are the
subject of reports to the system. This would include law enforcement
investigations and other law enforcement activities.
Storage:
Records are maintained in electronic folders, on magnetic tape,
and/or disks.
Retrievability:
Retrieval will be by use of personal identifiers, including a
unique identifier assigned by the HIPDB.
Safeguards:
1. Authorized Users: Access to records is limited to designated
employees of the Contractor and to designated HRSA and the OIG staff.
The Contracting Officer's Technical Representative (COTR) and AIS
Security Officers are among the HRSA staff who are authorized users.
Both HRSA and the contractor maintain lists of authorized users.
Other Departmental employees will have access to the records on an
official ``need to know'' basis.
2. Physical Safeguards: Magnetic tapes, disks, computer equipment
and hard copy files are stored in areas where fire and environmental
safety codes are strictly enforced. All automated and non-automated
documents are protected on a 24-hour basis. Perimeter security
includes intrusion alarms, random guard patrols, monitors, key/
passcard/combination controls, receptionist controlled area and
reception alarm button.
3. Procedural and Technical Safeguards: A password is required to
access the system, and additional identification numbers and
passwords to limit access to data to only authorized users. All users
of personal information, in connection with the performance of their
jobs, protect information from public view and from unauthorized
personnel entering an unsupervised area. All authorized users will
sign a nondisclosure statement. To protect the confidentiality of
information contained in the system, when a person leaves or no
longer has authorized duties, the Security Officer deletes his or her
identification number and password, retrieves all-electronic access
cards, and changes all combinations to which the departing employee
had access. The system automatically logs all access to data
resources.
Access to records is limited to those authorized personnel
trained in accordance with the Privacy Act and automatic data
processing (ADP) security procedures. The Contractor is required to
assure the confidentiality safeguards of these records and to comply
with all provisions of the Privacy Act. All individuals who have
access to these records must have the appropriate ADP security
clearances. Privacy Act and ADP system security requirements are
included in the contract for the operations and maintenance of the
system. In addition, the HIPDB Project Officer and the System Manager
oversee compliance with these requirements. HRSA staff who are
authorized users will make site visits to the Contractor's facilities
to assure compliance with security and Privacy Act requirements.
The safeguards described above were established in accordance
with DHHS Chapter 45-13 and supplementary Chapter PHS hf: 45-13 of
the General Administration Manual, and the DHHS Information Resources
Management Manual, Part 6. ``ADP Systems Security.''
Retention and disposal:
All records in this system are retained permanently.
System manager(s) and address:
Tony Marziani, Director, Information Systems and Investigative
Support Staff, Office of Investigations, OIG, Room 5046, Cohen
Building, 330 Independence Avenue, SW., Washington, DC 20201, (202)
205-5200.
Notification procedure:
Exempt from certain requirements of the Act. However, an
individual is informed when a record concerning himself or herself is
entered into the Healthcare Integrity and Protection Data Bank.
Requests by mail: Practitioners, providers or suppliers may
submit a ``Request for Information Disclosure'' to the address under
system location for any report on themselves. The request must
contain the following: Name, address, date of birth, gender, Social
Security Number, professional schools and years of graduation, and
the professional license(s). For license, include: The license
number, the field of licensure, the name of the State or Territory in
which the license is held, and Drug Enforcement Administration
registration number(s). Practitioners must sign and have notarized
their requests. Submitting a request under false pretenses is a
criminal offense subject to, at a minimum, a $5,000 fine under
provisions of the Privacy Act.
Requests in person: Due to security considerations, the HIPDB
cannot accept requests in person.
Request by telephone: Individuals may provide all of the
identifying information stated above to the HIPDB Helpline operator.
Before the data request is fulfilled, the operator will return a
paper copy of this information for verification, signature and
notarization.
Record access procedures:
Same as notification procedures. Requesters also should
reasonably specify the record contents being sought.
Contesting records procedures:
The HIPDB routinely mails a copy of any report filed in it to the
subject. The subject may contest the accuracy of information in the
HIPDB concerning himself, herself, or itself and file a dispute. To
dispute the accuracy of the information, the individual must notify
the HIPDB by:
(1) Identifying the record involved; (2) specifying the
information being contested; (3) stating the corrective action sought
and reason for requesting the correction; and (4) submitting
supporting justification and/or documentation to show how the record
is inaccurate. At the same time, the individual must attempt to enter
into discussion with the reporting entity to resolve the dispute.
Additional detail on the process of dispute resolution can be found
at 45 CFR 61.15 of the HIPDB regulations.
Record source categories:
Entities that have submitted records on individuals and
organizations contained in the system; State Licensing Boards,
including State Medical and Dental Boards, Federal and State Agencies
as defined in the Act, and health plans as defined in the Act who
take a final adverse action (not including settlements in which no
findings of liability have been made) taken against a health care
provider, supplier, or practitioner. (See PURPOSE section above)
Systems exempted from certain provisions of the act:
The Secretary has exempted this system from certain provisions of
the Act. In accordance with 5 U.S.C. 552a(k)(2) and 45 CFR
5b.11(b)(ii)(F), this system is exempt from subsections (c)(3),
(d)(1)-(4), and (e)(4)(G) and (H) of the Privacy Act.
09-90-0150
System name: Research and Demonstration Data System, HHS/OCSE.
Security classification:
None.
System location:
Office of Child Support Enforcement, Department of Health and
Human Services, 6110 Executive Boulevard, Rockville, Maryland 20852.
Contractor Sites: Contractor addresses may be obtained by writing
to the System Manger at the address below.
Categories of individuals covered by the system:
Records may be maintained on custodial parents, absent parents,
and their children. Such persons may include those who are eligible
for and receiving AFDC, Food Stamps, Medicaid, and Title XX social
services as well as those who are non-AFDC recipients of Child
Support Enforcement (CSE) services and their relations.
Categories of records in the system:
The system will maintain records which will be used for
statistical and research analysis only, as well as other records
which will be used to conduct program functions involving the
research and demonstration projects. Participants will be informed at
the time of data collection that information obtained by survey or
interview exclusively for statistical and research purposes will be
protected from disclosure for other purposes to the fullest extent
permissible by law.
The information in this system may include for any person such
items as name, social security number, date of birth, State case
identification number, local identification number, type of case
(AFDC, non-AFDC, full service, locate only, paternity, etc.), sex,
education, race, marital status, medical insurance, AFDC benefits,
Food Stamp benefits, Medicaid benefits, gross earned income, work
expenses, disregards, child care expenses, unearned income, shelter
expenses, Title XX payments, child support obligated amount, child
support payments paid and received, employment, assets, and other
information as may from time to time be needed. The actual
information obtained will vary from research project to research
project and may include all, none, or some of the items listed.
Authority for maintenance of the system:
Pub. L. 93-647; Pub. L. 96-272; Sec. 1110 of Social Security Act;
Pub. L. 98-378.
Purpose(s):
To enable researchers to obtain data needed to conduct various
research and demonstration projects in the area of child support
enforcement. These projects are to add to existing knowledge and
promote improvements or new methods and techniques in the area of
child support enforcement operations.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Disclosure may be made to the Department of Justice in the
event of litigation where the defendant is (a) the Department of
Health and Human Service (HHS), any component of HHS, or any employee
of HHS in his or her official capacity; (b) the United States where
HHS determines that the claim, if sucessful, is likely to directly
affect the operations of HHS or any of its components; or (c) any HHS
employee in his or her individual capacity where the Justice
Department has agreed to represent such employee. In these cases, HHS
may disclose such records as it deems desirable or necessary to the
Department of Justice to enable that department to present an
effective defense, provided such disclosure is compatible with the
purpose for which the records were collected.
(2) Disclosure may be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office at the request of the individual.
(3) Disclosure may be made to a contractor under contract to OCSE
for the performance of research and statistical activities directly
related to this system of records in conducting the research and
demonstration projects and to provide a statistical data base for
research studies.
(4) Records may be disclosed to student volunteers, individuals
working under a personal services contract, and other individuals
performing functions for the Department but technically not having
the status of agency employees, if they need access to the records in
order to perform their assigned agency functions.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Data may be maintained on disk, magnetic tape, paper records or
other formats as appropriate for the individual research project.
Retrievability:
Access to records will vary from project to project and may
include such methods as name, social security number, State-assigned
case number, etc.
Safeguards:
All contractors must certify that they are in compliance with the
Privacy Act of 1974 and the rules and regulations issued pursuant to
that act in the design, development, or operation of any system of
records on individuals in order to accomplish an agency function
which the contract specifically identifies.
All contractors are also subject to the provisions of a
``Confidentiality of Information'' article. This article provides
that ``Unless otherwise specified, all financial, statistical,
personnel and/or technical data which is furnished, produced, or
otherwise available to the contractor during the performance of this
contract are considered confidential and shall not be used for
purposes other than performance of work under this contract nor
released by the contractor without the prior written consent of the
project officer. Any presentation of any statistical or analytical
materials, or any reports based on information obtained from the
studies covered by this contract, will be subject to review by the
Government's project officer before publication or dissemination.''
In addition, where automated systems are used, safeguards shall
be established in accordance with the Department's ADP Systems
Manual, Part 6, ADP Systems Security.
Retention and disposal:
At the conclusion of research and development studies, upon
acceptance of the final report by OCSE, the identifying information
will be separated from the records and stored in a locked file for a
year, after which it will be destroyed.
System manager(s) and address:
Director, Policy and Planning Division, Office of Child Support
Enforcement, 6110 Executive Boulevard, Rockville, Maryland 20852.
Notification procedure:
An individual can determine if this system contains a record
about him or her by writing to the system manager at the above
address and providing name, address and SSN. (Furnishing the SSN is
voluntary, however, it would make searching for the individual's
record easier and avoid delay. An individual who is unable or
unwilling to furnish his or her SSN will be required to provide other
information such as date and place of birth and both parents' names
to enable us to locate the record. Also, it would be helpful but not
absolutely necessary to identify the particular research project in
which the individual participated.) These procedures are in
accordance with HHS regulations, 45 CFR 5b.5.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. These access
procedures are in accordance with HHS regulations 45 CFR 5b.5.
Contesting record procedures:
Contact the official at the address specified under System
Manager and Address above, and reasonably identify the record and
specify the information to be contested and corrective action sought
with supporting justification. These procedures are in accordance
with HHS regulations 45 CFR 5b.7.
Record source categories:
Records in this system will be derived from individuals, program
records of other Federal/State welfare programs (e.g., AFDC,
Medicaid, Food Stamps, SSI), survey data collected by contractors,
child support enforcement agencies, Health Care Financing
Administration, employers, and other departments, agencies, or
instrumentalities of the United States or any State.
Systems exempted from certain provisions of the act:
None.
09-90-0200
System name:
Child Care Subsidy Program Records (HHS).
Security classification:
None.
System location:
Records are located throughout HHS in offices of agency child
care program administrators and in offices of contract employees
engaged to administer the subsidy programs. Since there are several
sites around the country, contact the appropriate System Manager
listed in Appendix A for more details about specific locations.
Categories of individuals covered by the system:
The individuals in the system are employees of the Administration
on Aging (AoA), Office of the Secretary (OS), Substance Abuse and
Mental Health Services Administration (SAMHSA), Food and Drug
Administration (FDA), Program Support Center (PSC) and Health
Resources and Services Administration (HRSA) in the Department of
Health and Human Services (HHS), who voluntarily apply for child care
subsidies.
Categories of records in the system:
Application forms for a child care subsidy contain personal
information, including employee's (parent) name, Social Security
Number, grade, home phone number, home address, total income, number
of dependent children, and number of children on whose behalf the
parent is applying for a subsidy, information on any tuition
assistance received from State/County/local child care subsidy, and
information on child care providers used, including their name,
address, provider license number, and State where license issued,
tuition cost, provider tax identification number, and copies of
Internal Revenue Form 1040 for verification purposes.
Authority for maintenance of the system:
Section 1(a)(3) of Public Law 106-554 (Consolidated
Appropriations Act) and Executive Order 9397 (November 22, 1943).
Purpose(s):
To establish and verify HHS employee's eligibility for child care
subsidies in order for HHS to provide monetary assistance to its
employees.
Routine uses of records maintained in the system, including
categories of users and the purpose of such uses:
1. Disclosure may be made to a Member of Congress or to
congressional staff member in response to a request for assistance
from the Member by the individual of record.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation, and
HHS determines that the use of such records by the Department of
Justice, court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. HHS intends to disclose information from this system to an
expert, consultant, or contractor (including employees of the
contractor) of HHS if necessary to further the implementation and
operation of this program.
4. Disclosure may be made to a Federal, State, or local agency
responsible for investigating, prosecuting, enforcing, or
implementing a statute, rule, regulation, or order, where the
Department of Health and Human Services is made aware of a violation
or potential violation of civil or criminal law or regulation.
5. Disclosure may be made to the Office of Personnel Management
or the General Accounting Office when the information is required for
evaluation of the subsidy program.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information may be collected on paper or electronically and may
be stored as paper forms or on computers.
Retrievability:
The records are retrieved by name and may also be cross-
referenced to Social Security Number.
Safeguards:
--Authorized Users: Only HHS personnel working on this project
and personnel employed by HHS contractors to work on this project are
authorized users as designated by the system manager.
--Physical Safeguards: Records are stored in lockable metal
file cabinets or security rooms.
--Procedural Safeguards: Contractors who maintain records in
this system are instructed to make no further disclosure of the
records, except as authorized by the system manager and permitted by
the Privacy Act. Privacy Act requirements are specifically included
in contracts.
--Technical Safeguards: Electronic records are protected by use
of passwords.
--Implementation Guidelines: HHS Chapter 45-13 of the General
Administration Manual, ``Safeguarding Records Contained in Systems of
Records and the HHS Automated Information Systems Security Program
Handbook, Information Resources Management Manual.''
Retention and disposal:
Disposition of records is according to the National Archives and
Records Administration (NARA) guidelines.
System manager(s) and address:
The records of individuals applying for and receiving child care
subsidies are managed by System Managers at the various HHS sites
listed in Appendix A.
Notification procedure:
Individuals may submit a request a request with a notarized
signature on whether the system contains records about them to the
local System Manager.
Record access procedures:
Request from individuals for access to their records should be
addressed to the local System Manager. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosures of their records, if any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedures above and reasonably identify the record, specify the
information being contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information is provided by HHS employees who apply for child care
subsidies. Furnishing of the information is voluntary.
System cxempted From certain provisions of the Act:
None.
Appendix A
1. For employees of the Office of the Secretary and the
Administration on Aging, nationwide, contact: Child Care Subsidy
Program Coordinator, PSC Work/Life Center, Room 1250, 330 C Street,
SW., Washington, DC 20201.
2. For employees of the Substance Abuse and Mental Health
Services Administration, contact: Director, Division of Human
Resources Management, Office of Program Services, Substance Abuse and
Mental Health Services Administration, 5600 Fishers Lane, Rockville,
Maryland 20857.
3. For employees of the Food and Drug Administration, nationwide,
contact: Child Care Subsidy Program Coordinator, Office of Human
Resources and Management Services, Food and Drug Administration--HFA-
410, 5600 Fishers Lane, Rockville, Maryland 20857.
4. For employees of the Program Support Center, contact: Work &
Family Coordinator, Program Support Center, Room 1250, 330 C Street
SW., Washington, DC 20201.
5. For employees of the Health Resources and Services
Administration, nationwide, contact: Child Care Subsidy Program
Coordinator, Health Resources and Services Administration, 5600
Fishers Lane, Room 13-25, Rockville, MD 200857.
09-90-1101
System name: Optional Form 55 Cards Issuance Log, HHS/OS/RIX/
ORD/DAS.
Security classification:
None.
System location:
DHHS, Region IX, Office of the Regional Director, Division of
Administrative Services, 50 United Nations Plaza, Room 30, San
Francisco, California 94102.
Categories of individuals covered by the system:
All persons who have been issued United States Government
Identification Cards (Optional Form 55, or OF-55) by the DHHS Region
IX Division of Administrative Services. This includes (1) federal
employees working in the federal office building at 50 United Nations
Plaza, San Francisco, California; (2) certain private individuals
(``contractors'') providing services at that location; (3) DHHS
employees working elsewhere in San Francisco; and (4) DHHS employees
working in Region IX and requesting an official identification card.
Categories of records in the system:
Serial number of OF-55 card, date of issuance, name of individual
to whom issued, individual's agency designation (for federal
employees, the employing agency; for other individuals, indication of
non-federal status and/or the employer), and void date for the card.
In addition, for individuals in the first three catagories above, the
system will contain a small photograph of the individual.
Authority for maintenance of the system:
18 U.S.C. 499, 701; 40 U.S.C. 318a-318c, 486(c), 490; 41 CFR 101-
20.302, 101-20.501 to .503.
Purpose(s):
The system is used with the identification cards in a building
security plan for the federal office building at 50 United Nations
Plaza, San Francisco. Agency staff may refer to the system when an
individual presents a card for admission to the building, to
determine whether the card is valid and whether the individual
presenting it is the one to whom it was issued.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) In the event that the system of records indicates a violation
or potential violation of law, whether civil, criminal, or regulatory
in nature, and whether arising by general or particular program
statute, or by regulation, rule, or order issued pursuant thereto,
the relevant records in the system may be referred to the appropriate
federal, state, or local agency charged witht the responsibility of
investigating or prosecuting such violation or enforcing or
implementing the statute or rule, regulation, or order issued
pursuant thereto.
(2) A record from this system of records may be disclosed to a
federal, state, or local agency maintaining civil, criminal, or other
relevant enforcement or other pertinent records, such as current
licenses, if necessary to obtain a record relevant to an agency
decision concerning the hiring or retention of an employee, the
issuance of a security clearance, the letting of a contract, or the
issuance of a license, grant, or other benefit. A record from this
system of records may be disclosed to a federal agency, in response
to its request, in connection with the hiring or retention or an
employee, the issuance of a security clearance, the reporting of an
investigation of an employee, the letting of a contract, or the
issuance of a license, grant or other benefit by the requesting
agency, to the extent that the record is relevant and necessary to
the requesting agency's decision on the matter.
(3) Where a contract between a component of the Department and a
labor organization recognized under E.O. 11491 provides that the
agency will disclose personal records relevant to the organization's
mission, records in this system of records may be disclosed to such
organization.
(4) Disclosures may be made to persons participating in employee
discipline or competence determination proceedings for the purposes
of such proceedings.
(5) Disclosure from the record of an individual may be made to a
congressional office in response to an inquiry from the congressional
office made at the request of that individual.
(6) In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or official capacity; (b) the United States where
the Department determines that the claim, if successful, is likely to
directly affect the operations of the Department or any of its
components; or (c) any Department employee in his or her indiviudal
capacity where the Department of Justice has agreed to represent such
employee, the Department may disclose to the Department of Justice
such records as it deems desirable or necessary to enable that
Department to present an effective defense, provided such disclosure
is compatible with the purpose for which the records were collected.
(7) Upon request any member of the unit(s) responsible for
building security at the federal office building located at 50 United
Nations Plaza, San Francisco, California, the Department may disclose
such records as are needed to ensure the integrity and proper
functioning of the building access security system in effect in that
building.
(8) In the event that an individual to whom we issued an OF-55
card is the subject of an investigation for a violation or potential
violation of law, whether criminal, civil, or regulatory in nature,
and whether arising by general or particular program statute, or by
regulation, rule, or order issued pursuant thereto, relevant records
in the system may be released to the appropriate federal, state, or
local law enforcement agency charged with the responsibility of
investigating or prosecuting such violation or charged with enforcing
or implementing the statute enforcing or implementing the statute or
rule, regulation, or order issued pursuant thereto.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The printed information is recorded in log format and kept in a
binder. The photographs (only of HHS San Francisco employees and
Federal employees and contractors needing access card to 50 United
Nations Plaza building) are also stored in the binder, but on
separate pages from the printed information. (Only the individual's
OF-55 serial number accompanies the photograph.)
Retrievability:
The records are retrieved by serial numbers of the OF-55 cards.
(Retrieval of the printed information by manual search of employees'
and contractors' names would also be possible under exigent
circumstances.)
If abuse of the building access security system or unauthorized
use of card is suspected, the Division of Administrative Services may
provide the individual's name and component/office to the Regional
Director and/or the employee's supervisor for investigation.
Safeguards:
Direct access is restricted to the System Manager (see below).
The log binder is kept in a locked file cabinet. The System Manager's
office is locked during non-work hours.
Retention and disposal:
When an employee resigns, retires, or otherwise terminates
employment, or a contractor no longer needs access to the 50 United
Nations Plaza building, his/her OF-55 card must be surrendered. When
it is returned to the System Manager, the employee's or contractor's
log entry will be removed and his/her photograph and card will be
destroyed. If a new card is issued to an employee or contractor when
his/her old card expires, the log entry will be updated to reflect
the new card's serial number and void date.
System manager(s) and address:
Chief, Logistics Branch, Division of Administrative Services,
DHHS, 50 United Nations Plaza, Room 30, San Francisco, California
94102.
Notification procedure:
Inquiries should be addressed to the System Manager; the serial
number on the OF-55 card should be provided.
Record access procedures:
Same as notification procedure.
Contesting record procedures:
Contact the System Manager specified above; reasonably identify
the record and specify the information to be contested and indicate
corrective action sought and reason for corrections with supporting
justification. (These procedures are in accordance with Department
Regulations (45 CFR 5b.7).)
Record source categories:
Name and agency designation are supplied by the employee or
contractor. The photograph is taken when the OF-55 card is issued.
Serial number, date of issuance, and void date are assigned or
supplied by the Division of Administrative Services when the OF-55
card is issued.
Systems exempted from certain provisions of the act:
None.
09-90-1200
System name:
Workplace Violence Prevention Team (WVPT) Records, HSS/OS/ASMB/
OHR.
Security classification:
None.
System location:
Records are located throughout HHS in offices designated to
provide workplace violence prevention services. Since there are
numerous sites around the country available for these services,
contact the appropriate system manager in Appendix A for more details
about specific locations.
Categories of individuals covered by the system:
Individuals covered by this system include: persons who report
potential or actual workplace violence; persons accused of
threatening to commit, or committing workplace violence; and persons
interviewed or investigated in connection with reports or allegations
of potential or actual workplace violence.
Categories of records in the system:
This system contains written and electronic records on each
person who contacts the WVPT for assistance. It also contains records
on individuals who are being interviewed and investigated by the
WVPT. The records typically contain demographic data such as the
individual's name, pay plan, grade level, employing organization,
office location, duty hours, telephone number, and name of
supervisor.
Information is also maintained about the workplace violence
situation that is concerning the person who contacts the WVPT. This
includes descriptions of events related to the workplace violence
situation, others involved, as well as dates and locations of events.
Each record will also contain an assessment of the situation by the
WVPT, information regarding any interviews that were conducted, and
the recommended interventions.
If the WVPT is interviewing a person because of someone else's
report, the record of the person being interviewed may also contain
information that was obtained through interviews with the supervisor,
Federal or local law enforcement personnel, HHS security staff, co-
workers, and any others involved in the situation.
Authority for maintenance of the system:
5 U.S.C. 7901 (Health Services Programs);
5 U.S.C. 7902 (Safety Programs)
Purpose(s):
The agency maintains this system of records to:
1. Administer health programs related to workplace violence
prevention activities;
2. Administer and support safety programs that help reduce
accidents and injuries among employees;
3. Monitor or follow up on violent or potentially violent
situations in HHS;
4. Help WVPT members make assessments of violent or potentially
violent situations and then make recommendations regarding
interventions to those persons involved with the situations;
5. Prepare administrative reports, conduct evaluations, or audit
the activities of the teams; and
6. Inform management, medical personnel and security staff in HHS
of potential and actual dangerous situations that require action to
assure the safety and health of employees.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be released:
1. To a congressional office when it has received a written
inquiry from an individual about whom a record is maintained in this
system. This request will be verified before disclosure from the
individual's record will be made to the congressional office.
2. When a person or property is harmed, or when threats of harm
to a person or property are reported, disclosure will be made, as
appropriate, to law enforcement authorities, medical treatment
authorities, and those persons being threatened or harmed.
3. To the Department of Justice, a court or other tribunal, when:
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records are collected. The local System Manager will
approve any disclosure made under this routine use.
4. To student volunteers, interns, individuals working under a
personal services contract, organizations working under contract, and
other individuals performing functions for the Department but
technically not having the status of agency employees, if they need
access to the records to perform their assigned duties. This includes
those performing threat or risk assessments. Contractors will be
required to maintain Privacy Act safeguards with respect to such
records. These safeguards are explained in the section entitled
``Safeguards.''
5. To qualified personnel for research, audit, or evaluation
purposes.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
These records are maintained in file folders and on password-
protected computers, and computer disks. Folders and computer disks,
when not in use, are stored in a secured area accessible only to
members of the WVPT.
Retrievability:
These records are retrieved by employee name (those who reported
a violent or potentially violent event and those who were reported),
event date, and event location.
Safeguards:
1. Authorized Users: Access to these records is limited to
members of the WVPT. Others working with the WVPT, such as outside
consultants, when approved by the team, may have access for the
purpose of investigating a situation, preparing reports, or
conducting evaluations and audits.
2. Physical Safeguards: All paper records are stored in metal
filing cabinets equipped with locks, preferably combination. The file
cabinets are stored in secure areas with access limited to the WVPT
members. Computer records are stored on disks or computers that are
password protected or are systems discreet from other computer
systems. Disks are stored in the same manner as paper records.
3. Procedural Safeguards: Information will only be released from
this system of records in accordance with the routine uses described
above or as provided by the Privacy Act's disclosure provisions.
Those who are serviced by the WVPT will be informed in writing about
the WVPT's confidentiality procedures when they begin the process.
Consultants must not disclose records. Secondary disclosure of
information is prohibited unless permitted by a routine use or other
of the Privacy Act's disclosure provisions.
4. Contractor Guidelines: Contractors who are given records under
routine use �3 must maintain the records in a secured area, allow
only those individuals immediately involved in the processing of the
records to have access to them, prevent unauthorized persons from
gaining access to the records, and return records to the System
Managers immediately upon completion of the work specified in their
contracts. Contractor compliance is assured through inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Managers and as stated in the contracts.
Retention and disposal:
Records are destroyed two years after the incident/situation has
been closed by the WVPT or until any litigation/third party action
about it has been resolved. Files will be destroyed only by a WVPT
team member and with a witness present. Paper records will be
destroyed by shredding or burning. Information stored on computers
will be destroyed by deleting all appropriate portions of floppy
disks, hard drives, tapes, and other electronic media that may
contain the record. Consultant and contractor records will be
transferred to the local WVPT for destruction.
System manager(s) and address:
The records of individuals served by the WVPT are managed by
local System Managers in the various HHS sites listed in Appendix A.
Notification procedures:
For purposes of notification, the subject individual, and/or the
individual's legal representative should write to the local System
Manager who will require the system name, requestor name, address,
and Social Security Number to ascertain whether the individual's
record is in the system.
Record access procedures:
For purposes of access, use the same procedures outlined in
Notification Procedures above. Requestors must also reasonably
specify the record contents being sought. (These procedures are in
accordance with Department regulation 45 CFR 5b.5(a)(2).)
Contesting record procedures:
The subject individual shall contact the System Manager and
reasonably identify the record and specify the information being
contested. State the corrective action sought (addition to, deletion
of, or substitution of) and the reasons for the correction with
supporting justification. (These procedures are in accordance with
Department regulation 45 CFR 5b.7.)
Record source categories:
Information in this system of records is supplied by the
individual contacting the WVPT, this individual's coworkers
(including the supervisor), a member of the individual's family,
sources to/from whom the individual has been referred for assistance,
Departmental officials involved in the situation (such as security
staff), or other sources involved with the situation and its
resolution.
Systems exempted from certain provisions of the Act:
None.
Appendix A
1. For employees in the Southwest DC area, contact: Workplace
Violence Prevention Team Leader, PSC Work/Life Center, 330 C Street,
SW, Room 1250, Washington, DC 20201.
2. For employees on the MIH Campus in Bethesda, MD, contact:
Critical Incidents Violence Intervention League (CIVIL) Team Leader,
OHRM/OD, 31 Center Drive, Room 1C39, Bethesda, MD 20892.
3. For employees at HCFA headquarters in Baltimore, MD, contact:
Crisis Management Team Leader, 7500 Security Boulevard, Room S1-23-
27, Baltimore, MD 21244.
4. For employees at CDC headquarters in Atlanta, GA, contact:
Crisis Management Team Chair, Associate Director for Management and
Operations, 1600 Clifton Road, NE, MS-D15, Atlanta, GA 30333, or,
Crisis Management Team Co-Chair, Employee Relations Specialist, 4770
Buford Highway, MS-K17, Atlanta, GA 30341-3274.
5. For employees in SAMHSA, contact: SAMHSA Crisis Intervention
Team Leader, SAMHSA, Division of Human Resources Management, 5600
Fishers Lane, Room 14C17, Rockville, Maryland 20857, 301-443-4006.
09-90-9999
System name: Automated Litigation Tracking System, HHS/OS/OGC.
Security classification:
None.
System location:
The database and software for this computerized system will be
located at the Parklawn Computer Center (part of the Public Health
Service) located at 5600 Fishers Lane, Rockville, Maryland 20857.
Each OGC location identified in the Appendix on the
Administrative Claims System (09-90-0062) Federal Register,
Wednesday, October 13, 1982 (47 FR 45540-45542) will have access to
the database and software via one or more CRT terminals.
Categories of individuals covered by the system:
The individuals on whom records are maintained in this system
are: (1) Individuals who are involved in litigation with the
Department or the United States (regarding matters within the
jurisdiction of the Department) either as plaintiffs or as defendants
in both civil and criminal matters, (2) individuals who either file
administrative compliants with the Department or are the subjects of
administrative complaints initiated by the Department, including
claims which are the subjects of records maintained in the
Administrative Claims System, 09-90-0062, (3) individuals who are
named parties in cases in which the Department believes it will or
may become involved, and (4) OGC attorneys to whom cases are
assigned.
Categories of records in the system:
The records contain information to identify: (1) The cases and
legal actions that the Department either is involved in or in which
it believes it will or may become involved, (2) the people involved
in each case, (3) where within the government the case has been
assigned, (4) what the status of the case is, including the key
events that may have occurred, and (5) the legal and programmatic
issues of the case.
Authority for maintenance of the system:
The authority for maintaining this system are the various
statutes, regulations, rules or orders pertaining to the subject
matter of the litigation, administrative complaint or adverse
personnel action, (e.g., Public Health Service Act; Social Security
Act; Civil Rights Act; Federal Food, Drug and Cosmetic Act; Federal
Tort Claims Act, 28 U.S.C. 2671-2680, 1346(b); Waiver of Overpayment
of Pay Act, 5 U.S.C. 5584; Military Personnel and Civilian Employees
Claims Act, 31 U.S.C. 240-243; Federal Claims Collection Act, 31
U.S.C. 951-953; and Federal Medical Care Recovery Act, 42 U.S.C.
2651-2653).
Purpose(s):
To enable the Office of the General Counsel to: (1) More
efficiently and effectively use its resources in court and
administrative proceedings, (2) provide a research tool that will
permit attorneys to identify when and where similar litigation has
occurred, and (3) enable management to better balance the attorney
workload.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records are used in communicating with, among others, Federal,
State, and local law enforcement agencies, private individuals,
private and public hospitals, allegedly negligent parties, private
attorneys, insurance companies, the United States Attorney and other
Federal officials and agencies, individual law enforcement officers,
and tribal officials. These communications are all for the purpose of
investigating, settling, or denying claims and subsequent litigation
action.
Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
In the event of litigation where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense provided such
disclosure is compatible with the purpose for which the records were
collected.
In the event that a system of records maintained by this agency
to carry outs its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system or records may referred, as a routing use to
the appropriate agency, whether Federal, state, local, or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute,
rule, regulation, or order issued pursuant thereto.
In the event the Department deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
A record from this system of records may be disclosed as a
``routine use'' to a Federal, state or local agency maintaining
civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a
record relevant to an agency decision concerning the hiring or
retention of an employee, the issurance of a security clearance, the
letting of a contract, or the issuance of a license, grant or other
benefit.
A record from this system of records may be disclosed to a
Federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the
matter.
A record from this system of records may be disclosed to the
Department of Justice or other appropriate Federal agencies in
defending claims against the United States when the claim is based
upon an individual's mental or physical condition and is alleged to
have arisen because of activities of the Public Health Service in
connection with such individual.
A record from this system of records may be disclosed to any
Federal, state or local agency where the Department deems that the
information is needed for any aspect of administering a Federal,
state, or local program.
Records from this system may be disclosed to a private firm under
contract to the Department for the purpose of having that firm
convert the records to machine readable form, or collate, analyze,
aggregate or otherwise refine the information in the records. The
contractor will be required to maintain Privacy Act safeguards with
respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information will be stored on a variety of computer-readable,
electronic media, including disc, mass storage, and magnetic tape.
Retrievability:
The records in this system will be indexed by the court's docket
number for the litigation and will be retrievable by any information
contained in the record, including by: The name of either party, the
Social Security Number (only for records on cases involving claims
against one or more programs administered by the Social Security
Administration or the Health Care Financing Administration), the name
of the attorney assigned the case, and the legal or programmatic
issues involved.
Only OGC staff will be permitted to retrieve information from
this system.
Safeguards:
The buildings where these records are stored on electronic media
are safeguarded by a variety of physical security systems which
permit access only by authorized computer center personnel and
authorized visitors escorted by computer center staff.
The computer terminals used to access the records are kept in
rooms which are locked at the close of the business day and are
generally accessible only to General Counsel personnel.
Electronically, the records are protected from unauthorized
access by several password oriented systems which produce an audit
trail of all attempts (successful and unsuccessful) to access the
records. In general, this system complies with all security
guidelines published by the Department (Part 6, ADP Systems Manual),
which embodies the guidance presented by the National Bureau of
Standards in the Federal Information Processing Standards.
Retention and disposal:
Records are maintained until the litigation or other judicial
proceedings have ended and for varying periods of time thereafter,
subject to the Federal Records Act and applicable retention
schedules.
System manager(s) and address:
The agency official responsible for the system policies and
practices outlined above is: The General Counsel, Department of
Health and Human Services, Office of the General Counsel, Hubert H.
Humphrey Building, Room 722A, 200 Independence Avenue, SW,
Washington, DC 20201.
Notification procedure:
Any inquiries regarding these systems of records should be
addressed to the System Manager. An individual who requests
notification of or access to a medical record shall, at the time the
request is made, designate in writing a responsible representative
who will be willing to review the record and inform the subject
individual of its contents at the representative's discretion.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. Access will not
be provided to materials compiled by the Department for litigation
purposes, such as information about briefs and recommendations to
appeal or not to appeal, except when such access is granted by the
court as a result of discovery or due process.
Contesting record procedures:
Contact the official designated in the section, ``System
Manager(s) and address'', above; reasonably identify the record and
specify the information that is to be contested; and state the
corrective action sought and your reasons for requesting the
correction, with supporting evidence to show why the record is not
accurate, timely, complete, relevant or necessary.
Record source categories:
The information for this system is obtained through a number of
sources including the exchange of legal pleadings, documents, formal
and informal discovery, program offices and component agencies,
private attorneys, State and local governments, their agencies and
instrumentalities, and officers of other Federal agencies and the
individuals involved.
Systems exempted from certain provisions of the act:
None.
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Program Support Center
Table of Contents
System Number and System Name:
09-40-0001 Public Health Service (PHS) Commissioned Corps
General Personnel Records, HHS/PSC/HRS.
09-40-0002 Public Health Service (PHS) Commissioned Corps
Medical Records, HHS/PSC/HRS.
09-40-0003 Public Health Service (PHS) Commissioned Corps Board
Proceedings, HHS/PSC/HRS.
09-40-0004 Public Health Service (PHS) Commissioned Corps
Grievance, Investigatory and Disciplinary Files, HHS/PSC/HRS.
09-40-0005 Public Health Service (PHS) Beneficiary-contract
Medical/Health Care Records, HHS/PSC/HRS.
09-40-0006 Public Health Service (PHS) Commissioned Corps
Payroll Records, HHS/PSC/HRS.
09-40-0010 Pay, Leave and Attendance Records, HHS/PSC/HRS.
09-40-0011 Proceedings of the board for Corretion of PHS
Commissioned Corps Records, HHS/PSC/HRS.
09-40-0012 Debt Management and Collection System, HHS/PSC/FMS.
09-40-0013 PSC Parking Program and PSC Transhare Program
Reocrds, HHS/PSC/OS.
09-40-0001
System name:
Public Health Service (PHS) Commissioned Corps General Personnel
Records, HHS/PSC/HRS.
Security classification:
None.
System location:
Division of Commissioned Personnel (DCP)/HRS/PSC, Room 4-36,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857-0001.
PHS Health Data Center, GW Long Hansen's Disease Center,
Carville, Louisiana 70721.
National Personnel Record Center, Civilian Personnel Records, 111
Winnebago Street, St. Louis, Missouri 63118.
Duplicates of records may also be maintained in operating offices
(duty stations) of the Department and other agencies and
organizations to which PHS Commissioned Corps officers are assigned.
Contact the System Manager for the location of specific records.
Contact the Rockville, Maryland location before writing to other
record sites.
Names and addresses of contractors given information under
routine use 7 can be obtained from the System Manager at the location
identified below.
Categories of individuals covered by the system:
Individuals who are part of or who have some relationship with
the PHS Commissioned Corps, including: Active duty commissioned
officers, former commissioned officers, inactive reserve officers,
retired commissioned officers, deceased commissioned officers,
dependents and survivors of the above, former spouses of officers,
and applicants to the PHS Commissioned Corps.
Categories of records in the system:
These records contain:
1. Applications for appointment, references and other documents
relating to qualifications or suitability for appointment and
assignment.
2. Official Personnel Folders (OPF), for all officers who are, or
were at one time, on active duty, which include: All documents
related to the application and appointment process; effectiveness
reports; career development and training records; documents relating
to assignment, promotion, retention, separation and all other
personnel actions; records of personnel actions relating to pay,
travel and allowances (including overseas educational allowances for
dependents); documentation of dependent status used to determine
entitlement or eligibility for benefits and identification and
privilege cards; applications and records of service action relating
to the Commissioned Officer Student Training and Extern Programs
(COSTEP) officers; survivor benefit elections; information supporting
officer awards, honors and commendations; documentation supporting
non-board terminations and reprimands issued after final
administrative action; pay records and medical data after death of
subject individual; and leave records.
3. Worksheets, internal forms, internal memoranda and other
documents which result in, or contribute to, an action resulting in a
record identified in 2. above.
4. Service Record cards (summarizing personnel actions).
5. Correspondence relating to the above.
Authority for maintenance of the system:
The Public Health Service Act (42 United States Code [U.S.C.]
202-217, 218a, 224, 228, 233, and other pertinent sections); The
Social Security Act (42 U.S.C. 410(m) et seq.); portions of Title 10,
U.S.C., related to the uniformed services; portions of the Title 37,
U.S.C., related to pay and allowance for members of the uniformed
services; portions of Title 38, U.S.C., related to benefits
administered by the Department of Veterans Affairs; sections of 50
U.S.C. App., related to the selective service obligations and the
Soldiers' and Sailors' Civil Relief Act; Executive Order (E.O.) 9397,
``Numbering System for Federal Accounts Relating to Individual
Persons''; E.O. 10450, ``Security Requirements for Government
Employment''; and E.O. 11140, which delegates the authority to
administer the PHS Commissioned Corps from the President to the
Secretary, HHS.
Purpose(s):
The information is used by the Program Support Center (PSC), DCP,
HHS Operating Divisions (OPDIVs) and other organizations where
commissioned officers are assigned, to:
1. Determine qualifications and suitability for appointment,
selection, career development, training, promotions, assignments,
mobilization, temporary duty, and other types of officer utilization.
2. Determine eligibility for pay, allowances, entitlements,
privileges, and benefits.
3. Prepare the Commissioned Officer Roster and Promotion
Seniority of the Public Health Service.
4. Determine the eligibility or entitlements of dependents and
beneficiaries for benefits based on the service of a PHS commissioned
officer.
5. Give legal force to personnel transactions and establish
officer rights and obligations under the pertinent laws and
regulations governing the commissioned corps personnel system.
6. Provide material for research by the Office of the Secretary,
HHS, concerning the activities of health professionals.
7. Provide information to HHS components seeking to collect an
overdue debt to the Federal Government, but only to the extent
necessary to collect that overdue debt.
8. Provide information about professional qualifications, past
performance and career interests of PHS officers to Department and
Agency officials involved in the selection or assignment of an
officer to a particular program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be used:
1. To locate individuals for personnel research or survey
response, and in the production of summary descriptive statistics and
analytical studies in support of the function for which the records
are collected and maintained, or for related work force studies.
While published statistics and studies do not contain individual
identifiers, in some instances the selection of elements of data
included in the study may be structured in such a way as to make the
data individually identifiable by inference.
2. To disclose information to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
3. To the Department of Justice, a court or other tribunal, when:
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
4. To disclose pertinent information to appropriate Federal,
State, or local agencies; international agencies; or foreign
governments responsible for investigating, prosecuting, enforcing or
implementing statutes, rules, regulations or orders when PHS becomes
aware of evidence of a potential violation of civil or criminal law.
5. To disclose information to an individual who has been asked to
provide a reference, to the extent necessary to clearly identify the
individual to whom the reference will pertain, inform the source of
the purpose(s) of the reference, and to identify the type of
information requested from the source, where necessary to obtain
information relevant to an agency decision concerning the hiring or
retention of any employee, the issuance of a security clearance, the
conducting of a security or suitability investigation of an
individual, the classifying of jobs, the letting of a contract, or
the issuance of a license, grant or other benefit.
6. To disclose to any agency in the executive, legislative or
judicial branch; the District of Columbia Government; a State or
local government agency; a professional credentialing agency or a
non-profit institution, in response to its request, or at the
initiation of the PHS, information in connection with the hiring of
an employee; the issuance of a license, grant or other benefit by the
requesting agency; or the lawful statutory administrative, or
investigative purpose of the agency to the extent that the
information is relevant and necessary to the requesting agency's
decision on the matter.
7. When the Department contemplates contracting with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor will be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards.''
8. To disclose information to the Department of State and
officials of foreign governments for the issuance of passports, visas
and other clearances before an active, retired or inactive officer is
assigned to that country.
9. To disclose information to the Department of Labor, the
Department of Veterans Affairs, Social Security Administration or
other Federal agencies having special employee benefit programs; to a
Federal, State, county or municipal agency; or to a publicly
recognized charitable organization when necessary to adjudicate a
claim under a benefit program, or to conduct analytical studies of
benefits being paid under such programs, provided such disclosure is
consistent with the purposes for which the information was originally
collected.
10. To disclose information to the Office of Management and
Budget (OMB) at any stage in the legislative coordination and
clearance process in connection with private relief legislation as
set forth in OMB Circular No. A-19, or for budgetary or management
oversight purposes.
11. To respond to interrogatories in the prosecution of a divorce
action or settlement for purposes stated in 10 U.S.C. 1408 (``The
Former Spouses' Protection Act'').
12. To disclose information about the entitlements and benefits
of a beneficiary of a deceased officer, retiree, or annuitant for the
purpose of making disposition of the estate.
13. To disclose information to the Department of Defense, United
States Coast Guard or Federal Emergency Management Agency, to the
extent necessary to facilitate participation of PHS employees in
planning, training, and emergency operations in support of civil
defense activities and to provide support in the event of a national
emergency.
14. To disclose information to Government training facilities
(Federal State, and local) and to non-Government training facilities
(e.g., private vendors of training courses or programs, private
schools), for training purposes such as crediting of work experience
in the COSTEP, or verification of status or income.
15. To disclose information to the Defense Enrollment/Eligibility
Reporting System, uniformed services medical treatment facilities and
to the Department of Defense, Office of the Civilian Health and
Medical Program of the Uniformed Services when the information is
needed to verify the eligibility of an officer, his/her dependents,
or a former spouse for medical benefits.
16. To disclose information to agencies or organizations
established in medically underserved areas which apply to the
National Health Service Corps for the assignment of commissioned
officers to such agencies or organizations.
17. To disclose information to an officer assigned to Federal
health care facilities or private sector (i.e., other than Federal,
State, or local government) agencies, boards or commissions (e.g.,
the Joint Commission on Accreditation of Healthcare Organizations),
to obtain accreditation or other approval rating but only to the
extent that the information disclosed is relevant and necessary for
that purpose.
18. To disclose to a private employer who is considering hiring a
former officer information such as the officer's dates of employment,
salary, job title and description, duty station and character and
nature of separation.
19. To disclose information to the Equal Employment Opportunity
Commission when requested in connection with investigations into
alleged or possible discrimination practices in the Federal sector,
examination of Federal affirmative employment programs, or other
functions vested in the Commission by the President's Reorganization
Plan No. 1 of 1978.
20. To disclose to Federal and non-Federal agencies information
allowing the consideration and selection of officers for honor awards
made as a result of the individual's work as a commissioned officer,
and to publicize those awards granted. This may include disclosure to
other public and private organizations, including the news media,
which grant or publicize officer awards and honors.
21. To disclose information to officials of the Selective Service
System to allow crediting of active service performed by an
individual with PHS so that the individual may be properly classified
if draft laws once again become operative.
22. To disclose administrative and personnel information,
including data elements reflected in the Officer Information Summary,
to authorized officials in Federal agencies and other programs where
commissioned officers are assigned such as the State Department; the
Department of Defense; the Department of Justice, Bureau of Prisons
and the Immigration and Naturalization Service; the Transportation
Department, United States Coast Guard; the Environmental Protection
Agency; the Department of the Interior, the United States Park
Service; and the Commerce Department, National Oceanic and
Atmospheric Administration.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Automated files are stored on disks, microfiche, electronic
medium and magnetic tapes. Nonautomated (hard-copy) files are kept in
offices, and may be stored in Lektrievers, safes, cabinets, bookcases
or desks.
Retrievability:
Alphabetically by name, by PHS serial number and/or by Social
Security Number.
Safeguards:
1. Authorized Users
(a) Automated Records. Access to and use of automated records is
limited to: (1) Personnel employed in the PSC and the Office of the
Surgeon General (OSG)/OS, (2) personnel employed in DCP, (3)
authorized officials in HHS components and organizations where
commissioned officers are assigned whose official duties require such
access, and (4) authorized officials in other Federal agencies, such
as those in routine use 22 above, where commissioned officers are
assigned whose official duties require such access. Automated data is
provided to Department personnel officials to update information
contained in their personnel records and pay, leave and attendance
systems. The Human Resources Service (HRS) provides computer design,
programming and support to DCP, and has access to the data to the
extent necessary to facilitate the provision of these services to
DCP. However, HRS personnel are not authorized to grant access to or
make disclosures from automated data in this system to anyone or any
organization without the written approval of the Director of DCP or
to an official to whom this authority has been delegated.
b. Nonautomated records. Access to and use of nonautomated
records is limited to departmental employees whose official duties
require such access or to individuals needing access to the
information for purposes stated under routine uses. These individuals
are permitted access to records only after they have satisfactorily
identified themselves as having an official need to review the
information and have provided satisfactory proof of their identities.
Access is also granted to individuals who have written permission to
review the record when that permission has been obtained from the
individual to whom the record pertains. All individuals from outside
the Department, to whom disclosure is made pursuant to a routine use,
must complete Privacy Act nondisclosure oaths and must submit written
requests for access to these records showing the name and employing
office of the requester, the date on which the record is requested
and the purpose for reviewing the information in the records. This
written request is then placed into the record.
2. Physical safeguards
a. Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
locks. During nonwork hours, all cabinets, storage facilities, rooms
and offices are locked and the premises are patrolled regularly by
building security forces.
b. Nonautomated records. Nonautomated records are kept in such a
way as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are closed and secured in desk drawers with
locks, filing cabinets with locks, or other security equipment, all
of which are kept inside authorized office space which is locked
whenever it is not in use. Keys to furniture and equipment are kept
only by the individual who is assigned to that furniture or equipment
and by the DCP security officer.
3. Procedural safeguards
a. Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel.
Access codes and passwords are changed on a random schedule. In
addition, programming for automated records allows authorized
personnel to access only those records that are essential to their
duties. Remote access to automated data from remote terminals is
restricted to the PSC, OSG and personnel officials where commissioned
officers are employed. No access is permitted to organizations that
do not have automated personnel record-keeping systems that comply
with Privacy Act requirements.
b. Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways and by the building security force. Official records may not be
removed from the physical boundaries of DCP. When records are needed
at a remote location, copies of the records will be provided. When
copying records for authorized purposes, care is taken to ensure that
any imperfect or extra copies are not left in the copier room where
they can be read, but are destroyed or obliterated.
4. Contractor Guidelines. A contractor who is given records under
routine use 7 must maintain the records in a secured area, allow only
those individuals immediately involved in the processing of the
records to have access to them, prevent unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured though inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and as stated in the contract.
Retention and disposal:
These records are maintained for varying periods of time.
Applicant files of individuals selected for appointment as
commissioned officers become a part of the OPF. Applicant files of
individuals not selected for appointment are maintained for one year
after the application process has been completed and are then
destroyed, unless an applicant requests that the file be held open
for an additional year. The OPF is maintained for one year after an
officer is separated from active duty, at which time such officer's
OPF is transferred to a Federal Records Center for permanent storage.
The OPF for inactive reserve officers is maintained at the PHS Health
Data Center. When inactive officers change status, the OPF is
returned to DCP.
The records of a deceased officer are maintained until one year
after an individual's death and are then transferred to a Federal
Record Center for permanent storage, unless a dependent of a deceased
officer continues to receive benefits from PHS based upon the
deceased's PHS service. When a dependent or beneficiary dies or
becomes ineligible for further benefits based on a deceased officer's
service, all records are maintained for one year in the event
information is needed from the records to help settle an estate, and
are then transferred to the Federal Records Center for permanent
storage.
Service Records Cards, which list critical data with regard to
the dates or all officers' appointments, reassignments, separations,
retirements and deaths, are maintained permanently by the System
Manager.
System manager(s) and address:
Director, DCP/HRS/PSC, Room 4A-15, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857-0001.
Notification procedure:
Same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. An individual (and/or the individual's
legal representative) seeking access to his/her records may contact
the DCP Privacy Act Coordinator for information about obtaining
access to the records. Each individual seeking access will be
required to verify his/her identity to the satisfaction of the DCP
Privacy Act Coordinator. Refusal to provide sufficient proof of
identity will result in denial of the request for access until such
time as proof of identity can be obtained. The System Manager has
authority to release records to authorized officials within DCP, HHS
and other organizations where commissioned officers are assigned.
2. Requests in person. An individual who is the subject of a
record and who appears in person seeking access shall provide his/her
name and at least one piece of tangible identification (e.g., PHS
Commissioned Corps Identification Card, driver's license or
passport). Identification cards with current photograph are required.
The records will be reviewed in the presence of an appropriate DCP
employee who will answer questions and ensure that the individual
neither removes nor inserts any material into the record without the
knowledge of the DCP employee. If the individual requests a copy of
any records reviewed, the DCP employee will provide them to the
individual. The DCP employee will record the name of the individual
granted access, the date of access, and information about the
verification of identity on a separate log sheet maintained in the
office of the Privacy Act Coordinator, DCP.
3. Requests by mail. Written requests must be addressed to the
System Manager or the DCP Privacy Act Coordinator at the address
shown as the system location above. All written requests must be
signed by the individual seeking access. A comparison will be made of
that signature and the signature maintained on file prior to release
of the material requested. Copies of the records to which access has
been requested will be mailed to the individual. The original version
of a record will not be released except in very unusual situations
when only the original will satisfy the purpose of the request.
4. When an individual to whom a record pertains is mentally
incompetent or under other legal disability, information in the
individual's records may be disclosed to any person who is legally
responsible for the care of the individual, to the extent necessary
to assure payment of benefits to which the individual is entitled.
5. Requests by phone. Because positive identification of the
caller cannot be established with sufficient certainty, telephone
requests for access to records will not be honored.
6. Accounting of disclosures. An individual who is the subject of
records maintained in this records system may also request an
accounting of all disclosures made outside the Department, if any,
that have been made from that individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
From individual officers, applicants, persons providing
references, dependents, former spouses of officers, governmental and
private training facilities, health professional licensing and
credentialing organizations, government officials and employees and
from the records contained in the following systems: 09-40-0002,
Public Health Service (PHS) Commissioned Corps Medical Records, HHS/
PSC/HRS; 09-40-0003, Public Health Service (PHS) Commissioned Corps
Board Proceedings, HHS/PSC/HRS; 09-40-0004, Public Health Service
(PHS) Commissioned Corps Grievance, Investigatory and Disciplinary
Files, HHS/PSC/HRS; 09-40-0005, Public Health Service (PHS)
Commissioned Corps Beneficiary-Contract Medical/Health Care Records,
HHS/PSC/HRS; and 09-40-0006, Public Health Service (PHS) Commissioned
Corps Payroll Records, HHS/PSC/HRS.
System from certain provision of the act:
None.
09-40-0002
System name:
Public Health Service (PHS) Commissioned Corps Medical Records,
HHS/PSC/HRS.
Security classification:
None.
System location:
Medical Affairs Branch (MAB), DCP/HRS/PSC, Room 4C-14, Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857-0001.
Records in this system are kept at the address shown above when
the person to whom the record pertains has an active relationship
with the PHS Commissioned Corps personnel system. When an officer
ceases the active relationship with the commissioned corps, the
records are combined with the Official Personnel Folder (OPF) in
records system 09-40-0001, Public Health Service (PHS) Commissioned
Corps General Personnel Records, HHS/PSC/HRS, and transferred to the
appropriate facility as outlined in 09-40-0001.
Duplicates of records may also be maintained in operating offices
(duty stations) of the Department and other agencies and
organizations to which PHS Commissioned Corps officers are assigned.
Contact the System Manager for the location of specific records.
Names and addresses of contractors given information under
routine use 4 can be obtained from the System Manager at the location
identified below.
Categories of individuals covered by the system:
PHS commissioned officers (including active, inactive,
terminated, retired and deceased officers), applicants to the
commissioned corps, and dependents of officers seeking Defense
Enrollment/Eligibility Reporting System eligibility on the basis of
incapacity.
Categories of records in the system:
Medical files and records on individuals identified above;
medical board records from Medical Review Boards and Appeals Boards,
including board reports and supporting medical documentation; death
case files and supporting documents; sick leave records; performance
and behavior documentation of individuals as may relate to medical
conditions; and correspondence relating to the above.
Authority for maintenance of the system:
The Public Health Service Act (42 United States Code (U.S.C.)
202-217, 218a, 224, 228, 233, and other pertinent sections); The
Social Security Act (42 U.S.C. 410(m) et seq.); portions of Title 10,
U.S.C., related to the uniformed services; portions of the Title 37,
U.S.C., related to pay and allowance for members of the uniformed
services; portions of Title 38, U.S.C., related to benefits
administered by the Department of Veterans Affairs; sections of 50
U.S.C. App., related to the selective service obligations and the
Soldiers' and Sailors' Civil Relief Act; E.O. 9397, ``Numbering
System for Federal Accounts Relating to Individual Persons''; E.O.
10450, ``Security Requirements for Government Employment''; and E.O.
11140, which delegates the authority to administer the PHS
Commissioned Corps from the President to the Secretary, HHS.
Purpose(s):
The information is used by the Program Support Center (PSC), DCP,
HHS Operating Divisions (OPDIVs) and other organizations where
commissioned officers are assigned, to:
1. Evaluate applicants for appointment and officers for
reassignment, reactivation and fitness for duty and suitability for
retention on active duty.
2. Make determinations about the level of an officer's disability
and entitlement to disability severance or retired pay.
3. Make determinations regarding EEO complaints or grievances
filed by the officer, if the nature of the complaint suggests that
pertinent evidence may be located in the medical record.
4. Make determinations about the level of a dependent's
disabilities or incapacities which may make the dependent eligible
for benefits from PHS.
5. Make budgetary estimates about the cost of disability
severance and retired pay.
6. Prepare reports or provide statistical information relating to
the medical status of officers.
7. Initiate or support disciplinary or other adverse actions by
the Director, DCP, against applicants or officers for misconduct.
8. Support monitoring of compliance of officers with the
requirements of their professional licensing or certifying
authorities.
9. Make decisions about funding, use, access, location and
quality of medical care and promote continuity of medical evaluation
and treatment.
10. Monitor officer compliance with recommended treatment and
with commissioned corps policies regarding sick leave.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be used:
1. To disclose information to the Department of Veterans Affairs;
Bureau of Prisons (Department of Justice); Coast Guard (Department of
Transportation); Department of State; Department of Defense; NOAA
(Department of Commerce); Agency for International Development,
Environmental Protection Agency and other Federal agencies or
civilian health care providers where commissioned officers are
assigned or are receiving medical treatment or voluntary or directed
evaluations to ensure continuity of evaluation and/or treatment, to
assure medically appropriate assignments and duty limitations, to
support disciplinary or other adverse actions and to assure
compliance with sick leave policies.
2. To disclose information to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
3. To promote continuity of care by supplying information to
Government or civilian medical care facilities and/or practitioners
who, under contract or as otherwise authorized or due to an
emergency, provide treatment to officers and their dependents.
4. When the Department contemplates contracting with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor will be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards''.
5. To the Department of Justice, a court or other tribunal, when:
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
6. To provide information relating to the disability or death of
officers to the Social Security Administration to determine the
Social Security benefits or other benefits which may be available to
the officer or to the survivors of deceased officers.
7. To provide information to Federal agencies such as the
Department of Veterans Affairs and State Workers' Compensation
offices to help adjudicate post-service claims for benefits.
8. Information regarding the commission of crimes or the
reporting of occurrences of communicable diseases, tumors, child
abuse, births, deaths, alcohol or drug abuse, etc., may be disclosed
as required by health providers and facilities by State law or
regulation of the department of health or other agency of the State
or its subdivision in which the facility is located. Disclosures will
be made to organizations as specified by the State law or regulation,
such as births and deaths to the vital statistics agency and crimes
to law enforcement agencies. Disclosure of the contents of records
which pertain to patient identity, diagnosis, prognosis, or treatment
of alcohol or drug abuse is restricted under the provisions of the
Confidentiality of Alcohol and Drug Abuse Patient Records Regulation
42 CFR part 2, as authorized by 21 U.S.C. 1175 and 42 U.S.C. 290dd.2,
as amended by Pub. L. 98-24 and 102-321.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Automated files are stored on disks, microfiche and magnetic
tapes. Nonautomated (hard-copy) files are kept in offices, and may be
stored in Lektrievers, Conserve-a-files, safes, cabinets, bookcases
or desks.
Retrievability:
Alphabetically by name, by PHS serial number and/or by Social
Security Number.
Safeguards:
1. Authorized Users
a. Automated Records. Access to and use of automated records is
limited to personnel employed in the MAB and certain employees of the
Office of the Director, DCP. Selected information may be released to
employees in DCP whose official duties require such access. The Human
Resources Service (HRS) provides computer design, programming and
support to DCP, and has access to the data to the extent necessary to
facilitate the provision of these services to DCP. However, HRS
personnel are not authorized to grant access to or make disclosures
from automated data in this system to anyone or any organization.
b. Nonautomated records. Access to and use of nonautomated
records is limited to MAB, certain members of the Office of the
Director, DCP, and departmental employees, such as EEO officials and
members of Medical Review and Appeals Boards, whose official duties
require such access to the information for purposes stated under
routine uses or purposes. These individuals are permitted access to
records only after they have satisfactorily identified themselves as
having an official need to review the information and have provided
satisfactory proof of their identities. Access is also granted to
individuals who have written permission to review the record when
that permission has been obtained from the individual to whom the
record pertains. All individuals other than DCP employees must
complete Privacy Act nondisclosure oaths and, except for Medical
Board members, must submit written requests for access to these
records showing the name and employing office of the requestor, the
date on which the record is requested, and the purpose for reviewing
the information in the record. This written request is then placed
into the record.
2. Physical safeguards
a. Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
locks. During nonwork hours, all cabinets, storage facilities, rooms
and offices are locked and the premises are patrolled regularly by
building security forces.
b. Nonautomated records. Nonautomated records are kept in such a
way as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are closed and secured in desk drawers with
locks, filing cabinets with locks, or other security equipment, all
of which are kept inside authorized office space which is locked
whenever it is not in use. Keys to furniture and equipment are kept
only by the individual who is assigned to that furniture or equipment
and by the DCP security officer.
3. Procedural safeguards
a. Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel.
Access codes and passwords are on a random schedule. In addition,
programming for automated records allows authorized personnel to
access only those records that are essential to their duties. Remote
access to automated data from remote terminals is restricted to the
PSC, Office of the Surgeon General and personnel officials where
commissioned officers are employed. No access is permitted to
automated records from remote terminal sites maintained by
individuals or organizations outside of DCP.
b. Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways and by the building security force. Official records may not be
removed from the physical boundaries of MAB, DCP. When records are
needed at a remote location, copies of the records will be provided.
When copying records for authorized purposes, care is taken to ensure
that any imperfect or extra copies are not left in the copier room
where they can be read, but are destroyed or obliterated.
4. Contractor Guidelines. A contractor who is given records under
routine use 4 must maintain the records in a secured area, allow only
those individuals immediately involved in the processing of the
records to have access to them, prevent unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured though inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and as stated in the contract.
Retention and disposal:
When an officer terminates his/her commission, records are
incorporated into the OPF and transferred to a Federal Records Center
in accordance with 09-40-0001, Public Health Service (PHS)
Commissioned Corps General Personnel Records, HHS/PSC/HRS,
procedures. Medical records on nonselected applicants may be
destroyed after two years. Records of retirees are incorporated into
the OPF and disposed of in accordance with 09-40-0001, Public Health
Service (PHS) Commissioned Corps General Personnel Records, HHS/PSC/
HRS procedures, unless the individual is on the temporary disability
retirement list, in which case the file is maintained under the same
conditions as an active duty officer's file until the individual is
permanently retired, returned to active duty or terminated. Medical
records of a dependent incapable of self support are maintained until
the dependent is no longer eligible for benefits from PHS at which
time the records are transferred to a Federal Records Center for
permanent storage.
System manager(s) and address:
Director, DCP/HRS/PSC, Room 4A-15, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857-0001.
Notification procedure:
Same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. An individual (and/or the individual's
legal representative) seeking access to his/her records may initially
contact any DCP office or employee for information about obtaining
access to the records. The DCP employees will inform each individual
of the appropriate procedures to follow. Each individual seeking
access will be required to verify his/her identity to the
satisfaction of the DCP employee providing access. Refusal to provide
sufficient proof of identity will result in denial of the request for
access until such time as proof of identity can be obtained. The
System Manager has authority to release automated records to the
Medical Affairs Branch.
If a determination is made that the material sought contains
medical information that is likely to have an adverse effect on the
requester, the requester shall be asked to designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of the material's contents at the
representative's discretion. Such a representative must provide proof
that s/he is duly authorized to review the record by either the
individual or the individual's legal guardian. A parent, guardian or
legal representative who requests notification of, or access to, a
dependent/incompetent person's record shall designate a family
physician or other health professional (other than a family member)
to whom the record, if any, will be sent. The parent or guardian must
verify his/her relationship to the dependent/incompetent person as
well as his/her own identity.
2. Requests in person. An individual who is the subject of a
record and who appears in person seeking access shall provide his/her
name and at least one piece of tangible identification (e.g., PHS
Commissioned Corps Identification Card, driver's license or
passport). Identification cards with current photograph are required.
The records will be reviewed in the presence of an appropriate DCP
employee, who will answer questions and ensure that the individual
neither removes nor inserts any material into the record without the
knowledge of the DCP employee. If the individual requests a copy of
any records reviewed, the DCP employee will provide them to the
individual. The DCP employee will record the name of the individual
granted access, the date of access, and information about the
verification of identity on a separate log sheet maintained in the
office of the MAB, DCP.
3. Requests by mail. Written requests must be addressed to the
System Manager or the Medical Affairs Branch at the address shown as
the system location above. All written requests must be signed by the
individual seeking access. A comparison will be made of that
signature and the signature maintained on file prior to release of
the material requested. Copies of the records to which access has
been requested will be mailed to the individual. The original version
of a record will not be released except in very unusual situations
when only the original will satisfy the purpose of the request.
4. When an individual to whom a record pertains is mentally
incompetent or under other legal disability, information in the
individual's records may be disclosed to any person who is legally
responsible for the care of the individual, to the extent necessary
to assure payment of benefits to which the individual is entitled.
5. Requests by phone. Because positive identification of the
caller cannot be established with sufficient certainty, telephone
requests for access to records will not be honored.
6. Accounting of disclosures. An individual who is the subject of
records maintained in this records system may also request an
accounting of all disclosures made outside the Department, if any,
that have been made from that individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
From individual officers and other commissioned corps officials;
applicants; private and Government physicians; hospitals and clinics
rendering treatment; investigative reports, records contained in
system 09-40-0001, Public Health Service (PHS) Commissioned Officer
General Personnel Records, HHS/PSC/HRS; records from system 09-40-
0005, Public Health Service (PHS) Beneficiary Contract Medical/Health
Care Records, HHS/PSC/HRS; death certificates and reports of death
and from survivors and executors of estates.
5System exempted from certain provision of the act:
None.
09-40-0003
System name:
Public Health Service (PHS) Commissioned Corps Board Proceedings,
HHS/PSC/HRS.
Security classification:
None.
System location:
Division of Commissioned Personnel (DCP), HRS/PSC, Room 4-36,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857-0001.
Duplicates of records may also be maintained in operating offices
(duty stations) of the Department and other agencies and
organizations to which PHS Commissioned Corps officers are assigned.
Contact the System Manager for the location of specific records.
Names and addresses of contractors given information under
routine use 4 can be obtained from the System Manager at the location
identified below.
Categories of individuals covered by the system:
Commissioned officers (including active, inactive, terminated,
retired and deceased officers) and applicants to the PHS Commissioned
Corps.
Categories of records in the system:
The categories of records in this system consist of the
following:
1. Appointment Board files consisting of applications,
references, school transcripts, and other materials used in the
appointment examination process.
2. Promotion Board files consisting of recommendations from PHS
components and worksheets from previous promotion boards.
3. Officer Special Pay Review Board files consisting of Special
Pay contracts, certification of eligibility by PHS components,
information pertaining to disciplinary actions and related documents.
4. Assimilation Board files consisting of PHS component
recommendations, information pertaining to disciplinary actions and
related documents.
5. Three-Year File Review Board files consisting of
recommendations from PHS components, information pertaining to
disciplinary actions and related documents.
6. Chief Professional Officer Nominating Board files, consisting
of recommendations from PHS programs and officials, curriculum vitae
for officers under consideration, evaluation materials and other
material used by the Board in its deliberations.
7. Flag Officer Billet Assignment Board and Flag Officer
Nominations Board records consisting of recommendations from PHS
programs and officials, curriculum vitae for officers under
consideration, evaluation materials and other materials used by the
Board in its deliberations.
8. Voluntary Retirement Board files consisting of recommendations
from PHS components and worksheets.
9. Records from other Board processes instituted as part of the
administration of the PHS Commissioned Corps personnel system.
Authority for maintenance of the system:
The Public Health Service Act (42 U.S.C. 202-217, 218a, 224, 228,
233, and other pertinent sections); The Social Security Act (42
U.S.C. 410(m) et seq.); portions of Title 10, U.S.C., related to the
uniformed services; portions of the Title 37, U.S.C., related to pay
and allowance for members of the uniformed services; portions of
Title 38, U.S.C., related to benefits administered by the Department
of Veterans Affairs; sections of 50 U.S.C. App., related to the
selective service obligations and the Soldiers' and Sailors' Civil
Relief Act; E.O. 9397, ``Numbering System for Federal Accounts
Relating to Individual Persons''; E.O. 10450, ``Security Requirements
for Government Employment''; and E.O. 11140, which delegates the
authority to administer the PHS Commissioned Corps from the President
to the Secretary, HHS.
Purpose(s):
The information is used by the Program Support Center (PSC), DCP,
HHS Operating Divisions (OPDIVs) and other organizations where
commissioned officers are assigned, to:
1. Recommend or decide on appropriate actions in the areas of
commissioned corps personnel administration listed above.
2. Prepare the ``PHS Commissioned Officer Roster and Promotion
Seniority of the Public Health Service'' which contains the names and
status of officers on active duty.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be used:
1. To disclose information to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. To the Department of Justice, a court or other tribunal, when:
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
3. To disclose pertinent information to appropriate Federal,
State, or local agencies; international agencies; or foreign
governments responsible for investigating, prosecuting, enforcing or
implementing statutes, rules, regulations or orders when PHS becomes
aware of evidence of a potential violation of civil or criminal law.
4. When the Department contemplates contracting with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor will be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards.''
5. To disclose information to the Department of Labor, the
Department of Veterans Affairs, Social Security Administration or
other Federal agencies having special employee benefit programs; to a
Federal, State, county or municipal agency; or to a publicly
recognized charitable organization when necessary to adjudicate a
claim under a benefit program, or to conduct analytical studies of
benefits being paid under such programs, provided such disclosure is
consistent with the purposes for which the information was originally
collected.
6. To disclose information to the Office of Management and Budget
(OMB) at any stage in the legislative coordination and clearance
process in connection with private relief legislation as set forth in
OMB Circular No. A-19, or for budgetary or management oversight
purposes.
7. To disclose information to Government training facilities
(Federal, State, and local) and to non-Government training facilities
(e.g. private vendors of training courses or program, private
schools) for training purposes, such as crediting of work experience
in Commissioned Officer Student Training and Extern Program or
verification of status or income.
8. To disclose to Federal and non-Federal agencies information
allowing the consideration and selection of officers for honor awards
made as a result of the individual's work as a commissioned officer,
and to publicize those awards granted. This may include disclosure to
other public and private organizations, including the news media,
which grant or publicize officer awards and honors.
9. Disclosure may be made to State Boards of Medical Examiners
and to equivalent State licensing boards of professional review
actions which adversely affect the clinical privileges of health care
professionals who either: (a) Are or were employed by the Federal
Government; (b) provide or have provided health care service under a
fee-for-service contract with the Federal Government; (c) provide or
have provided health care services on behalf of the Federal
Government as a volunteer or visiting fellow. Boards of Medical
Examiners and equivalent State licensing boards are required by the
Health Care Quality Improvement Act of 1986 and by the Medicare and
Medicaid Patient and Program Protection Act of 1987 to report this
information to the National Practitioner Data Bank.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Automated files are stored on disks, microfiche and magnetic
tapes. Nonautomated (hard-copy) files are kept in offices, and may be
stored in Lektrievers, safes, cabinets, bookcases or desks.
Retrievability:
Alphabetically by name, by PHS serial number and/or by Social
Security Number.
Safeguards:
1. Authorized Users
a. Automated Records. Access to and use of automated records is
limited to DCP personnel involved in the specific Board process for
which the information was collected. The Business Systems Engineering
Division (BSED) provides computer design, programming and support to
DCP, and has access to the data to the extent necessary to facilitate
the provision of these services to DCP. However, BSED personnel are
not authorized to grant access to or make disclosures from automated
data in this system to anyone or any organization.
b. Nonautomated records. Access to and use of nonautomated
records is limited to DCP personnel involved in the specific Board
process for which the information was collected, departmental
employees whose official duties require such access or to individuals
needing access to the information for purposes stated under routine
uses. These individuals are permitted access to records only after
they have satisfactorily identified themselves as having an official
need to review the information and have provided satisfactory proof
of their identities. Access is also granted to individuals who have
written permission to review the record when that permission has been
obtained from the individual to whom the record pertains. All
individuals from outside the Department, to whom disclosure is made
pursuant to a routine use, must complete Privacy Act nondisclosure
oaths and must submit written requests for access to these records
showing the name and employing office of the requester, the date on
which the record is requested and the purpose for reviewing the
information in the records. This written request is then placed into
the record.
2. Physical safeguards
a. Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
combination locks. During nonwork hours, all cabinets, storage
facilities, rooms and offices are locked and the premises are
patrolled regularly by building security forces.
b. Nonautomated records. Nonautomated records are kept in such a
way as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are closed and secured in desk drawers with
locks, filing cabinets with locks, or other security equipment, all
of which are kept inside authorized office space which is locked
whenever it is not in use. Keys to furniture and equipment are kept
only by the individual who is assigned to that furniture or equipment
and by the DCP security officer.
3. Procedural safeguards
a. Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel.
Access codes and passwords are changed on a random schedule. In
addition, programming for automated records allows authorized
personnel to access only those records that are essential to their
duties. Remote access to automated data from remote terminals is
restricted to the PSC, Office of the Surgeon General and personnel
officials where commissioned officers are employed. No access is
permitted to organizations that do not have automated personnel
recordkeeping systems that comply with Privacy Act requirements.
b. Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways and by the building security force. Official records may not be
removed from the physical boundaries of DCP. When records are needed
at a remote location, copies of the records will be provided. When
copying records for authorized purposes, care is taken to ensure that
any imperfect or extra copies are not left in the copier room where
they can be read, but are destroyed or obliterated.
4. Contractor Guidelines. A contractor who is given records under
routine use 4 must maintain the records in a secured area, allow only
those individuals immediately involved in the processing of the
records to have access to them, prevent any unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured though inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and as stated in the contract.
Retention and disposal:
Files pertaining to all board proceedings are only incorporated
into 09-40-0001, Public Health Service (PHS) Commissioned Corps
General Personnel Records, HHS/PSC/HRS to the extent required to
provide sufficient documentation of an involuntary or adverse action.
Special Pay Review Boards and board of inquiry records remain in this
system as long as they are needed for administrative purposes, after
which time they are destroyed by shredding. All promotion,
assimilation and 3 year review board documentation is retained for a
period of 5 years after which it is destroyed by shredding.
Appointment board files are incorporated into 09-40-0001, Public
Health Service (PHS) Commissioned Corps General Personnel Records,
HHS/PSC/HRS when the applicant comes onto active duty with the
commissioned corps with the exception of the reference forms which
are shredded after 5 years. If the applicant does not come onto
active duty, the file is destroyed by shredding when the file is
closed.
System manager(s) and address:
Director, DCP/HRS/PSC, Room 4A-15, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857-0001.
Notification procedure:
Same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. An individual (and/or the individual's
legal representative) seeking access to his/her records may contact
the DCP Privacy Act Coordinator for information about obtaining
access to the records. Each individual seeking access will be
required to verify his/her identity to the satisfaction of the DCP
employee providing access. Refusal to provide sufficient proof of
identity will result in denial of the request for access until such
time as proof of identity can be obtained. The System Manager has
authority to release records to authorized officials within DCP, HHS
and other organizations where commissioned officers are assigned.
If a determination is made that the material sought contains
medical information that is likely to have an adverse effect on the
requester, the requester shall be asked to designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of the material's contents at the
representative's discretion. Such a representative must provide proof
that s/he is duly authorized to review the record by either the
individual or the individual's legal guardian. A parent, guardian or
legal representative who requests notification of, or access to, a
dependent/incompetent person's record shall designate a family
physician or other health professional (other than a family member)
to whom the record, if any, will be sent. The parent or guardian must
verify his/her relationship to the dependent/incompetent person as
well as his/her own identity.
2. Requests in person. An individual who is the subject of a
record and who appears in person seeking access shall provide his/her
name and at least one piece of tangible identification (e.g., PHS
Commissioned Corps Identification Card, driver's license or
passport). Identification cards with current photograph are required.
The records will be reviewed in the presence of an appropriate DCP
employee, who will answer questions and ensure that the individual
neither removes nor inserts any material into the record without the
knowledge of the DCP employee. If the individual requests a copy of
any records reviewed, the DCP employee will provide them to the
individual. The DCP employee will record the name of the individual
granted access, the date of access, and information about the
verification of identity on a separate log sheet maintained in the
office of the DCP employee who reviewed the record.
3. Requests by mail. Written requests must be addressed to the
System Manager or the DCP Privacy Act Coordinator at the address
shown as the system location above. All written requests must be
signed by the individual seeking access. A comparison will be made of
that signature and the signature maintained on file prior to release
of the material requested. Copies of the records to which access has
been requested will be mailed to the individual. The original version
of a record will not be released except in very unusual situations
when only the original will satisfy the purpose of the request.
4. When an individual to whom a record pertains is mentally
incompetent or under other legal disability, information in the
individual's records may be disclosed to any person who is legally
responsible for the care of the individual, to the extent necessary
to assure payment of benefits to which the individual is entitled.
5. Requests by phone. Because positive identification of the
caller cannot be established with sufficient certainty, telephone
requests for access to records will not be honored.
6. Accounting of disclosures. An individual who is the subject of
records maintained in this records system may also request an
accounting of all disclosures made outside the Department, if any,
that have been made from that individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
From individual officers or their service records; efficiency
reports; persons providing references; reports of findings and
recommendations made by Board members; supervisors; private and
Government physicians; hospitals and clinics rendering treatment;
licensure and professional credentialing organizations; investigative
reports, law enforcement organizations; court records; death
certificates and reports of death; survivors and executors of
estates; and the records contained in the following systems: 09-40-
0001, Public Health Service (PHS) Commissioned Corps General
Personnel Records, HHS/PSC/HRS; 09-40-0002, Public Health Service
(PHS) Commissioned Corps Medical Records, HHS/PSC/HRS; and 09-40-
0004, Public Health Service (PHS) Commissioned Corps Grievance,
Investigatory and Disciplinary Files, HHS/PSC/HRS.
System exempted from certain provision of the act:
None.
09-40-0004
System name:
Public Health Service (PHS) Commissioned Corps Grievance,
Investigatory and Disciplinary Files, HHS/PSC/HRS.
Security classification:
None.
System location:
Division of Commissioned Personnel (DCP), HRS/PSC, Room 4-36,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857-0001
and offices and organizations to which an individual commissioned
officer is assigned. The exact location of any record may be obtained
by contacting the Director, DCP, at the location identified below.
Duplicates of records may also be maintained in operating offices
(duty stations) of the Department and other agencies and
organizations to which PHS Commissioned Corps officers are assigned.
Contact the System Manager for the location of specific records.
Categories of individuals covered by the system:
PHS Commissioned Corps officers, including active duty, inactive,
terminated, separated and deceased officers.
Categories of records in the system:
Files concerning grievances filed by or against commissioned
officers; investigative files, records related to disciplinary
actions, records related to involuntary retirements and involuntary
separations (non-board or pre-board actions) taken against
commissioned officers; and correspondence relating to the above.
Authority for maintenance of the system:
The Public Health Service Act (42 United States Code (U.S.C.)
202-217, 218a, 224, 228, 233, and other pertinent sections); The
Social Security Act (42 U.S.C. 410(m) et seq.); portions of Title 10,
U.S.C., related to the uniformed services; portions of the Title 37,
U.S.C., related to pay and allowance for members of the uniformed
services; portions of Title 38, U.S.C., related to benefits
administered by the Department of Veterans Affairs; sections of 50
U.S.C. App., related to the selective service obligations and the
Soldiers' and Sailors' Civil Relief Act; E.O. 9397, ``Numbering
System for Federal Accounts Relating to Individual Persons''; E.O.
10450, ``Security Requirements for Government Employment''; and E.O.
11140, which delegates the authority to administer the PHS
Commissioned Corps from the President to the Secretary, HHS.
Purpose(s):
The information is used by the Program Support Center (PSC), DCP,
HHS Operating Divisions (OPDIVs) and other organizations where
commissioned officers are assigned, to:
1. Investigate allegations of misconduct or marginal and
substandard performance.
2. Process and decide grievances, involuntary retirements,
involuntary separations, temporary grade reversions or disciplinary
actions.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be used:
1. To disclose information to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. To the Department of Justice, a court or other tribunal, when:
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
3. To disclose pertinent information to appropriate Federal,
State, or local agencies; international agencies; or foreign
governments responsible for investigating, prosecuting, enforcing or
implementing statutes, rules, regulations or orders when PHS becomes
aware of evidence of a potential violation of civil or criminal law.
4. To disclose information to the Equal Employment Opportunity
Commission when requested in connection with investigations into
alleged or possible discrimination practices in the Federal sector,
examination of Federal affirmative employment programs, or other
functions vested in the Commission by the President's Reorganization
Plan No. 1 of 1978.
5. Disclosure may be made to State Boards of Medical Examiners
and to equivalent State licensing boards of professional review
actions which adversely affect the clinical privileges of health care
professionals who either: (a) Are or were employed by the Federal
Government; (b) provide or have provided health care services under a
fee-for-service contract with the Federal Government; or (c) provide
or have provided health care services on behalf of the Federal
Government as a volunteer or visiting fellow. Boards of Medical
Examiners and equivalent State licensing boards are required by the
Health Care Quality Improvement Act of 1986 and by the Medicare and
Medicaid Patient and Program Protection Act of 1987 to report this
information to the National Practitioner Data Bank.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Automated files are stored on disks, microfiche and magnetic
tapes. Nonautomated (hard-copy) files are kept in offices, and may be
stored in Lektrievers, safes, cabinets, bookcases or desks.
Retrievability:
Alphabetically by name, by PHS serial number and/or by Social
Security Number.
Safeguards:
1. Authorized Users
a. Automated Records. Access to and use of automated records is
limited to DCP personnel involved in the grievance or investigation
for which the information was collected. The Human Resources Service
(HRS) provides computer design, programming and support to DCP, and
has access to the data to the extent necessary to facilitate the
provision of these services to DCP. However, HRS personnel are not
authorized to grant access to or make disclosures from automated data
in this system to anyone or any organization.
b. Nonautomated records. Access to and use of nonautomated
records is limited to DCP personnel involved in the specific
grievance or investigatory process for which the information was
collected. These records may be copied and related to departmental
officials involved in a decisionmaking capacity in a given case.
These individuals are permitted access to records only after they
have satisfactorily identified themselves as having an official need
to review the information and have provided satisfactory proof of
their identities. Access is also granted to individuals who have
written permission to review the record when that permission has been
obtained from the individual to whom the record pertains. All
individuals from outside the Department, to whom disclosure is made
pursuant to a routine use, must complete Privacy Act nondisclosure
oaths and must submit written requests for access to these records
showing the name and employing office of the requester, the date on
which the record is requested and the purpose for reviewing the
information in the records. This written request is then placed into
the record.
2. Physical safeguards
a. Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
combination locks. During nonwork hours, all cabinets, storage
facilities, rooms and offices are locked and the premises are
patrolled regularly by building security forces.
b. Nonautomated records. Nonautomated records are kept in such a
way as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are closed and secured in desk drawers with
locks, filing cabinets with locks, or other security equipment, all
or which are kept inside authorized office space which is locked
whenever it is not in use. Keys to furniture and equipment are kept
only by the individual who is assigned to that furniture or equipment
and by the DCP security officer.
3. Procedural safeguards
a. Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel.
Access codes and passwords are changed on a random schedule. In
addition, programming for automated records allows authorized
personnel to access only those records that are essential to their
duties. Remote access to automated data from remote terminals is
restricted to the PSC, OSG and personnel officials where commissioned
officers are employed. No access is permitted to organizations that
do not have automated personnel record-keeping systems that comply
with Privacy Act requirements.
b. Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways and by the building security force. Official records may not be
removed from the physical boundaries of DCP. When records are needed
at a remote location, copies of the records will be provided. When
copying records for authorized purposes, care is taken to ensure that
any imperfect or extra copies are not left in the copier room where
they can be read, but are destroyed or obliterated.
Retention and disposal:
Grievance files are destroyed after two years or earlier if no
longer needed for administrative purposes. Documentation which
directly supports personnel actions affecting an individual is placed
into the individual's Official Personnel Folder after a final,
official decision has been made and/or the action has been effected,
and is then treated in the same manner as other material in system
09-40-0001, ``PHS Commissioned Corps General Personnel Records, HHS/
PSC/HRS.'' Investigatory records concerning cases in which no final
decisions have been made, or which are ongoing over a period of time
are kept indefinitely until a final decision is made. Records
concerning cases which are closed or on which final action has been
taken, but which are not essential to document or support the final
action, are retained as long as they are needed for administrative
purposes and are then destroyed by shredding.
System manager(s) and address:
Director, DCP/HRS/PSC, Room 4A-15, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857-0001.
Notification procedure:
Same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. An individual (and/or the individual's
legal representative) seeking access to his/her records may initially
contact the DCP Privacy Act Coordinator for information about
obtaining access to the record. Each individual seeking access will
be required to verify his/her identity to the satisfaction of the
Privacy Act Coordinator. Refusal to provide sufficient proof of
identity will result in denial of the request for access until such
time as proof of identity can be obtained. The System Manager has
authority to release records to authorized officials within DCP.
If a determination is made that the material sought contains
medical information that is likely to have an adverse effect on the
requester, the requester shall be asked to designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of the material's contents at the
representative's discretion. Such a representative must provide proof
that s/he is duly authorized to review the record by either the
individual or the individual's legal guardian. A parent, guardian or
legal representative who requests notification of, or access to, a
dependent/incompetent person's record shall designate a family
physician or other health professional (other than a family member)
to whom the record, if any, will be sent. The parent or guardian must
verify his/her relationship to the dependent/incompetent person as
well as his/her own identity.
2. Requests in person. An individual who is the subject of a
record and who appears in person seeking access shall provide his/her
name and at least one piece of tangible identification (e.g., PHS
Commissioned Corps Identification Card, driver's license or
passport). Identification cards with current photograph are required.
The records will be reviewed in the presence of an appropriate DCP
employee who will answer questions and ensure that the individual
neither removes nor inserts any material into the record without the
knowledge of the DCP employee. If the individual requests a copy of
any records reviewed, the DCP employee will provide them to the
individual. The DCP employee will record the name of the individual
granted access, the date of access, and information about the
verification of identity on a separate log sheet maintained in the
record.
3. Requests by mail. Written requests must be addressed to the
System Manger or the DCP Privacy Act Coordinator at the address shown
as the system location above. All written requests must be signed by
the individual seeking access. A comparison will be made of that
signature and the signature maintained on file prior to release of
the material requested. Copies of the records to which access has
been requested will be mailed to the individual. The original version
of a record will not be released except in very unusual situations
when only the original will satisfy the purpose of the request.
4. When an individual to whom a record pertains is mentally
incompetent or under other legal disability, information in the
individual's records may be disclosed to any person who is legally
responsible for the care of the individual, to the extent necessary
to assure payment of benefits to which the individual is entitled.
5. Requests by phone. Because positive identification of the
caller cannot be established with sufficient certainty, telephone
requests for access to records will not be honored.
6. Accounting of disclosures. An individual who is the subject of
records maintained in this records system may also request an
accounting of all disclosures made outside the Department, if any,
that have been made from that individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
From individual officers or their service records; efficiency
reports; persons providing references; reports of findings and
recommendations made by the commissioned corps Board members;
supervisors, private and Government physicians; hospitals and clinics
rendering treatment; licensure and professional credentialing
organizations; investigative reports; law enforcement organizations;
court records; death certificates and reports of death; survivors and
executors of estates; and records contained in the following systems:
90-40-0001, Public Health Service (PHS) Commissioned Corps General
Personnel Records, HHS/PSC/HRS; 09-40-0002, Public Health Service
(PHS) Commissioned Corps Medical Records, HHS/PSC/HRS; 09-40-0003,
Public Health Service (PHS) Commissioned Corps Board Proceedings,
HHS/PSC/HRS; and 09-40-0006, Public Health Service (PHS) Commissioned
Corps Payroll Records, HHS/PSC/HRS.
System exempted from certain provision of the act:
None.
09-40-0005
System name:
Public Health Service (PHS) Beneficiary-Contract Medical/Health
Care Records, HHS/PSC/HRS.
Security classification:
None.
System location:
Medical Affairs Branch (MAB), Beneficiary Medical Programs
Section, DCP/HRS/PSC, Room 4C-06, Parklawn Building, 5600 Fishers
Lane, Rockville, Maryland 20857-0001.
Duplicates of records may also be maintained in operating offices
(duty stations) of the Department and other agencies and
organizations to which PHS Commissioned Corps officers are assigned.
Contact the System Manager for the location of specific records.
Names and addresses of contractors given information under
routine use 8 can be obtained from the System Manager at the location
identified below.
Categories of individuals covered by the system:
Individuals who are or were legally entitled to health care
through the Public Health Service and who have received health care
from health professionals or facilities under contract or agreement
with the Department of Health and Human Services.
Categories of records in the system:
May include any or all of the following: Diagnostic (laboratory/
X-ray, etc.) and treatment data; sociological information; invoices
for services; eligibility data including employment history; and
uniformed services information (employing services, service numbers,
duty station, home address, etc.).
Authority for maintenance of the system:
Section 215 of the Public Health Service Act (42 U.S.C. 216)
``Regulations'' and section 326 of the Public Health Service Act (42
U.S.C. 253) ``Medical Services to Coast Guard, National Oceanic and
Atmospheric Administration and the Public Health Service.''
Purpose(s):
The information is used by the Program Support Center (PSC), DCP,
HHS Operating Divisions and other organizations where commissioned
officers are assigned, to:
1. Serve as the basis for payment for patient care and for
continuity in the evaluation of the patient's condition and
treatment.
2. Furnish documentary evidence of the course of the patient's
medical evaluation and treatment to document communications between
the responsible practitioner and any other health professionals
contributing to the patient's care and treatment.
3. Verify patient eligibility.
4. Ensure quality assurance.
5. Monitor contract compliance.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Disclosure of these records and information from these records
may be made to:
1. Medical laboratories and facilities and non-agency physicians
in order to facilitate treatment and payment of bills. Recipients are
required to maintain adequate safeguards with respect to such
records.
2. The Department of Commerce to report results of examination
and/or treatment of that agency's personnel.
3. The Department of Defense and the Department of Veterans
Affairs to assist uniformed services, personnel, retirees and
veterans to obtain medical care or benefits.
4. A Federal agency, in response to its request, in connection
with the hiring or retention of an employee, the issuance of a
security clearance, the reporting of an investigation of an employee,
the letting of a contract, other issuance of a license, grant or
other benefit by the requesting agency, to the extent that the
information is relevant and necessary to the requesting agency's
decision on the matter.
5. A congressional office from the record of an individual in
response to a verified inquiry from the congressional office made at
the written request of that individual.
6. In the event of litigation where the defendant is: (a) The
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her official
capacity where the Justice Department has agreed to represent such
employee, the Department may disclose such records as it deems
desirable or necessary to the Department of Justice to enable that
Department to present an effective defense, provided such disclosure
is compatible with the purpose for which the records were collected.
7. Information regarding the commission of crimes or the
reporting of occurrences of communicable diseases, tumors, child
abuse, births, deaths, alcohol or drug abuse, etc., may be disclosed
as required by health providers and facilities by State law or
regulation of the department of health or other agency of the State
or its subdivision in which the facility is located. Disclosures will
be made to organizations as specified by the State law or regulation,
such as births and deaths to the vital statistics agency and crimes
to law enforcement agencies. Disclosure of the contents of records
which pertain to patient identity, diagnosis, prognosis or treatment
of alcohol or drug abuse is restricted under the provisions of the
Confidentiality of Alcohol and Drug Abuse Patient Records Regulation
42 CFR part 2, as authorized by 42 U.S.C. 290dd-2.
8. When the Department contemplates contracting with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor will be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards.''
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders and electronic data base.
Retrievability:
Alphabetically by name, by PHS serial number and/or by Social
Security Number.
Safeguards:
1. Authorized Users
a. Automated Records. Access to and use of automated records is
limited to departmental employees whose official duties require such
access; supervisory, contracting officials who review the
contractor's records annually; and doctors, dentists, nurses, allied
health professionals and administrative staff in the contractor's
office who are involved in patient care management.
b. Nonautomated records. Access to and use of nonautomated
records is limited to departmental employees whose official duties
require such access; contracting officials who review the
contractor's records annually; and doctors, dentists, nurses, allied
health professionals and administrative staff in the contractor's
office. Access is also granted to individuals who have written
permission to review the records when that permission has been
obtained from the individual to whom the record pertains.
2. Physical safeguards
a. Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
locks. During nonwork hours, all cabinets, storage facilities, rooms
and offices are locked and the premises are patrolled regularly by
building security forces.
b. Nonautomated records. Nonautomated records are kept in such a
way as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are closed and secured behind locked inner
office doors, in desk drawers with locks, filing cabinets with locks,
or other security equipment, all of which are kept inside authorized
office space which is locked whenever it is not in use. Keys to
furniture and equipment are kept only by the individual who is
assigned to that furniture or equipment and by the DCP security
officer.
3. Procedural safeguards
a. Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel. All
users of personal information in connection with the performance of
their jobs protect information from public view and from unauthorized
personnel entering an unsupervised office.
b. Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways and by the building security force. Official records may not be
removed from the physical boundaries of DCP. When records are needed
at a remote location, copies of the records will be provided. When
copying records for authorized purposes, care is taken to ensure that
any imperfect or extra copies are not left in the copier room where
they can be read, but are destroyed or obliterated.
4. Contractor Guidelines. A contractor who is given records under
routine use 8 must maintain the records in a secured area, allow only
those individuals immediately involved in the processing of the
records to have access to them, prevent any unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured though inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and as stated in the contract.
Retention and disposal:
a. Automated records. Automated billing data are retained for a
period of six years and three months after the closing of a file. The
record is then destroyed.
b. Nonautomated records. Nonautomated records are retained in the
MAB files until the contract is terminated or the payment action
completed. The medical records are then forwarded to the MAB, DCP,
and retained as indicated in 09-40-0002, ``PHS Commissioned Corps
Medical Records, HHS/PSC/HRS.'' Billing information is retained for
three fiscal years, then purged and shredded. Patient care notes are
retained in the chart until retirement, termination or inactivation.
Once a chart is inactivated for over three years it is sent to
storage at the Northeast Region Federal Records Center, Bayonne, New
Jersey for 16 years. Destruction at that time is in accordance with
standard practices of the Federal Records Center.
System manager(s) and address:
Director, DCP/HRS/PSC, Room 4A-15, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857-0001.
Notification procedure:
Same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. An individual (and/or the individual's
legal representative) seeking access to his/her records may initially
contact any DCP office or employee for information about obtaining
access to the records. The DCP employees will inform each individual
of the appropriate procedures to follow. Individuals may also seek
access to these records by initially contacting the duty station at
which they believe the records are located. Individuals at the duty
station will ascertain whether the records being sought are
maintained at that location. If the records are not located at that
duty station, the employee will instruct the individual as to where
these records may be located. Each individual seeking access will be
required to verify his/her identity to the satisfaction of the
employee providing access. Refusal to provide sufficient proof of
identity will result in denial of the request for access until such
time as proof of identity can be obtained.
If a determination is made that the material sought contains
medical information that is likely to have an adverse effect on the
requester, the requester shall be asked to designate in writing a
responsible representative who will be willing to review the record
and inform the subject individual of the material's contents at the
representative's discretion. Such a representative must provide proof
that s/he is duly authorized to review the record by either the
individual or the individual's legal guardian. A parent, guardian or
legal representative who requests notification of, or access to, a
dependent/incompetent person's record shall designate a family
physician or other health professional (other than a family member)
to whom the record, if any, will be sent. The parent or guardian must
verify his/her relationship to the dependent/incompetent person as
well as his/her own identity.
2. Requests in person. An individual who is the subject of a
record and who appears in person seeking access shall provide his/her
name and at least one piece of tangible identification (e.g., PHS
Commissioned Corps Identification Card, driver's license or
passport). Identification cards with current photograph are required.
The records will be reviewed in the presence of an appropriate
employee who will answer questions and ensure that the individual
neither removes nor inserts any material into the record without the
knowledge of the DCP employee. If the individual requests a copy of
any records reviewed, the employee will provide them to the
individual. The employee will record the name of the individual
granted access, the date of access, and information about the
verification of identity on a separate log sheet maintained in the
Beneficiary Medical Program office.
3. Requests by mail. Written requests must be addressed to the
System Manager at the address shown as the system location above. All
written requests must be signed by the individual seeking access. A
comparison will be made of that signature and the signature
maintained on file prior to release of the material requested. Copies
of the records to which access has been requested will be mailed to
the individual. The original version of a record will not be released
except in very unusual situations when only the original will satisfy
the purpose of the request.
4. When an individual to whom a record pertains is mentally
incompetent or under other legal disability, information in the
individual's records may be disclosed to any person who is legally
responsible for the care of the individual, to the extent necessary
to assure payment of benefits to which the individual is entitled.
5. Requests by phone. Because positive identification of the
caller cannot be established with sufficient certainty, telephone
requests for access to records will not be honored.
6. Accounting of disclosures. An individual who is the subject of
records maintained in this records system may also request an
accounting of all disclosures made outside the Department, if any,
that have been made from that individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
Information is provided from Individuals, employers, other health
care providers, families and social agencies, and 09-40-0002, Public
Health Service (PHS) Commissioned Corps Medical Records, HHS/PSC/HRS.
ystem exempted from certain provision of the act:
None.
09-40-0006
System name:
Public Health Service (PHS) Commissioned Corps Payroll Records,
HHS/PSC/HRS.
Security classification:
None.
System lcoation:
Division of Commissioned Personnel (DCP)/HRS/PSC, Room 4-50,
Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857-0001.
Records in this system are kept at the address shown above when
the person to whom the record pertains has an active relationship
with the PHS commissioned corps personnel system. When an officer
ceases the active relationship with the commissioned corps, the
records are combined with the Official Personnel Folder (OPF) in
records system 09-40-0001, ``PHS Commissioned Corps General Personnel
Records, HHS/PSC/HRS'' and transferred to the appropriate facility as
outlined in 09-40-0001, ``PHS Commissioned Corps General Personnel
Records, HHS/PSC/HRS.''
Duplicates of records may also be maintained in operating offices
(duty stations) of the Department and other agencies and
organizations to which PHS Commissioned Corps officers are assigned.
Contact the System Manager for the location of specific records.
Names and addresses of contractors given information under
routine use 7 can be obtained from the System Manager at the location
identified below.
Categories of individuals covered by the system:
Individuals who are part of or who have some relationship with
the PHS Commissioned Corps, including: Active duty commissioned
officers; former commissioned officers; inactive reserve officers;
retired commissioned officers; deceased commissioned officers;
dependents and survivors of the above; former spouses of officers;
and qualified applicants to the PHS Commissioned Corps.
Categories of records in the system:
These records contain:
1. Documents related to pay, including payroll deductions, leave,
allotments, charitable contributions and garnishments; travel and
allowances (including overseas educational allowances for
dependents); documentation of dependent status used to determine
entitlement or eligibility for benefits; debt collections
proceedings; survivor benefit elections and pay records; worksheets,
internal forms, internal memoranda and other documents which result
in, or contribute, to an action.
2. Special pay files containing special pay contracts, personnel
orders and supporting documentation concerning special pay;
worksheets, internal forms, internal memoranda and other documents
which result in, or contribute, to an action.
3. Retirement pay files containing personnel orders and
supporting documentation concerning retirement pay; worksheets,
internal forms, internal memoranda and other documents which result
in, or contribute to, an action.
4. Correspondence relating to the above.
Authority for maintenance of the system:
The Public Health Service Act (42 United States Code (U.S.C.)
202-217, 218a, 224, 228, 233, and other pertinent sections); The
Social Security Act (42 U.S.C. 410(m) et seq.); portions of Title 10,
U.S.C., related to the uniformed services; portions of the Title 37,
U.S.C., related to pay and allowance for members of the uniformed
services; portions of Title 38, U.S.C., related to benefits
administered by the Department of Veterans Affairs; sections of 50
U.S.C. App., related to the selective service obligations and the
Soldiers' and Sailors' Civil Relief Act; Executive Order (E.O.) 9397,
``Numbering System for Federal Accounts Relating to Individual
Persons''; E.O. 10450, ``Security Requirements for Government
Employment''; and E.O. 11140, which delegates the authority to
administer the PHS Commissioned Corps from the President to the
Secretary, HHS.
Purpose(s):
The information is used by the Program Support Center (PSC), DCP,
HHS Operating Divisions and other organizations where commissioned
officers are assigned, to:
1. Determine eligibility for pay, allowances, entitlements,
privileges, and benefits.
2. Determine the eligibility or entitlements of dependents and
beneficiaries for benefits based on the service of a PHS commissioned
officer.
3. Give legal force to personnel transactions and establish
officer rights and obligations under the pertinent laws and
regulations governing the commissioned corps personnel system.
4. Provide information to HHS components seeking to collect an
overdue debt to the Federal government, but only to the extent
necessary to collect that overdue debt.
5. Provide information to the National Directory of New Hires,
the Federal Parent Locator System (FPLS), the Office of Child Support
Enforcement (OCSE) and the Administration for Children and Families,
HHS, for use in locating individuals and identifying their income
sources to establish paternity, establish and modify orders of
support and for enforcement action in accordance with 42 U.S.C. 653.
6. Provide information to the OCSE to verify with the Social
Security Administration the Social Security numbers in connection
with the operation of the FPLS by OCSE.
7. Provide information to the Office of Child Support Enforcement
to release to the Department of the Treasury for purposes of
administering the Earned Income Tax Credit program (Section 32,
Internal Revenue Code of 1986) and verifying a claim with respect to
employment in a tax return.
8. Upon the request of the officer, provide information to
charities, financial organizations, insurance organizations or other
companies for the purposes of contributing to charity, payment of
organizational dues or payment for an organizational benefit (such as
insurance).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be used:
1. To disclose information to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. To the Department of Justice, a court or other tribunal, when
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
3. To disclose information, such as, but not limited to, name,
home address, Social Security Number, earned income, withholding
status, and amount of taxes withheld, to the Department of Treasury
for the following purposes: preparation and issuance of salary,
retired pay, and annuity checks; issuance of U.S. savings bonds;
recording income information; and collection of income taxes.
4. To disclose to State and local government agencies having
taxing authority pertinent records relating to employees, retirees,
and annuitants, including name, home address, Social Security Number,
earned income, and amount of taxes withheld, when these agencies have
entered into tax withholding agreements with the Secretary of
Treasury, but only to those State and local taxing authorities for
which a member, retiree, or annuitant is or was subject to tax,
regardless of whether tax is or was withheld.
5. To disclose to the Social Security Administration pertinent
records relating to employees, retirees, and annuitants, including
name, home address, Social Security Number, earned income, and amount
of taxes withheld.
6. To disclose pertinent information to appropriate Federal,
State, or local agencies; international agencies; or foreign
governments responsible for investigating, prosecuting, enforcing or
implementing statutes, rules, regulations or orders when PSC becomes
aware of evidence of a potential violation of civil or criminal law.
7. When the Department contemplates contracting with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor will be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards.''
8. To disclose information to the Office of Management and Budget
(OMB) at any stage in the legislative coordination and clearance
process in connection with private relief legislation as set forth in
OMB Circular No. A-19, or for budgetary or management oversight
purposes.
9. To respond to interrogatories in the prosecution of a divorce
action or settlement for purposes stated in 10 U.S.C. 1408 (``The
Former Spouses'' Protection Act'').
10. To disclose information about the entitlements and benefits
of a beneficiary of a deceased officer, retiree, or annuitant for the
purpose of making disposition of the estate.
11. To disclose information to the Equal Employment Opportunity
Commission when requested in connection with investigations into
alleged or possible discrimination practices in the Federal sector,
examination of Federal affirmative employment programs, or other
functions vested in the Commission by the President's Reorganization
Plan No. 1 of 1978.
12. To disclose payroll information to authorized officials in
Federal agencies where commissioned officers are assigned, such as
the State Department; the Department of Defense; the Department of
Justice, Bureau of Prisons and the Immigration and Naturalization
Service; the Transportation Department; United States Coast Guard;
the Environmental Protection Agency; the Department of the Interior,
the United States Park Service; and the Commerce Department, National
Oceanic and Atmospheric Administration.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Automated files are stored on disks, microfiche, electronic
medium and magnetic tapes. Nonautomated (hard-copy) files are kept in
offices, and may be stored in shelves, safes, cabinets, bookcases or
desks.
Retrievability:
Alphabetically by name, by PHS serial number and/or by Social
Security Number.
Safeguards:
1. Authorized Users
Automated Records. Access to and use of automated records is
limited to: (1) Personnel employed in the PSC and the Office of the
Surgeon General (OSG)/OS; (2) personnel employed in DCP; (3)
authorized officials in HHS components and organizations where
commissioned officers are assigned whose official duties require such
access; and (4) authorized officials in other Federal agencies, such
as those in routine use 13 above, where commissioned officers are
assigned whose official duties require such access. Automated data is
provided to Department personnel officials to update information
contained in their personnel records and pay, leave and attendance
systems. The Human Resource Service (HRS) provides computer design,
programming and support to DCP, and has access to the data to the
extent necessary to facilitate the provision of these services to
DCP. However, HRS personnel are not authorized to grant access to or
make disclosures from automated data in this system to anyone or any
organization without the written approval of the Director of DCP or
to an official to whom this authority has been delegated.
b. Nonautomated records. Access to and use of nonautomated
records is limited to departmental employees whose official duties
require such access or to individuals needing access to the
information for purposes stated under routine uses. These individuals
are permitted access to records only after they have satisfactorily
identified themselves as having an official need to review the
information and have provided satisfactory proof of their identities.
Access is also granted to individuals who have written permission to
review the record when that permission has been obtained from the
individual to whom the record pertains. All individuals from outside
the Department, to whom disclosure is made pursuant to a routine use,
must complete Privacy Act nondisclosure oaths and must submit written
requests for access to these records showing the name and employing
office of the requester, the date on which the record is requested
and the purpose for reviewing the information in the records. This
written request is then placed into the record.
2. Physical safeguards
a. Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
locks. During nonwork hours, all cabinets, storage facilities, rooms
and offices are locked and the premises are patrolled regularly by
building security forces.
b. Nonautomated records. Nonautomated records are kept in such a
way as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are closed and secured in desk drawers with
locks, filing cabinets with locks, or other security equipment, all
of which are kept inside authorized office space which is locked
whenever it is not in use. Keys to furniture and equipment are kept
only by the individual who is assigned to that furniture or equipment
and by the DCP security officer.
3. Procedural safeguards
a. Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel.
Access codes and passwords are changed on a random schedule. In
addition, programming for automated record allows authorized
personnel to access only those records that are essential to their
duties. Remote access to automated data from remote terminals is
restricted to the PSC, OSG and personnel officials where commissioned
officers are employed. No access is permitted to organizations that
do not have automated personnel record-keeping systems that comply
with Privacy Act requirements.
b. Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways and by the building security force. Official records may not be
removed from the physical boundaries of DCP. When records are needed
at a remote location, copies of the records will be provided. When
copying records for authorized purposes, care is taken to ensure that
any imperfect or extra copies are not left in the copier room where
they can be read, but are destroyed or obliterated.
4. Contractor Guidelines. A contractor who is given records under
routine use 7 must maintain the records in a secured area, allow only
those individuals immediately involved in the processing of the
records to have access to them, prevent any unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured though inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and stated in the contract.
Retention and disposal:
When an officer is separated, records are incorporated into the
OPF and transferred to a Federal Records Center in accordance with
09-40-0001, ``PHS Commissioned Corps General Personnel Records, HHS/
PSC/HRS'' procedures.
When an officer retires from the commissioned corps, a retirement
payment file is generated and maintained in DCP. When the officer
and/or annuitant dies, the file is retained in DCP for 3 years, then
is incorporated into the OPF and transferred to a Federal Records
Center in accordance to 09-40-0001, ``PHS Commissioned Corps General
Personnel Records, HHS/PSC/HRS'' procedures.
System manager(s) and address:
Director, DCP/HRS/PSC, Room 4A-15, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857-0001.
Notification procedure:
Same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. An individual (and/or the individual's
legal representative) seeking access to his/her records may initially
contact the DCP Privacy Act Coordinator for information about
obtaining access to the records. Each individual seeking access will
be required to verify his/her identity to the satisfaction of the DCP
Privacy Act Coordinator. Refusal to provide sufficient proof of
identity will result in denial of the request for access until such
time as proof of identity can be obtained. The System Manager has
authority to release records to authorized officials within DCP, HHS
and other organizations where commissioned officers are assigned.
2. Requests in person. An individual who is the subject of a
record and who appears in person seeking access shall provide his/her
name and at least one piece of tangible identification (e.g., PHS
Commissioned Corps Identification Card, driver's license or
passport). Identification cards with current photograph are required.
The records will be reviewed in the presence of an appropriate DCP
employee, who will answer questions and ensure that the individual
neither removes nor inserts any material into the record without the
knowledge of the DCP employee. If the individual requests a copy of
any records reviewed, the DCP employee will provide them to the
individual. The DCP employee will record the name of the individual
granted access, the date of access, and information about the
verification of identity on a separate log sheet maintained in the
office of the Privacy Act Coordinator, DCP.
3. Requests by mail. Written requests must be addressed to the
System Manager or the DCP Privacy Act Coordinator at the address
shown as the System Location above. All written requests must be
signed by the individual seeking access. A comparison will be made of
that signature and the signature maintained on file prior to release
of the material requested. Copies of the records to which access has
been requested will be mailed to the individual. The original version
of a record will not be released except in very unusual situations
when only the original will satisfy the purpose of the request.
4. When an individual to whom a record pertains is mentally
incompetent or under other legal disability, information in the
individual's records may be disclosed to any person who is legally
responsible for the care of the individual, to the extent necessary
to assure payment of benefits to which the individual is entitled.
5. Requests by phone. Because positive identification of the
caller cannot be established with sufficient certainty, telephone
requests for access to records will not be honored.
6. Accounting of disclosures. An individual who is the subject of
records maintained in this records system may also request an
accounting of all disclosures outside the Department, if any, that
have been made from that individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
From individual officers, applicants, dependents, former spouses
of officers, governmental and private training facilities, health
professional licensing and credentialing organizations, government
officials and employees and from the records contained in the
following systems: 90-40-0001, Public Health Service (PHS)
Commissioned Officer Personnel Records'' HHS/PSC/HRS and 09-40-0010,
Pay, Leave and Attendance Records, HHS/PSC/HRS.
System exempted from certain provision of the act:
None.
09-40-0010
System name:
Pay, Leave and Attendance Records, HHS/PSC/HRS.
Security classification:
None.
System location:
HRS, Personnel and Pay Systems Division, Silver Spring Centre,
Room 1154, 8455 Colesville Road, Silver Spring, Maryland 20910.
FMS, Division of Information Systems and Technology, Room 17-66,
5600 Fishers Lane, Rockville, Maryland 20857.
NIH, Center for Information Technology, 9000 Rockville Pike,
Bethesda, Maryland 20205.
Inactive records: Federal Retirement Record Center, Boyers, PA.
In addition, records are maintained by timekeepers and payroll
liaisons. Contact the System Manager at the location identified below
for specific locations.
Categories of individuals covered by the system:
All employees paid through the Department of Health and Human
Services civilian payroll system.
Categories of records in the system:
This system consists of a variety of records relating to pay,
allowance and leave determinations made about each employee paid
through the HHS civilian payroll system such as employee's name, date
of birth, Social Security Number, home address; employing
organization, pay plan and grade, hours worked, leave, timekeeper
number, income taxes, withholdings and allotments, insurance,
retirement, Thrift Savings Plan, voluntary leave transfer, etc.
Authority for maintenance of the system:
Title 5 U.S. Code, Chapter 55--Pay Administration Title 5 U.S.
Code, Chapter 63--Leave
Purpose(s):
Records in this system are used to:
1. Ensure that each employee in the payroll system receives
proper pay and allowances.
2. Ensure that proper deductions and authorized allotments are
made from employees' pay.
3. Ensure that employees are credited and charged with the proper
amount of sick and annual leave.
4. Provide information to the Federal Parent Locator System
(FPLS), the Office of Child Support Enforcement (OCSE), locating
individuals and identifying their income sources to establish
paternity, establish and modify orders of support and for enforcement
action in accordance with 42 U.S.C. 653.
5. Provide information to OCSE for release to the Social Security
Administration for verifying Social Security Numbers in connection
with the operation of the FPLS.
6. Provide information to OCSE for release to the Department of
Treasury for purpose of administering the Earned Income Tax Credit
Program (section 32, Internal Revenue Code of 1986) and verifying a
claim with respect to employment in a tax return.
7. Provide information to the HHS Voluntary Leave Transfer
Program websites for Departmentwide announcement and produce summary
descriptive statistics and analytical studies in support of the
functions for which the records are collected and maintained and for
related personnel management functions or pay studies, and other
purposes compatible with the intent for which the record system was
created.
8. Provide information to HHS components seeking to collect an
overdue debt owed to the Federal Government, but only to the extent
necessary to collect that overdue debt.
9. Provide Department management with information systems
reports.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Information from these records may be used:
1. To prepare W-2 Forms to submit to the Internal Revenue Service
and to disclose to State and local government agencies having taxing
authority pertinent records relating to employees, including name,
home address, earned income, and amount of taxes withheld.
2. To a Federal, State or local agency maintaining civil,
criminal or other relevant enforcement records or other pertinent
records, such as current licenses, if necessary to obtain a record
relevant to an agency decision concerning the hiring or retention of
an employee, the issuance of a security clearance, the letting of a
contract, or the issuance of a license, grant or other benefit.
3. In the event that this system of records indicates a violation
or potential violation of law, whether civil, criminal or regulatory
in nature, and whether arising by general statute or particular
program statute, or by regulation, rule or order issued pursuant
thereto, the relevant records in the system of records may be
referred, as routine uses to the appropriate agency, whether State or
local, charged with the responsibility of investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation or order issued pursuant thereto.
4. When a contract between a component of the Department and a
labor organization recognized under E.O. 11491 of 5 U.S.C. Chapter 71
provides that the agency will disclose personal records when relevant
and necessary to the labor organization's duties of exclusive
representation concerning personnel policies, practices, and matters
affecting working conditions.
5. To financial organizations designated to receive labor
organizations or management association dues withheld from employees'
pay, in order to account for the amounts withheld.
6. When the Department contemplates that it will contract with a
private firm for the purpose of collating, analyzing, aggregating or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor will be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards.''
7. To disclose to the U.S. Office of Personnel Management that
information that is relevant and necessary to carry out its role as
the oversight agency responsible for promoting the effectiveness of
personnel management and ensuring compliance with personnel laws and
regulations.
8. To disclose to the Merit Systems Protection Board (including
its Office of the Special Counsel) that information that is relevant
and necessary to carry out its role as the oversight agency
responsible for protecting the integrity of Federal merit systems and
the rights of Federal employees working in the systems.
9. To disclose information to the Equal Employment Opportunity
Commission when requested in connection with investigations of
alleged or possible discrimination practices, or other functions
vested in the Commission.
10. To disclose to the Federal Labor Relations Authority
(including the General Counsel of the Authority and the Federal
Service Impasses Panel) that information that is relevant and
necessary to carry out its oversight role for the Federal service
labor-management relations program.
11. To the Department of Labor to make compensation determination
in connection with a claim filed by the employee for compensation on
account of a job-connected injury or disease.
12. To respond to court orders for garnishments of an employee's
pay for alimony or child support.
13. To the Department of Treasury to disclose information such as
name, home address, Social Security Number, earned income,
withholding status, and amount of taxes withheld for the following
purposes: preparation and issuance of salary, retired pay, and
annuity checks; issuance of U.S. Savings Bonds; recording of income
information; and collection of income taxes.
14. To State officers of unemployment compensation in connection
with claims filed by former HHS employees for unemployment
compensation.
15. To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
16. To the Department of Justice, a court or other tribunal when:
(a) HHS, or any component, thereof; or (b) any HHS employee in his or
her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
the United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party to litigation or has interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
17. To disclose pertinent information to appropriate Federal,
State, or local agencies; international agencies; or foreign
governments responsible for investigating, prosecuting, enforcing or
implementing statutes, rules, regulations or orders when PSC becomes
aware of evidence of potential violation of civil or criminal law.
18. To disclose information for the purpose of conducting
computer matching programs designed to reduce fraud, waste and abuse
in Federal, State and local public assistance programs and
operations.
19. To disclose information to other Federal organizations to
collect an overdue debt owed to the Federal Government, but only to
the extent necessary to collect that overdue debt.
20. To publicly recognized charitable organizations for payroll
deductions or when necessary to adjudicate a claim.
21. Provide information to charities, financial organizations at
the request of the employee for the purposes of facilitating an
employee's request for direct deposit or contribution to a charity,
starting or modifying a savings program, etc.
22. To a Federal agency in response to a written request from the
agency head specifying the particular portion desired and the law
enforcement activity for which the record is sought. The request for
the record must be connected with the agency's auditing and
investigative functions designed to reduce fraud, waste and abuse; it
must be based on information which raises questions about an
individual's eligibility for benefits or payments; and it must be
made reasonably soon after the information is received.
23. To respond to court orders when an employee is involved in
garnishment proceedings arising because an employee is involved in a
personal debt collection action.
24. To thrift and savings institutions to adjudicate a claim
under a program, or to conduct analytical studies of benefits being
paid under such programs, provided such disclosure is consistent with
the purpose for which the information was ordinarily collected.
25. To the Federal Thrift Savings Plan to maintain employees
thrift accounts, loans or loan repayment records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Automated records are stored on disks, microfiche, electronic
media, magnetic tapes and on websites. Nonautomated (hard-copy) files
are kept in locked offices, and may be stored in locked shelves,
safes, cabinets, bookcases or desks.
Retrievability:
Records are maintained by pay period and are retrieved by name
and/or Social Security Number and timekeeper number within each pay
period.
Safeguards:
1. Authorized Users
Automated Records. Access to and use of automated records is
limited to: (1) Personnel employed in the PSC and the HHS Operating
Division personnel offices, (2) authorized officials in HHS
components and organizations whose official duties require such
access, and (3) authorized officials in other Federal agencies for
whom the PSC is providing personnel and/or payrolling service.
Nonautomated records. Access to and use of nonautomated records
is limited to departmental employees whose official duties require
such access or to individuals needing access to the information for
purposes stated under routine uses. These individuals are permitted
access to records only after they have satisfactorily identified
themselves as having an official need to review the information and
have provided satisfactory proof of their identities. Access is also
granted to individuals who have written permission to review the
record when that permission has been obtained from the individual to
whom the record pertains. All individuals from outside the
Department, to whom disclosure is made pursuant to a routine use,
must complete Privacy Act nondisclosure oaths and must submit written
requests for access to these records showing the name and employing
office of the requester, the date on which the record is requested
and the purpose for reviewing the information in the record. This
written request is then placed into the record.
2. Physical safeguards
Automated records. Terminals by which automated records are
accessed are kept in offices secured with locks. Automated records on
magnetic tape, disks and other computer equipment are kept in rooms
designed to protect the physical integrity of the records media and
equipment. These rooms are within inner offices to which access is
permitted only with special clearance. Outer offices are secured with
locks.
Nonautomated records. Nonautomated records are kept in such a way
as to prevent observation by unauthorized individuals while the
records are actively in use by an authorized employee. When records
are not in use, they are secured in filing cabinets inside secured
office space which is locked at all times. Access to the office space
requires a key card to enter and access is permitted only to
authorized personnel.
3. Procedural safeguards
Automated records. Automated records are secured by assigning
individual access codes to authorized personnel, and by the use of
passwords for specific records created by authorized personnel.
Access codes and passwords are changed on a random schedule. In
addition, programming for automated record allows authorized
personnel to access only those records that are essential to their
duties. Remote access to automated data from remote terminals is
restricted to the PSC, and OPDIV personnel officials. No access is
permitted to OPDIVs that do not have automated personnel
recordkeeping systems that comply with Privacy Act requirements.
Nonautomated records. All files are secured when employees are
absent from the premises and are further protected by locks on entry
ways. Official records may not be removed from the physical
boundaries of PPSD. When records are needed at a remote location,
copies of the records will be provided. When copying records for
authorized purposes, care is taken to ensure that any imperfect or
extra copies are not left in the copier areas where they can be read,
but are destroyed or obliterated.
4. Contractor Guidelines.
A contractor who is given records under routine use 6 must
maintain the records in a secured area, allow only those individuals
immediately involved in the processing of the records to have access
to them, prevent any unauthorized persons from gaining access to the
records, and return the records to the System Manager immediately
upon completion of the work specified in the contract. Contractor
compliance is assured though inclusion of Privacy Act requirements in
contract clauses, and through monitoring by contract and project
officers. Contractors who maintain records are instructed to make no
disclosure of the records except as authorized by the System Manager
and stated in the contract.
Retention and disposal:
When an employee is separated leave records are incorporated into
the Official Personnel Folder (OPF) maintained by the servicing
personnel office (SPO) and payroll retirement information is
transferred to the Federal Retirement Records Center in Boyers, PA.
The OPF is forwarded to the new employing agency by the SPO. These
procedures are in accordance with U.S. Office of Personnel Management
policies and procedures.
When an employee retires or dies, the employee or his/her
beneficiary receives a payment for his/her annual leave balance and
the retirement information is transferred to the Federal Retirement
Records Center in Boyers, PA. The SPO transfers the OPF to the
Federal Records Center. These procedures are in accordance with U.S.
Office of Personnel Management policies and procedures.
System manager(s) and address:
Director, Personnel and Pay Systems Division, Human Resources
Service, PSC, HHS, Suite 700, 8455 Colesville Road, Silver Spring, MD
20910.
Notification procedure:
The same as Access Procedures. Requesters should also reasonably
specify the record contents being sought.
Record access procedures:
1. General procedures. A subject individual, or parent, or legal
guardian of an incompetent individual, who appears in person at a
specific location seeking access to or disclosure of records relating
to him/her may initially contact his/her agency personnel office or
payroll liaison for information about obtaining access to the
records. Such individuals will be required to verify their identity
to the satisfaction of the agency employee providing access. Refusal
to provide sufficient proof of identity will result in denial of the
request for access until such time as proof of identity can be
obtained.
2. Requests by mail. Written requests must be addressed to the
System Manager or the appropriate Payroll Liaison Representative. A
comparison will be made of that signature and the signature
maintained in a file prior to release of the material request. Copies
of the records to which access has been requested will be mailed to
the individual.
3. Requests by phone. Unless positive identification of the
caller can be established, telephone requests for access to records
will not be honored.
4. Accounting of disclosures. An individual who is the subject of
the records in this system may also request an accounting of all
disclosures outside the Department, if any, that have been made from
the individual's records.
Contesting record procedures:
Contact the System Manager at the address specified under System
Location above and reasonably identify the record. Specify the
information being contested. State the corrective action sought, with
supporting justification, along with information to show how the
record is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
Information is supplied directly by the individual, derived from
information supplied by the individual, or supplied by timekeepers
and other authorized officials.
System exempted from certain provision of the act:
None.
09-40-0011
System name:
Proceedings of the Board for Correction of PHS Commissioned Corps
Records, HHS/PSC/HRS.
Security classification:
None.
System location:
Board for Correction of PHS Commissioned Corps Records, HHS/PSC/
HRS, Room 17A-12, Parklawn Building, 5600 Fishers Lane, Rockville,
Maryland 20857; and Washington National Records Center, 4205 Suitland
Road, Suitland, Maryland 20409. Records also may be located at the
contractor site. The names and addresses of contractors used by the
Board for Correction can be obtained from the System Manager.
Categories of individuals covered by the system:
Commissioned Officers of the PHS Commissioned Corps who appeal to
the Board for Correction, former officers, their spouses and heirs.
Categories of records in the system:
Commissioned Officer case files consisting of requests for
correction of alleged errors or injustices; administrative reports;
case summaries; findings; conclusions; recommendations; Board for
Correction decisions and related documents, including copies of
records from other systems of records as specified under Record
Source Categories below.
Authority for maintenance of the system:
10 U.S.C. 1552 ``Correction of Military Records''; Public Health
Service Act, 42 U.S.C. 213a(a)(12); Executive Order 9397, ``Numbering
System for Federal Accounts Relating to Individual Persons.''
Purpose(s):
This system of records is used:
1. To process appeals from current or former Commissioned
Officers, their spouses and heirs to determine the existence of
alleged errors or injustices resulting from the administration of
laws and regulations.
2. To review and adjudicate these appeals.
3. To disclose the decisions of the Board for Correction to the
Division of Commissioned Personnel (DCP) for appropriate action. The
DCP is not authorized to release copies of original Board for
Correction records without approval by the System Manager.
4. To document all actions and activities of the Board for
Correction.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records may be used to disclose information:
1. To a congressional office from the record of any individual in
response to an inquiry from the congressional office made at the
written request of that individual.
2. To the Department of Justice, a court or other tribunal, when:
(a) HHS, or any component thereof; or (b) Any HHS employee in his or
her official capacity; or (c) Any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
The United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components; is a
party to litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
3. To appropriate Federal, State, or local agencies;
international agencies; or foreign governments responsible for
investigating, prosecuting, enforcing, or implementing statutes,
rules, regulations, or orders, when HHS becomes aware of evidence of
a potential violation of civil or criminal law.
4. To private contractors who record and transcribe tapes of
Board for Correction meetings. Contractors are required to comply
with Privacy Act safeguards and the HHS Privacy Act Regulations with
respect to such records. These safeguards are explained in the
section entitled ``Safeguards.''
5. To properly identified attorneys of subject individuals or
their personally designated representatives, to court-appointed
representatives of mentally incompetent or otherwise legally
handicapped subject individuals and to guardians to the extent
necessary to assure attainment of rights or payment of benefits to
which such individuals would be entitled.
6. To Federal, State or local government agencies (such as those
concerned with disability compensation, health and human services,
hospitals, and legal affairs) or to public interest organizations
(such as the American Red Cross, the American Civil Liberties Union,
Disabled American Veterans, and the Legal Aid Society) when the
subject individual's request for correction will affect the
individual's entitlement to rights or benefits, and when such
agencies may have information which will assist the Board for
Correction in clarifying that entitlement.
7. To authorized experts or consultants in a Federal agency or in
the private sector if the Board for Correction has determined that it
needs such opinions to arrive at an equitable decision concerning the
subject individual's request; or to authorized officials in a Federal
agency if required to facilitate equitable handling of a case, e.g.,
to an EEO official when a complaint is initiated by a PHS
commissioned officer, to ensure that the same complaint has not
already been decided through the Board for Correction process. All
consultants, experts and Federal officials are required to comply
with Privacy Act safeguards and the HHS Privacy Act Regulations with
respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
File folders, computerized records, disks and microfiche.
Retrievability:
Last name and case number.
Safeguards:
1. Authorized Users: The System Manager and/or the Executive
Secretary of the Board for Correction will control access to the
data. Additional authorized personnel having access to the data are:
(1) The Executive Director of the Board for Correction; (2)
Designated clerical support staff in the offices of the System
Manager and the Executive Secretary; (3) Board for Correction members
on a need-to-know basis; and (4) Experts, consultants or private
contractors when approved by the System Manager.
2. Physical Safeguards: Automated records. Automated records are
stored on personal computers which require passwords for access, or
on disks, and are located in offices with locks. During nonwork
hours, all cabinets, storage facilities and offices are locked and
the premises are patrolled regularly by building security forces.
Nonautomated records. When records are not in use they are stored in
filing cabinets with locks located in an inner office occupied during
working hours and locked at all other times.
3. Procedural Safeguards: Authorized personnel are trained to
comply with provisions of the Privacy Act and the HHS Privacy Act
Regulations. Records are transmitted in sealed envelopes and are
identified as confidential material. When copying records for
authorized purposes, care is taken to ensure that no imperfect or
extra pages are left in the copier room. These pages are disposed of
by shredding.
4. Contractor Guidelines: Contractor compliance is assured
through inclusion of privacy requirements in contract clauses, and
through monitoring by contract and project officers. A contractor who
is given records must maintain the records in a secured area, allow
only those individuals immediately involved in the processing of the
records to have access to them, prevent unauthorized persons from
gaining access to the records, caution employees about the
confidentiality of the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractors are instructed to make no disclosure of the
records except as authorized by the System Manager.
Retention and disposal:
Original records are retained at the System Location either for
one year after the Board for Correction's recommendation for
favorable decision is upheld by the approving official, or for three
years after the approval of the Board for Correction's recommendation
for denial of an appeal, whichever applies to the final disposition
of a case. The records are then transferred to the Washington
National Records Center (WNRC) and are destroyed by the WNRC after 20
years.
System manager(s) and address:
Executive Director of the Board for Correction of PHS
Commissioned Corps Records, Room 17-21, Parklawn Building, 5600
Fishers Lane, Rockville, Maryland 20857.
Notification procedures:
Same as Access Procedures. The requester is required to specify
reasonably the contents of the records being sought.
Record access procedures:
To determine whether information about themselves is contained in
this system, the subject individual should contact the System Manager
at the above address.
A subject individual who appears in person is required to provide
his/her name and at least one piece of tangible identification (e.g.,
PHS Commissioned Corps Identification Card, driver's license, Social
Security card, or discharge or separation papers).
An individual making a written inquiry is required to sign the
request mailed to the System Manager. The signature given is compared
with the signature on file prior to release of the material
requested.
If the subject individual is represented by an attorney, other
than the one shown on the application to the Board for Correction, it
is necessary to have in the case file a dated letter signed by the
subject individual giving the name of the attorney and stating that
he/she has been authorized access to the case file. If the subject
individual is represented by another person, it is necessary to have
in the case file a dated letter signed by the individual giving the
name of the representative and stating that he/she has been
authorized access to the case file. In both instances, the person
representing the subject individual would be required to present
documentation identifying him/herself as being the person mentioned
in the application or in a letter on file with the Board for
Correction.
If the subject individual is judged to be mentally incompetent to
handle his/her personal affairs, a court order should be issued to
that effect. The person identifying him/herself as representing the
subject individual in this circumstance is required to present a copy
of the court order and to personally identify him/herself as being
the person identified in the order.
If the subject individual is physically incapacitated, a medical
statement certifying to the physical disability is required, signed
and dated by a licensed physician. The person presenting this
statement is required to personally identify him/herself and provide
documentation of his/her relationship to the subject individual
(e.g., marriage license, birth certificate, etc.).
If the subject individual is deceased, proof of death is
required, signed and dated by the appropriate certifying agency of
the Federal Government. The person presenting this document is
required to personally identify him/herself and provide documentation
of his/her relationship to the deceased (e.g., marriage license,
birth certificate, etc.).
If a determination is made that the material sought contains
medical information that is likely to have an adverse effect on
either the subject individual or the determination of his/her
request, the requester (whether the subject individual, his/her
personal representative, an attorney other than the one shown on the
application to the Board for Correction, a court appointed
representative, or a guardian) shall be asked to designate in writing
a physician or other health professional who is willing to review the
material and inform the requester of its contents, at the discretion
of the health professional. The person designated to evaluate the
medical information must provide proof that he/she is duly authorized
by the requester to review the material.
An individual who is the subject of the records maintained in
this records system may request an accounting of disclosures that
have been made of his/her records, if any.
Contesting record procedures:
If access has been granted, the requester shall contact the
System Manager above, reasonably identify the records, specify the
information being contested, and state the corrective action sought,
with supporting documentation, to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Records are obtained from applicants; reports of findings and
recommendations made by Board for Correction members; Board for
Correction decisions; supervisors; private and Government physicians;
hospitals and clinics rendering treatment; investigative reports;
death certificates and reports of death; survivors and executors of
estates; private and Government agency reports of service delivery,
compensation, disability and legal opinions; and records contained in
systems 09-40-0001, Public Health Service (PHS) Commissioned Corps
General Personnel Records, HHS/PSC/HRS; 09-40-0002, Public Health
Service (PHS) Commissioned Officer Medical Records, HHS/PSC/HRS; 09-
40-0003, Public Health Service (PHS) Commissioned Corps Board
Proceedings, HHS/PSC/HRS; 09-40-0004, Public Health Service (PHS)
Commissioned Corps Grievance, Investigatory and Disciplinary Files,
HHS/PSC/HRS; 09-40-0005, Public Health Service (PHS) Beneficiary-
Contract Medical/Health Care Records, HHS/PSC/HRS; and 09-40-0006,
Public Health Service (PHS) Commissioned Corps Payroll Records, HHS/
PSC/HRS.
System exempted from certain provisions of the act:
None.
09-40-0012
System name:
Debt Management and Collection System, HHS/PSC/FMS.
Security classification:
None.
System location:
Division of Financial Operations, Financial Management Service,
Program Support Center, Room 2B-40, Parklawn Building, 5600 Fishers
Lane, Rockville, 20857.
Division of Accounting, Food and Drug Administration, Room 11-41,
Parklawn Building, 5600 Fishers Lane, Rockville, MD 20857.
Division of State Legislation and Repatriation, Administration
for Children and Families, Aerospace Building, 370 L'Enfant
Promenade, SW, Washington, DC 20447.
Division of Health Professions Support, Indian Health Service,
Twinbrook Metro Plaza Building, Suite 100, 12300 Twinbrook Parkway,
Rockville, MD 20850.
Division of Financial Management, Substance Abuse and Mental
Health Services Administration, Room 16C-05, Parklawn Building, 5600
Fishers Lane, Rockville, MD 20857.
Division of Commissioned Personnel, Human Resources Service,
Program Support Center, Room 4A-15, Parklawn Building, 5600 Fishers
Lane, Rockville, MD 20857.
Personnel and Pay Systems Division, Human Resources Service,
Program Support Center, 8455 Colesville Road, Suite 700, Silver
Spring, MD 20910.
Division of Student Assistance, Bureau of Health Professions,
Health Resources and Services Administration, Room 8-22, Parklawn
Building, 5600 Fishers Lane, Rockville, MD 20857.
Division of Scholarships and Loan Repayments, Bureau of Primary
Health Care, Health Resources and Services Administration, 10th
Floor, East/West Towers, 4350 East-West Highway, Bethesda, MD 20814.
Division of Accounting, Health Care Financing Administration,
Room C3-09-17, 7500 Security Blvd., Baltimore, MD 21244.
Division of Financial Management, National Institutes of Health,
Building 31, Room B1B63, 9000 Rockville Pike, Bethesda, MD 20892.
Financial Management Office, Centers for Disease Control and
Prevention, Room 3149, 1600 Clifton Road, Atlanta, GA 30333.
Washington National Records Center, 4205 Suitland Road,
Washington, DC 20409.
Names and addresses of contractors given information under
routine use 17 can be obtained from the System Manager at the
location identified below.
Categories of individuals covered by the system:
1. Individuals owing monies to HHS Operating Divisions or other
Federal entities for which PSC provides debt collection services.
2. Individuals owing monies include, but are not limited to,
students and health care professionals who have received student
loans, scholarships, traineeships, or grant funds under Titles III,
VII, and VIII of the Public Health Service Act, as amended, and who
are delinquent in repaying either loans or funds owed in lieu of a
service obligation under such programs.
3. Repatriates owing repayment of funds loaned to them by the
United States.
4. Individuals owing repayment for services rendered such as
Freedom of Information Act requests and queries associated with the
National Practitioner Data Bank, and Health Care Integrity and
Protection Data Bank queries.
5. Current and separated HHS employees who have incurred payroll
debts.
Categories of records in the system:
Categories of records in this system include records such as:
Name; taxpayer identification number and/or Social Security Number;
address; amount of debt; rate of interest; account and repayment
history and status; discipline/specialty; lending institutions; and
invoice number.
Authority for maintenance of the system:
Debt Collection Act of 1982 (Pub. L. 97-365), as amended; and
Debt Collection Improvement Act of 1996 (Pub. L. 104-134), as
amended.
Purpose(s):
The purpose of the system is:
1. To reduce the amount of outstanding debts owed to the Federal
Government.
2. To protect the programmatic and financial integrity of Federal
funds paid or awarded to individuals.
3. To be used by other components within HHS to facilitate debt
management activities.
4. To be used for developing both regulatory and ad hoc
management reports relating to debt collection activities.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records may be disclosed:
1. To a congressional office in response to an inquiry from the
congressional office made at the written request of that individual.
2. To authorized persons employed at educational institutions
where the recipient received a loan, scholarship, or grant. The
purpose of this disclosure is to assist institutions in identifying
delinquent borrowers and to enforce the conditions and terms of such
loans, scholarships and grants.
3. To the Department of Justice, or to a court or other tribunal,
when: (a) HHS, or any component thereof; or (b) any HHS employee in
his or her official capacity; or (c) any HHS employee in his or her
individual capacity where the Department of Justice (or HHS, where it
is authorized to do so) has agreed to represent the employee; or (d)
The United States or any agency thereof where HHS determines that the
litigation is likely to affect HHS or any of its components, is a
party of litigation or has an interest in such litigation, and HHS
determines that the use of such records by the Department of Justice,
the court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case, HHS
determines that such disclosure is compatible with the purpose for
which the records are collected.
4. To the General Accounting Office, the HHS Inspector General's
Office, private auditing firms, and to the Office of Management and
Budget for auditing financial obligations to determine compliance
with programmatic, statutory, and regulatory provisions.
5. To a consumer reporting agency (credit bureau) to obtain a
commercial credit report for the following purposes:
a. To establish creditworthiness of a loan/grant/scholarship/
traineeship applicant; and
b. To assess and verify the ability of a debtor to repay debts
owed to the Federal Government.
Disclosures are limited to the individual's name, address, Social
Security Number and other information necessary to identify him/her;
the funding being sought or amount and status of the debt; and the
program under which the application or claim is being processed.
6. To debt collection agents, other Federal agencies, and other
third parties who are authorized to collect a Federal debt,
information necessary to identify a delinquent debtor. Disclosure
will be limited to the debtor's name, address, Social Security
Number, and other information necessary to identify him/her; the
amount, status, and history of the claim; and the agency or program
under which the claim arose.
7. To any third party that may have information about a
delinquent debtor's current address, such as a U.S. post office, a
State motor vehicle administration, a professional organization, an
alumni association, etc., for the purpose of obtaining the debtor's
current address. This disclosure will be limited to information
necessary to identify the individual.
8. To the Defense Manpower Data Center, Department of Defense, to
conduct matching programs for the purpose of identifying and locating
individuals who are receiving Federal salaries or certain benefit
payments resulting from Federal employment and are delinquent in
their repayment of debts owed to the U.S. Government. The PSC will
disclose this information in an effort to collect the debts by
administrative or salary offset under the provisions of the Debt
Collection Act of 1982 and the Debt Collection Improvement Act of
1996.
9. To the United States Postal Service to conduct matching
programs for the purpose of identifying and locating individuals who
are receiving Federal salaries or certain benefit payments resulting
from Federal employment and are delinquent in their repayment of
debts owed to the U.S. Government. The PSC will disclose this
information in an effort to collect the debts by administrative or
salary offset, under the provisions of the Debt Collection Act of
1982 and the Debt Collection Improvement Act of 1996.
10. To the following entities to help collect a debt owed:
a. To the Treasury Department or another Federal agency in order
to effect an administrative offset under common law or under 31
U.S.C. 3716 (withholding from money payable to or held on behalf of
the individual); and
b. To debt collection agents or contractors under 31 U.S.C. 3718
or under common law to help collect a past due amount or locate or
recover debtors' assets.
11. The PSC will disclose from this system of records a
delinquent debtor's name, address, Social Security Number, and other
information necessary to identify him/her; the amount, status, and
history of the claim; and the agency or program under which the claim
arose, as follows:
a. To another Federal agency so that agency can effect a salary
offset for debts owed by Federal employees; if the claim arose under
the Social Security Act, the employee must have agreed in writing to
the salary offset;
b. To another Federal agency so that agency can effect an
authorized administrative offset; i.e., withhold money payable to or
held on behalf of debtors other than Federal employees; and
c. To the Department of Treasury, Internal Revenue Service to
request a debtor's current mailing address to locate him/her for
purposes of either collecting or compromising a debt, or to have a
commercial credit report prepared.
12. In the event that a system of records maintained by this
agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule or order issued pursuant thereto, the relevant
records in the system of records may be referred to the appropriate
agency, whether Federal, State or local, charged with enforcing or
implementing the statute, rule, regulation, or order.
13. To the Department of the Treasury, Internal Revenue Service,
as taxable income, the written-off amount of a debt owed by an
individual to the Federal Government when a debt becomes partly or
wholly uncollectible--either because the time period for collection
under the statute of limitations has expired, or because the
Government agrees to forgive or compromise the debt.
14. To the Treasury Department or to an agency operating a Debt
Collection Center designated by the Treasury Department in order to
collect past due amounts.
15. If PSC or an agency to which PSC provides debt collection
services decides to sell a debt pursuant to 31 U.S.C. section
3711(I), a record from the system may be disclosed to purchasers,
potential purchasers, and contractors engaged to assist in the sale
or to obtain information necessary for potential purchasers to
formulate bids and information necessary for purchasers to pursue
collection remedies.
16. Pursuant to 31 U.S.C. Section 3720E, or specific program
regulations, PSC may publish or otherwise publicly disseminate
information regarding the identity of a delinquent debtor and the
existence of the debt.
17. When the Department contemplates contracting with a private
firm for the purpose of collating, analyzing, aggregating, or
otherwise refining records in this system, relevant records will be
disclosed to such a contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records. These
safeguards are explained in the section entitled ``Safeguards.''
Disclosure to consumer reporting agencies:
Disclosure pursuant to 5 U.S.C. 552a(b)(12): Disclosures may be
made from this system to ``consumer reporting agencies'' as defined
in the Fair Credit Reporting Act (15 U.S.C. 158a(f) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) and the Debt
Collection Improvement Act of 1996 (Pub. L. 104-134). The purposes of
these disclosures are: (1) To provide an incentive for debtors to
repay delinquent Federal Government debts by making these debts part
of their credit records, and (2) to enable HHS to improve the quality
of loan and scholarship decisions by taking into account the
financial reliability of applicants. Disclosure of records will be
limited to the individual's name, Social Security Number, and other
information necessary to establish the identity of the individual,
the amount, status, and history of the claim, and the agency or
program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders, ledgers, magnetic tapes,
electronic media and diskettes.
Retrievability:
Records are retrieved by name, Social Security Number, taxpayer
identification number and account number.
Safeguards:
1. Authorized Users: Employees and officials directly responsible
for programmatic or fiscal activity, including administrative and
staff personnel, financial management personnel, computer personnel,
and managers who have responsibilities for implementing programs
funded by Operating Divisions or agencies served by PSC.
2. Physical Safeguards: File folders, reports and other forms of
data, and electronic diskettes are stored in areas where fire and
life safety codes are strictly enforced. All documents and diskettes
are protected during lunch hours and nonduty hours in locked file
cabinets or locked storage areas. Magnetic tapes and computer
matching tapes are locked in a computer room and tape vault.
3. Procedural Safeguards: All authorized users protect
information from public view and from unauthorized personnel entering
an office.
4. Technical Safeguards: PSC conducts regular reviews of computer
access to the automated system by reviewing listings of employees who
have access to the system via terminal entry. All personal computers
having forte boards with modems are protected. Access is limited by
use of IDs and passwords. PSC utilizes a Resource Access Control
Facility program product which provides systems security, resource
access control, auditability and accountability and administrative
control.
Contractor Guidelines: A contractor who is given records under
routine use 17 must maintain the records in a secured area, allow
only those individuals immediately involved in the processing of the
records to have access to them, prevent any unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured through inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and stated in the contract.
Retention and disposal:
Records are retained by the responsible organizations listed
under ``System Location'' until completion of the repayment of the
debt. The records are then sent to the Federal Records Center for a
retention period of six years and three months, and are subsequently
disposed of in accordance with National Archives and Records
Administration standard disposal practices.
System manager(s) and address:
Chief, Debt Management Branch, Division of Financial Operations,
Financial Management Service, Program Support Center, Parklawn
Building, Room 2B40, 5600 Fishers Lane, Rockville, MD 20857.
Notification procedure:
To find out if the system contains records about you, contact the
System Manager at the above address.
Requests in person: A subject individual, or parent, or legal
guardian of an incompetent individual, who appears in person at a
specific location seeking access to or disclosure of records relating
to him/her shall provide his/her name, current address, and at least
one piece of tangible identification such as driver's license,
passport, voter registration card, or union card. Identification
papers with current photographs are preferred but not required. If a
subject individual has no identification but is personally known to
an agency employee, such employee shall make a written record
verifying the subject individual's identity. Where the subject
individual has no identification papers, the responsible agency
official shall require that the subject individual certify in writing
that he/she is the individual who he/she claims to be and that he/she
understands that the knowing and willful request or acquisition of a
record concerning an individual under false pretenses is a criminal
offense subject to a fine. In addition, the following information is
needed: (1) The name of the assistance program that he/she
participated in, (2) dates of enrollment in the program, and (3)
school(s) of attendance.
Requests by mail: Written requests must be addressed to the
System Manager and must contain the name and address of the
requester, his/her date of birth, and either his/her notarized
signature to verify his/her identity, or a written certification that
the requester is who he/she claims to be and understands that the
known and willful request or acquisition of records concerning an
individual under false pretenses is a criminal offense subject to a
fine. In addition, the following information is needed: The name of
the assistance program that he/she participated in and, for student
assistance programs, dates of enrollment in the program, and
school(s) of attendance.
In addition, be informed that provision of the Social Security
Number may assist in the verification of your identity as well as the
identification of your record. Providing your Social Security Number
is voluntary and you will not be refused access to your record for
failure to disclose your Social Security Number.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Record access procedures:
Same as notification procedures. Requesters should provide a
reasonable description of the record being sought. Requesters may
also request an accounting of disclosures that have been made of
their records, if any.
Contesting record procedures:
Contact the System Manager, provide a reasonable description of
the record, specify the information being contested, the corrective
action sought, and the reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Individuals whose records are contained in the system; Federal
agencies, including but not limited to all Operating Divisions of the
Department of Health and Human Services and the Department of the
Treasury; credit reporting agencies; lending institutions;
professional associations; schools of higher education; and Federal
and State courts.
System exempted from certain provision of the act:
None.
09-40-0013
System name:
PSC Parking Program and PSC Transhare Program Records, HHS/PSC/
AOS.
Security classification:
None.
System location:
Division of Property Management, Administrative Operations
Service, Program Support Center, Room 5B-07, Parklawn Building, 5600
Fishers Lane, Rockville, MD 20857.
Categories of individuals covered by the system:
Current HHS employees and others who use Parklawn Building
parking facilities; HHS employees who apply for and participate in
the PSC Transhare Program.
Categories of records in the system:
This system contains records relating to the administration of
the parking permit system and the PSC Transhare Program for the
Parklawn Building complex. The records include information such as
name; pay plan; grade level; employing organization; building and
room; duty hours and location; name of supervisor; home address;
office telephone number; assigned parking space number; vehicle
information, i.e., tag number and State; make and model of car;
physician's statement in support of handicapped parking assignments
and query to supervisors in support of handicapped parking
assignments, where applicable; Transhare commuter card number,
commute mode to work; and type of fare media used.
Authority for maintenance of the system:
The Federal Property and Administrative Services Act of 1949, as
amended; and, Pub. L. 101-509 section 629, as amended, (5 U.S.C.
7905, ``Programs to encourage commuting by means other than single-
occupancy motor vehicles'').
Purpose(s):
These records are used to:
1. Administer the parking program at the Parklawn Building
complex.
2. Manage the PSC Transhare Program, including receipt and
processing of employee applications, and coordination of the fare
media distribution to employees.
3. Monitor the use of funds used to support the PSC Transhare
Program.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
These records or information from these records may be used:
1. To disclose pertinent information to appropriate city, county,
State and Federal law enforcement agencies responsible for
investigating, prosecuting, enforcing, or implementing statutes,
rules, regulations or orders, when HHS becomes aware of evidence of a
potential violation of civil or criminal law.
2. To disclose information to a congressional office from the
record of an individual in response to a verified inquiry from that
congressional office made at the written request of that individual.
3. To disclose information to the Department of Justice, a court
or other tribunal, when: (a) HHS, or any component thereof; or (b)
any HHS employee in his or her official capacity; or (c) any HHS
employee in his or her individual capacity where the Department of
Justice (or HHS where it is authorized to do so) has agreed to
represent the employee; or (d) The United States or any agency
thereof where HHS determines that the litigation is likely to affect
HHS or any of its components, is a party to litigation or has
interest in such litigation, and HHS determines that the use of such
records by the Department of Justice, the court or other tributnal is
relevant and necessary to the litigation and would help in the
effective representation of the governmental party, provided,
however, that in each case HHS determines that such disclosure is
compatible with the purpose for which the records are collected.
4. When HHS contemplates contracting with a private firm for the
purpose of collating, analyzing, aggregating, or otherwise refining
records in this system, relevant records will be disclosed to such a
contractor. The contractor will be required to maintain Privacy Act
safeguards with respect to such records. These safeguards are
explained in the section entitled ``Safeguards.''
5. To disclose information to officials of labor organizations
recognized under 5 U.S.C. Chapter 71 when relevant and necessary to
their duties of exclusive representation, concerning personnel
policies, practices, and matters affecting working conditions.
6. Disclosure may be made to organizations deemed qualified by
the Secretary to carry out quality assessments or utilization review.
Policies and practices for storing, retrieving, accessing,
retaining and disposing of records in the system:
Storage:
These records are maintained in file folders, cabinets, on disks
and in an automated data base.
Retrievability:
These records are retrieved by the name, parking space number,
permit number, address, vehicle information and PSC Transhare
commuter card number of the individuals on whom they are maintained.
Safeguards:
1. Authorized Users: Data on computer files is accessed by
authorized users who are PSC employees and who are responsible for
implementing the program.
2. Physical Safeguards: Rooms where records are stored are locked
when not in use. During regular business hours, rooms are unlocked
but are controlled by on-site personnel.
3. Procedural and Technical Safeguards: A password is required to
access the terminal, and a data set name controls the release of data
to only authorized users. All users of personal information in
connection with the performance of their jobs (see Authorized Users
above) protect information from public view and from unauthorized
personnel entering an unsupervised office.
4. Contractor Guidelines. A contractor who is given records under
routine use 4 must maintain the records in a secured area, allow only
those individuals immediately involved in the processing of the
records to have access to them, prevent unauthorized persons from
gaining access to the records, and return the records to the System
Manager immediately upon completion of the work specified in the
contract. Contractor compliance is assured through inclusion of
Privacy Act requirements in contract clauses, and through monitoring
by contract and project officers. Contractors who maintain records
are instructed to make no disclosure of the records except as
authorized by the System Manager and as stated in the contract.
Retention and disposal:
Parking records are maintained for varying periods of time, in
accordance with NARA General Records Schedule 11 (parking permits).
Disposal of manual records is by shredding; electronic data is
erased.
PSC Transhare records are retained for a maximum of two years
following the last month of an employee's participation in the PSC
Transhare Program. Paper copies are destroyed by shredding. Computer
files are destroyed by deleting the record from the file.
System manager(s) and address:
Office Manager, Parking and Information Office, Building
Management Branch, Division of Property Management, Administrative
Operations Service, PSC, Room 5B-07, 5600 Fishers Lane, Rockville, MD
20857.
Notification procedures:
Same as Access Procedures. The requester is required to specify
reasonably the contents of the records being sought.
Record access procedures:
To determine whether information about themselves is contained in
this system, the subject individual should contact the System Manager
at the above address. The requester must also verify his or her
identity by providing either a notarization of the request or a
written certification that the requester is who he or she claims to
be. Individuals must provide the following information for their
records to be located and identified: (a) Full name, (b) parking
space number (if appropriate); (c) vehicle license number (if
appropriate) and (d) for the PSC Transhare Program, the requester
must provide the commuter card number and the dates of participation
in the Program. The requester must also understand that the knowing
and willful request for acquisition of a record pertaining to an
individual under false pretenses is a criminal offense subject to a
fine. An individual who is the subject of records maintained in this
records system may also request an accounting of disclosures that
have been made of his or her records.
Requests by telephone: Since positive identification of the
caller cannot be established, telephone requests are not honored.
Contesting record procedures:
Contact the System Manager specified above and reasonably
identify the record, specify the information to be contested, the
corrective action sought, and your reasons for requesting the
correction, along with supporting information to show how the record
is inaccurate, incomplete, untimely or irrelevant.
Record source categories:
Records are developed from information supplied by applicants
and, for handicapped parking assignments, by physicians and
supervisors.
Sysems exempted from certain provisions of the act:
None.
HEALTH AND HUMAN SERVICES DEPARTMENT
Title 21-Food and Drugs
Chapter I-Food and Drug Administration, Department of Health and Human
Services
PART 21--PROTECTION OF PRIVACY
Subpart A--General Provisions
Sec.
21.1 Scope.
21.3 Definitions.
21.10 Policy concerning records about individuals.
Subpart B--Food and Drug Administration Privacy Act Record Systems
21.20 Procedures for notice of Food and Drug Administration Privacy Act
Record Systems.
21.21 Changes in systems and new systems.
Subpart C--Requirements for Specific Categories of Records
21.30 Records of contractors.
21.31 Records stored by the General Services Administration and
archival records.
21.32 Personnel records.
21.33 Medical records.
Subpart D--Procedures for Notification of and Access to Records in
Privacy Act Record Systems
21.40 Procedures for submitting requests for notification and access.
21.41 Processing of requests.
21.42 Responses to requests.
21.43 Access to requested records.
21.44 Verification of identity.
21.45 Fees.
Subpart E--Procedures for Requests for Amendment of Records
21.50 Procedures for submitting requests for amendment of records.
21.51 Responses to requests for amendment of records.
21.52 Administrative appeals of refusals to amend records.
21.53 Notation and disclosure of disputed records.
21.54 Amended or disputed records received from other agencies.
Subpart F--Exemptions
21.60 Policy.
21.61 Exempt systems.
21.65 Access to records in exempt systems.
Subpart G--Disclosure of Records in Privacy Act Record Systems to
Persons Other Than the Subject Individual
21.70 Disclosure and intra-agency use of records in Privacy Act Record
Systems; no accounting required.
21.71 Disclosure of records in Privacy Act Record Systems; accounting
required.
21.72 Individual consent to disclosure of records to other persons.
21.73 Accuracy, completeness, timeliness, and relevance of records
disclosed from Privacy Act Record Systems.
21.74 Providing notice that a record is disputed.
21.75 Rights of legal guardians.
Authority :Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)); 5 USC 552a;
21 CFR 5.10.
Source: 42 FR 15626, Mar. 22, 1977, unless otherwise noted.
Subpart A--General Provisions
Sec. 21.1 Scope.
(a) This part establishes procedures to implement the Privacy Act of
1974 (5 U.S.C. 552a). It applies to records about individuals that are
maintained, collected, used, or disclosed by the Food and Drug
Administration and contained in Privacy Act Record Systems.
(b) This part does not:
(1) Apply to Food and Drug Administration record systems that are not
Privacy Act Record Systems or make available to an individual records
that may include references to him but that are not retrieved by his
name or other personal identifier, whether or not contained in a Privacy
Act Record System. Part 20 of this chapter (the public information
regulations) and other regulations referred to therein determine when
records are made available in such cases.
(2) Make any records available to persons other than (i) individuals
who are the subjects of the records, (ii) persons accompanying such
individuals under Sec. 21.43, (iii) persons provided records pursuant to
individual consent under Sec. 21.72, or (iv) persons acting on behalf of
such individuals as legal guardians under Sec. 21.75. Part 20 of this
chapter (the public information regulations) and other regulations
referred to therein determine when Food and Drug Administration records
are disclosable to members of the public generally. Subpart G of this
part limits the provisions of Part 20 of this chapter with respect to
disclosures of records about individuals from Privacy Act Record Systems
to persons other than individuals who are the subjects of the records.
(3) Make available information compiled by the Food and Drug
Administration in reasonable anticipation of court litigation or formal
administrative proceedings. The availability of such information to any
member of the public, including any subject individual or party to such
litigation or proceeding shall be governed by applicable constitutional
principles, rules of discovery, and Part 20 of this chapter (the public
information regulations).
(4) Apply to personnel records maintained by the Division of Personnel
Management, Food and Drug Administration, except as provided in
Sec. 21.32. Such records are subject to regulations of the Office of
Personnel Management in 5 CFR Parts 293, 294, and 297.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8457, Jan. 27, 1981]
Sec. 21.3 Definitions.
As used in this part:
(a) ``Individual'' means a natural living person who is a citizen of
the United States or an alien lawfully admitted for permanent residence.
Individual does not include sole proprietorships, partnerships, or
corporations engaged in the production or distribution of products
regulated by the Food and Drug Administration or with which the Food and
Drug Administration has business dealings. Any such business enterprise
that is identified by the name of one or more individuals is not an
individual within the meaning of this part. Employees of regulated
business enterprises are considered individuals. Accordingly, physicians
and other health professionals who are engaged in business as
proprietors of establishments regulated by the Food and Drug
Administration are not considered individuals; however, physicians and
other health professionals who are engaged in clinical investigations,
employed by regulated enterprises, or the subjects of records concerning
their own health, e.g., exposure to excessive radiation, are considered
individuals. Food and Drug Administration employees, consultants, and
advisory committee members, State and local officials, and consumers are
considered individuals.
(b) ``Records about individuals'' means items, collections, or
groupings of information about individuals contained in Privacy Act
Record Systems, including, but not limited to education, financial
transactions, medical history, criminal history, or employment history,
that contain names or personal identifiers.
(c) ``Privacy Act Record System'' means a system of records about
individuals under the control of the Food and Drug Administration from
which information is retrieved by individual names or other personal
identifiers. The term includes such a system of records whether subject
to a notice published by the Food and Drug Administration, the
Department, or another agency. Where records are retrieved only by
personal identifiers other than individual names, a system of records is
not a Privacy Act Record System if the Food and Drug Administration
cannot, by reference to information under its control, or by reference
to records of contractors that are subject to this part under
Sec. 21.30, ascertain the identity of individuals who are the subjects
of the records.
(d) ``Personal identifiers'' includes individual names, identifying
numbers, symbols, or other identifying designations assigned to
individuals. ``Personal identifiers'' does not include names, numbers,
symbols, or other identifying designations that identify products,
establishments, or actions.
(e) ``Personnel records'' means any personal information maintained in
a Privacy Act Record System that is needed for personnel management
programs or processes such as staffing, employee development,
retirement, and grievances and appeals.
(f) ``Department'' means Department of Health and Human Services.
Sec. 21.10 Policy concerning records about individuals.
Information about individuals in Food and Drug Administration records
shall be collected, maintained, used, and disseminated so as to protect
the right to privacy of the individual to the fullest possible extent
consistent with laws relating to disclosure of information to the
general public, the law enforcement responsibilities of the agency, and
administrative and program management needs.
Subpart B--Food and Drug Administration Privacy Act Record Systems
Sec. 21.20 Procedures for notice of Food and Drug Administration
Privacy Act Record Systems.
(a) The Food and Drug Administration shall issue in the Federal
Register on or before August 30 of each year a notice concerning each
Privacy Act Record System as defined in Sec. 21.3(c) that is not covered
by a notice published by the Department, the Office of Personnel
Management, or another agency.
(b) The notice shall include the following information:
(1) The name and location(s) of the system.
(2) The categories of individuals about whom records are maintained in
the system.
(3) The categories of records maintained in the system.
(4) The authority for the system.
(5) Each routine use of the records contained in the system (i.e., use
outside the Department of Health and Human Services that is compatible
with the purpose for which the records were collected and described in
the notice) including the categories of users and the purposes of such
use.
(6) The policies and practices of the Food and Drug Administration
regarding storage, retrievability (i.e., how the records are indexed and
what intra-agency uses are made of the records), access controls,
retention, and disposal of the records in that system.
(7) The title and business address of the official who is responsible
for the system of records.
(8) The notification procedure, i.e., the address of the FDA Privacy
Act Coordinator, whom any individual can contact to seek notification
whether the system contains a record about him/her.
(9) The record access and contest procedures, which shall be the same
as the notification procedure except that a reference shall be included
to any exemption from access and contest.
(10) Where any records in the system are subject to an exemption under
Sec. 21.61, a reference to this exemption.
(11) The categories of sources of records in the system.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8457, Jan. 27, 1981]
Sec. 21.21 Changes in systems and new systems.
(a) The Food and Drug Administration shall notify the designated
Department official, the Office of Management and Budget (Information
Systems Division), and the Congress of proposals to change or establish
Privacy Act Record Systems in accordance with procedures of the
Department and the Office of Management and Budget.
(b) The Food and Drug Administration shall issue a notice, in
accordance with paragraph (d) of this section and Sec. 21.20(b), of any
change in a Privacy Act Record System which:
(1) Increases the number or types of individuals about whom records
are maintained;
(2) Expands the type or amount of information about individuals that
is maintained;
(3) Increases the number of categories of agencies or other persons
who may have access to those records;
(4) Alters the manner in which the records are organized so as to
change the nature or scope of those records, such as the combining of
two or more existing systems;
(5) Modifies the way in which the system operates or its location(s)
in a manner that alters the process by which individuals can exercise
their rights under this part, such as the ways in which they seek access
or request amendment of a record; or
(6) Changes the equipment configuration on which the system is
operated so as to create the potential for greater access, such as
adding a telecommunications capability.
(c) The Food and Drug Administration shall issue a notice of its
intention to establish new Privacy Act Record Systems in accordance with
paragraph (d) of this section and Sec. 21.20(b).
(d) Notices under paragraphs (b) and (c) of this section shall be
published in the Federal Register for comment at least 30 days prior to
implementation of the proposed changes or establishment of new systems.
Interested persons shall have the opportunity to submit written data,
views, or arguments on such proposed new uses or systems.
Subpart C--Requirements for Specific Categories of Records
Sec. 21.30 Records of contractors.
(a) Systems of records that are required to be operated, or as a
matter of practical necessity must be operated, by contractors to
accomplish Food and Drug Administration functions, from which
information is retrieved by individual names or other personal
identifiers, may be subject to the provisions of this part. If the
contract is agreed to on or after September 27, 1975, the criminal
penalties set forth in 5 U.S.C. 552a(i) are applicable to such
contractor, and any employee of such contractor, for disclosures
prohibited in Sec. 21.71 or for maintenance of a system of records
without notice as required in Sec. 21.20.
(b) A contract is considered to accomplish a Food and Drug
Administration function if the proposal or activity it supports is
principally operated on behalf of and is under the direct management of
the Food and Drug Administration. Systems of records from which
information is retrieved by individual names or other personal
identifiers and that are operated under contracts to accomplish Food and
Drug Administration functions are deemed to be maintained by the agency
and shall be subject to the procedures and requirements of this part.
(c) A contract is not considered to accomplish a Food and Drug
Administration function if the program or activity it supports is not
principally operated on behalf of, or is not under the direct management
of, the Food and Drug Administration. For example, this part does not
apply to systems of records:
(1) Operated under contract with the Food and Drug Administration by
State or local government agencies, or organizations representing such
agencies, when such agencies or organizations are also performing State
or local government functions.
(2) Operated by contractors with the Food and Drug Administration by
individuals or organizations whose primary function is delivery of
health services, such as hospitals, physicians, pharmacists, and other
health professionals, and that report information concerning products,
e.g., injuries or product defects, to the Food and Drug Administration.
Before such contractors submit information to the Food and Drug
Administration, the names and other personal identifiers of patients or
research subjects in any medical or similar report, test, study, or
other research project shall be deleted, unless the contract provides
otherwise. If the Food and Drug Administration subsequently needs the
names of such individuals, a separate request will be made.
(3) Relating to individuals whom the contractor employs, or with whom
the contractor otherwise deals, in the course of providing goods and
services to the Food and Drug Administration.
(4) Operated under grants.
(d) The requirements of this part shall apply when a contractor who
operates a system of records not subject to this part reports to the
Food and Drug Administration information that is a system of records
about individuals from which personal information is retrieved by names
or other personal identifiers. Where the information would be a new
Privacy Act Record System, or a change in an existing Privacy Act Record
System of a type described in Sec. 21.21, the Food and Drug
Administration shall comply with the requirements of Sec. 21.21.
(e) The Food and Drug Administration will review all contracts before
award to determine whether operation of a system from which information
is retrieved by individual names or other personal identifiers will be
required of the contractor, by the terms of the contract or as a matter
of practical necessity. If such operation will be required, the
solicitation and contract shall include the following clause, or a
clause of similar effect:
Whenever the contractor or any of his employees is required by this
contract to operate a system of records from which information is
retrieved by individual names or other personal identifiers in order to
accomplish a Food and Drug Administration function, the contractor and
every employee is considered to be an employee of the Food and Drug
Administration and shall operate such system of records in accordance
with the Privacy Act of 1974 (5 U.S.C. 552a), regulations of the Food
and Drug Administration in 21 CFR Part 21, and rules of conduct that
apply to Food and Drug Administration employees who work with such
systems of records. The contractor and his employees are subject to the
criminal penalties set forth in 5 U.S.C. 552a(i) for violations of the
Privacy Act.
Sec. 21.31 Records stored by the General Services Administration
and archival records.
(a) Food and Drug Administration records that are stored, processed,
and serviced by the General Services Administration in accordance with
44 U.S.C. 3103 shall be considered to be maintained by the Food and Drug
Administration. The General Services Administration shall not disclose
the record except to authorized Food and Drug Administration employees.
(b) Each Food and Drug Administration record pertaining to an
identifiable individual that was transferred to the National Archives of
the United States as a record determined by the National Archives to
have sufficient historical or other value to warrant its continued
preservation shall be considered to be maintained by the National
Archives and shall not be subject to the provisions of this part.
Sec. 21.32 Personnel records.
(a) Present and former Food and Drug Administration employees desiring
access to personnel records about themselves should consult system
notices applicable to the agency's personnel records that are published
by the Office of Personnel Management and the Department as well as any
notice issued by the Food and Drug Administration.
(b)(1) The procedures of the Office of Personnel Management at 5 CFR
Parts 293, 294, and 297 rather than the procedures in Sec. 21.33 and
Subparts D through F of this part, govern systems of personnel records
about Food and Drug Administration employees that are subject to notice
published by the Office of Personnel Management, i.e., systems that:
(i) The Office of Personnel Management maintains.
(ii) Are maintained by the Division of Personnel Management, Food and
Drug Administration.
(iii) Are maintained by Department Regional Offices, concerning field
employees.
(2) The Office of Personnel Management's procedures may, if necessary,
be supplemented in the Food and Drug Administration Staff Manual Guide.
Current Food and Drug Administration employees should mail or deliver
written requests under the Privacy Act for access to personnel records
described in this paragraph to the Office of Personnel Management in
accordance with 5 CFR 297.106, the Director, Division of Personnel
Management (HFA-400), Food and Drug Administration, 5600 Fishers Lane,
Rockville, MD 20857, or the personnel officer in the servicing HHS
Regional Personnel Office. An employee may consult with or direct his or
her request to the FDA Privacy Act Coordinator (HFI-30). Requests for
access to personnel records of former employees that are located in
Federal Records Centers should be directed to the Office of Personnel
Management. Requests under the Privacy Act for amendment of personnel
records should be directed to these same officials who are responsibile
for access to personnel records under this paragraph.
(3) With respect to records subject to paragraph (b)(1) of this
section:
(i) Refusal to grant access to a record, or refusal to amend a record
upon request of an employee, shall only be made by the Associate
Commissioner for Management and Operations or his or her designate; and
(ii) Appeals of refusals under paragraph (b)(3)(i) of this section may
be made to the Office of Personnel Management in accordance with 5 CFR
297.108(g)(3) and 297.113(b).
(c) Any other Privacy Act Record Systems that contain personnel
records, or records that otherwise concern agency employees, that are
maintained by offices of the Food and Drug Administration rather than
the Division of Personnel Management but which are not subject to the
Department's notice for personnel records in operating offices are
subject to this part, except that refusals under this part to grant
access to or amend records about present or former employees shall be
made by the Associate Commissioner for Management and Operations rather
than the Associate Commissioner for Public Affairs.
(d) The following procedures shall govern requests under the Privacy
Act for personnel records that are maintained by the operating offices
of the Food and Drug Administration in which employees work:
(1) An employee shall upon request be told whether records about him
are maintained. An employee shall be given access to records about
himself that are subject to this paragraph in response to an oral or
written request and through informal procedures, rather than the
procedures specified in Secs. 21.40 through 21.43.
(2) Employee identity may be verified, if necessary, by an FDA ID card
rather than in accordance with Sec. 21.44.
(3) Generally no fee shall be charged for records requested under this
paragraph. However, in cases where the records requested are voluminous,
a fee may be charged in accordance with Sec. 21.45.
(4) Records that are subject to this paragraph shall be available for
access to an individual, except to the extent that access is refused by
the Associate Commissioner for Management and Operations or his or her
designate on the grounds that the record is subject to an exemption
under Sec. 21.61 or 5 CFR 297.111.
(5) Requests under the Privacy Act for amendment of records subject to
this paragraph should be directed to the Director, Division of Personnel
Management (HFA-400). Such requests shall be reviewed in accordance with
Subpart E of this part. Refusal to amend a record subject to this
paragraph (d)(5) shall only be made by the Associate Commissioner for
Management and Operations or his or her designate.
(6) Appeals of refusals under paragraph (d)(4) or (5) of this section
may be made to the Commissioner of Food and Drugs, except where the
Associate Commissioner for Management and Operations or his or her
designate indicates with his or her refusal that the appeal should be
made to the Office of Personnel Management.
(7) Disclosures of records subject to this paragraph are subject to
Subpart G of this part.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8457, Jan. 27, 1981]
Sec. 21.33 Medical records.
(a) In general, an individual is entitled to have access to any
medical records about himself in Privacy Act Record Systems maintained
by the Food and Drug Administration.
(b) The Food and Drug Administration may apply the following special
procedures in disclosing medical records to an individual:
(1) The agency may review the records to determine whether disclosure
of the record to the individual who is the subject of the records might
have an adverse effect on him. If it is determined that disclosure is
not likely to have an adverse effect on the individual, the record shall
be disclosed to him. If it is determined that disclosure is very likely
to have an adverse effect on the individual, he may be requested to
designate, in writing, a representative to whom the record shall be
disclosed. Such representative may be a physician, other health
professional, or other responsible person who would be willing to review
the record and discuss it with the individual.
(2) The availability of the record may be subject to any procedures
for disclosure to an individual of medical records about himself under
Part 20 of this chapter, in addition to or in lieu of the procedures in
paragraph (b)(1), that are not inconsistent with Sec. 21.41(f).
Subpart D--Procedures for Notification of and Access to Records in
Privacy Act Record Systems
Sec. 21.40 Procedures for submitting requests for notification and
access.
(a) An individual may request that the Food and Drug Administration
notify him whether a Privacy Act Record System contains records about
him that are retrieved by reference to his name or other personal
identifier. An individual may at the same time, or after receiving
notification that such a record about him exists, requests that he be
given access to the record.
(b) An individual desiring notification or access to records shall
mail or deliver a request for records in any Food and Drug
Administration Privacy Act Records System to the FDA Privacy Act
Coordinator (HFI-30), Food and Drug Administration, 5600 Fishers Lane,
Rockville, MD 20857.
(c) Requests shall be in writing and shall name the Privacy Act Record
System or Systems concerning which the individual requests notification
of whether there are records about him that are retrieved by reference
to his name or other personal identifier. To help assure a prompt
response, an individual should indicate that he is making a ``Privacy
Act Request'' on the envelope and in a prominent manner in the letter.
(d) An individual who merely wishes to be notified whether a Privacy
Act Record System contains a record about him ordinarily need not
provide any verification of his identity other than his name. The mere
fact that the Food and Drug Administration has a record about an
individual in any of its Privacy Act Records Systems would not be likely
to constitute a clearly unwarranted invasion of personal privacy. Where
mere disclosure of the fact that a record about the individual exists
would be a clearly unwarranted invasion of personal privacy, further
verification of the identity of the individual shall be required.
(e) An individual who requests that he be given access to a copy of
records about himself, if any exist, should indicate whether he prefers
(1) to have copies of any such records mailed to him in accordance with
Sec. 21.43(a)(1), which may involve a fee under Sec. 21.45, including
information to verify his identity under Sec. 21.44 or (2) to use the
procedures for access in person under Sec. 21.43(a)(2).
(f) A request for notification and access may be submitted under this
subpart concerning any Privacy Act Record System that is exempt under
Sec. 21.61, as indicated in the notice for the system. An individual
seeking access to records under Sec. 21.65(b)(2) to investigatory
records compiled for law enforcement purposes other than criminal law
enforcement purposes should submit a description of the right, benefit,
or privilege that he believes he was denied as the result of the Food
and Drug Administration's maintenance of the records. Where the system
is exempt under Sec. 21.61, and access to the requested records is not
granted under Sec. 21.65, the request shall be handled under the
provisions of Part 20 of this chapter (the public information
regulations).
(g) The Freedom of Information Staff shall maintain and make available
copies of the forms (OF-203 Privacy Act Request forms) to assist
individuals in filing requests under Sec. 21.40.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8458, Jan. 27, 1981]
Sec. 21.41 Processing of requests.
(a) An individual or his guardian under Sec. 21.75 shall not be
required to show any justification or need to obtain notification under
Sec. 21.42 or access to a record under Sec. 21.43.
(b) The Food and Drug Administration will determine whether a request
by an individual for records about himself is appropriately treated as a
request under this subpart, or under the provision of Part 20 of this
chapter (the public information regulations), or both. Where
appropriate, the Food and Drug Administration will consult with the
individual concerning the appropriate treatment of the request.
(c) The FDA Privacy Act Coordinator (HFI-30) in the Freedom of
Information Staff shall be responsibile for the handling of Privacy Act
requests received by the Food and Drug Administration. Requests mailed
or delivered to any other office shall be promptly redirected to the FDA
Privacy Act Coordinator. Where this procedure would unduly delay the
agency's response, however, the agency employee who received the request
should consult with the FDA Privacy Act Coordinator and obtain advice as
to whether the employee can respond to the request directly.
(d) Upon receipt of a request by the FDA Privacy Act Coordinator, a
record shall promptly be made that a request has been received and the
date.
(e) A letter in accordance with Sec. 21.42 responding to the request
for notification shall issue as promptly as possible after receipt of
the request by the Food and Drug Administration. Upon determination by
the Freedom of Information Staff that a request for access to records is
appropriately treated as a request under Part 20 of this chapter rather
than Part 21, or under both parts, the time limitations prescribed in
Sec. 21.41 shall apply. In any case, access to available records shall
be provided as promptly as possible.
(f) Except as provided in Sec. 21.32, an individual's access to
records about him/herself that are retrieved by his/her name or other
personal identifiers and contained in any Privacy Act Record System may
only be denied by the Associate Commissioner for Public Affairs or his
or her designate. An individual shall not be denied access to any record
that is otherwise available to him/her under this part except on the
grounds that it is exempt under Sec. 21.65(a)(2), that it was compiled
in reasonable anticipation f court litigation of formal administrative
proceedings, or to the extent that it is exempt or prohibited from
disclosure because it includes a trade secret or commercial or financial
information that is privileged or confidential information the
disclosure of which would constitute a clearly unwarranted invasion of
personal privacy of another individual.
(g) The FDA Privacy Act Coordinator shall ensure that records are
maintained of the number, status, and disposition of requests under this
subpart, including the number of requests for records exempt from access
under this subpart and other information required for purposes of the
annual report to Congress under the Privacy Act. These temporary
administrative management records shall not be considered to be Privacy
Act Record Systems. All records required to be kept under this paragraph
shall only include requesting individuals' names or personal identifiers
for so long as any request for notification, access, or amendment is
pending. The identity of individuals making request under this subpart
shall be regarded as confidential and shall not be disclosed under Part
20 of this chapter (the public information regulations) to any other
person or agency except as is necessary for the processing of requests
under this subpart.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8458, Jan. 27, 1981]
Sec. 21.42 Responses to requests.
(a) The FDA shall respond to an individual's request for notification
as to whether a Privacy Act Record System contains records about him
that are retrieved by his name or other personal identifier by sending a
letter under this paragraph.
(1) If there are no records about the individual that are retrieved by
his name or other personal identifier in the named Privacy Act Record
System, or the requester is not an ``individual'' under Sec. 21.3(a),
the letter shall so state. Where appropriate, the letter shall indicate
that the Food and Drug Administration's public information regulations
in Part 20 of this chapter prescribe general rules governing the
availability of information to members of the public, and that a request
may be made in accordance with Part 20 of this chapter for records that
are not retrieved by the requester's name or other personal identifier
from a Privacy Act Record System.
(2) If there are records about the individual that are retrieved by
his name or other personal identifier and the named Privacy Act Record
System is not exempt from individual access and contest under
Sec. 21.61, or the system is exempt but access is allowed or required
under Sec. 21.65, the letter shall inform him that the records exist and
shall either:
(i) Enclose a copy of the records under Sec. 21.43(a)(1) or indicate
that the records will be sent under separate cover, where there has been
adequate verification of the identity of the individual under Sec. 21.44
and the fees under Sec. 21.45 do not exceed $25, or
(ii) Inform the individual of the procedures to obtain access to the
records by mail or in person under Sec. 21.43(a)(2), as well as the
approximate dates by which the requested records can be provided (if the
records are not then available), the locations at which access in person
may be had, and the information needed, if any, to verify the identity
of the individual under Sec. 21.44.
(3) If the named Privacy Act Record System contains records about the
individual that are retrieved by his name or other personal identifier,
and the system is exempt from individual access and contest under
Sec. 21.61 and access is not allowed or required under Sec. 21.65, the
letter should inform him that the records are exempted from access and
contest by Sec. 21.61. The letter shall also inform him if the records
sought are not available because they were compiled in reasonable
anticipation of court litigation or formal administrative proceedings or
are otherwise not available under Sec. 21.41(b). Where appropriate, the
letter shall also indicate whether the records are available under Part
20 of this chapter (the public information regulations), and it may
disclose the records in accordance with Part 20.
(4) If the named Privacy Act Record System contains records about the
individual that are retrieved by his name or other personal identifier,
but a final determination has not yet been made with respect to
disclosure of all of the records covered by the request, e.g., because
it is necessary to consult another person or agency having an interest
in the confidentiality of the records, the letter shall explain the
circumstances and indicate when a final answer will be given.
(b) Except as provided in Sec. 21.32, access to a record may only be
denied by the Associate Commissioner for Public Affairs or his or her
designate. If access to any record is denied wholly or in substantial
part, the letter shall state the right of the individual to appeal to
the Commissioner of Food and Drugs.
(c) If a request for a copy of the records will result in a fee of
more than $25, the letter shall specify or estimate the fee involved.
Where the individual has requested a copy of any records about him and
copying the records would result in a fee of over $50, the Food and Drug
Administration shall require advance deposit as well as payment of any
amount not yet received as a result of any previous request by the
individual for a record about himself, under this subpart or Part 20 of
this chapter (the public information regulations) before the records are
made available. If the fee is less than $50, prepayment shall not be
required unless payment has not yet been received for records disclosed
as a result of a previous request by the individual for a record about
himself under this subpart or Part 20 of this chapter.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8458, Jan. 27, 1981]
Sec. 21.43 Access to requested records.
(a) Access may be granted to requested records by:
(1) Mailing a copy of the records to the requesting individual, or
(2) Permitting the requesting individual to review the records in
person between 9 a.m. and 4 p.m. at the office of the FDA Privacy Act
Coordinator, at the Freedom of Information Staff Public Room at the
address shown in Sec. 20.30 of this chapter, or at any Food and Drug
Administration field office listed in Sec. 5.115 of this chapter or at
another location or time upon which the Food and Drug Administration and
the individual agree. Arrangement for such review can be made by
consultation between the FDA Privacy Act Coordinator and the individual.
An individual seeking to review records in person shall generally be
permitted access to the file copy, except that where the records include
nondisclosable information, a copy shall be made of that portion of the
records, with the nondisclosable information blocked out. Where the
individual is not given a copy of the record to retain, no charge shall
be made for the cost of copying a record to make it available to an
individual who reviews a record in person under this paragraph.
(b) An individual may request that a record be disclosed to or
discussed in the presence of another individual, such as an attorney.
The individual may be required to furnish a written statement
authorizing the disclosure or discussion in such other individual's
presence.
(c) The Food and Drug Administration will make every reasonable effort
to assure that records made available under this section can be
understood by the individual, such as by providing an oral or written
explanation of the records.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8458, Jan. 27, 1981]
Sec. 21.44 Verification of identity.
(a) An individual seeking access to records in a Privacy Act Record
System may be required to comply with reasonable requirements to enable
the Food and Drug Administration to determine his identity. The
identification required shall be suitable considering the nature of the
records sought. No identification shall be required to receive access to
information that is required to be disclosed to any member of the public
under Part 20 of this chapter (the public information regulations).
(b) An individual who appears in person for access to records about
himself shall be required to provide at least one document to identify
himself, e.g., driver's license, passport, or alien or voter
registration card to verify his identity. If an individual does not have
any such document or requests access to records about himself without
appearing in person under circumstances in which his identity cannot be
verified from the request itself, he shall be required to certify in
writing that he is the individual he claims to be and that he
understands that the knowing and willful request for or acquisition of a
record pertaining to an individual under false pretenses is a criminal
offense subject to a $5,000 fine.
(c) In making requests under Sec. 21.75, a parent of a minor child or
legal guardian of an incompetent individual may be required to verify
his relationship to the minor child or the incompetent individual, in
addition to verifying his own identity, by providing a copy of the
minor's birth certificate, a court order, or other evidence of
guardianship.
(d) Where an individual seeks access to particularly sensitive
records, such as medical records, the individual may be required to
provide additional information beyond that specified in paragraph (b) or
(c) of this section, such as the individual's years of attendance at a
particular educational institution, rank attained in the uniformed
services, date or place of birth, names of parents, an occupation, or
the specific times the individual received medical treatment.
Sec. 21.45 Fees.
(a) Where applicable, fees for copying records shall be charged in
accordance with the schedule set forth in this section. Fees may only be
charged where an individual has requested that a copy be made of a
record to which he is granted access. No fee may be charged for making a
search of a Privacy Act Record System whether the search is manual,
mechanical, or electronic. Where a copy of the record must be made to
provide access to the record, e.g., computer printout where no screen
reading is available, the copy shall be made available to the individual
without cost. Where a medical record is made available to a
representative designated by the individual under Sec. 21.33, no fee
will be charged.
(b) The fee schedule is as follows:
(1) Copying of records susceptible to photocopying--$.10 per page.
(2) Copying of records not susceptible to photocopying, e.g., punch
cards or magnetic tapes--at actual cost to the determined on a case-by-
case basis.
(3) No charge will be made if the total amount of copying for an
individual does not exceed $25.
(c) When a fee is to be assessed, the individual shall be notified
prior to the processing of the copies, and be given an opportunity to
amend his request. Payment shall be made by check or money order made
payable to the ``Food and Drug Administration,'' and shall be sent to
the Accounting Operations Branch (HFA-210), Food and Drug
Administration, 5600 Fishers Lane, Rockville, MD 20857. Advance deposit
shall be required where the total amount exceeds $50.
Subpart E--Procedures for Requests for Amendment of Records
Sec. 21.50 Procedures for submitting requests for amendment of
records.
(a) An individual who received access to a record about himself under
Subpart D of this part may request that the record be amended if he
believes that the record or an item of information is not accurate,
relevant to a Food and Drug Administration purpose, timely, or complete.
(b) Amendments under this subpart shall not violate existing statute,
regulation, or administrative procedure.
(1) This subpart does not permit alteration of evidence presented in
the course of judicial proceedings or Food and Drug Administration
adjudicatory or rule making proceedings or collateral attack upon that
which has already been the subject of any such proceedings.
(2) If the accuracy, relevancy, timeliness, or completeness of the
records may be contested in any other pending or imminent agency
proceeding, the Food and Drug Administration may refer the individual to
the other proceeding as the appropriate means to obtain relief. If the
accuracy, relevance, timeliness, or completeness of a record is, or has
been, an issue in another agency proceeding, the request under this
section shall be disposed of in accordance with the decision in the
other proceeding, absent unusual circumstances.
(c) Requests to amend records shall be submitted, in writing, to the
FDA Privacy Act Coordinator in accordance with Sec. 21.40(b). Such
requests shall include information sufficient to enable the Food and
Drug Administration to locate the record, a brief description of the
items of information requested to be amended, and the reasons why the
record should be amended together with any appropriate documentation or
arguments in support of the requested amendment. An edited copy of the
record showing the described amendment may be included. Verification of
identity should be provided in accordance with Sec. 21.44.
(d) Written acknowledgement of the receipt of a request to amend a
record shall be provided within 10 working days to the individual who
requested the amendment. Such acknowledgement may request any additional
information needed to verify identity or make a determination. No
acknowledgement need be made if the request can be reviewed, processed,
and the individual notified of the agency's agreement with the request
or refusal within the 10-day period.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8459, Jan. 27, 1981]
Sec. 21.51 Responses to requests for amendment of records.
(a) The Food and Drug Administration shall take one of the following
actions on a request for amendment of records as promptly as possible:
(1) Amend any portion of the record which the agency has determined,
based upon a preponderance of the evidence, is not accurate, relevant to
a Food and Drug Administration purpose, timely, or complete, and, in
accordance with paragraph (d)(3) of this section, inform the individual
and previous recipients of the record that has been amended of the
amendment.
(2) Inform the individual of its refusal to amend any portion of the
record in the manner requested, the reason for the refusal, and the
opportunity for administrative appeal to the Commissioner of Food and
Drugs. Except as provided in Sec. 21.32, such refusal may only be issued
by the Associate Commissioner for Public Affairs or his or her
designate.
(3) Where another agency was the source of and has control of the
record, refer the request to that agency.
(b) The agency may, for good cause, extend the period for taking
action an additional 30 working days if notice is provided to the
individual explaining the circumstances of the delay.
(c) The officials charged with reviewing a record to determine how to
respond to a request to amend it, shall assess its accuracy, relevance
to a Food and Drug Administration purpose, timeliness, or completeness.
The determination shall be made in the light of the purpose for which
the records or system is used, the agency's need for the record, and the
possible adverse consequences to the individual from the record if not
amended. Whenever the Food and Drug Administration receives a request
for deletion of a record, or portions of a record, it shall consider
anew whether the contested information in the record is relevant and
necessary to a Food and Drug Administration purpose.
(d) If the Food and Drug Administration agrees with an individual's
request, it shall take the following actions:
(1) So inform the individual in writing.
(2) In accordance with statute, regulation, or procedure, amend the
record to make it accurate, relevant to a Food and Drug Administration
purpose, timely, or complete, making note of the date and fact of the
amendment.
(3) If an accounting was made under Sec. 21.71(d) of a disclosure of
the record under Sec. 21.71(a), provide a copy of the record as amended,
to all previous recipients of the record.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8459, Jan. 27, 1981]
Sec. 21.52 Administrative appeals of refusals to amend records.
(a) If an individual disagrees with a refusal under Sec. 21.51(a)(2)
to amend a record, he may appeal that refusal to the Commissioner of
Food and Drugs, Rm. 14-81, 5600 Fishers Lane, Rockville, MD 20857.
(b) If, upon appeal, the Commissioner upholds the refusal to amend the
record as requested, he shall inform the individual:
(1) Of his decision and the reasons for it.
(2) Of the individual's right to file with the Food and Drug
Administration a concise statement of the individual's reasons for
disagreeing with the agency's decision not to amend the record as
requested.
(3) That the statement of disagreement will be made available to all
persons listed in an accounting as having previously received the record
and any person to whom the record is subsequently disclosed together
with, in the discretion of the Food and Drug Administration, a brief
statement summarizing its reasons for refusing to amend the record. Any
individual who includes false information in the statement of
disagreement filed with the Food and Drug Administration may be subject
to penalties under 18 U.S.C. 1001, the False Reports to the Government
Act.
(4) That the individual has a right to seek judicial review of the
refusal to amend the record.
(c) If the Commissioner on administrative appeal or a court on
judicial review determines that the record should be amended in
accordance with the individual's request, the Food and Drug
Administration shall proceed in accordance with Sec. 21.51(d).
(d) A final determination on the individual's administrative appeal of
the initial refusal to amend the record shall be concluded within 30
working days of the request for such review under paragraph (a) of this
section, unless the Commissioner extends such period for good cause and
informs the individual in writing of the reasons for the delay and of
the approximate date on which a decision of the appeal can be expected.
Sec. 21.53 Notation and disclosure of disputed records.
When an individual has filed a statement of disagreement under
Sec. 21.52(b)(2), the Food and Drug Administration shall:
(a) Mark any portion of the record that is disputed to assure that the
record will clearly show that portion is disputed whenever the record is
disclosed.
(b) In any subsequent disclosure under Sec. 21.70 or Sec. 21.71(a),
provide a copy of the statement of disagreement and, if the Food and
Drug Administration deems it appropriate, a concise statement of the
agency's reasons for not making the amendment(s) requested. While the
individual shall have access to any such statement, it shall not be
subject to a request for amendment under Sec. 21.50.
(c) If an accounting was made under Sec. 21.71(d) and (e) of a
disclosure of the record under Sec. 21.71(a), provide to all previous
recipients of the record a copy of the statement of disagreement and the
agency statement, if any.
Sec. 21.54 Amended or disputed records received from other
agencies.
Whenever the Food and Drug Administration is notified that a record
that it received from another agency was amended or is the subject of a
statement of disagreement, the Food and Drug Administration shall:
(a) Discard the record, or clearly note the amendment or the fact of
disagreement in its copy of the record, and
(b) Refer persons who subsequently request the record to the agency
that provided it.
(c) If an accounting was made under Sec. 21.71 (d) and (e) of the
disclosure of the record under Sec. 21.71(a), inform all previous
recipients of the record about the amendment or provide to them the
statement of disagreement and the agency statement, if any.
Subpart F--Exemptions
Sec. 21.60 Policy.
It is the policy of the Food and Drug Administration that record
systems should be exempted from the Privacy Act only to the extent
essential to the performance of law enforcement functions under the laws
that are administered and enforced by the Food and Drug Administration
or that govern the agency.
Sec. 21.61 Exempt systems.
(a) Investigatory records compiled for law enforcement purposes,
including criminal law enforcement purposes, in the Food and Drug
Administration Privacy Act Record Systems listed in paragraph (b) of
this section are exempt from the following provisions of the Privacy Act
(5 U.S.C. 552a) and of this part:
(1) Such records are exempt from 5 U.S.C. 552a(c)(3) and
Sec. 21.71(e)(4), requiring that an individual be provided with the
accounting of disclosures of records about himself from a Privacy Act
Record System.
(2) Except where access is required under 5 U.S.C. 552a(k)(2) and
Sec. 21.65(a)(2), (such records are exempt from 5 U.S.C. 552a(d)(1)
through (4) and (f)) and Secs. 21.40 through 21.54, requiring procedures
for an individual to be given notification of and access to records
about himself in a Privacy Act Record System and to be allowed to
challenge the accuracy, relevance, timeliness, and completeness of such
records.
(3) Such records are exempt from 5 U.S.C. 552a(e)(4)(G) and (H) and
Sec. 21.20(b)(1) requiring inclusion in the notice for the system of
information about agency procedures for notification, access, and
contest.
(4) Such records are exempt from 5 U.S.C. 552a(e)(3) requiring that
individuals asked to supply information be provided a form outlining the
authority for the request, the purposes for which the information will
be used, the routine uses in the notice for the Privacy Act Record
System, and the consequences to the individual of not providing the
information, but only with respect to records compiled by the Food and
Drug Administration in a criminal law enforcement investigation where
the conduct of the investigation would be prejudiced by such procedures.
(b) Records in the following Food and Drug Administration Privacy Act
Record Systems that concern individuals who are subject to Food and Drug
Administration enforcement action and consist of investigatory records
compiled for law enforcement purposes, including criminal law
enforcement purposes, are exempt under 5 U.S.C. 552a(j)(2) and (k)(2)
from the provisions enumerated in paragraph (a) of this section:
(1) Bio-research Monitoring Information System--HHS/FDA/BD/09-10-0010.
(2) Regulated Industry Employee Enforcement Records--HHS/FDA/ACMO/09-
10-0002.
(3) Employee Conduct Investigative Records--HHS/FDA/ACMO/09-10-0013.
(4) Service Contractor Employee Investigative Records--HHS/FDA/ACMO/
09-10-0014.
(c) The systems described in paragraph (b)(3) and (4) of this section
include investigatory records compiled solely for the purpose of
determining suitability, eligibility, or qualification for Federal
civilian employment, military service, Federal contracts, and access to
classified information. These records are exempt from disclosure under 5
U.S.C. 552a(k)(5) to the extent that the disclosure would reveal the
identity of a source who furnished information to the Government under a
promise of confidentiality, which must be an express promise if the
information was furnished after September 27, 1975. Any individual who
is refused access to a record that would reveal a confidential source
shall be advised in a general way that the record includes information
that would reveal a confidential source.
(Sec. 701(a), 52 Stat. 1055 (21 U.S.C. 371(a)))
[42 FR 15626, Mar. 22, 1977, as amended at 46 FR 8459, Jan. 27, 1981]
Sec. 21.65 Access to records in exempt systems.
(a) Where a Privacy Act Record System is exempt and the requested
records are unavailable under Sec. 21.61, an individual may nevertheless
make a request under Sec. 21.40 for notification concerning whether any
records about him exist and request access to such records where they
are retrieved by his name or other personal identifier.
(b) An individual making a request under paragraph (a) of this
section;
(1) May be given access to the records where available under Part 20
of this chapter (the public information regulations) or the Commissioner
may, in his discretion, entertain a request under any or all of the
provisions of Secs. 21.40 through 21.54; and
(2) Shall be given access upon request if the records requested are
subject to 5 U.S.C. 552a(k)(2) and not to 5 U.S.C. 552a(j)(2) (i.e.,
because they consist of investigatory material compiled for law
enforcement purposes other than criminal law enforcement purposes) and
maintenance of the records resulted in denial to the individual of any
right, benefit, or privilege to which he would otherwise be entitled by
Federal law, or for which he would otherwise be eligible. An individual
given access to a record under this paragraph (b)(2) is not entitled to
seek amendment under Subpart E of this part. The FDA may refuse to
disclose a record that would reveal the identity of a source who
furnished information to the Government under a promise of
confidentiality, which must be an express promise if the information was
furnished on or after September 27, 1975. Any individual refused access
to a record that would reveal a confidential source shall be advised in
a general way that the record contains information that would reveal a
confidential source.
(c) The Commissioner shall not make available any record that is
prohibited from public disclosure under Sec. 20.82(b) of this chapter.
(d) Discretionary disclosure of a record pursuant to paragraph (b)(1)
of this section shall not set a precedent for discretionary disclosure
of a similar or related record and shall not obligate the Commissioner
to exercise his discretion to disclose any other record in a system that
is exempt under Sec. 21.61.
Subpart G--Disclosure of Records in Privacy Act Record Systems to
Persons Other Than the Subject Individual.
Sec. 21.70 Disclosure and intra-agency use of records in Privacy
Act Record Systems; no accounting required.
(a) A record about an individual which is contained in a Privacy Act
Record System may be disclosed:
(1) To the individual who is the subject of the record, or his legal
guardian under Sec. 21.75;
(2) To a third party pursuant to a written request by, or within a
written consent of, the individual to whom the record pertains, or his
legal guardian under Sec. 21.75;
(3) To any person:
(i) Where the names and other identifying information are first
deleted, and under circumstances in which the recipient is unlikely to
know the identity of the subject of the record;
(ii) Where disclosure is required by Part 20 of this chapter (the
public information regulations); or
(4) Within the Department of Health and Human Services to officers and
employees who have a need for the record in the performance of their
duties in connection with the laws administered and enforced by the Food
and Drug Administration or that govern the agency. For purposes of this
section, officers or employees of the Department shall include the
following categories of individuals, who shall thereafter be subject to
the same restrictions with respect to disclosure as any Food and Drug
Administration employee: Food and Drug Administration consultants and
advisory committees, State and local government employees for use only
in their work with the Food and Drug Administration, and contractors and
their employees to the extent that the records of such contractors are
subject to the requirements of this part under Sec. 21.30.
(b) No accounting is required for any disclosure or use under
paragraph (a) of this section.
Sec. 21.71 Disclosure of records in Privacy Act Record Systems;
accounting required.
(a) Except as provided in Sec. 21.70, a record about an individual
that is contained in a Privacy Act Record System shall not be disclosed
by any method of communication except under any of the following
circumstances, which are subject to the limitations of paragraphs (b)
and (c) of this section and to the accounting requirement of paragraph
(d) of this section:
(1) For a use described as a ``routine use'' in the notice for the
system under Sec. 21.20(b)(5) that is compatible with the purpose for
which the record was collected.
(2) To the Bureau of Census for a census, survey, or a related
activity pursuant to Title 13 of the United States Code.
(3) To a recipient who has provided advance assurance, pursuant to
paragraph (c)(2) of this section that the record will be used solely as
a statistical research or reporting record and will not be communicated
by the recipient to any other person except in a form that is not
individually identifiable.
(4) To the National Archives of the United States as a record which
has sufficient historical or other value to warrant its continued
preservation, or to the General Services Administration for evaluation
to determine whether the record has such value.
(5) To a Federal, State, or local agency for purposes of a law
enforcement activity that is authorized by law, upon written request by
the head of the agency specifying the particular portion of the record
that is desired and the law enforcement purpose for which the record is
sought. Disclosures under this paragraph are in addition to any
disclosures for law enforcement purposes described as a ``routine use''
in a notice for a Privacy Act Record System.
(6) To a person pursuant to a showing of compelling circumstances
affecting the health and safety of an individual, not necessarily the
individual to whom the record pertains. Upon such disclosure, the Food
and Drug Administration shall mail a notification of the fact of
disclosure to the last known address of the individual who is the
subject of the record.
(7) To either House of Congress, or to any Subcommittee or Committee
thereof, to the extent that the subject matter of the record falls
within its jurisdiction.
(8) To the General Accounting Office.
(9) Pursuant to an order of the court of competent jurisdiction. Upon
such court-ordered disclosure, the Food and Drug Administration shall
make reasonable efforts to notify the individual in accordance with
Sec. 20.83(b) of this chapter.
(b) The Food and Drug Administration may in its discretion refuse to
make a disclosure permitted under paragraph (a) of this section, if the
disclosure would in the judgment of the agency, invade the privacy of
the individual or be inconsistent with the purpose for which the
information was collected.
(c) The Food and Drug Administration may require any person requesting
a disclosure of a record under paragraph (a) of this section to provide:
(1) Information about the purposes to which the disclosed record is to
be put, and
(2) A written statement certifying that the record will be used only
for the stated purposes and will not be further disclosed without the
written permission of the Food and Drug Administration.
Under 5 U.S.C. 552a(i)(3), any person who knowingly or willfully
requests or obtains any record concerning an individual from an agency
under false pretenses shall be guilty of a misdemeanor and fined not
more than $5,000. Such person may also be subject to prosecution under
the False Reports to the Government Act, 18 U.S.C. 1001.
(d) An accounting shall be made, in accordance with paragraph (e) of
this section, of any disclosure under paragraph (a) of this section of a
record that is not a disclosure under Sec. 21.70.
(e) Where an accounting is required under paragraph (d) of this
section, the Food and Drug Administration shall:
(1) Record the name and address of the person or agency to whom the
disclosure is made and the date, nature, and purpose of the disclosure.
The accounting shall not be considered a Privacy Act Record System.
(2) Retain the accounting for 5 years or for the life of the record,
whichever is longer, following the disclosure.
(3) Notify those recipients listed in the accounting of amendments or
disputes concerning the records previously disclosed to them pursuant to
Secs. 21.51(d)(3), 21.53(c), or 21.54(c).
(4) Except when the record is exempt from individual access and
contest under Sec. 21.61 or to the extent that the accounting describes
a transfer for a law enforcement purpose pursuant to paragraph (a)(5) of
this section, make the accounting available to the individual to whom
the record pertains, in accordance with procedures of Subpart D of this
part.
(f) A single accounting may be used to cover disclosure(s) that
consist of a continuing dialogue between two agencies over a prolonged
period, such as discussion of an enforcement action between the Food and
Drug Administration and the Department of Justice. In such cases, a
general notation may be made that, as of a certain date, contract was
initiated, to continue until resolution of the matter.
Sec. 21.72 Individual consent to disclosure of records to other
persons.
(a) Individuals may consent to disclosure of records about themselves
to other persons in several ways, for example:
(1) An individual may give consent at the time that the information is
collected for disclosure for specific purposes or to specific persons.
(2) An individual may give consent for disclosure of his records to a
specific person.
(3) An individual may request the Food and Drug Administration to
transcribe a specific record for submission to another person.
(b) In each case the consent shall be in writing and shall specify the
individual, organizational unit, or class of individuals or
organizational units to whom the record may be disclosed, which record
may be disclosed, and, if applicable, for what time period. A blanket
consent to release all of an individual's records to unspecified
individuals or organizational units will not be honored. Verification of
the identity of the individual and, where applicable, of the person to
whom the record is to be disclosed shall be made in accordance with
Sec. 21.44. Consent documents shall be retained for a period of at least
2 years. If such documents are used as a means of accounting for the
disclosure, they shall be retained as provided in Sec. 21.71(e)(2).
Sec. 21.73 Accuracy, completeness, timeliness, and relevance of
records disclosed from Privacy Act Record Systems.
(a) The Food and Drug Administration shall make reasonable efforts to
assure that a record about an individual in a Privacy Act Record System
is accurate, relevant to a Food and Drug Administration purpose, timely,
and complete before such record is disclosed under Sec. 21.71.
(b) Paragraph (a) of this section shall not apply to disclosures that
are required under Part 20 of this chapter (the public information
regulations) or made to other Federal Government departments and
agencies. Where appropriate, the letter disclosing the information shall
indicate that the Food and Drug Administration has not reviewed the
record to assure that it is accurate, relevant, timely, and complete.
Sec. 21.74 Providing notice that a record is disputed.
Whenever an individual has filed a statement of disagreement with the
Food and Drug Administration concerning a refusal to amend a record
under Sec. 21.51(a)(2) or with another agency that provides the record
to the Food and Drug Administration, the Food and Drug Administration
shall in any subsequent disclosure under this subpart provide a copy of
the statement of disagreement and a concise statement by the agency, if
one has been prepared, of the reasons for not making the amendment(s)
requested.
Sec. 21.75 Rights of legal guardians.
For the purposes of this part, the parent of any individual who is a
minor or the legal guardian of any individual who has been declared to
be incompetent due to physical or mental incapacity or age by a court of
competent jurisdiction may act on behalf of the individual.
Title 42-Public Health
Chapter IV-Health Care Financing Administration, Department of Health
and Human Services
PART 401--GENERAL ADMINISTRATIVE REQUIREMENTS
Subpart B--Confidentiality and Disclosure
Sec.
401.101 Purpose and scope.
401.102 Definitions.
401.105 Rules for disclosure.
401.106 Publication.
401.108 HCFA Rulings.
401.110 Publications for sale.
401.112 Availability of administrative staff manuals.
401.116 Availability of records upon request.
401.118 Deletion of identifying details.
401.120 Creation of records.
401.126 Information or records that are not available.
401.128 Where requests for records may be made.
401.130 Materials available at social security district offices and
branch offices.
401.132 Materials in field offices of the Office of Hearings and
Appeals, SSA.
401.133 Availability of official reports on providers of services,
State agencies, intermediaries, and carriers under Medicare.
401.134 Release of Medicare information to State and Federal agencies.
401.135 Release of Medicare information to the public.
401.136 Requests for information or records.
401.140 Fees and charges.
401.144 Denial of requests.
401.148 Administrative review.
401.152 Court review.
Subpart B--Confidentiality and Disclosure
Authority: Secs. 205, 1102, 1106 and 1871 of the Social Security Act
(42 USC 405. 1302, 130.6, and 1395hh); the Freedom of Information Act (5
USC 552); and the Privacy Act (5 USC 552a).
Source: 46 FR 55696, Nov. 12, 1981, unless otherwise noted.
Sec. 401.101 Purpose and scope.
(a) The regulations in this subpart:
(1) Implement section 1106(a) of the Social Security Act as it applies
to the Health Care Financing Administration (HCFA). The rules apply to
information obtained by officers or employees of HCFA in the course of
administering title XVIII of the Social Security Act (Medicare),
information obtained by Medicare intermediaries or carriers in the
course of carrying out agreements under sections 1816 and 1842 of the
Social Security Act, and any other information subject to section
1106(a) of the Social Security Act;
(2) Relate to the availability to the public, under 5 U.S.C. 552, of
records of HCFA and its components. They set out what records are
available and how they may be obtained; and
(3) Supplement the regulations of the Department of Health and Human
Services relating to availability of information under 5 U.S.C. 552,
codified in 45 CFR part 5, and do not replace or restrict them.
(b) Except as authorized by the rules in this subpart, no information
described in paragraph (a)(1) of this section shall be disclosed. The
procedural rules in this subpart (Secs. 401.106 through 401.152) shall
be applied to requests for information which is subject to the rules for
disclosure in this subpart.
(c) Requests for information which may not be disclosed according to
the provisions of this subpart shall be denied under authority of
section 1106(a) of the Social Security Act and this subpart, and
furthermore, such requests which have been made pursuant to the Freedom
of Information Act shall be denied under authority of an appropriate
Freedom of Information Act exemption, 5 U.S.C. 552(b).
Sec. 401.102 Definitions.
For purposes of this subpart: ``Act'' means the Social Security Act.
``Freedom of Information Act rules'' means the substantive mandatory
disclosure provisions of the Freedom of Information Act, 5 U.S.C. 552
(including the exemptions from mandatory disclosure, 5 U.S.C. 552(b), as
implemented by the Department's public information regulation, 45 CFR
part 5, subpart F and by Secs. 401.106 to 401.152 of this subpart.
``Person'' means a person as defined in the Administrative Procedure
Act, 5 U.S.C. 551(2). This includes State or local agencies, but does
not include Federal agencies or State or Federal courts.
``Record'' has the same meaning as that provided in 45 CFR 5.5.
``Subject individual'' means an individual whose record is maintained
by the Department in a system of records, as the terms ``individual,''
``record'', and ``system of records'' are defined in the Privacy Act of
1974, 5 U.S.C. 552a(a).
Sec. 401.105 Rules for disclosure.
(a) General rule. The Freedom of Information Act rules shall be
applied to every proposed disclosure of information. If, considering the
circumstances of the disclosure, the information would be made available
in accordance with the Freedom of Information Act rules, then the
information may be disclosed regardless of whether the requester or
recipient of the information has a statutory right to request the
information under the Freedom of Information Act, 5 U.S.C. 552, or
whether a request has been made.
(b) Application of the general rule. Pursuant to the general rule in
paragraph (a) of this section,
(1) Information shall be disclosed--
(i) To a subject individual when required by the access provision of
the Privacy Act, 5 U.S.C. 552a(d), as implemented by the Department
Privacy Act regulation, 45 CFR part 5b; and
(ii) To a person upon request when required by the Freedom of
Information Act, 5 U.S.C. 552;
(2) Unless prohibited by any other statute (e.g., the Privacy Act of
1974, 5 U.S.C. 552a(b), the Tax Reform Act of 1976, 26 U.S.C. 6103, or
section 1106(d) and (e) of the Social Security Act), information may be
disclosed to any requester or recipient of the information, including
another Federal agency or a State or Federal court, when the information
would not be exempt from mandatory disclosure under Freedom of
Information Act rules or when the information nevertheless would be made
available under the Department's public information regulation's
criteria for disclosures which are in the public interest and consistent
with obligations of confidentiality and administrative necessity, 45 CFR
part 5, subpart F, as supplemented by Secs. 401.106 to 401.152 of this
subpart.
[42 FR 14704, Mar. 16, 1977. Redesignated and amended at 45 FR 74913,
74914, Nov. 13, 1980, and further redesignated at 46 FR 24551, May 1,
1981; amended at 46 FR 55697, Nov. 12,1981.]
Sec. 401.106 Publication.
(a) Methods of publication. Materials required to be published under
the provisions of The Freedom of Information Act, 5 U.S.C. 552 (a)(1)
and (a)(2) are published in one of the following ways:
(1) By publication in the Federal Register of HCFA regulations, and by
their subsequent inclusion in the Code of Federal Regulations;
(2) By publication in the Federal Register of appropriate general
notices;
(3) By other forms of publication, when incorporated by reference in
the Federal Register with the approval of the Director of the Federal
Register; and
(4) By publication in the ``Health Care Financing Administration
Rulings'' (HCFA Rulings) of indexes of precedential orders and opinions
issued in the adjudication of claims, statements of policy and
interpretations which have been adopted but have not been published in
the Federal Register, and of administrative staff manuals and
instructions to staff that affect a member of the public. The HCFA
Rulings may be purchased through the Government Printing Office.
(b) Availability for inspection. Those materials which are published
in the Federal Register pursuant to 5 U.S.C. 552(a)(1) shall, to the
extent practicable and to further assist the public, be made available
for inspection at the places specified in Sec. 401.128.
[46 FR 55697, Nov.12, 1981, as amended at 48 FR 22924, May 23, 1983]
Sec. 401.108 HCFA Rulings.
(a) After September 1981, a precedent final opinion or order or a
statement of policy or interpretation that has not been published in the
Federal Register as a part of a regulation or of a notice implementing
regulations, but which has been adopted by HCFA as having precedent, may
be published in the Federal Register as a HCFA Ruling and will be made
available in the publication entitled HCFA Rulings.
(b) Precedent final opinions and orders and statements of policy and
interpretation that were adopted by HCFA before October, 1981, and that
have not been published in the Federal Register are available in HCFA
Rulings.
(c) HCFA Rulings are published under the authority of the
Administrator, HCFA. They are bindiung on all HCFA Components, and on
the Social Security Administration to the extent that components of the
Social Security Administration adjudicate matters under the jurisdiction
of HCFA.
[48 FR 22924, May 23, 1983]
Sec. 401.110 Publications for sale.
The following publications containing information pertaining to the
program, organization, functions, and procedures of HCFA may be
purchased from the Superintendent of Documents, Government Printing
Office, Washington, DC 20402.
(a) Titles 20, 42, and 45 of the Code of Federal Regulations.
(b) Federal Register issues.
(c) Compilation of the Social Security Laws.
(d) HCFA Rulings.
(e) Social Security Handbook. The information in the Handbook is not
of precedent or interpretative force.
(f) Medicare/Medicaid Directory of Medical Facilities.
Sec. 401.112 Availability of administrative staff manuals.
All HCFA administrative staff manuals and instructions to staff
personnel which contain policies, procedures, or interpretations that
affect the public are available for inspection and copying. A complete
listing of such materials is published in HCFA Rulings. These manuals
are generally not printed in a sufficient quantity to permit sale or
other general distribution to the public. Selected material is
maintained at Social Security Administration district offices and field
offices and may be inspected there. See Secs. 401.130 and 401.132 for a
listing of this material.
Sec. 401.116 Availability of records upon request.
(a) General. In addition to the records made available pursuant to
Secs. 401.106, 401.108, 401.110 and 401.112, HCFA will, upon request
made in accordance with this subpart, make identified records available
to any person, unless they are exempt from disclosure under the
provisions of section 552(b) of Title 5, United States Code (see
Sec. 401.126), or any other provision of law.
(b) Misappropriation, alteration, or destruction of records. No person
may remove any record made available to him for inspection or copying
under this part, from the place where it is made available. In addition,
no person may steal, alter, mutilate, obliterate, or destroy in whole or
in part, such a record. See sections 641 and 2071 of title 18 of the
United States Code.
Sec. 401.118 Deletion of identifying details.
When HCFA publishes or otherwise makes available an opinion or order,
statement of policy, or other record which relates to a private party or
parties, the name or names or other identifying details will be deleted.
Sec. 401.120 Creation of records.
Records will not be created by compiling selected items from the
files, and records will not be created to provide the requester with
such data as ratios, proportions, percentages, per capitas, frequency
distributions, trends, correlations, and comparisons. If such data have
been compiled and are available in the form of a record, the record
shall be made available as provided in this subpart.
Sec. 401.126 Information or records that are not available.
(a) Specific exemptions from disclosure. Pursuant to paragraph (b) of
5 U.S.C. 552, certain classes of records are exempt from disclosure. For
some examples of the kinds of materials which are exempt, see Subpart F
of the public information regulation of the Department of Health and
Human Services (45 CFR part 5) and the appendix to that regulation.
(b) Materials exempt from disclosure by statute. Pursuant to paragraph
(b)(3) of 5 U.S.C. 552, as amended, which exempts from the requirement
for disclosure matters that are exempted from disclosure by statute,
provided that such statute requires that the matters be withheld from
the public in such a manner as to leave no discretion on the issue, or
establishes particular criteria for withholding or refers to particular
types of matter to be withheld:
(1) Reports described in sections 1106 (d) and (e) of the Social
Security Act shall not be disclosed, except in accordance with the
provisions of sections 1106 (d) and (e). Sections 1106 (d) and (e)
provide for public inspection of certain official reports dealing with
the operation of the health programs established by titles XVIII and XIX
of the Social Security Act (Medicare and Medicaid), but require that
program validation survey reports and other formal evaluations of
providers of services shall not identify individual patients, individual
health care practitioners, or other individuals. Section 1106(e) further
requires that none of the reports shall be made public until the
contractor or provider whose performance is being evaluated has had a
reasonable opportunity to review that report and to offer comments. See
Sec. 401.133 (b) and (c);
(2) Disclosure of materials described in section 1865(a)(2) of the
Social Security Act as amended, is prohibited. Section 1865(a)(2)
provides for release by the Joint Commission on the Accreditation of
Hospitals (JCAH) to the Secretary (or a State agency designated by him)
on a confidential basis accreditation surveys made by JCAH, if the
hospitals authorize such release. Materials which are confidential under
this provision include accreditation letters and accompanying
Recommendations and Comments prepared by the JCAH concerning hospitals
surveyed by it; and
(3) Tax returns and return information defined in section 6103 of the
Internal Revenue Code, as amended by the Tax Reform Act of 1976, shall
not be disclosed except as authorized by the Internal Revenue Code.
(c) Effect of exemption. Neither 5 U.S.C. 552 nor this regulation
directs the withholding of any record or information, except to the
extent of the prohibitions in paragraph (b) of this section. Except for
material required to be withheld under the statutory provisions
incorporated in paragraph (b) of this section or under another statute
which meets the standards in 5 U.S.C. 552(b)(3), materials exempt from
mandatory disclosure will nevertheless be made available when this can
be done consistently with obligations of confidentiality and
administrative necessity. The disclosure of materials or records under
these circumstances in response to a specific request, however, is of no
precedent force with respect to any other request.
Sec. 401.128 Where requests for records may be made.
(a) General. Any request for any record may be made to--
(1) Any HCFA component;
(2) Director, Office of Public Affairs, HCFA 313-H, Hubert H. Humphrey
Building, 200 Independence Avenue, Washington, DC 20201; or
(3) Director of Public Affairs in any Regional Office of the
Department of Health and Human Services.
The locations and service areas of these offices are as follows:
Region I--John F. Kennedy Federal Building, Boston, MA 02203.
Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island,
Vermont.
Region II--26 Federal Plaza, New York, NY 10007. New York, New Jersey,
Puerto Rico, Virgin Islands.
Region III--Gateway Building, 3535 Market Street, Philadelphia, PA
19101. Delaware, Maryland, Pennsylvania, Virginia, West Virginia,
District of Columbia.
Region IV--101 Marietta Street, Altanta, GA 30323. Alabama, Florida,
Georgia, Kentucky, Mississippi, North Carolina, South Carolina,
Tennessee.
Region V--300 South Wacker Drive, Chicago, IL 60606. Illinois, Indiana,
Michigan, Minnesota, Ohio, Wisconsin.
Region VI--1200 Main Tower Building, Dallas, TX 75202. Arkansas,
Louisiana, New Mexico, Oklahoma, Texas.
Region VII--601 East 12th Street, Kansas City, MO 64106. Iowa, Kansas,
Missouri, Nebraska.
Region VIII--Federal Office Building, 19th and Stout Streets, Denver, CO
80294. Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming.
Region IX--Federal Office Building, 50 United Nations Plaza, San
Francisco, CA 94102. Arizona, California, Hawaii, Nevada, Guam,
Trust Territory of Pacific Islands, American Samoa.
Region X--Arcade Plaza Building, 1321 Second Avenue, Seattle, WA 98101.
Alaska, Idaho, Oregon, Washington.
(b) Records pertaining to individuals. HCFA maintains some records
pertaining to individuals. Disclosure of such records is generally
prohibited by section 1106 of the Social Security Act (42 U.S.C. 1306),
except as prescribed in Sec. 401.105 (See also Sec. 401.126(b)).
Requests for records pertaining to individuals may be addressed to:
Director, Office of Research, Demonstrations and Statistics, HCFA,
Baltimore, Maryland 21235, when information is sought from the record of
a person who has participated in a research survey conducted by or for
HCFA, Office of Research, Demonstrations and Statistics; or whose
records have been included by statistical sampling techniques in
research and statistical studies authorized by the Social Security Act
in the field of health care financing.
(c) Requests for materials listed in Sec. 401.130 or Sec. 401.132 or
indexed in the HCFA Rulings. A request to inspect and copy materials
listed in Sec. 401.130 or Sec. 401.132 or indexed in HCFA Rulings may be
made to any district or branch office of the Social Security
Administration. If the specific material requested is not available in
the office receiving the request, the material will be obtained and made
available promptly.
Sec. 401.130 Materials available at social security district offices
and branch offices.
(a) Materials available for inspection. The following are available or
will be made available for inspection at the social security district
offices and branch offices:
(1) Compilation of the Social Security Laws.
(2) The Public Information Regulation of the Department of Health and
Human Services (45 CFR part 5).
(3) Medicare Program regulations issued by the Health Care Financing
Administration. 42 CFR Chapter IV .
(4) HCFA Rulings.
(5) Social Security Handbook.
(b) Materials available for inspection and copying. The following
materials are available or will be made available for inspection and
copying at the social security district offices and branch offices:
(1) Claims Manual of the Social Security Administration.
(2) Department Staff Manual on Organization, Department of Health and
Human Services, Part F, HCFA.
(3) Parts 2 and 3 of the Part A
Intermediary Manual (Provider Services under Medicare HCFA Pub. 13-2 and
13-3).
(4) Parts 2 and 3 of the Part B Intermediary Manual (Physician and
Supplier Services).
(5) Intermediary Letters Related to Parts 2 and 3 of the Part A and
Part B Intermediary Manuals.
(6) State Buy-In Handbook (State Enrollment of Eligible Individuals
under the Supplementary Medical Insurance Program) and Letters.
(7) Group Practice Prepayment Plan Manual (HIM-8) and Letters.
(8) State Operations Manual (HIM-7).
(9) HCFA Letters to State Agencies on Medicare.
(10) Skilled Nursing Facility Manual (HCFA Pub. 12).
(11) Hearing Officers Handbook (Supplementary Medical Insurance
Program--HIM-21).
(12) Hospital Manual (HIM-10).
(13) Home Health Agency Manual (HIM-11).
(14) Outpatient Physical Therapy Provider Manual (HIM-9).
(15) Provider Reimbursement Manual (HIM-15).
(16) Audit Program Manuals for Hospital (HIM-16), Home Health Agency
(HIM-17), and Extended Care Facilities (HIM-18).
(17) Statements of deficiencies based upon survey reports of health
care institutions or facilities prepared after January 31, 1973, by a
State agency, and such reports (including pertinent written statements
furnished by such institution or facility on such statements of
deficiencies), as set forth in Sec. 401.133(a). Such statements of
deficiencies, reports, and pertinent written statements shall be
available or made available only at the social security district office
and regional office servicing the area in which the institution or
facility is located, except that such statements of deficiencies and
pertinent written statements shall also be available at the local public
assistance offices servicing such area.
(18) Indexes to the materials listed in paragraph (a) of this section
and in this paragraph (b) and an index to the Bureau of Hearings and
Appeals Handbook.
Sec. 401.132 Materials in field offices of the Office of Hearings
and Appeals, SSA.
(a) Materials available for inspection. The following materials are
available for inspection in the field offices of the Office of Hearings
and Appeals, SSA.
(1) Title 45 of the Code of Federal Regulations (including the public
information regulation of the Department of Health and Human Services).
(2) Regulations of the Social Security Administration and HCFA.
(3) Title 5, United States Code.
(4) Compilation of the Social Security Laws.
(5) HCFA Rulings.
(6) Social Security Handbook.
(b) Handbook available for inspection and copying. The Office of
Hearings and Appeals Handbook is available for inspection and copying in
the field offices of the Office of Hearings and Appeals.
Sec. 401.133 Availability of official reports on providers of
services, State agencies, intermediaries, and carriers under
Medicare.
The following shall be made available to the public under the
conditions specified:
(a) Statements of deficiencies and survey reports on providers of
services prepared by State agencies. (1) Statements of deficiencies
based upon official survey reports prepared after January 31, 1973, by a
State agency pursuant to its agreement entered into under section 1884
of the Social Security Act and furnished to HCFA, which relate to a
State agency's findings on the compliance of a health care institution
or facility with the applicable provisions in section 1861 of the Act
and with the regulations, promulgated pursuant to those provisions,
dealing with health and safety of patients in those institutions and
facilities; and
(2) State agency survey reports. The statement of deficiencies or
report and any pertinent written statements furnished by the institution
or facility on the statement of deficiencies shall be disclosed within
90 days following the completion of the survey by the State agency, but
not to exceed 30 days following the receipt of the report by HCFA. (See
Sec. 401.130(b)(17)) for places where statements of deficiencies,
reports, and pertinent written statements will be available.)
(b) HCFA reports on providers of services. Upon request in writing,
official reports and other formal evaluations (including followup
reviews), excluding references to internal tolerance rules and practices
contained therein, internal working papers or other informal memoranda,
prepared and completed after January 31, 1973, which relate to the
performance of providers of services under Medicare: Provided, That no
information identifying individual patients, physicians, or other
practitioners, or other individuals shall be disclosed under this
paragraph. Those reports and other evaluations shall be disclosed within
30 days following the final preparation thereof by HCFA during which
time the providers of services shall be afforded a reasonable
opportunity to offer comments, and there shall be disclosed with those
reports and evaluations any pertinent written statements furnished HCFA
by those providers on those reports and evaluations.
(c) Contractor performance review reports. Upon request in writing,
official contractor performance review reports and other formal
evaluations (including followup reviews), excluding references to
internal tolerance rules and practices contained therein, internal
working papers or other informal memoranda, prepared and completed after
January 31, 1973, which relate to the evaluation of the performance of
(1) intermediaries and carriers under their agreements entered into
pursuant to sections 1816 and 1842 of the Social Security Act and (2)
State agencies under their agreements entered into pursuant to section
1864 of the Act (including comparative evaluations of the performance of
those intermediaries, carriers, and State agencies). The latest Contract
Performance Review Report pertaining to a particular intermediary or
carrier, prepared prior to February 1, 1973, may also be disclosed to
any person upon request in writing. Those reports and evaluations shall
be disclosed within 30 days following their final preparation by HCFA
(or 30 days following the request therefor, in the case of the contract
performance review report prepared prior to February 1, 1973), during
which time those intermediaries, carriers, and State agencies, as the
case may be, shall be afforded a reasonable opportunity to offer
comments, and there shall be disclosed with those reports and
evaluations any pertinent written statements furnished HCFA by those
intermediaries, carriers, or State agencies or those reports and
evaluations.
Sec. 401.134 Release of Medicare information to State and Federal
agencies.
(a) Except as provided in paragraph (b) of this section, the following
information may be released to an officer or employee of an agency of
the Federal or a State government lawfully charged with the
administration of a program receiving grants-in-aid under title V and
XIX of the Social Security Act for the purpose of administration of
those titles, or to any officer or employee of the Department of Army,
Department of Defense, solely for the administration of its Civilian
Health and Medical Program of the Uniformed Services (CHAMPUS):
(1) Information, including the identification number, concerning
charges made by physicians, other practitioners, or suppliers, and
amounts paid under Medicare for services furnished to beneficiaries by
such physicians, other practioners, or suppliers, to enable the agency
to determine the proper amount of benefits payable for medical services
performed in accordance with those programs; or
(2) Information as to physicians or other practioners that has been
disclosed under Sec. 401.105.
(3) Information relating to the qualifications and certification
status of hospitals and other health care facilities obtained in the
process of determining whether, and certifying as to whether,
institutions or agencies meet or continue to meet the conditions of
participation of providers of services or whether other entities meet or
continue to meet the conditions for coverage of services they furnish.
(b) The release of such information shall not be authorized by a
fiscal intermediary or carrier.
(c) The following information may be released to any officer or
employee of an agency of the Federal or a State government lawfully
charged with the duty of conducting an investigation or prosecution with
respect to possible fraud or abuse against a program receiving grants-
in-aid under Medicaid, but only for the purpose of conducting such an
investigation or prosecution, or to any officer or employee of the
Department of the Army, Department of Defense, solely for the
administration of its Civilian Health and Medical Program of the
Uniformed Services (CHAMPUS), provided that the agency has filed an
agreement with HCFA that the information will be released only to the
agency's enforcement branch and that the agency will preserve the
confidentiality of the information received and will not disclose that
information for other than program purposes:
(1) The name and address of any provider of medical services,
organization, or other person being actively investigated for possible
fraud in connection with Medicare, and the nature of such suspected
fraud. An active investigation exists when there is significant evidence
supporting an initial complaint but there is need for further
investigation.
(2) The name and address of any provider of medical services,
organization, or other person found, after consultation with an
appropriate professional association or a program review team, to have
provided unnecessary services, or of any physician or other individual
found to have violated the assignment agreement on at least three
occasions.
(3) The name and address of any provider of medical services,
organization or other person released under paragraph (c)(1) or (2) of
this section concerning which an active investigation is concluded with
a finding that there is no fraud or other prosecutable offense.
Sec. 401.135 Release of Medicare information to the public.
The following shall be made available to the public under the
conditions specified:
(a) Information as to amounts paid to providers and other
organizations and facilities for services to beneficiaries under title
XVIII of the Act: Provided, That no information identifying any
particular beneficiaries shall be disclosed under this paragraph.
(b) The name of any provider of services or other person furnishing
services to Medicare beneficiaries who--
(1) Has been found by a Federal court to have been guilty of
submitting false claims in connection with Medicare; or
(2) Has been found by a carrier or intermediary, after consultation
with a professional medical association functioning external to program
administration or, if appropriate, the State medical authority, to have
been engaged in a pattern of furnishing services to beneficiaries which
are substantially in excess of their medical needs; except that the name
of any provider or other person shall not be disclosed pursuant to a
finding under this paragraph (b)(2), unless that provider or other
person has first been afforded a reasonable opportunity to offer
evidence on his behalf.
(c) Upon request in writing, cost reports submitted by providers of
services pursuant to section 1815 of the Act to enable the Secretary to
determine amounts due the providers.
Sec. 401.136 Requests for information or records.
(a) A request should reasonably identify the requested record by brief
description. Requesters who have detailed information which would assist
in identifying the records requested are urged to provide such
information in order to expedite the handling of the request. Envelopes
in which written requests are submitted should be clearly identified as
Freedom of Information requests. The request should include the fee or
request determination of the fee. When necessary, a written request will
be promptly forwarded to the proper office, and the requester will be
advised of the date of the receipt and identification and address of the
proper office.
(b) Determinations of whether records will be released or withheld
will be made within 10 working days from date of receipt of the request
in the office listed in Sec. 401.128 except where HCFA extends this time
and sends notice of such extension to the requester. Such extension may
not exceed 10 additional working days and shall apply only where the
following unusual circumstances exist:
(1) The need to search for and collect the requested records from
field facilities or other establishments that are separate from the
office processing the requests;
(2) The need to search for, collect, and appropriately examine a
voluminous amount of separate and distinct records which are requested
in a single request; or
(3) The need for consultation, which shall be conducted with all
practicable speed, with another agency having a substantial interest in
the request or among two or more components of HCFA having a substantial
interest in the subject matter of the request.
(c) If an extension is made, the requester will be notified in writing
before the expiration of 10 working days from receipt of the request and
will be given an explanation of why the extension was necessary and the
date on which a determination will be made.
(d) Authority to extend the time limit with respect to any request for
information or records is granted to the Director, Office of Public
Affairs, HCFA and to the Director of Public Affairs in any HHS Regional
Office. Those officers and employees of HCFA who are listed in
Sec. 401.144(a) as having authority to deny requests for information
from records maintained on individuals are granted authority to extend
the time limit for responding to requests for information from such
records.
Sec. 401.140 Fees and charges.
(a) Statement of policy. It is HCFA's policy to comply with certain
requests for information services without charge. Except as otherwise
determined pursuant to paragraph (c) of this section, fees will be
charged for the following services with respect to all other requests
for information from records which are reasonably identified by the
requesters:
(1) Reproduction, duplication, or copying of records;
(2) Searches for records; and
(3) Certification or authentication of records.
(b) Fee schedules. The fee schedule is as follows:
(1) Search for records. Three dollars per hour: Provided, however,
That no charge will be made for the first half hour.
(2) Reproduction, duplication, or copying of records. Ten cents per
page where such reproduction can be made by commonly available
photocopying machines. The cost of reproducing records which cannot be
so photocopied will be determined on an individual basis at actual cost.
(3) Certification or authentication of records. Three dollars per
certification or authentication.
(4) Forwarding materials to destination. Any special arrangements for
forwarding which are requested shall be charged at actual cost; however,
no charge will be made for postage.
(5) No charge will be made when the total amount does not exceed five
dollars.
(c) Waiver or reduction of fees. Waiver or reduction of the fees in
paragraph (b) of this section may be made upon a determination that such
waiver or reduction is in the public interest because furnishing the
information can be considered as primarily benefiting the general
public. Such determination may be made by the appropriate officer or
employee identified in Sec. 401.144.
(d) Sale of documents. On occasion, a previously printed document may
be available for sale to the public; the cost of supplying the document
is one cent per page unless the document is available for sale from the
Superintendent of Documents, in which case the price shall be that
determined by the Superintendent.
Sec. 401.144 Denial of requests.
(a) General authority. Only the Director, Office of Public Affairs,
HCFA, and the Regional Directors of Public Affairs, HHS, are authorized
to deny written requests to obtain, inspect or copy any HCFA information
or record.
(b) Forms of denials. (1) Oral requests may be dealt with orally, but
the requester should be advised that the oral response is not an
official determination and that an official determination may be
obtained only by submitting the request in writing. Appropriate
available assistance will be offered.
(2) Written Requests--Denials of written requests will be in writing
and will contain the reasons for the denial including, as appropriate, a
statement that a document requested is nonexistent or not reasonably
described or is subject to one or more clearly described exemption(s).
Denials will also provide the requester with appropriate information on
how to exercise the right of appeal.
Sec. 401.148 Administrative review.
(a) Review by the Administrator. A person whose request has been
denied may initiate a review by filing a request for review with the
Administrator of HCFA, 700 East High Rise Building, 6401 Security
Boulevard, Baltimore, Maryland 21235, within 30 days of receipt of the
determination to deny or within 30 days of receipt of records which are
in partial response to his request if a portion of a request is granted
and a portion denied, whichever is later. Upon receipt of a timely
request for review, the Administrator will review the decision in
question and the findings upon which it was based. Upon the basis of the
data considered in connection with the decision and whatever other
evidence and written argument is submitted by the person requesting the
review or which is otherwise obtained, the Administrator or his designee
will affirm or revise in whole or in part the findings and decision in
question. A decision to affirm the denial will be made only upon
concurrence of the Assistant Secretary for Public Affairs, or his
designee, after consultation with the General Counsel or his or her
designee, and the appropriate program policy official. Written notice of
the decision of the Administrator will be mailed to the person who
requested the review. A written decision will be made within 20 working
days from receipt of the request for review. Extension of the time limit
may be granted under the circumstances listed in Sec. 401.136(b) to the
extent that the maximum 10 days limit on extensions has not been
exhausted on the initial determination. The decision will include the
basis for it and will advise the requester of his right to judicial
review.
(b) Failure of the Administrator to comply with the time limits.
Failure of the Administrator to comply with the time limits set forth in
Sec. 401.136 and this section constitutes an exhaustion of the
requester's administrative remedies.
Sec. 401.152 Court review.
Where the Administrator upon review affirms the denial of a request
for records, in whole or in part, the requester may seek court review in
the district court of the United States pursuant to 5 U.S.C.
552(a)(4)(B).
Title 45-Public Welfare
Subtitle A-Department of Health and Human Services
PART 5b--PRIVACY ACT REGULATIONS
Sec.
5b.1 Definitions.
5b.2 Purpose and scope.
5b.3 Policy.
5b.4 Maintenance of records.
5b.5 Notification of or access to records.
5b.6 Special procedures for notification of or access to medical
records.
5b.7 Procedures for correction or amendment of records.
5b.8 Appeals of refusals to correct or amend records.
5b.9 Disclosure of records.
5b.10 Parents and guardians.
5b.11 Exempt systems.
5b.12 Contractors.
5b.13 Fees.
Appendix A--Employee Standards of Conduct
Appendix B--Routine Uses Applicable to More Than One System of Records
Maintained by HHS
Appendix C--Delegations of Authority [Reserved]
Authority: 5 U.S.C. 301, 5 U.S.C. 552a.
Source: 40 FR 47409, Oct. 8, 1975, unless otherwise noted.
Sec. 5b.1 Definitions.
As used in this part:
(a) Access means availability of a record to a subject individual.
(b) Agency means the Department of Health and Human Services.
(c) Department means the Department of Health and Human Services.
(d) Disclosure means the availability or release of a record to anyone
other than the subject individual.
(e) Individual means a living person who is a citizen of the United
States or an alien lawfully admitted for permanent residence. It does
not include persons such as sole proprietorships, partnerships, or
corporations. A business firm which is identified by the name of one or
more persons is not an individual within the meaning of this part.
(f) Maintain means to maintain, collect, use, or disseminate when used
in connection with the term ``record''; and, to have control over or
responsibility for a system of records when used in connection with the
term ``system of records.''
(g) Notification means communication to an individual whether he is a
subject individual.
(h) Record means any item, collection, or grouping of information
about an individual that is maintained by the Department, including but
not limited to the individual's education, financial transactions,
medical history, and criminal or employment history and that contains
his name, or an identifying number, symbol, or other identifying
particular assigned to the individual, such as a finger or voice print
or a photograph. When used in this Part, record means only a record
which is in a system of records.
(i) Responsible Department official means that officer who is listed
in a notice of a system of records as the system manager for a given
system of records or another individual listed in the notice of a system
of records to whom requests may be made, or the designee of either such
officer or individual.
(j) Routine use means the disclosure of a record outside the
Department, without the consent of the subject individual, for a purpose
which is compatible with the purpose for which the record was collected.
It includes disclosures required to be made by statute other than the
Freedom of Information Act, 5 U.S.C. 552. It does not include
disclosures which are permitted to be made without the consent of the
subject individual which are not compatible with the purpose for which
it was collected such as disclosures to the Bureau of the Census, the
General Accounting Office, or to Congress.
(k) Secretary means the Secretary of Health and Human Services, or his
designee.
(l) Statistical record means a record maintained for statistical
research or reporting purposes only and not maintained to make
determinations about a particular subject individual.
(m) Subject individual means that individual to whom a record
pertains.
(n) System of records means any group of records under the control of
the Department from which a record is retrieved by personal identifier
such as the name of the individual, number, symbol or other unique
retriever assigned to the individual. Single records or groups of
records which are not retrieved by a personal identifier are not part of
a system of records. Papers maintained by individual employees of the
Department which are prepared, maintained, or discarded at the
discretion of the employee and which are not subject to the Federal
Records Act, 44 U.S.C. 2901, are not part of a system of records;
Provided, That such personal papers are not used by the employee or the
Department to determine any rights, benefits, or privileges of
individuals.
Sec. 5b.2 Purpose and scope.
(a) This part implements section 3 of the Privacy Act of 1974, 5
U.S.C. 552a (hereinafter referred to as the Act), by establishing agency
policies and procedures for the maintenance of records. This part also
establishes agency policies and procedures under which a subject
individual may be given notification of or access to a record pertaining
to him and policies and procedures under which a subject individual may
have his record corrected or amended if he believes that his record is
not accurate, timely, complete, or relevant or necessary to accomplish a
Department function.
(b) All components of the Department are governed by the provisions of
this part. Also governed by the provisions of this part are:
(1) Certain non-federal entities which operate as agents of the
Department for purposes of carrying out Federal functions, such as
intermediaries and carriers performing functions under contracts and
agreements entered into pursuant to sections 1816 and 1842 of the Social
Security Act, 42 U.S.C. 1395h and 1395u.
(2) Advisory committees and councils within the meaning of the Federal
Advisory Committee Act which provide advice to
(i) Any official or component of the Department or
(ii) The President and for which the Department has been delegated
responsibility for providing services.
(c) Employees of the Department governed by this part include all
regular and special government employees of the Department; members of
the Public Health Service Commissioned Corps; experts and consultants
whose temporary (not in excess of 1 year) or intermittent services have
been procured by the Department by contract pursuant to 3109 of title 5,
United States Code; volunteers where acceptance of their services are
authorized by law; those individuals performing gratuitous services as
permitted under conditions prescribed by the Civil Service Commission;
and, participants in work-study or training programs.
(d) Where other statutes mandate procedures which are inconsistent
with the procedures set forth in this part, components of the Department
may issue supplementary regulations containing procedures necessary to
comply with such statutes. In addition, components of the Department may
supplement by regulation the policies and procedures set forth in this
part to meet particular needs of the programs administered by such
components.
(e) This part does not:
(1) Make available to a subject individual records which are not
retrieved by that individual's name or other personal identifier.
(2) Make available to the general public records which are retrieved
by a subject individual's name or other personal identifier or make
available to the general public records which would otherwise not be
available to the general public under the Freedom of Information Act, 5
U.S.C. 552, and part 5 of this title.
(3) Govern the maintenance or disclosure of, notification of or access
to, records in the possession of the Department which are subject to
regulations of another agency, such as personnel records subject to the
regulations of the Civil Service Commission.
(4) Apply to grantees, including State and local governments or
subdivisions thereof, administering federally funded programs.
(5) Make available records compiled by the Department in reasonable
anticipation of court litigation or formal administrative proceedings.
The availability of such records to the general public or to any subject
individual or party to such litigation or proceedings shall be governed
by applicable constitutional principles, rules of discovery, and
applicable regulations of the Department and any of its components.
Sec. 5b.3 Policy.
It is the policy of the Department to protect the privacy of
individuals to the fullest extent possible while nonetheless permitting
the exchange of records required to fulfill the administrative and
program responsibilities of the Department, and responsibilities of the
Department for disclosing records which the general public is entitled
to have under the Freedom of Information Act, 5 U.S.C. 552, and part 5
of this title.
Sec. 5b.4 Maintenance of records.
(a) No record will be maintained by the Department unless:
(1) It is relevant and necessary to accomplish a Department function
required to be accomplished by statute or Executive Order;
(2) It is acquired to the greatest extent practicable from the subject
individual when maintenance of the record may result in a determination
about the subject individual's rights, benefits or privileges under
Federal programs;
(3) The individual providing the record is informed of the authority
for providing the record (including whether the providing of the record
is mandatory or voluntary, the principal purpose for maintaining the
record, the routine uses for the record, what effect his refusal to
provide the record may have on him), and if the record is not required
by statute or Executive Order to be provided by the individual, he
agrees to provide the record.
(b) No record will be maintained by the Department which describes how
an individual exercises rights guaranteed by the First Amendment unless
expressly authorized:
(1) By statute, or
(2) By the subject individual, or
(3) Unless pertinent to and within the scope of an authorized law
enforcement activity.
Sec. 5b.5 Notification of or access to records.
(a) Times, places, and manner of requesting notification of or access
to a record. (1) Subject to the provisions governing medical records in
Sec. 5b.6 of this part, any individual may request notification of a
record. He may at the same time request access to any record pertaining
to him. An individual may be accompanied by another individual of his
choice when he requests access to a record in person; Provided, That he
affirmatively authorizes the presence of such other individual during
any discussion of a record to which access is requested.
(2) An individual making a request for notification of or access to a
record shall address his request to the responsible Department official
and shall verify his identity when required in accordance with paragraph
(b)(2) of this section. At the time the request is made, the individual
shall specify which systems of records he wishes to have searched and
the records to which he wishes to have access. He may also request that
copies be made of all or any such records. An individual shall also
provide the responsible Department official with sufficient particulars
to enable such official to distinguish between records on subject
individuals with the same name. The necessary particulars are set forth
in the notices of systems of records.
(3) An individual who makes a request in person may leave with any
responsible Department official a request for notification of or access
to a record under the control of another responsible Department
official; Provided, That the request is addressed in writing to the
appropriate responsible Department official.
(b) Verification of identity--(1) When required. Unless an individual,
who is making a request for notification of or access to a record in
person, is personally known to the responsible Department official, he
shall be required to verify his identity in accordance with paragraph
(b)(2) of this section if:
(i) He makes a request for notification of a record and the
responsible Department official determines that the mere disclosure of
the existence of the record would be a clearly unwarranted invasion of
privacy if disclosed to someone other than the subject individual; or,
(ii) He makes a request for access to a record which is not required
to be disclosed to the general public under the Freedom of Information
Act, 5 U.S.C. 552, and part 5 of this title.
(2) Manner of verifying identity.
(i) An individual who makes a request in person shall provide to the
responsible Department official at least one piece of tangible
identification such as a driver's license, passport, alien or voter
registration card, or union card to verify his identity. If an
individual does not have identification papers to verify his identity,
he shall certify in writing that he is the individual who he claims to
be and that he understands that the knowing and willful request for or
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense under the Act subject to a $5,000 fine.
(ii) Except as provided in paragraph (b)(2)(v) of this section, an
individual who does not make a request in person shall submit a
notarized request to the responsible Department official to verify his
identity or shall certify in his request that he is the individual who
he claims to be and that he understands that the knowing and willful
request for or acquisition of a record pertaining to an individual under
false pretenses is a criminal offense under the Act subject to a $5,000
fine.
(iii) An individual who makes a request on behalf of a minor or legal
incompetent as authorized under Sec. 5b.10 of this part shall verify his
relationship to the minor or legal incompetent, in addition to verifying
his own identity, by providing a copy of the minor's birth certificate,
a court order, or other competent evidence of guardianship to the
responsible Department official; except that, an individual is not
required to verify his relationship to the minor or legal incompetent
when he is not required to verify his own identity or when evidence of
his relationship to the minor or legal incompetent has been previously
given to the responsible Department official.
(iv) An individual shall further verify his identity if he is
requesting notification of or access to sensitive records such as
medical records. Any further verification shall parallel the record to
which notification or access is being sought. Such further verification
may include such particulars as the individual's years of attendance at
a particular educational institution, rank attained in the uniformed
services, date or place of birth, names of parents, an occupation or the
specific times the individual received medical treatment.
(v) An individual who makes a request by telephone shall verify his
identity by providing to the responsible Department official identifying
particulars which parallel the record to which notification or access is
being sought. If the responsible Department official determines that the
particulars provided by telephone are insufficient, the requester will
be required to submit the request in writing or in person. Telephone
requests will not be accepted where an individual is requesting
notification of or access to sensitive records such as medical records.
(c) Granting notification of or access to a record. (1) Subject to the
provisions governing medical records in Sec. 5b.6 of this part and the
provisions governing exempt systems in Sec. 5b.11 of this part, a
responsible Department official, who receives a request for notification
of or access to a record and, if required, verification of an
individual's identity, will review the request and grant notification or
access to a record, if the individual requesting access to the record is
the subject individual.
(2) If the responsible Department official determines that there will
be a delay in responding to a request because of the number of requests
being processed, a breakdown of equipment, shortage of personnel,
storage of records in other locations, etc., he will so inform the
individual and indicate when notification or access will be granted.
(3) Prior to granting notification of or access to a record, the
responsible Department official may at his discretion require an
individual making a request in person to reduce his request to writing
if the individual has not already done so at the time the request is
made.
Sec. 5b.6 Special procedures for notification of or access to
medical records.
(a) General. An individual in general has a right to notification of
or access to his medical records, including psychological records, as
well as to other records pertaining to him maintained by the Department.
This section sets forth special procedures as permitted by the Act for
notification of or access to medical records, including a special
procedure for notification of or access to medical records of minors.
The special procedures set forth in paragraph (b) of this section may
not be suitable for use by every component of the Department. Therefore,
components may follow the paragraph (b) procedure for notification of or
access to medical records, or may issue regulations establishing special
procedures for such purposes. The special procedure set forth in
paragraph (c) of this section relating to medical records of minors is
mandatory.
(b) Medical records procedures--(1) Notification of or access to
medical records. (i) Any individual may request notification of or
access to a medical record pertaining to him. Unless the individual is a
parent or guardian requesting notification of or access to a minor's
medical record, an individual shall make a request for a medical record
in accordance with this section and the procedures in Sec. 5b.5 of this
part.
(ii) An individual who requests notification of or access to a medical
record shall, at the time the request is made, designate a
representative in writing. The representative may be a physician, other
health professional, or other responsible individual, who would be
willing to review the record and inform the subject individual of its
contents at the representative's discretion.
(2) Utilization of the designated representative. A subject individual
will be granted direct access to a medical record if the responsible
official determines that direct access is not likely to have an adverse
effect on the subject individual. If the responsible Department official
believes that he is not qualified to determine, or if he does determine,
that direct access to the subject individual is likely to have an
adverse effect on the subject individual, the record will be sent to the
designated representative. The subject individual will be informed in
writing that the record has been sent.
(c) Medical records of minors--(1) Requests by minors; notification of
or access to medical records to minors. A minor may request notification
of or access to a medical record pertaining to him in accordance with
paragraph (b) of this section.
(2) Requests on a minor's behalf; notification of or access to medical
records to an individual on a minor's behalf. (i) In order to protect
the privacy of a minor, a parent or guardian, authorized to act on a
minor's behalf as provided in Sec. 5b.10 of this part, who makes a
request for notification of or access to a minor's medical record will
not be given direct notification of or access to such record.
(ii) A parent or guardian shall make all requests for notification of
or access to a minor's medical record in accordance with this paragraph
and the procedures in Sec. 5b.5 of this part. A parent or guardian shall
at the time he makes a request designate a family physician or other
health professional (other than a family member) to whom the record, if
any, will be sent.
(iii) Where a medical record on the minor exists, it will be sent to
the physician or health professional designated by the parent or
guardian in all cases. If disclosure of the record would constitute an
invasion of the minor's privacy, that fact will be brought to the
attention of the physician or health professional to whom the record is
sent. The physician or health professional will be asked to consider the
effect that disclosure of the record to the parent or guardian would
have on the minor in determining whether the minor's medical record
should be made available to the parent or guardian. Response to the
parent or guardian making the request will be made in substantially the
following form:
We have completed processing your request for notification of or access
to
--------------------------------'s
(Name of minor)
medical records. Please be informed that if any medical record were
found pertaining to that individual, they have not been sent to your
designated physician or health professional.
In each case where a minor's medical record is sent to a physician or
health professional, reasonable efforts will be made to so inform the
minor.
Sec. 5b.7 Procedures for correction or amendment of records.
(a) Any subject individual may request that his record be corrected or
amended if he believes that the record is not accurate, timely,
complete, or relevant or necessary to accomplish a Department function.
A subject individual making a request to amend or correct his record
shall address his request to the responsible Department official in
writing; except that, the request need not be in writing if the subject
individual makes his request in person and the responsible Department
official corrects or amends the record at that time. The subject
individual shall specify in each request:
(1) The system of records from which the record is retrieved;
(2) The particular record which he is seeking to correct or amend;
(3) Whether he is seeking an addition to or a deletion or substitution
of the record; and,
(4) His reasons for requesting correction or amendment of the record.
(b) A request for correction or amendment of a record will be
acknowledged within 10 working days of its receipt unless the request
can be processed and the subject individual informed of the responsible
Department official's decision on the request within that 10 day period.
(c) If the responsible Department official agrees that the record is
not accurate, timely, or complete based on a preponderance of the
evidence, the record will be corrected or amended. The record will be
deleted without regard to its accuracy, if the record is not relevant or
necessary to accomplish the Department function for which the record was
provided or is maintained. In either case, the subject individual will
be informed in writing of the correction, amendment, or deletion and, if
accounting was made of prior disclosures of the record, all previous
recipients of the record will be informed of the corrective action
taken.
(d) If the responsible Department official does not agree that the
record should be corrected or amended, the subject individual will be
informed in writing of the refusal to correct or amend the record. He
will also be informed that he may appeal the refusal to correct or amend
his record to the appropriate appeal authority listed in Sec. 5b.8 of
this part. The appropriate appeal authority will be identified to the
subject individual by name, title, and business address.
(e) Requests to correct or amend a record governed by the regulation
of another government agency, e.g., Civil Service Commission, Federal
Bureau of Investigation, will be forwarded to such government agency for
processing and the subject individual will be informed in writing of the
referral.
Sec. 5b.8 Appeals of refusals to correct or amend records.
(a) Processing the appeal. (1) A subject individual who disagrees with
a refusal to correct or amend his record may appeal the refusal in
writing. All appeals shall be made to the following appeal authorities,
or their designees, or successors in function:
(i) Assistant Secretary for Administration and Management for records
of the Office of the Secretary, or where the initial refusal to correct
or amend was made by another appeal authority. The appeal authority for
an initial refusal by the Assistant Secretary for Administration and
Management is the Under Secretary.
(ii) Assistant Secretary for Health for records of the Public Health
Service including Office of Assistant Secretary for Health; Health
Resources Administration; Health Services Administration; Alcohol, Drug
Abuse, and Mental Health Administration; Center for Disease Control;
National Institutes of Health; and Food and Drug Administration.
(iii) Assistant Secretary for Education for records of the Office of
the Assistant Secretary for Education, National Center for Education
Statistics, National Institute of Education, and Office of Education.
(iv) Assistant Secretary for Human Development for records of the
Office of Human Development.
(v) Commissioner of Social Security for records of the Social Security
Administration.
(vi) Administrator, Social and Rehabilitation Service for the records
of the Social and Rehabilitation Service.
(2) An appeal will be completed within 30 working days from its
receipt by the appeal authority; except that, the appeal authority may
for good cause extend this period for an additional 30 days. Should the
appeal period be extended, the subject individual appealing the refusal
to correct or amend the record will be informed in writing of the
extension and the circumstances of the delay. The subject individual's
request to amend or correct the record, the responsible Department
official's refusal to correct or amend, and any other pertinent material
relating to the appeal will be reviewed. No hearing will be held.
(3) If the appeal authority agrees that the record subject to the
appeal should be corrected or amended, the record will be amended and
the subject individual will be informed in writing of the correction or
amendment. Where an accounting was made of prior disclosures of the
record, all previous recipients of the record will be informed of the
corrective action taken.
(4) If the appeal is denied, the subject individual will be informed
in writing:
(i) Of the denial and the reasons for the denial;
(ii) That he has a right to seek judicial review of the denial; and,
(iii) That he may submit to the responsible Department official a
concise statement of disagreement to be associated with the disputed
record and disclosed whenever the record is disclosed.
(b) Notation and disclosure of disputed records. Whenever a subject
individual submits a statement of disagreement to the responsible
Department official in accordance with paragraph (a)(4)(iii) of this
section, the record will be noted to indicate that it is disputed. In
any subsequent disclosure, a copy of the subject individual's statement
of disagreement, will be disclosed with the record. If the responsible
Department official deems it appropriate, a concise statement of the
appeal authority's reasons for denying the subject individual's appeal
may also be disclosed with the record. While the subject individual will
have access to this statement of reasons, such statement will not be
subject to correction or amendment. Where an accounting was made of
prior disclosures of the record, all previous recipients of the record
will be provided a copy of the subject individual's statement of
disagreement, as well as the statement, if any, of the appeal
authority's reasons for denying the subject individual's appeal.
Sec. 5b.9 Disclosure of records.
(a) Consent to disclosure by a subject individual. (1) Except as
provided in paragraph (b) of this section authorizing disclosures of
records without consent, no disclosure of a record will be made without
the consent of the subject individual. In each case the consent, whether
obtained from the subject individual at the request of the Department or
whether provided to the Department by the subject individual on his own
initiative, shall be in writing. The consent shall specify the
individual, organizational unit or class of individuals or
organizational units to whom the record may be disclosed, which record
may be disclosed and, where applicable, during which time frame the
record may be disclosed (e.g., during the school year, while the subject
individual is out of the country, whenever the subject individual is
receiving specific services). A blanket consent to disclose all of a
subject individual's records to unspecified individuals or
organizational units will not be honored. The subject individual's
identity and, where applicable (e.g., where a subject individual gives
consent to disclosure of a record to a specific individual), the
identity of the individual to whom the record is to be disclosed shall
be verified.
(2) A parent or guardian of any minor is not authorized to give
consent to a disclosure of the minor's medical record.
(b) Disclosures without the consent of the subject individual. The
disclosures listed in this paragraph may be made without the consent of
the subject individual. Such disclosures are:
(1) To those officers and employees of the Department who have a need
for the record in the performance of their duties. The responsible
Department official may upon request of any officer or employee, or on
his own initiative, determine what constitutes legitimate need.
(2) Required to be disclosed under the Freedom of Information Act, 5
U.S.C. 552, and part 5 of this title.
(3) For a routine use as defined in paragraph (j) of Sec. 5b.1 of this
part. Routine uses will be listed in any notice of a system of records.
Routine uses published in Appendix B are applicable to more than one
system of records. Where applicable, notices of systems of records may
contain references to the routine uses listed in Appendix B. Appendix B
will be published with any compendium of notices of systems of records.
(4) To the Bureau of the Census for purposes of planning or carrying
out a census or survey or related activity pursuant to the provisions of
title 13 U.S.C.
(5) To a recipient who has provided the agency with advance written
assurance that the record will be used solely as a statistical research
or reporting record; Provided, That, the record is transferred in a form
that does not identify the subject individual.
(6) To the National Archives of the United States as a record which
has sufficient historical or other value to warrant its continued
preservation by the United States Government, or for evaluation by the
Administrator of General Services or his designee to determine whether
the record has such value.
(7) To another government agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States for a civil or criminal law enforcement activity if the activity
is authorized by law, and if the head of such government agency or
instrumentality has submitted a written request to the Department
specifying the record desired and the law enforcement activity for which
the record is sought.
(8) To an individual pursuant to a showing of compelling circumstances
affecting the health or safety of any individual if a notice of the
disclosure is transmitted to the last known address of the subject
individual.
(9) To either House of Congress, or to the extent of matter within its
jurisdiction, any committee or subcommittee thereof, any joint committee
of Congress or subcommittee of any such joint committee.
(10) To the Comptroller General, or any of his authorized
representatives, in the course of the performance of the duties of the
General Accounting Office.
(11) Pursuant to the order of a court of competent jurisdiction.
(c) Accounting of disclosures. (1) An accounting of all disclosures of
a record will be made and maintained by the Department for 5 years or
for the life of the record, whichever is longer; except that, such an
accounting will not be made:
(i) For disclosures under paragraphs (b)(1) and (2) of this section;
and,
(ii) For disclosures made with the written consent of the subject
individual.
(2) The accounting will include:
(i) The date, nature, and purpose of each disclosure; and
(ii) The name and address of the person or entity to whom the
disclosure is made.
(3) Any subject individual may request access to an accounting of
disclosures of a record. The subject individual shall make a request for
access to an accounting in accordance with the procedures in Sec. 5b.5
of this part. A subject individual will be granted access to an
accounting of the disclosures of a record in accordance with the
procedures of this part which govern access to the related record.
Access to an accounting of a disclosure of a record made under paragraph
(b)(7) of this section may be granted at the discretion of the
responsible Department official.
Sec. 5b.10 Parents and guardians.
For the purpose of this part, a parent or guardian of any minor or the
legal guardian or any individual who has been declared incompetent due
to physical or mental incapacity or age by a court of competent
jurisdiction is authorized to act on behalf of an individual or a
subject individual. Except as provided in paragraph (b)(2) of Sec. 5b.5,
of this part governing procedures for verifying an individual's
identity, and paragraph (c) (2) of Sec. 5b.6 of this part governing
special procedures for notification of or access to a minor's medical
records, an individual authorized to act on behalf of a minor or legal
incompetent will be viewed as if he were the individual or subject
individual.
Sec. 5b.11 Exempt systems.
(a) General policy. The Act permits certain types of specific systems
of records to be exempt from some of its requirements. It is the policy
of the Department to exercise authority to exempt systems of records
only in compelling cases.
(b) Specific systems of records exempted. (1) Those systems of records
listed in paragraph (b)(2) of this section are exempt from the following
provisions of the Act and this Part:
(i) 5 U.S.C. 552a(c)(3) and paragraph (c)(2) of Sec. 5b.9 of this part
which require a subject individual to be granted access to an accounting
of disclosures of a record.
(ii) 5 U.S.C. 552a(d) (1) through (4) and (f) and Secs. 5b.6, 5b.7,
and 5b.8 of this part relating to notification of or access to records
and correction or amendment of records.
(iii) 5 U.S.C. 552a(e)(4) (G) and (H) which require inclusion of
information about Department procedures for notification, access, and
correction or amendment of records in the notice for the systems of
records.
(iv) 5 U.S.C. 552(e)(3) and paragraph (a)(3) of Sec. 5b.4 of this part
which require that an individual asked to provide a record to the
Department be informed of the authority for providing the record
(including whether the providing of the record is mandatory or
voluntary, the principal purposes for maintaining the record, the
routine uses for the record, and what effect his refusal to provide the
record may have on him), and if the record is not required by statute or
Executive Order to be provided by the individual, he agrees to provide
the record. This exemption applies only to an investigatory record
compiled by the Department for criminal law enforcement purposes in a
system of records exempt under subsection (j)(2) of the Act to the
extent that these requirements would prejudice the conduct of the
investigation.
(2) The following systems of records are exempt from those provisions
of the Act and this part listed in paragraph (b) (1) of this section.
(i) Pursuant to subsection (j)(2) of the Act:
(A) The Saint Elizabeths Hospital's Court-Ordered Forensic
Investigatory Materials Files; and
(B) The Investigatory Material Compiled for Law Enforcement Purposes
System, HHS.
(ii) Pursuant to subsection (k)(2) of the Act:
(A) The General Criminal Investigation Files, HHS/SSA;
(B) The Criminal Investigations File, HHS/SSA; and,
(C) The Program Integrity Case Files, HHS/SSA.
(D) Civil and Administrative Investigative Files of the Inspector
General, HHS/OS/OIG.
(F) Investigative materials compiled for law enforcement purposes for
the Healthcare Integrity and Protection Data Bank (HIPDB), of the Office
of Inspector General. (See Sec. 61.15 of this title for access and
correction rights under the HIPDB by subjects of the Data Bank.)
(iii) Pursuant to subsection (k)(4) of the Act:
(A) The Health and Demographic Surveys Conduct in Random Samples of
the U.S. Population;
(B) The Health Manpower Inventories and Surveys;
(C) The Vital Statistics for Births, Deaths, Fetal Deaths, Marriages
and Divorces Occurring in the U.S. during Each Year; and,
(D) The Maryland Psychiatric Case Register.
(E) The Health Resources Utilization Statistics, DHHS/OASH/NCHS.
(F) National Medical Expenditure Survey Records, HHS/OASH/NCHSR.
(iv) Pursuant to subsection (k)(5) of the Act:
(A) The Investigatory Material Compiled for Security and Suitability
Purposes System, HHS; and,
(B) The Suitability for Employment Records, HHS.
(v) Pursuant to subsections (j)(2), (k)(2), and (k)(5) of the Act:
(A) The Clinical Investigatory Records, HHS/FDA;
(B) The Regulated Industry Employee Enforcement Records, HHS/FDA;
(C) The Employee Conduct Investigative Records, HHS/FDA; and,
(D) The Service Contractor Employee Investigative Records, HHS/FDA.
(vi) Pursuant to subsection (k)(6) of the Act:
(A) The Personnel Research and Merit Promotion Test Records, HHS/SSA/
OMA.
(vii) Pursuant to subsection (k)(2) and (k)(5) of the Act:
(A) Public Health Service Records Related to Investigations of
Scientific Misconduct, HHS/OASH/ORI.
(B) Administration: Investigative Records, HHS/NIH/OM/OA/OMA.
(c) Notification of or access to records in exempt systems of records.
(1) Where a system of records is exempt as provided in paragraph (b) of
this section, any individual may nonetheless request notification of or
access to a record in that system. An individual shall make requests for
notification of or access to a record in an exempt system of records in
accordance with the procedures of Secs. 5b.5 and 5b.6 of this part.
(2) An individual will be granted notification of or access to a
record in an exempt system but only to the extent such notification or
access would not reveal the identity of a source who furnished the
record to the Department under an express promise, and prior to
September 27, 1975 an implied promise, that his identity would be held
in confidence, if:
(i) The record is in a system of records which is exempt under
subsection (k)(2) of the Act and the individual has been, as a result of
the maintenance of the record, denied a right, privilege, or benefit to
which he would otherwise be eligible; or,
(ii) The record is in a system of records which is exempt under
subsection (k)(5) of the Act.
(3) If an individual is not granted notification of or access to a
record in a system of records exempt under subsections (k) (2) and (5)
of the Act in accordance with this paragraph, he will be informed that
the identity of a confidential source would be revealed if notification
of or access to the record were granted to him.
(d) Discretionary actions by the responsible Department official.
Unless disclosure of a record to the general public is otherwise
prohibited by law, the responsible Department official may in his
discretion grant notification of or access to a record in a system of
records which is exempt under paragraph (b) of this section.
Discretionary notification of or access to a record in accordance with
this paragraph will not be a precedent for discretionary notification of
or access to a similar or related record and will not obligate the
responsible Department official to exercise his discretion to grant
notification of or access to any other record in a system of records
which is exempt under paragraph (b) of this section.
[40 FR 47409, Oct. 8, 1975, as amended at 43 FR 40229, Sept. 11, 1978;
47 FR 57040, Dec.22, 1982; 51 FR 41352, Nov. 14, 1986; 59 FR 36718, Jul.
19, 1994; 65 FR 34988, Jun. 1, 2000; 65 FR 37289, Jun. 14, 2000]
Sec. 5b.12 Contractors.
(a) All contracts entered into on or after September 27, 1975 which
require a contractor to maintain or on behalf of the Department to
maintain, a system of records to accomplish a Department function must
contain a provision requiring the contractor to comply with the Act and
this part.
(b) All unexpired contracts entered into prior to September 27, 1975
which require the contractor to maintain or on behalf of the Department
to maintain, a system of records to accomplish a Department function
will be amended as soon as practicable to include a provision requiring
the contractor to comply with the Act and this part. All such contracts
must be so amended by July 1, 1976 unless for good cause the appeal
authority identified in Sec. 5b.8 of this part authorizes the
continuation of the contract without amendment beyond that date.
(c) A contractor and any employee of such contractor shall be
considered employees of the Department only for the purposes of the
criminal penalties of the Act, 5 U.S.C. 552a(i), and the employee
standards of conduct listed in Appendix A of this part where the
contract contains a provision requiring the contractor to comply with
the Act and this part.
(d) This section does not apply to systems of records maintained by a
contractor as a result of his management discretion, e.g., the
contractor's personnel records.
Sec. 5b.13 Fees.
(a) Policy. Where applicable, fees for copying records will be charged
in accordance with the schedule set forth in this section. Fees may only
be charged where an individual requests that a copy be made of the
record to which he is granted access. No fee may be charged for making a
search of the system of records whether the search is manual,
mechanical, or electronic. Where a copy of the record must be made in
order to provide access to the record (e.g., computer printout where no
screen reading is available), the copy will be made available to the
individual without cost. Where a medical record is made available to a
representative designated by the individual or to a physician or health
professional designated by a parent or guardian under Sec. 5b.6 of this
part, no fee will be charged.
(b) Fee schedule. The fee schedule for the Department is as follows:
(1) Copying of records susceptible to photocopying--$.10 per page.
(2) Copying records not susceptible to photocopying (e.g., punch cards
or magnetic tapes)--at actual cost to be determined on a case-by-case
basis.
(3) No charge will be made if the total amount of copying does not
exceed $25.
Appendix A--Employee Standards of Conduct
(a) General. All employees are required to be aware of their
responsibilities under the Privacy Act of 1974, 5 U.S.C. 552a.
Regulations implementing the Act are set forth in 45 CFR part 5b.
Instruction on the requirements of the Act and regulation shall be
provided to all new employees of the Department. In addition,
supervisors shall be responsible for assuring that employees who are
working with systems of records or who undertake new duties which
require the use of systems of records are informed of their
responsibilities. Supervisors shall also be responsible for assuring
that all employees who work with such systems of records are
periodically reminded of the requirements of the Act and are advised of
any new provisions or interpretations of the Act.
(b) Penalties. (1) All employees must guard against improper
disclosure of records which are governed by the Act. Because of the
serious consequences of improper invasions of personal privacy,
employees may be subject to disciplinary action and criminal prosecution
for knowing and willful violations of the Act and regulation. In
addition, employees may also be subject to disciplinary action for
unknowing or unwillful violations, where the employee had notice of the
provisions of the Act and regulations and failed to inform himself
sufficiently or to conduct himself in accordance with the requirements
to avoid violations.
(2) The Department may be subjected to civil liability for the
following actions undertaken by its employees:
(a) Making a determination under the Act and section 5b.7 and 5b.8 of
the regulation not to amend an individual's record in accordance with
his request, or failing to make such review in conformity with those
provisions;
(b) Refusing to comply with an individual's request for notification
of or access to a record pertaining to him;
(c) Failing to maintain any record pertaining to any individual with
such accuracy, relevance, timeliness, and completeness as is necessary
to assure fairness in any determination relating to the qualifications,
character, rights, or opportunities of, or benefits to the individual
that may be made on the basis of such a record, and consequently a
determination is made which is adverse to the individual; or
(d) Failing to comply with any other provision of the Act or any rule
promulgated thereunder, in such a way as to have an adverse effect on an
individual.
(3) ``An employee may be personally subject to criminal liability as
set forth below and in 5 U.S.C. 552a (i):
(a) Any officer or employee of an agency, who by virtue of his
employment or official position, has possession of, or access to, agency
records which contain individually identifiable information the
disclosure of which is prohibited by the Act or by rules or regulations
established thereunder, and who, knowing that disclosure of the specific
material is so prohibited, willfully discloses the material in any
manner to any person or agency not entitled to receive it, shall be
guilty of a misdemeanor and fined not more than $5,000.''
(b) ``Any officer or employee of any agency who willfully maintains a
system of records without meeting the notice requirements [of the Act]
shall be guilty of a misdemeanor and fined not more than $5,000.''
(c) Rules Governing Employees Not Working With Systems of Records.
Employees whose duties do not involve working with systems of records
will not generally disclose to any one, without specific authorization
from their supervisors, records pertaining to employees or other
individuals which by reason of their official duties are available to
them. Notwithstanding the above, the following records concerning
Federal employees are a matter of public record and no further
authorization is necessary for disclosure:
(1) Name and title of individual.
(2) Grade classification or equivalent and annual rate of salary.
(3) Position description.
(4) Location of duty station, including room number and telephone
number.
In addition, employees shall disclose records which are listed in the
Department's Freedom of Information Regulation as being available to the
public. Requests for other records will be referred to the responsible
Department official. This does not preclude employees from discussing
matters which are known to them personally, and without resort to a
record, to official investigators of Federal agencies for official
purposes such as suitability checks, Equal Employment Opportunity
investigations, adverse action proceedings, grievance proceedings, etc.
(d) Rules governing employees whose duties require use or reference to
systems of records. Employees whose official duties require that they
refer to, maintain, service, or otherwise deal with systems of records
(hereinafter referred to as ``Systems Employees'') are governed by the
general provisions. In addition, extra precautions are required and
systems employees are held to higher standards of conduct.
(1) Systems Employees shall:
(a) Be informed with respect to their responsibilities under the Act;
(b) Be alert to possible misuses of the system and report to their
supervisors any potential or actual use of the system which they believe
is not in compliance with the Act and regulation;
(c) Make a disclosure of records within the Department only to an
employee who has a legitimate need to know the record in the course of
his official duties;
(d) Maintain records as accurately as practicable.
(e) Consult with a supervisor prior to taking any action where they
are in doubt whether such action is in conformance with the Act and
regulation.
(2) Systems Employees shall not:
(a) Disclose in any form records from a system of records except (1)
with the consent or at the request of the subject individual; or (2)
where its disclosure is permitted under Sec. 5b.9 of the regulation.
(b) Permit unauthorized individuals to be present in controlled areas.
Any unauthorized individuals observed in controlled areas shall be
reported to a supervisor or to the guard force.
(c) Knowingly or willfully take action which might subject the
Department to civil liability.
(d) Make any arrangements for the design development, or operation of
any system of records without making reasonable effort to provide that
the system can be maintained in accordance with the Act and regulation.
(e) Contracting officers. In addition to any applicable provisions set
forth above, those employees whose official duties involve entering into
contracts on behalf of the Department shall also be governed by the
following provisions:
(1) Contracts for design, or development of systems and equipment. No
contract for the design or development of a system of records, or for
equipment to store, service or maintain a system of records shall be
entered into unless the contracting officer has made reasonable effort
to ensure that the product to be purchased is capable of being used
without violation of the Act or regulation. Special attention shall be
given to provision of physical safeguards.
(2) Contracts for the operation of systems and equipment. No contract
for the design or development of a system of whom he feels appropriate,
of all proposed contracts providing for the operation of systems of
records shall be made prior to execution of the contracts to determine
whether operation of the system of records is for the purpose of
accomplishing a Department function. If a determination is made that the
operation of the system is to accomplish a Department function, the
contracting officer shall be responsible for including in the contract
appropriate provisions to apply the provisions of the Act and regulation
to the system, including prohibitions against improper release by the
contractor, his employees, agents, or subcontractors.
(3) Other service contracts. Contracting officers entering into
general service contracts shall be responsible for determining the
appropriateness of including provisions in the contract to prevent
potential misuse (inadvertent or otherwise) by employees, agents, or
subcontractors of the contractor.
(f) Rules Governing Responsible Department Officials. In addition to
the requirements for Systems Employees, responsible Department officials
shall:
(1) Respond to all requests for notification of or access, disclosure,
or amendment of records in a timely fashion in accordance with the Act
and regulation;
(2) Make any amendment of records accurately and in a timely fashion;
(3) Inform all persons whom the accounting records show have received
copies of the record prior to the amendments of the correction; and
(4) Associate any statement of disagreement with the disputed record,
and
(a) Transmit a copy of the statement to all persons whom the
accounting records show have received a copy of the disputed record, and
(b) Transmit that statement with any future disclosure.
Appendix B--Routine Uses Applicable to More Than One System of Records
Maintained by HHS
(1) In the event that a system of records maintained by this agency or
carry out its functions indicates a violation or potential violation of
law, whether civil, criminal or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule or order issued pursuant thereto, the relevant records
in the system of records may be referred, as a routine use, to the
appropriate agency, whether federal, or foreign, charged with the
responsibility of investigating or prosecuting such violation or charged
with enforcing or implementing the statute, or rule, regulation or order
issued pursuant thereto.
(2) Referrals may be made of assignments of research investigators and
project monitors to specific research projects to the Smithsonian
Institution to contribute to the Smithsonian Science Information
Exchange, Inc.
(3) In the event the Department deems it desirable or necessary, in
determining whether particular records are required to be disclosed
under the Freedom of Information Act, disclosure may be made to the
Department of Justice for the purpose of obtaining its advice.
(4) A record from this system of records may be disclosed as a
``routine use'' to a federal, state or local agency maintaining civil,
criminal or other relevant enforcement records or other pertinent
records, such as current licenses, if necessary to obtain a record
relevant to an agency decision concerning the hiring or retention of an
employee, the issuance of a security clearance, the letting of a
contract, or the issuance of a license, grant or other benefit.
A record from this system of records may be disclosed to a federal
agency, in response to its request, in connection with the hiring or
retention of an employee, the issuance of a security clearance, the
reporting of an investigation of an employee, the letting of a contract,
or the issuance of a license, grant, or other benefit by the requesting
agency, to the extent that the record is relevant and necessary to the
requesting agency's decision on the matter.
(5) In the event that a system of records maintained by this agency to
carry out its function indicates a violation or potential violation of
law, whether civil, criminal or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule or order issued pursuant thereto, the relevant records
in the system of records may be referred, as a routine use, to the
appropriate agency, whether state or local charged with the
responsibility of investigating or prosecuting such violation or charged
with enforcing or implementing the statute, or rule, regulation or order
issued pursuant thereto.
(6) Where federal agencies having the power to subpoena other federal
agencies' records, such as the Internal Revenue Service or the Civil
Rights Commission, issue a subpoena to the Department for records in
this system of records, the Department will make such records available.
(7) Where a contract between a component of the Department and a labor
organization recognized under E.O. 11491 provides that the agency will
disclose personal records relevant to the organization's mission,
records in this system of records may be disclosed to such organization.
(8) Where the appropriate official of the Department, pursuant to the
Department's Freedom of Information Regulation determines that it is in
the public interest to disclose a record which is otherwise exempt from
mandatory disclosure, disclosure may be made from this system of
records.
(9) The Department contemplates that it will contract with a private
firm for the purpose of collating, analyzing, aggregating or otherwise
refining records in this system. Relevant records will be disclosed to
such a contractor. The contractor shall be required to maintain Privacy
Act safeguards with respect to such records.
(10)-(99) [Reserved]
(100) To the Department of Justice or other appropriate Federal
agencies in defending claims against the United States when the claim is
based upon an individual's mental or physical condition and is alleged
to have arisen because of activities of the Public Health Service in
connection with such individual.
(101) To individuals and organizations, deemed qualified by the
Secretary to carry out specific research solely for the purpose of
carrying out such research.
(102) To organizations deemed qualified by the Secretary to carry out
quality assessment, medical audits or utilization review.
(103) Disclosures in the course of employee discipline or competence
determination proceedings.
Appendix C--Delegations of Authority [Reserved]
Substance Abuse, and Mental Health Services Administration
1. Table of Contents
09-30-0023 Records of Contracts Awarded to Individuals, HHS/
SAMHSA/OPS.
09-30-0027 Grants and Cooperative Agreements: Alcohol, Drug
Abuse, and Mental Health Services Evaluation, Services,
Demonstration, Education, Fellowship, Training, Clinical
Training, and Community Services Programs. HHS/SAMHSA/OA.
09-30-0029 Records of Guest Workers, HHS/SAMHSA/OPS.
09-30-0033 Correspondence Files, HHS/SAMHSA/OA.
09-30-0036 Alcohol, Drug Abuse, and Mental Health Epidemiologic
Data, HHS/SAMHSA/OA.
09-30-0047 Patient Records on Chronic Mentally Ill Merchant
Seamen Treated at Nursing Homes in Lexington, Kentucky (1942 to
the Present), HHS/SAMHSA/CMHS.
09-30-0049 Consultant Records Maintained by SAMHSA Contractors,
HHS/SAMHSA/OPS.
09-30-0050 Child Care Subsidy Program Records, HHS/SAMHSA/OPS.
09-30-0051 SAMHSA Information Mailing System (SIMS).
09-30-0023
System name:
Records of Contracts Awarded to Individuals. HHS/SAMHSA/OPS.
Security classification:
None.
System location:
Director, Division of Contracts Management, Office of Program
Services, Substance Abuse and Mental Health Services Administration,
Room 6-70, Rockwall II Building, 5600 Fishers Lane, Rockville,
Maryland 20857.
Categories of individuals covered by the system:
An individual who receives a contract as well as individuals who
apply or compete for an award but do not receive the award and their
consultants.
Categories of records in the system:
Curriculum vitae, salary information, evaluations of proposals by
contract review committees.
Authority for maintenance of the system:
SAMHSA: Public Health Service Act, sections 301 (42 U.S.C. 241),
322 (42 U.S.C. 249(c), and 501-05 (42 U.S.C. 290aa et. seq.). CSAT:
Center for Substance Abuse Treatment, Section 507-12 (42 U.S.C. 290bb
et. seq.). CSAP: Center for Substance Abuse Prevention, Section 515-8
(42 U.S.C. 290bb-21 et. seq.). CMHS: Center for Mental Health
Services, section 520-35 (42 U.S.C. 290bb-31 et. seq.). Protection
and Advocacy for Individuals with Mental Health Illness Act of 1986
as amended (42 U.S.C. 10801 et. seq.); Refugee Education Assistance
Act 1980, section 501(c) (8 U.S.C. 1522 note). Pub. L. 96-422;
Executive Order 12341; and Disaster Relief Act of 1974, section 413.
Pub. L. 93-288, as amended by section 416 of the Robert T. Stafford
Disaster Relief and Emergency Assistance Act. Pub. L. 100-107.
Purpose(s):
To document the history of each contract procurement action and
award made within SAMHSA to an individual. The records are also used
by contract review committee members when evaluating a proposal
submitted by an individual.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
3. A record from this system may be disclosed to the following
entities in order to help collect a debt owed the United States:
(a) To another Federal agency so that agency can effect a salary
offset;
(b) To another Federal agency so that agency can effect an
administrative offset under common law or under 31 U.S.C. 3716
(withholding from money payable to, or held on behalf of, the
individual);
(c) To the Treasury Department, Internal Revenue Service (IRS),
to request his/her mailing address to locate him/her or in order to
have a credit report prepared;
(d) To agents of the Department and to other third parties to
help locate him/her in order to help collect or compromise a debt;
(e) To debt collection agents under 31 U.S.C. 3718 or under
common law to help collect a debt; and
(f) To the Justice Department for litigation or further
administrative action.
Disclosure under part (d) of this routine use is limited to the
individuals's name, address, Social Security number, and other
information necessary to identify him/her. Disclosure under parts
(a)-(c) and (e) is limited to those items; the amount, status, and
history of the claim; and the agency or program under which the claim
arose. An address obtained from IRS may be disclosed to a credit
reporting agency under part (d) only for purposes of preparing a
commercial credit report on the individual. Part (a) applies to
claims or debts arising or payable under the Social Security Act if
and only if the employee consents in writing to the offset.
4. SAMHSA may disclose information from its records in this
system to consumer reporting agencies in order to obtain credit
reports to verify credit worthiness of contract applicants.
Permissible disclosures include name, address, Social Security number
of other information necessary to identify the individual; the
funding being sought; and the program for which the information is
being obtained.
5. When a debt becomes partly or wholly uncollectible, either
because the time period for collection under the statute of
limitations has expired or because the Government agrees with the
individual to forgive or compromise the debt, a record from this
system of records may be disclosed to the Internal Revenue Service to
report the written-off amount as taxable income to the individual.
6. A record from this system may be disclosed to another Federal
agency that has asked the Department to effect an administrative
offset under common law or under 31 U.S.C. 3716 to help collect a
debt owed the United States.
Disclosure under this routine use is limited to: name, address,
Social Security number, and other information necessary to identify
the individual, information about the money payable to or held for
the individual, and other information concerning the administrative
offset.
7. SAMHSA may disclose from this system of records to the
Department of Treasury, Internal Revenue Service (IRS): (1) A
delinquent debtor's name, address, Social Security number, and other
information necessary to identify the debtor; (2) the amount of the
debt; and (3) the program under which the debt arose, so that IRS can
offset against the debt any income tax refunds which may be due to
the debtor.
Disclosures to consumer reporting agencies:
Disclosures may be made from this system to `consumer reporting
agencies'' as defined in the Fair Credit Reporting Act (15 U.S.C.
1681) (F)) or the Federal Claims Collection Act of 1966(31 U.S.C.
3701(a)(3)). The purpose of such disclosures is to provide an
incentive for debtors to repay delinquent Federal Government debts by
making these debts part of their credit records. Information
disclosed will be limited to name, Social Security number, address,
other information necessary to establish the identity of the
individual, and amount, status, and history of the claim, and the
agency or program under which the claim arose. Such disclosures will
be made only after the procedural requirements of 31 U.S.C. 3711(f)
have been met.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Documents are filed in manual files in enclosed and/or locked
file cabinets.
Retrievability:
Records are retrieved by contract number and cross indexed by
individual's name.
Safeguards:
1. Authorized Users: Federal contract and support personnel,
Federal contract review staff and outside consultants acting as peer
reviewers of the project.
2. Physical Safeguards: All folders are in file cabinets in a
room that is locked after business hours in a building with
controlled entery (picture identification). Files are withdrawn from
cabinet for Federal staff who have a need to know by a sign in and
out procedure.
3. Procedural Safeguards: Access to records is strictly limited
to those staff members trained in accordance with the Privacy Act.
4. Implementation Guidelines: DHHS Chapter 45-13 of the General
Administration Manual.
Retention and disposal:
a. Procurement or purchase copy, and related papers:
(1) Transactions of more than $25,000 are destroyed 6 years and 3
months after final payment.
(2) Transactions of $25,000 or less are destroyed 3 years after
final payment.
b. Other copies of records used by the Division of Contracts
Management for administrative purposes are destroyed upon termination
or completion.
System manager(s) and address:
Director, Division of Contracts Management, Office of Program
Services, Substance Abuse and Mental Health Services Administration,
Room 6-70, Rockwall II Building, 5600 Fishers Lane, Rockville,
Maryland 20857.
Notification procedure:
To determine if a record exists, write to the appropriate System
Manager at the address above or appear in person to the Division of
Contracts Management. An individual may learn if a record exists
about himself/herself upon written request with notarized signature.
The request should include, if known, contractor's name, contract
number, and approximate date contract was awarded. An individual who
is the subject of records maintained in this record system may also
request an accounting of all disclosures that have been made from
that individual's records, if any.
Record access procedures:
Same as notification procedures. Requesters should reasonably
specify the record contents being sought. An individual may also
request an accounting of disclosures of his/her record, if any.
Contesting record procedures:
Contact the official at the address specified under notification
procedures above and reasonably identify the record, specify the
information being contested, the corrective action sought, along with
supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Contract proposals and supporting contract documents, contract
review committees, site visitors.
Systems exempted from certain provisions of the act:
None.
09-30-0027
System name:
Grants and Cooperative Agreements: Alcohol, Drug Abuse, and
Mental Health Services Evaluation, Service, Demonstration, Education,
Fellowship, Training, Clinical Training, and Community Services
Programs. HHS/SAMHSA/OA.
Security classification:
None.
System location:
Director, Center for Substance Abuse Prevention, Substance Abuse
and Mental Health Services Administration, Room 9D10, Rockwall II
Building, 5600 Fishers Lane, Rockville, Maryland 20857
Director, Center for Substance Abuse Treatment, Substance Abuse
and Mental Health Services Administration, Room 10-75, Rockwall II
Building, 5600 Fishers Lane, Rockville, Maryland 20857
Director, Center for Mental Health Services, Substance Abuse and
Mental Health Services Administration, Room 15-105, Parklawn
Building, 5600 Fishers Lane, Rockville, Maryland 20857
Categories of individuals covered by the system:
Prinicipal investigators, program directors, trainees, fellows,
and other employees of applicant or grantee institutions.
Categories of records in the system:
Grant and cooperative agreement applications and review history,
including curriculum vitae, salary information, summary of review
committee deliberations and supporting documents, progress reports,
financial records, and payback records of clinical training awardees.
Authority for maintenance of the system:
SAMHSA: Public Health Service Act, sections 301, (42 U.S.C. 241),
303 (42 U.S.C. 242(a), 322 (42 U.S.C. 249(c), 501 (42 U.S.C. 290aa),
503 (42 U.S.C. 290aa-2), and 505 (42 U.S.C. 290aa-4). CSAP: Center
for Substance Abuse prevention, section 515-18 (42 U.S.C. 290bb-21 et
seq.). CSAT: Center for Substance Abuse Treatment, section 507-12 (42
U.S.C. 290bb et. seq.). CMHS: Center for Mental Health Services,
sections 506 (42 U.S.C. 290aa-5) and 520-35 (42 U.S.C. 290bb-31 et
seq.). Protection and Advocacy for Individuals with Mental Illness
Act of 1986 as amended (42 U.S.C. 10801 et. seq.); Refugee Education
Assistance Act of 1980, section 501(c) (8 U.S.C. 1522 note), Pub. L.
96-422; Executive Order 12341; and Disaster Relief Act of 1974,
section 413, Pub. L. 93-288, as amended by section 416 of the Robert
T. Stafford Disaster Relief and Emergency Assistance Act, Pub. L.
100-107.
Purpose(s):
Records are maintained as official documentation relevant to the
review, award, and administration of grant programs. Specifically,
records are: (1) Used by staff program and management specialists for
purpose of awarding and monitoring grant funds; and (2) used to
maintain communication with former trainees/fellows who have incurred
an obligation for clinical training under Pubic Health Service Act,
section 303 (42 U.S.C. 242a).
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to qualified experts not within the
definition of Department employees for opinion during the application
review process.
2. Disclosure may be made to SAMHSA contractors for the purpose
of providing services related to the grant review or for carrying out
quality assessment, program evaluation, and management reviews.
Contractors are required to maintain Privacy Act safeguards with
respect to the records.
3. In the event that a system of records maintained by this
agency to carry out is functions indicates a violation or potential
violation of law, whether civil, criminal or regulatory in nature,
and whether arising by statute, or by regulation, rule or order
issued pursuant thereto, the relevant records in the system of
records may be referred, as a routine use, to the appropriate agency,
whether Federal (e.g., the Department of Justice) or State (e.g., the
State's Attorney's Office), charged with the responsibility of
investigating or prosecuting such violation or charged with enforcing
or implementing the statute, or rule, regulation or order issued
pursuant thereto for litigation.
4. Disclosure may be made to a Federal agency, in response to its
request, in connection with the hiring or retention of an employee,
the issuance of a security clearance, the reporting of an
investigation of an employee, the letting of a contract, or the
issuance of a license, grant, or other benefit by the requesting
agency, to the extent that the record is relevant and necessary to
the requesting agency's decision on the matter.
5. Where Federal agencies having the power to subpoena other
Federal agencies' records, such as the Internal Revenue Service or
the Civil Rights Commission, issue a subpoena to the Department for
records in this system of records, the Department will make such
records available.
6. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
7. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided
that in each case, HHS determines that such disclosure is compatible
with the purpose for which the records were collected.
8. A record from this system may be disclosed to the following
entities in order to help collect a debt owed the United States:
(a) To another Federal agency so that agency can effect a salary
offset;
(b) To another Federal agency so that agency can effect an
administrative offset under common law or under 31 U.S.C. 3716
(withholding from money payable to, or held on behalf of, the
individual);
(c) To the Treasury Department, Internal Revenue Service (IRS),
to request his/her mailing address to locate him/her or in order to
have a credit report prepared;
(d) To agents of the Department and to other third parties to
help locate him/her in order to help collect or compromise a debt;
(e) To debt collection agents under 31 U.S.C. 3718 or under
common law to help collect a debt; and
(f) To the Justice Department for litigation or further
administrative action.
Disclosure under part (d) of this routine use is limited to the
individual's name, address, social security number and other
information necessary to identify him/her. Disclosure under parts
(a)-(c) and (e) is limited to those items; the amount, status, and
history of the claim; and the agency or program under which the claim
arose. An address obtained from IRS may be disclosed to a credit
reporting agency under part (d) only for the purpose of preparing a
commercial credit report on the individual. Part (a) applies to any
claims or debts arising or payable under the Social Security Act if
and only if the employee consents in writing to the offset.
9. SAMHSA may disclose information from its records in this
system to consumer reporting agencies in order to obtain credit
reports to verify credit worthiness of grant/cooperative agreement
applicants. Permissible disclosures include name, address, Social
Security number or other information necessary to identify the
individual; the funding being sought; and the program for which the
information is being obtained.
10. When a debt becomes partly or wholly uncollectible, either
because the time period for collection under the statue of
limitations has expired or because the Government agrees with the
individual to forgive or compromise the debt, a record from this
system of records may be disclosed to the Internal Revenue Service to
report the written-off amount as taxable income to the individual.
11. A record from this system may be disclosed to another Federal
agency that has asked the Department to effect an administrative
offset under common law or under 31 U.S.C. 3716 to help collect a
debt owed the United States.
Disclosure under this routine use is limited to: name, address,
Social Security number, and other information necessary to identify
the individual, information about the money payable to or held for
the individual, and other information concerning the administrative
offset.
12. SAMHSA may disclose from this system of records to the
Department of Treasury, Internal Revenue Service (IRS): (1) A
delinquent debtor's name, address, Social Security number, and other
information necessary to identify the debtor; (2) the amount of the
debt; and (3) the program under which the debt arose, so that IRS can
offset against the debt any income tax refunds which may be due to
the debtor.
Disclosures to consumer reporting agencies:
Disclosures may be made from this system to ``consumer reporting
agencies'' as defined in the Fair Credit Reporting Act (15 U.S.C.
1681 (f)) or the Federal Claims Collection Act of 1966 (31 U.S.C.
3701(a)(3)). The purpose of such disclosures is to provide an
incentive for debtors to repay delinquent Federal Government debts by
making these debts part of their credit records. Information
disclosed will be limited to name, Social Security number, address,
other information necessary to establish the identity of the
individual, the amount, status, and history of the claim, and the
agency or program under which the claim arose. Such disclosures will
be made only after the procedural requirements of 31 U.S.C. 3711(f)
have been met.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Noncomupterized documents are filed in folders in enclosed file
cabinets and open shelves. Computerized records exist in tape and
disk form.
Retrievability:
By grant numbers and cross-indexed by name.
Safeguards:
1. Authorized Users: Access is limited to the Director, Division
of Grants Management, SAMHSA, and staff authorized by him/her: Grants
specialists, grants technicians, program officials assigned computer
personnel, and possibly contractor staff including the project
director and research associates.
2. Physical Safeguards: Records are maintained in a secured area.
During normal work hours, area is staffed by authorized personnel who
must show identification for entry. At other times, the computer area
is locked. Hard copy files are stored in rooms which are locked at
night. A 24-hour security guard patrols building.
3. Procedural Safeguards: Computer records are password
protected; passwords are changed periodically. Contractors working on
computerized records are given passwords to access data only on a
need-to-know basis.
4. Implementation Guidelines: DHHS Chapter 45-13 of the General
Administration Manual and part 6, ``Automated Information System
Security'' of the Information Resources Management Manual.
Retention and disposal:
a. Alcohol, Drug Abuse, and Mental Health Services Evaluation,
Services and Demonstration Grants: A copy of the final report is
offered to the National Archives and Records Administration when 10
years old. Other records are held two years after termination of
support and final audit and then transferred to the Washington
National Records Center located at 4105 Suitland Road, Suitland, MD
20409. Records are destroyed when 6 years and 3 months old.
b. Education Grants: Records are held 2 years after completion of
grants activities and final audit and then transferred to the
Washington National Records Center located at 4205 Suitland Road,
Suitland, MD 20409. Records are destroyed when 13 years old.
c. Training Program Grants: Records are held 1 year after
termination of support and final audit and then retired to the
Washington National Records Center located at 4205 Suitland Road,
Suitland, MD 20409. Records are destroyed when 3 years old.
d. Fellowships, Community Services Program Grants and Other
Related Grants: Records are held 2 years after termination of support
and final audit and then retired to the Washington National Records
Center located at 4205 Suitland Road, Suitland, MD 20409. Records are
destroyed when 5 years old.
System manager(s) and address:
Same as System Location
Notification procedure:
To determine if a record exists, write to the appropriate System
Manager at the above address. Verifiable proof of identity is
required.
Record access procedures:
Same as notification procedure. Requesters should also reasonably
specify the record contents being sought, and should provide the
official grant number when possible. An individual may also request
an accounting of disclosures of his/her record, if any.
Contesting record procedures:
Contact the appropriate System Manager at the address specified
above and reasonably identify the record specify the information
being contested, the corrective action sought, along with supporting
information to show how the record is inaccurate, incomplete,
untimely, or irrelevant.
Record source categories:
Applicants, grantees, fellows, trainees, personnel at grantee
institution on whom the record is maintained, Federal advisory
committees, site visitors, consultants, references.
Systems exempted from certain provisions of the act:
None.
09-30-0029
System name:
Record of Guest Workers. HHS/SAMHSA/OPS.
Security classification:
None.
System location:
Director, Division of Human Resources Management, Office of
Program Services, Substance Abuse and Mental Health Services
Administration, Room 14C-24, Parklawn Building, 5600 Fishers Lane,
Rockville, Maryland 20857.
Categories of individuals covered by the system:
Individuals using SAMHSA facilities who are not employees.
Categories of records in the system:
Personal information including name, address, date and place of
birth, education, employment, purpose for which SAMHSA facilities are
desired, outside sponsor and SAMHSA sponsor.
Authority for maintenance of the system:
Public Health Service Act, section 301, (42 U.S.C. 241).
Purpose(s):
To documents individual's presence at SAMHSA and as a record that
the individual is not performing services for SAMHSA and is therefore
not an employee.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to the U.S. Office of Personnel
Management for program evaluation purposes.
2. Disclosure may be made to institutions providing financial
support for subject individual.
3. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
4. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Stored in file folders.
Retrievability:
Retrieved by name.
Safeguards:
1. Authorized Users: Authorized employees of the Division of
Human Resources Management and SAMHSA managers and supervisors with
legitimate interest in guest workers.
2. Physical Safeguards: Records are stored in locked rooms.
3. Procedural Safeguards: Authorized individuals have been
trained in accordance with the Privacy Act.
4. Implementation Guidelines: DHHS Chapter 45-13 of the General
Administration Manual.
Retention and disposal:
Records are held 1 year after guest worker separates and then
destroyed.
System manager(s) and address:
Director, Division of Human Resources Management, Office of
Program Services, Substance Abuse and Mental Health Services
Administration, Room 14C-24, Parklawn Building, 5600 Fishers Lane,
Rockville, Maryland 20857.
Notification procedure:
To determine if a record exists, contact the System Manager at
the address above. Individuals who request notification in person
must supply one proof of identity containing individual's complete
name and one other identifier with picture (e.g., driver's license,
building pass). Individuals who request notification by mail must
supply notarized signature as proof of identity.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An individual
may also request an accounting of disclosures of his/her record, if
any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedures above and reasonably identify the record, specify the
information to be contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant
Record source categories:
Subject individual and SAMHSA sponsor.
Systems exempted from certain provisions of the act:
None.
09-30-0033
System name:
Correspondence Files. HHS/SAMHSA/OA.
Security classification:
None.
System location:
Office of the Administrator, Substance Abuse and Mental Health
Services Administration, Room 12-107, Parklawn Building, 5600 Fishers
Lane, Rockville, Maryland 20857
Office of the Director, Center for substance Abuse Prevention,
Substance Abuse and Mental Health Services Administration, Room 9D10,
Rockwall II Building, 5600 Fishers Lane, Rockville, Maryland 20857
Office of the Director, Center for Substance Abuse Treatment,
Substance Abuse and Mental Health Services Administration, Room 10-
75, Rockwall II Building, 5600 Fishers Lane, Rockville, Maryland
20857
Office of the Director, Center for Mental Health Services,
Substance Abuse and Mental Health Services Administration, Room 15-
105, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857
Categories of individuals covered by the system:
Individuals who request information on SAMHSA programs.
Categories of records in the system:
Correspondence.
Authority for maintenance of the system:
SAMHSA: Public Health Service Act, sections 301 (42 U.S.C. 241),
322 (42 U.S.C. 249(c)), and 501-05 (42 U.S.C. 290aa et seq.). CSAP:
Center for Substance Abuse Prevention, section 515-8 (42 U.S.C.
290bb-21 et seq.). CSAT: Center for Substance Abuse Treatment,
section 507-12 (42 U.S.C. 290bb et seq.). CMHS: Center for Mental
Health Services, sections 506 (42 U.S.C. 290aa-5) and 520-35 (42
U.S.C. 290bb-31 et seq.). Protection and Advocacy for Individuals
with Mental Illness Act of 1986 as amended (42 U.S.C. 1901 et. seq.);
Refugee Education Assistance Act of 1980, section 501(c) (8 U.S.C.
1522 note), Pub. L. 96-422; Executive Order 12341; and Disaster
Relief Act of 1974, section 413, Pub. L. 93-288, as amended by
section 416 of the Robert T. Stafford Disaster Relief and Emergency
Assistance Act Pub. L. 100-107.
Purpose(s):
To provide reference retrieval and control to assure timely and
appropriate attention.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation or has
an interest in such litigation, and HHS determines that the use of
such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Correspondence records maintained in hard copy; control records
maintained on computer printout, tape, and disk.
Retrievability:
Hard copy records indexed alphabetically by name and date of
outgoing correspondence, by subject, and/or by computerized numerical
code. Records are cross-referenced in detail on computer.
Safeguards:
1. Authorized Users: Authorized correspondence control staff in
each location and managers and supervisors on a need-to-know basis.
2. Physical Safeguards: Records are maintained in file cabinets
in a locked, secure location; computer system records are secured
through the use of passwords which are changed frequently.
3. Procedural Safeguards: Only authorized personnel have access
to files and passwords.
4. Implementation Guidelines: DHHS Chapter 45-13 of the General
Administration Manual and Part 6, ``Automated Information Systems
Security'' in the HHS Information Resources Management Manual.
Retention and disposal:
Records which are pertinent are held 5 years and then transferred
to the Washington National Records Center (WNRC) located at 4205
Suitland Road, Suitland, MD 20409. Records are destroyed when 10
years old. Other material is destroyed when 2 years old. Control
forms are destroyed when 1 year old.
System manager(s) and address:
Same as system location; each system manager maintains full
responsibility for their specific correspondence system.
Notification procedure:
An individual may learn if a record exists about himself or
herself by contacting the appropriate System Manager as listed under
system location above. Give name and approximate date of records
requested. Individuals who request notification in person must supply
one proof of identity containing individual's complete name and one
other identifier with picture (e.g., driver's license, building
pass). Individuals who request notification by mail must supply
notarized signature as proof of identity.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An individual
may also request an accounting of disclosures of his/her record, if
any.
Contesting record procedures:
Contact the appropriate official at the address specified under
Notification Procedures above and reasonably identify the record.
Specify the information to be contested, and state the corrective
action sought, with supporting information to show how the record is
inaccurate, incomplete, untimely, or irrelevant.
Record source categories:
Records are derived from incoming and outgoing correspondence.
Systems exempted from certain provisions of the act:
None.
09-30-0036
System name:
Alcohol, Drug Abuse, and Mental Health Epidemiologic Data. HHS/
SAMHSA/OA.
Security classification:
None.
System location:
Records are located at facilities which collect or provide
service evaluations for this system under contract to the agency.
Contractors may include, but are not limited to, research centers,
clinics, hospitals, universities, research foundations, national
associations, and coordinating centers. Records may also be located
at the Office of Applied Studies, the Center for Substance Abuse
Prevention, the Center for Substance Abuse Treatment, and the Center
for Mental Health Services. A current list of sites is available by
writing to the appropriate System Manager at the address below.
Categories of individuals covered by the system:
Individuals who are the subjects of epidemiologic, methodologic,
services evaluations, and longitudinal studies and surveys of mental
health and alcohol and drug use/abuse and mental, alcohol, and/or
drug abuse disorders. These individuals are selected as
representative of the general adult and/or child population or of
special groups. Special groups include, but are not limited to,
normal individuals serving as controls; clients referred for or
receiving medical, mental health, and alcohol and/or drug abuse
related treatment and prevention services; providers of services;
demographic sub-groups as applicable, such as age, sex, ethnicity,
race, occupation, geographic location; and groups exposed to
hypothesized risks, such as relatives of individuals who have
experienced mental health and/or alcohol, and/or drug abuse
disorders, life stresses, or have previous history of mental,
alcohol, and/or drug abuse related illness.
Categories of records in the system:
The system contains data about the individual as relevant to a
particular study. Examples include, but are not limited to, items
about the health/mental health and/or alcohol or drug consumption
patterns of the individual; demographic data; social security numbers
(voluntary); past and present life experiences; personality
characteristics; social functioning; utilization of health/mental
health, alcohol, and/or drug abuse services; family history;
physiological measures; and characteristics and activities of health/
mental health; alcohol abuse, and/or abuse care providers.
Authority for maintenance of the system:
SAMHSA: Public Health Service Act, section 301 (42 U.S.C. 241),
322 (42 U.S.C. 249(c)), 501 (42 U.S.C. 290aa), 502 (42 U.S.C. 290aa-
2), and 505 (42 U.S.C. 290aa-4), CSAP: Center for Substance Abuse
Prevention, section 515-18 (42 U.S.C. 290bb-21 et seq.). CSAT: Center
for Substance Abuse Treatment, section 507-12 (42 U.S.C. 290bb et
seq.). CMHS: Center for Mental Health Services, section 506 (42
U.S.C. 290aa-5) and 520-35 (42 U.S.C. 290bb-31 et. seq.). Protection
and Advocacy for Individuals with Mental Illness Act of 1980, section
501(c) (8 U.S.C. 1522 note), Pub. L. 96-422; Executive Order 12341;
and Disaster Relief Act of 1974, section 416 of the Robert T.
Stafford Disaster Relief and Emergency Assistance Act, Pub. L. 100-
107.
Purpose(s):
The purpose of the system of records is to collect and maintain a
data base for health services evaluation activities of the Center for
Substance Abuse Prevention, the Center for Substance Abuse Treatment,
and the Center for Mental Health Services. Analyses of these data
involve groups of individuals with given characteristics and do not
refer to special individuals. The generation of information and
statistical analyses will ultimately lead to a better description and
understanding of mental, alcohol, and/or drug abuse disorders, their
diagnosis, treatment and prevention, and the promotion of good
physical and mental health.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. A record may be disclosed for an evaluation purpose, when the
Department:
(a) Has determined that the use or disclosure does not violate
legal or policy limitations under which the record was provided,
collected, or obtained; e.g., disclosure of alcohol or drug abuse
patient records will be made only in accordance with 42 U.S.C.
290(dd-2).
(b) Has determined that the study purpose (1) cannot be
reasonably accomplished unless the record is provided in individually
identifiable form, and (2) warrants the risk to the privacy of the
individual that additional exposure of the record might bring;
(c) Has required the recipient to--(1) establish reasonable
administrative, technical, and physical safeguards to prevent
unauthorized use or disclosure of the record, and (2) remove or
destroy the information that identifies the individual at the
earliest time at which removal or destruction can be accomplished
consistent with the purpose of the health services evaluation
project, unless the recipient has presented adequate justification of
an analytical or health nature for retaining such information, and
(3) make no further use of disclosure of the record except--(A) in
emergency circumstances affecting the health or safety of any
individual, (B) for use in another health services research or
evaluation project, under these same conditions, and with written
authorization of the Department, (C) for disclosure to a properly
identified person for the purpose of an audit related to the
evaluation project, if information that would enable study subjects
to be identified is removed or destroyed at the earliest opportunity
consistent with the purpose of the audit, or (D) when required by
law; and
(d) Has secured a written statement attesting to the recipient's
understanding of, and willingness to abide by, these provisions.
2. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from a
congressional office made at the written request of that individual.
3. In the event of litigation, where the defendant is (a) the
Department, any component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee is his or her
individual capacity where the Justice Department has agreed to
represent such employee; the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected (e.g., disclosure may be made to the Department of Justice
or other appropriate Federal agencies in defending claims against the
United States when the claim is based upon an individual's mental or
physical condition and is alleged to have arisen because of the
individuals' participation in activities of a Federal Government
supported research project).
4. The Department contemplates that it will contract with a
private firm for the purpose of collecting, analyzing, aggregating,
or otherwise refining records in this system. Relevant records will
be disclosed to such contractor. The contractor shall be required to
maintain Privacy Act safeguards with respect to such records.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored on index cards, file folders, computer
tapes and disks, microfiche, microfilm, and audio and video tapes.
Normally, the factual data, with study code numbers, are stored on
computer tape or disk, while the key to personal identifiers is
stored separately, without factual data, in paper files.
Retrievability:
During data collection stages and follow up, if any, retrieval by
personal identifier (e.g., name, social security number (in some
studies), or medical record number), is necessary. During the data
analysis stage, data are normally retrieved by the variables of
interest (e.g., diagnosis, age, occupation).
Safeguards:
1. Authorized Users: Access to identifiers and to link files is
strictly limited to those authorized personnel whose duties require
such access. Procedures for determining authorized access to
identified data are established as appropriate for each location.
Personnel, including contractor personnel, who may be so authorized
include those directly involved in data collection and in the design
of research studies, e.g., interviewers and interviewer supervisors;
project managers; and statisticians involved in designing sampling
plans.
2. Physical Safeguards: Records are stored in locked rooms,
locked file cabinets, and/or secured computer facilities. Personal
identifiers and link files are separated as much as possible and
stored in locked files. Computer data access is limited through the
use of key words known only to authorized personnel.
3. Procedural Safeguards: Collection and maintenance of data is
consistent with legislation and regulations in the protection of
human subjects, informed consent, confidentiality, and
confidentiality specific to drug and alcohol abuse patients where
these apply. When a SAMSHA component or a contractor anonymous data
to research scientists for analysis, study numbers which can be
matched to personal identifiers will be eliminated, scrambled, or
replaced by the agency or contractor with random numbers which cannot
be matched. Contractors who maintain records in this system are
instructed to make no further disclosure of the records. Privacy Act
requirements are specifically included in contracts for survey and
research activities related to this system. The HHS project
directors, contract officers, and project officers oversee compliance
with these requirements.
4. Implementation Guidelines: DHHS Chapter 45-13 of the General
Administration Manual and Part 6,``Automated Information Systems
Security'' of the HHS Information Resources Management Manual.
Retention and disposal:
Records may be retired to the Washington National Records Center
located at 4205 Suitland Road, Suitland, MD, 20409, and subsequently
disposed of an in accordance with the SAMHSA Records Control
Schedule. The records control schedule and disposal standard for
these records may be obtained by writing to the appropriate System
Manager at the address below.
System manager(s) and address:
Office of the Director
Office of Applied Studies
Substance Abuse and Mental Health Services Administration
Room 16-105, Parklawn Building
5600 Fishers Lane
Rockville, Maryland 20857
Office of the Director
Center for Substance Abuse Prevention
Substance Abuse and Mental Health Services Administration
Room 9D10, Rockwall II Building
5600 Fishers Lane
Rockville, Maryland 20857
Office of the Director
Center for Substance Abuse Treatment
Substance Abuse and Mental Health Services Administration
Room 10-75, Rockwall II Building
5600 Fishers Lane
Rockville, Maryland 20857
Office of the Director
Center for Mental Health Services Administration
Substance Abuse and Mental Health Services
Room 15-105, Parklawn Building
5600 Fishers Lane
Rockville, Maryland 20857
Notification procedure:
To determine if a record exists, write to the appropriate System
Manager at the address above. Provide individual's name; current
address; date of birth; place and nature of participation in specific
evaluation study; name of individual or organization administering
the study (if known); name or description of the study (if known);
address at the time of participation; and a notarized statement by
two witnesses attesting to the individual's identity.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought. An individual
may also request an accounting of disclosures of his/her record, if
any.
An individual who requests notification of, or access to, a
medical record shall, at the time the request is made, designate in
writing a responsible representative who will be willing to review
the record and inform the subject individual of its contents at the
representative's discretion.
A parent or guardian who requests notification of, or access to,
a child's or incompetent person's medical record shall designate a
family physician or other health professional (other than a family
member) to whom the record, if any, will be sent. The parent or
guardian must verify relationship to the child or incompetent person
as well as his or her own identify.
Contesting record procedure:
Contact the appropriate official at the address specified under
System Manager(s) above and reasonably identify the record, specify
the information being contested, and state corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
The system contains information obtained directly from the
subject individual by interview (face-to-face or telephone), by
written questionnaire, or by other tests, recording devices or
observations, consistent with legislation and regulation regarding
informed consent and protection of human subjects. Information is
also obtained from other sources, such as health, mental health,
alcohol, and/or drug abuse care providers; relatives; guardians; and
clinical medical research records.
Systems exempted from certain provisions of the Act:
None.
09-30-0047
System name:
Patient Records on Chronic Mentally Ill Merchant Seamen Treated
at Nursing Homes in Lexington, Kentucky, (1942 to the Present). HHS/
SAMHSA/CMHS.
95ecurity classification:
None.
System location:
CONTRACTOR: Commonwealth of Kentucky, Department of Mental
Health/Mental Retardation, Mental Health Branch, Cabinet for Human
Resources, 275 E. Main Street, Frankfort, Kentucky 40621.
SUBCONTRACTOR: Homestead Nursing Center, Inc., 1608 Versailles
Road, Lexington, Kentucky 40505.
Categories of individuals covered by the system:
Chronic mentally ill former merchant seamen originally treated at
PHS Hospitals in Fort Worth, Texas, and Lexington, Kentucky, and now
in nursing homes in Lexington, Kentucky (1942 to the present).
Categories of records in the system:
Administrative records, such as admission and release dates;
name, address, Social Security number, and other demographic data;
medical records, such as, but not limited to, psychological, medical
and social evaluations as well as treatment information, any
laboratory test, etc.
Authority for maintenance of the system:
Executive Order 9079 (1942) authorizes the care and treatment of
these individuals.
Purpose(s):
The records are used to facilitate patient care, to monitor
progress, and to ensure quality and continuity of care.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. In the event of litigation where the defendant is (a) the
Department, a component of the Department, or any employee of the
Department in his or her official capacity; (b) the United States
where the Department determines that the claim, if successful, is
likely to directly affect the operations of the Department or any of
its components; or (c) any Department employee in his or her
individual capacity where the Justice Department has agreed to
represent such employee, the Department may disclose such records as
it deems desirable or necessary to the Department of Justice to
enable that Department to present an effective defense, provided such
disclosure is compatible with the purpose for which the records were
collected.
2. Disclosure may be made to the Center for Mental Health
Services (CMHS) contractors and subcontractors, including nursing
home staff, for the purpose of carrying out and maintaining quality
care. Contractors maintain, and are also required to ensure that the
subcontractors maintain, Privacy Act safeguards with respect to the
records.
3. Disclosure may also be made to a congressional office from the
record of an individual in response to an inquiry from the
congressional office made at the request of that individual or his
legally authorized representative.
4. Records may be disclosed to Federal, State, local, or other
authorized organizations which provide medical care and treatment to
these individuals to facilitate continuity of care by supplying
information to medical care facilities/practitioners who provide
treatment to individual seamen.
3. Records may be disclosed to the Department of Veterans
Affairs, the Social Security Administration, or other Federal or
State agencies having special benefit programs for the purpose of
obtaining these benefits for these individuals.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Hard copy files stored in locked file cabinets in the State
office. In the nursing homes, hard copy records are maintained at
nursing stations.
Retrievability:
The records are retrieved by patient name.
Safeguards:
1. Authorized Users: Only the System Manager and designated
staff, designated contractor staff and appropriate subcontractor
staff at the nursing home.
2. Physical Safeguards: The State records are stored in locked
file cabinets. These cabinets are in a room within a building that is
locked at night after business hours. Patient records of subject
individuals at the nursing homes are commingled with the records of
other patients at nursing stations under the supervision of the
attendant on duty.
3. Procedural Safeguards: Only the System Manager, contractor
staff and appropriate nursing home staff have access to the files.
Only those authorized personnel are allowed to gain access to
material in the locked file cabinets.
4. Implementation Procedures: DHHS Chapter 45-13 of the General
Administration Manual.
Retention and disposal:
The administrative and medical records will be retained for 25
years after last treatment or after the death of a patient, and then
destroyed.
System manager(s) and address:
Director, Division of Program Development, Special Populations
and Projects, Center for Mental Health Services, Substance Abuse and
Mental Health Services Administration, Room 16-05, Parklawn Building,
5600 Fishers Lane, Rockville, Maryland 20857
Notification procedure:
To determine if a record exists, write to the System Manager at
the address above. An individual or his legally authorized
representative may learn if a record exists about himself upon
written request with notarized signature. The request should include
full name or any alias used and birth date.
An individual or his legally authorized representative who
requests notification of, or access to, a medical record shall, at
the time the request is made, designate a family physician or other
health professional (other than a family member) to whom the record
will be released. The representative must verify relationship to the
individual as well as his/her own identity.
Record access procedures:
Same as Notification Procedures. Requestors should also
reasonably specify the record contents being sought. An individual or
his legally authorized representative may also request an accounting
of disclosures that have been made of the subject individual's
records, if any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedures above and reasonably identify the record, specify the
information to be contested, and state the corrective action sought
with supporting information to show how the record is inaccurate,
incomplete,untimely, or irrelevant.
Record source categories:
Patients; legally authorized representatives; nursing home and
hospital personnel.
Systems exempted from certain provisions of the act:
None.
09-30-0049
System name:
Consultant Records Maintained By SAMHSA Contractors. HHS/SAMHSA/
OPS.
Security classification:
None.
System location:
A current list of contractor sites is available by writing to the
System Manager at the address below.
Categories of individuals covered by the system:
Consultants who participate in Substance Abuse and Mental Health
Services Administration (SAMHSA) conferences, meetings, evaluation
projects, or technical assistance at site locations arranged by
contractors.
Categories of records in the system:
Names, addresses, Social Security numbers, qualifications,
curricula vitae, travel records, and payment records for consultants.
Authority for maintenance of the system:
SAMHSA: Public Health Service Act, as Amended, section 301 (42
U.S.C. 241), 322 (42 U.S.C. 249(c)), and 501-05 (42 U.S.C. 290aa et
seq.). CSAP: Center for Substance Abuse Prevention, section 515-8 (42
U.S.C. 290bb-21 et seq.). CSAT: Center for Substance Abuse Treatment,
section 507-12 (42 U.S.C. 290bb et seq.). CMHS: Center for Mental
Health Services, section 506 (42 U.S.C. 290aa-5) and 520-35 (42
U.S.C. 290bb-31 et seq.). Protection and Advocacy for Individuals
with Mental Illness Act of 1986 as amended (42 U.S.C. 10801 et seq.);
Refugee Education Assistance Act of 1980, section 501(c) (8 U.S.C.
1522 note), Pub. L. 96-422; Executive Order 12341; and Disaster
Relief Act of 1974, section 413, Pub. L. 93-288, as amended by
section 416 of the Robert T. Stafford Disaster Relief and Emergency
Assistance Act, Pub. L. 100-107.
Purpose(s):
This umbrella system of records covers a varying number of
separate sets of records used in different projects. These records
are established by contractors to organize programs, obtain and pay
consultants, and to provide necessary reports related to payment to
the Internal Revenue Service for these programs for SAMHSA. SAMHSA
personnel may use records when a technical assistance consultant is
needed for a specialized area of research, review, advice, etc.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her individual capacity
where the Department of Justice (or HHS, where it is authorized to do
so) has agreed to represent the employee; or (d) the United States or
any agency thereof where HHS determines that the litigation is likely
to affect HHS or any of its components, is a party to litigation or
has an interest in such litigation, and HHS determines that the use
of such records by the Department of Justice, the court or other
tribunal is relevant and necessary to the litigation and would help
in the effective representation of the governmental party, provided,
however, that in each case, HHS determines that such disclosure is
compatible with the purpose for which the records were collected.
2. Disclosure may be made to a congressional office from the
record of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
3. Disclosure may be made to private contractors for the purposes
of handling logistics for conferences, reviews, development of
training materials, and of obtaining the services of consultants.
Relevant records will be disclosed to such a contractor or may be
developed by the contractor for use in the project. The contractor
shall be required to maintain Privacy Act safeguards with respect to
such records.
4. Disclosure may be made to the Department of the Treasury,
Internal Revenue Service, and applicable State and local governments
those items to be included as income to an individual.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records may be stored in file folders, on index cards, computer
tapes and disks, microfiche, microfilm.
Retrievability:
Information will be retrieved by name.
Safeguards:
Measures to prevent unauthorized disclosures are implemented as
appropriate for each location. Each site implements personnel,
physical, and procedural safeguards such as the following:
1. Authorized Users: Only SAMHSA personnel working on these
projects and personnel employed by SAMHSA contractors to work on
these projects are authorized users as designated by the system
managers.
2. Physical Safeguards: Records are stored in locked rooms,
locked file cabinets, and/or secured computer facilities.
3. Procedural Safeguards: Contractors who maintain records in
this system are instructed to make no further disclosure of the
records except as authorized by the system manager and permitted by
the Privacy Act. Privacy Act requirements are specifically included
in contracts and in agreements with grantees or collaborators
participating in research activities supported by this system. HHS
project directors, contract officers, and project officers oversee
compliance with these requirements.
4. Implementation Guidelines: DHHS Chapter 45-13 of the General
Administration Manual, and Part 6, ``Automated Information Systems
Security'' in the HHS Information Resources Management Manual.
Retention and disposal:
Records are destroyed 3 years after they are no longer used, or,
if payment is involved, 3 years after closeout of the contract.
System manager(s) and address:
Director, Division of Contracts Management, Office of Program
Services, Substance Abuse and Mental Health Services Administration,
Room 6-70, Rockwall II Building, 5600 Fishers Lane, Rockville,
Maryland 20857
Notification procedure:
To determine if a record exists, write to the appropriate System
Manager at the address above. Provide notarized signature as proof of
identity. The request should include as much of the following
information as possible: (a) Full name; (b) title of project
individual participated in; (c) SAMHSA project officer, and (d)
approximate date(s) of participation.
Record access procedures:
Same as notification procedures. Requesters should also
reasonably specify the record contents being sought.
Individuals may also request an accounting of disclosures of
their records, if any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedures above and reasonably identify the record, specify the
information being contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information gathered from individual consultants and from
assignment or travel documents.
Systems exempted from certain provisions of the act:
None.
09-30-0050
System name:
Child Care Subsidy Program Records (HHS/SAMHSA/OPS).
Security classification:
None.
System location:
This system of records is maintained by the Office of Program
Services, 5600 Fishers Lane, Rockville, Maryland 20857. The system of
records will also be maintained at various contractor sites. A
current list of contractor sites is available by writing to the
System Manager at the address below.
Categories of individuals covered by the system:
The individuals in the system are employees of the Substance
Abuse and Mental Health Services Administration who voluntarily apply
for child care subsidies.
Categories of records in the system:
Application forms for a child care subsidy contain personal
information, including employee's (parent) name, Social Security
Number, grade, home phone number, home address, total income, number
of dependent children, and number of children on whose behalf the
parent is applying for a subsidy, information on any tuition
assistance received from State/County/local child care subsidy, and
information on child care providers used, including their name,
address, provider license number, and State where license issued,
tuition cost, provider tax identification number, and copies of
Internal Revenue Form 1040 for verification purposes.
Authority for maintenance of the system:
Pub. L. 106-58 and Executive Order 9397.
Purpose(s):
To establish and verify SAMHSA employees' eligibility for child
care subsidies in order for SAMHSA to provide monetary assistance for
its employees.
Routine uses of records maintained in the system, including
categories of users and the Purposes of Such Use:
1. Disclosure may be made to a Member of Congress or to a
congressional staff member in response to a request for assistance
from the Member by the individual of record.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation, and
HHS determines that the use of such records by the Department of
Justice, court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. SAMHSA intends to disclose information from this system to an
expert, consultant, or contractor (including employees of the
contractor) of SAMHSA if necessary to further the implementation and
operation of this program.
4. Disclosure may be made to a Federal, State, or local agency
responsible for investigating, prosecuting, enforcing, or
implementing a statute, rule, regulation, or order, where the
Substance Abuse and Mental Health Services Administration is made
aware of a violation or potential violation of civil or criminal law
or regulation.
5. Disclosure may be made to the Office of Personnel Management
or the General Accounting Office when the information is required for
evaluation of the subsidy program.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information may be collected on paper or electronically and may
be stored as paper forms or on computers.
Retrievability:
The records are retrieved by name and may also be cross-
referenced to Social Security Number.
Safeguards:
--Authorized Users: Only SAMHSA personnel working on this project
and personnel employed by SAMHSA contractors to work on this project
are authorized users as designated by the system manager.
--Physical Safeguards: Records are stored in lockable metal file
cabinets or security rooms.
--Procedural Safeguards: Contractors who maintain records in this
system are instructed to make no further disclosure of the records,
except as authorized by the system manager and permitted by the
Privacy Act. Privacy Act requirements are specifically included in
contracts.
--Technical Safeguards: Electronic records are protected by use
of passwords.
--Implementation Guidelines: HHS Chapter 45-13 of the General
Administration Manual, ``Safeguard Records Contained in Systems of
Records and the HHS Automated Information Systems Security Program
Handbook, Information Resources Management Manual.''
Retention and disposal:
Disposition of records is according to the National Archives and
Records Administration (NARA) guidelines, as set forth in the SAMHSA
Records Control Schedule, Appendix B-311 (NCI-90-76-5) Item 45.
System manager(s) and address:
Director, Division of Human Resources Management, Office of
Program Services, Substance Abuse and Mental Health Services
Administration, 5600 Fishers Lane, Rockville, Maryland 20857.
Notification procedure:
Individuals may submit a request with a notarized signature on
whether the system contains records about them to the above system
manager.
Record access procedures:
Requests from individuals for access to their records should be
addressed to the system manager. Requesters should also reasonably
specify the record contents being sought. Individuals may also
request an accounting of disclosures of their records, if any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedures above and reasonably identify the record, specify the
information being contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information is provided by SAMHSA employees who apply for child
care subsidies. Furnishing of the information is voluntary.
Systems exempted from certain provisions of the act:
None.
09-30-0051
System name:
SAMHSA Information Mailing System (SIMS).
Security classification:
None.
System location:
This system of records is maintained by the Office of
Communications, 5600 Fishers Lane, Rockville, Maryland 20857. The
system of records will also be maintained at the site of the
contractor managing SAMHSA's National Clearinghouse on Alcohol and
Drug Abuse. Additional information about that contractor site is
available by writing to the System Manager at the address below.
Categories of individuals covered by the system:
The individuals listed in the system are individuals who
voluntarily request publications and other information from the
SAMHSA Website.
Categories of individuals covered by the system:
The individuals listed in the system are individuals who
voluntarily request publications and other information from the
SAMHSA Website.
Categories of records in the system:
Request forms for SAMHSA publications include categories for
personal information, such as name, phone number (home phone number
may be provided), address (home address may be provided), title,
level of education, topics/areas of interest related to SAMHSA
programs, occupation, type of organization in which employed, and
ethnic group.
Authority for maintenance of the system:
Pub. L. 102-321 (``ADAMHA Reorganization Act''), sec. 501 on July
10, 1992, as amended by Pub. L. 106-310
Purpose(s):
To establish a mailing list of States, political subdivisions,
educational agencies and institutions, treatment providers,
organizations, and individuals to provide SAMHSA publications and
other print materials identified as of interest to them. In addition,
it is used to provide them information about new and upcoming
publications.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
1. Disclosure may be made to a member of Congress or to a
congressional staff member in response to a request for assistance
from the Member by the individual of record.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation, and
HHS determines that the use of such records by the Department of
Justice, court or other tribunal is relevant and necessary to the
litigation and would help in the effective representation of the
governmental party, provided, however, that in each case HHS
determines that such disclosure is compatible with the purpose for
which the records were collected.
3. SAMHSA intends to disclose information from this system to an
expert, consultant, or contractor (including employees of the
contractor) of SAMHSA only if necessary to further the implementation
and operation of this program.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information may be collected on paper or electronically and may
be stored as paper forms or on computers.
Retrievability:
The records are retrieved by name; they may be sorted by topic of
interest, State, organizational affiliation in order to direct
information of relevance to them.
Safeguards:
--Authorized users: Only SAMHSA personnel working on this project
and personnel employed by SAMHSA contractors to work on this project
are authorized users as designated by the system manager.
--Physical Safeguards: Physical paper records are stored in
lockable metal file cabinets or security rooms.
--Procedural Safeguards: Contractors who maintain records in this
system are instructed to make no further disclosure of the records,
except as authorized by the system manager and permitted by the
Privacy Act. Privacy Act requirements are specifically included in
contracts.
--Technical Safeguards: Electronic records are protected by use
of passwords.
--Implementation Guidelines: HHS Chapter 45-13 of the General
Administration Manual, ``Safeguarding Records Contained in Systems of
Records and the HHS Automated Information Systems Security Program
Handbook, Information Resources Management Manual.''
Retention and disposal:
Disposition of records is according to the National Archives and
Records Administration (NARA) guidelines, as set forth in the SAMHSA
Records Control Schedule, Appendix B-311 (NCI-90-76-5) Item 3.
System manager(s) and address:
Director, Office of Communications, Office of the Administrator,
Substance Abuse and Mental Health Services Administration, 5600
Fishers Lane, Rockville, Maryland 20857.
Notification procedure:
Individuals may submit a request with a notarized signature on
whether the system contains records about them to the above system
manager.
Record access procedures:
Individuals have direct access to their personal record on the
SIMS system, via the Internet, utilizing a discrete password of their
own selection. Should this not be feasible or desired, and, in all
other cases, requests from individuals for access to their records
should be addressed to the system manager. Requesters should also
reasonably specify the record contents being sought. Individuals may
also request an accounting of disclosures of their records, if any.
Contesting record procedures:
Contact the official at the address specified under Notification
Procedures above and reasonably identify the record, specify the
information being contested, and state the corrective action sought,
with supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
Record source categories:
Information is provided by individuals, among others, who request
SAMHSA publications. Furnishing of the information is voluntary.
Systems exempted from certain provisions of the act:
None.