Privacy Act of 1974; System of Records, 44574-44577 [05-15355]

Agencies

• Office of the Secretary
• DEPARTMENT OF DEFENSE

[Federal Register Volume 70, Number 148 (Wednesday, August 3, 2005)]
[Notices]
[Pages 44574-44577]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 05-15355]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary


Privacy Act of 1974; System of Records

AGENCY: Office of the Secretary, DoD.

ACTION: Notice to Alter a System of Records; DHA 07-Military Health 
Information System.

-----------------------------------------------------------------------

SUMMARY: The Office of the Secretary of Defense is altering a system of 
records to its existing inventory of record systems subject to the 
Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES: The changes will be effective on September 2, 2005 unless 
comments are received that would result in a contrary determination.

ADDRESSES: Send comments to the OSD Privacy Act Coordinator, Records 
Management Section, Washington Headquarters Services, 1155 Defense 
Pentagon, Washington, DC 20301-1155.

FOR FURTHER INFORMATION CONTACT: Ms. Juanita Irvin at (703) 601-4722, 
extension 110.

SUPPLEMENTARY INFORMATION: The Office of the Secretary of Defense 
notices for systems of records subject to the Privacy Act of 1974 (5 
U.S.C. 552a), as amended, have been published in the Federal Register 
and are available from the address above.
    The proposed systems reports, as required by 5 U.S.C. 552a(r) of 
the Privacy Act of 1974, as amended, were submitted July 27, 2005 to 
the House Committee on Government Reform, the Senate Committee on 
Homeland Security and Governmental Affairs, and the Office of 
Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to 
OMB Circular No. A-130, `Federal Agency Responsibilities for 
Maintaining Records About Individuals,' dated February 8, 1996 
(February 20, 1996, 61 FR 6427).

    Dated: July 28, 2005.
Jeannette Owings-Ballard,
OSD Federal Register Liaison Officer, Department of Defense.
DHA 07

System name:
    Military Health Information System (April 27, 2005, 70 FR 21740).

Changes:
* * * * *

System location:
    Add the following secondary location: `Joint Task Force Sexual 
Assault Prevention and Response Office (JTF-SAPR), 1401 Wilson Blvd, 
Suite 402, Arlington, VA 22209-2318.'
* * * * *

Purpose(s):
    Add the following purpose: `Data collected and maintained in 
electronic and paper records is used to track the management of victims 
of sexual assault crimes, and the medical and other support services 
provided to them. Data collected and maintained is also used to capture 
demographics and perform trend analysis.'
* * * * *

System manager(s) and address:
    Add the following program manager, `Program Manager, Joint Task 
Force Sexual Assault Prevention and Response, 1401 Wilson Blvd, Suite 
402, Arlington, VA 22209-2318.'

Notification procedure:
    Add the following address for written inquiries, `Commander, Joint 
Task Force Sexual Assault Prevention and Response, 1401 Wilson Blvd, 
Suite 402, Arlington, VA 22209-2318.'

Record access procedures:
    Add the following address for written inquiries, `Commander, Joint 
Task Force Sexual Assault Prevention and Response, 1401 Wilson Blvd, 
Suite 402, Arlington, VA 22209-2318.'
* * * * *
DHA 07

System name:
    Military Health Information System

System location:
    Primary location: Defense Enterprise Computing Center-Denver/WEE, 
6760 E. Irvington Place Denver, CO 80279-5000.
    Secondary locations: Directorate of Information Management, 
Building 1422, Fort Detrick, MD 21702-5000; Service Medical Treatment 
Facility Medical Centers and Hospitals:

[[Page 44575]]

Uniformed Services Treatment Facilities; Defense Enterprise Computing 
Centers; TRICARE Management Activity, Department of Defense, 5111 
Leesburg Pike, Skyline 6, Suite 306, Falls Church, VA 22041-3206; Joint 
Medical Information Systems Office, 5109 Leesburg Pike Suite 900, 
Skyline Building 6, Falls Church, VA 22041-3241, and contractors under 
contract to TRICARE. Program Executive Officer, Joint Medical 
Information Systems Office, 5109 Leesburg Pike, Suite 900, Skyline 
Building 6, Falls Church, Virginia 22041-3241. Joint Task Force Sexual 
Assault Prevention and Response Office (JTF-SAPR), 1401 Wilson Blvd, 
Suite 402, Arlington, VA 22209-2318. For a complete listing of all 
facility addresses write to the system manger.

Categories of individuals covered by the system:
    Uniformed services medical beneficiaries enrolled in the Defense 
Enrollment Eligibility Reporting System (DEERS) who receive or have 
received medical care at one or more of DoD's medical treatment 
facilities (MTFs), Uniformed Services Treatment Facilities (USTFs), or 
care provided under TRICARE programs. Uniformed services medical 
beneficiaries who receive or have received care at one or more dental 
treatment facilities or other system locations including medical aid 
stations, Educational and Developmental Intervention Services clinics 
and Service Medical Commands. Uniformed service members serving in a 
deployed status and those who receive or received care through the 
Department of Veterans Affairs (VA).

Categories of records in the system:
Personal identification data:
    Selected electronic data elements extracted from the Defense 
Enrollment and Eligibility Reporting System (DEERS) beneficiary and 
enrollment records that include data regarding personal identification 
including demographic characteristics.

Eligibility and enrollment data:
    Selected electronic data elements extracted from DEERS regarding 
personal eligibility for and enrollment in various health care programs 
within the Department of Defense (DoD) and among DoD and other federal 
healthcare programs including those of the Department of Veterans 
Affairs (DVA), the Department of Health and Human Services (DHHS), and 
contracted health care provided through funding provided by one of 
these three Departments.

Clinical encounter data:
    Electronic data regarding beneficiaries' interaction with the MHS 
including health care encounters, health care screenings and education, 
wellness and satisfaction surveys, and cost data relative to such 
healthcare interactions. Electronic data regarding Military Health 
System beneficiaries' interactions with the DVA or DHHS healthcare 
delivery programs where such programs effect benefits determinations 
between these Department-level programs, continuity of clinical care, 
or effect payment for care between Departmental programs inclusive of 
care provided by commercial entities under contract to these three 
Departments.
    Electronic data regarding dental tests, pharmacy prescriptions and 
reports, data incorporating medical nutrition therapy and medical food 
management, data for young MHS beneficiaries eligible for services from 
the military medical departments covered by the Individuals with 
Disabilities Education Act (IDEA). Data collected within the system 
also allows beneficiaries to request an accounting of who was given 
access to their medical records prior to the date of request. It tracks 
disclosure types, treatment, payment and other Health Care Operations 
(TPO) versus non-TPO, captures key information about disclosures, 
processes complaints, processes and tracks requests for amendments to 
records, generates disclosure accounting and audit reports, retains 
history of disclosure accounting processing.

Budgetary and managerial cost accounting data:
    Electronic budgetary and managerial cost accounting data associated 
with beneficiaries' interactions with the MHS, DVA, DHHS or contractual 
commercial healthcare providers.

Clinical data:
    Inpatient and out patient medical records, diagnosis procedures, 
and pharmacy records.

Occupational and environmental exposure data:
    Electronic data supporting exposure-based medical surveillance; 
reports of incidental exposures enhanced industrial hygiene risk 
reduction; improved quality of occupational health care and wellness 
programs for the DoD workforce; hearing conservation, industrial 
hygiene and occupational medicine programs within the MHS; and timely 
and efficient access of data and information to authorized system users

Medical and dental resources:
    Electronic data used by the MHS for resource planning based on 
projections of actual health care needs rather than projections based 
on past demand.

Authority for maintenance of the system:
    5 U.S.C. 301, Department Regulation; 10 U.S.C., Chapter 55; Pub.L. 
104-91, Health Insurance Portability and Accountability Act of 1996; 
DoD 6025.18-R, DoD Health Information Privacy Regulation; 10 U.S.C. 
1071-1085, Medical and Dental Care; 42 U.S.C. Chapter 117, Sections 
11131-11152, Reporting of Information; 10 U.S.C. 1097a and 1097b, 
TRICARE Prime and TRICARE Program; 10 U.S.C. 1079, Contracts for 
Medical Care for Spouses and Children; 10 U.S.C. 1079a, Civilian Health 
and Medical Program of the Uniformed Services (CHAMPUS); 10 U.S.C. 
1086, Contracts for Health Benefits for Certain Members, Former 
Members, and Their Dependents; DoD Instruction 6015.23, Delivery of 
Healthcare at Military Treatment Facilities (MTFs); DoD 6010.8-R, 
CHAMPUS; 10 U.S.C. 1095, Collection from Third Party Payers Act; and 
E.O. 9397 (SSN).

Purpose(s):
    Data collected within and maintained by the Military Health 
Information System supports benefits determination for MHS 
beneficiaries between DoD, DVA, and DHHS healthcare programs, provides 
the ability to support continuity of care across Federal programs 
including use of the data in the provision of care, ensures more 
efficient adjudication of claims and supports healthcare policy 
analysis and clinical research to improve the quality and efficiency of 
care within the MHS.
    The electronic medical records portion of the system (EMR) 
addresses documenting and tracking environmental health readiness data 
located in arsenals, depots, and bases. Data collected and maintained 
is used to assess the medical and dental deployability of Service 
members for the purposes of pre- and post-deployment exams. This 
assists in recording health conditions before deployment and any 
changes during and after deployment.
    Data collected and maintained in the EMR system is used to perform 
disease management and the prevention of exacerbations and 
complications using evidence-based practice guidelines and patient 
empowerment strategies. Data collected and maintained in the EMR system 
is used in proactive health intervention activities for the active duty 
and non-active duty beneficiary population. Data collected and

[[Page 44576]]

maintained is used to capture data on hearing loss and occupational 
exposures, to perform noise exposure surveillance and injury referrals 
to assess auditory readiness.
    Data collected and maintained in the EMR system is used to 
establish individual longitudinal exposure records using pre-deployment 
exposure records. These records are used as a baseline against new 
exposures to facilitate post-deployment follow-up and workplace injury 
root-cause analysis in an effort to mitigate loss work time within the 
DoD.
    Data collected within and maintained in the system is used for 
patient administration (including registration, admission, disposition 
and transfer); patient appointing and scheduling, delivery of managed 
care; workload and medical services accounting; and quality assurance.
    Data collected will be provided to Special Oversight Boards created 
by applicable DoD authorities to investigate special circumstances and 
conditions resulting from a deployment of DoD personnel to a theater of 
operations.
    Data collected and maintained in electronic and paper records is 
used to track victims of sexual assault crimes, and medical and other 
support services provided to them. Data collected and maintained is 
also used to capture demographics and perform trend analysis.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the DoD as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    To permit the disclosure of records to the Department of Health and 
Human Services (HHS) and its components for the purpose of conducting 
research and analytical projects, and to facilitate collaborative 
research activities between DoD and HHS.
    To the Congressional Budget Office for projecting costs and 
workloads associated with DoD Medical benefits.
    To the Department of Veterans Affairs (DVA) for the purpose of 
providing medical care to former service members and retirees, to 
determine the eligibility for or entitlement to benefits, to coordinate 
cost sharing activities, and to facilitate collaborative research 
activities between the DoD and DVA.
    To the National Research Council, National Academy of Sciences, 
National Institutes of Health, Armed Forces Institute of Pathology, and 
similar institutions for authorized health research in the interest of 
the Federal Government and the public. When not essential for 
longitudinal studies, patient identification data shall be deleted from 
records used for research studies. Facilities/activities releasing such 
records shall maintain a list of all such research organizations and an 
accounting disclosure of records released thereto.
    To local and state government and agencies for compliance with 
local laws and regulations governing control of communicable diseases, 
preventive medicine and safety, child abuse, and other public health 
and welfare programs.
    To federal offices and agencies involved in the documentation and 
review of defense occupational and environmental exposure data, 
including the National Security Agency, the Army Corps of Engineers, 
National Guard, and the Defense Logistics Agency.
    The DoD `Blanket Routine Uses' set forth at the beginning of OSD's 
compilation of systems of records notices apply to this system, except 
as identified below.

Note 1:
    This system of records contains individually identifiable health 
information. The DoD Health Information Privacy Regulation (DoD 
6025.18-R) issued pursuant to the Health Insurance Portability and 
Accountability Act of 1996, applies to most such health information. 
DoD 6025.18-R may place additional procedural requirements on the uses 
and disclosures of such information beyond those found in the Privacy 
Act of 1974 or mentioned in this system of records notice.

Note 2:
    Personal identity, diagnosis, prognosis or treatment information of 
any patient maintained in connection with the performance of any 
program or activity relating to substance abuse education, prevention, 
training, treatment, rehabilitation, or research, which is conducted, 
regulated, or directly or indirectly assisted by any department or 
agency of the United States, except as provided in 42 U.S.C. 290dd-2, 
will be treated as confidential and will be disclosed only for the 
purposes and under the circumstances expressly authorized under 42 
U.S.C. 290dd-2. The ``Blanket Routine Uses'' do not apply to these 
types of records.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Records are maintained on optical and magnetic media.

Retrievability:
    Records may be retrieved by individual's Social Security Number, 
sponsor's Social Security Number, Beneficiary ID (sponsor's ID, 
patient's name, patient's DOB, and family member prefix or DEERS 
dependent suffix), diagnosis codes, admission and discharge dates, 
location of care or any combination of the above.

Safeguards:
    Automated records are maintained in controlled areas accessible 
only to authorized personnel. Entry to these areas is restricted to 
personnel with a valid requirement and authorization to enter. Physical 
entry is restricted by the use of a cipher lock. Back-up data 
maintained at each location is stored in a locked room. The system will 
comply with the DoD Information Technology Security Certification and 
Accreditation Process (DITSCAP) Access to HMIS records is restricted to 
individuals who require the data in the performance of official duties. 
Access is controlled through use of passwords.

Retention and disposal:
    Records are maintained until no longer needed for current business.

System manager(s) and address:
    Program Manager, Executive Information/Decision Support Program 
Office, Six Skyline Place, Suite 809, 5111 Leesburg Pike, Falls Church, 
VA 22041-3201.
    Program Manager, Joint Task Force Sexual Assault Prevention and 
Response, 1401 Wilson Blvd, Suite 402, Arlington, VA 22209-2318.

Notification procedure:
    Individuals seeking to determine whether information about 
themselves is contained in this system should address written inquiries 
to the TRICARE Management Activity Privacy Office, Skyline 5, Suite 
810, 5111 Leesburg Pike, Falls Church, VA 22041-3201 or Commander, 
Joint Task Force Sexual Assault Prevention and Response, 1401 Wilson 
Blvd, Suite 402, Arlington, VA 22209-2318.
    Requests should contain the full names of the beneficiary and 
sponsor, sponsor Social Security Number, sponsor service, beneficiary 
date of birth, beneficiary sex, treatment facility(ies), and fiscal 
year(s) of interest.

[[Page 44577]]

Record access procedures:
    Individuals seeking access to information about themselves 
contained in this system of records should address written requests to 
TRICARE Management Activity Privacy Office, Skyline 5, Suite 810, 5111 
Leesburg Pike, Falls Church, VA 22041-3201 or Commander, Joint Task 
Force Sexual Assault Prevention and Response, 1401 Wilson Blvd, Suite 
402, Arlington, VA 22209-2318.
    Requests should contain the full names of the beneficiary and 
sponsor, sponsor's Social Security Number, sponsor's service, 
beneficiary date of birth, beneficiary sex, treatment facility(ies) 
that have provided care, and fiscal year(s) of interest.

Contesting record procedures:
    The OSD rules for accessing records, for contesting contents and 
appealing initial agency determinations are contained in OSD 
Administrative Instruction 81; 32 CFR part 311; or may be obtained from 
the system manager.

Record source categories:
    The individual data records that are assembled to form the MHIS are 
submitted by the Military Departments' medical treatment facilities, 
commercial healthcare providers under contract to the MHS, the Defense 
Enrollment Eligibility Reporting System, the Uniformed Service 
Treatment Facility Managed Care System, the Department of Health and 
Human Services, the Department of Veterans Affairs, and any other 
source financed through the Defense Health Program.

Exemptions claimed for the system:
    None.

[FR Doc. 05-15355 Filed 8-2-05; 8:45 am]
BILLING CODE 5001-06-P