Office For Civil Rights; Privacy Act of 1974; Amended System of Records, 8734-8737 [E7-3283]
Download as PDF
<![CDATA[
8734
Federal Register / Vol. 72, No. 38 / Tuesday, February 27, 2007 / Notices
Governors. Interested persons may
express their views in writing on the
question whether the proposal complies
with the standards of section 4 of the
BHC Act. Additional information on all
bank holding companies may be
obtained from the National Information
Center website at www.ffiec.gov/nic/.
Unless otherwise noted, comments
regarding the applications must be
received at the Reserve Bank indicated
or the offices of the Board of Governors
not later than March 13, 2007.
A. Federal Reserve Bank of Kansas
City (Donna J. Ward, Assistant Vice
President) 925 Grand Avenue, Kansas
City, Missouri 64198–0001:
1. Spalding City Corporation, Omaha,
Nebraska; to retain voting shares of
Spalding City Insurance Agency,
Spalding, Nebraska, and thereby
continue to engage in general insurance
activities in small towns, pursuant to
section 225.28(b)(11)(iii)(A) of
Regulation Y.
Board of Governors of the Federal Reserve
System, February 21, 2007.
Robert deV. Frierson,
Deputy Secretary of the Board.
[FR Doc.E7–3246 Filed 2–26–07; 8:45 am]
BILLING CODE 6210–01–S
FEDERAL RESERVE SYSTEM
Sunshine Act Meeting
Board of
Governors of the Federal Reserve
System.
TIME AND DATE: 11:30 a.m., Monday,
March 5, 2007.
PLACE: Marriner S. Eccles Federal
Reserve Board Building, 20th and C
Streets, N.W., Washington, D.C. 20551.
STATUS: Closed.
MATTERS TO BE CONSIDERED:
1. Personnel actions (appointments,
promotions, assignments,
reassignments, and salary actions)
involving individual Federal Reserve
System employees.
2. Any items carried forward from a
previously announced meeting.
FOR FURTHER INFORMATION CONTACT:
Michelle Smith, Director, or Dave
Skidmore, Assistant to the Board, Office
of Board Members at 202–452–2955.
SUPPLEMENTARY INFORMATION: You may
call 202–452–3206 beginning at
approximately 5 p.m. two business days
before the meeting for a recorded
announcement of bank and bank
holding company applications
scheduled for the meeting; or you may
contact the Board’s Web site at https://
www.federalreserve.gov for an electronic
announcement that not only lists
cprice-sewell on PROD1PC62 with NOTICES
AGENCY HOLDING THE MEETING:
VerDate Aug<31>2005
15:22 Feb 26, 2007
Jkt 211001
applications, but also indicates
procedural and other information about
the meeting.
Board of Governors of the Federal Reserve
System, February 23, 2007.
Robert deV. Frierson,
Deputy Secretary of the Board.
[FR Doc. 07–906 Filed 2–23–07; 2:51 pm]
BILLING CODE 6210–01–S
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office For Civil Rights; Privacy Act of
1974; Amended System of Records
Notice of modified or altered
System of Records (SOR).
ACTION:
SUMMARY: In accordance with the
Privacy Act, we are proposing to modify
or alter an existing SOR, ‘‘Program
Information Management System
(PIMS),’’ System No. 09–90–0052,
published at 67 FR 57011, September 6,
2002.
First, we propose to add a new
authority, the Patient Safety and Quality
Improvement Act of 2005 (Patient Safety
Act), to those under which OCR collects
information. The Secretary of HHS has
delegated to OCR the authority to
enforce the confidentiality provisions of
that statute.
Second, we propose a new routine use
which allows referrals of Age
Discrimination Act Complaints to the
Federal Mediation and Conciliation
Service (FMCS), for purposes of
mediation.
Third, we give notice of a new routine
use permitting disclosure of records to
student volunteers, individuals working
under a personal services contract, and
other individuals performing functions
for the Department but technically not
having the status of OCR employees, if
they need access to the records in order
to perform their assigned agency
functions. OCR invites interested parties
to submit comments on the proposed
additional authority and routine uses.
See Effective Dates section for comment
period.
EFFECTIVE DATES: OCR filed a modified
system report with the Chair of the
House Committee on Government
Reform and Oversight, the Chair of the
Senate Committee on Homeland
Security and Governmental Affairs, and
the Administrator, Office of Information
and Regulatory Affairs, Office of
Management and Budget (OMB)
February 15, 2007. To ensure that all
parties have adequate time in which to
comment, the modified SOR, including
routine uses, will become effective 40
PO 00000
Frm 00057
Fmt 4703
Sfmt 4703
days from the publication of the notice,
or from the date it was submitted to
OMB and the Congress, whichever is
later, unless OCR receives comments
that require alterations to this notice.
ADDRESSES: The public should address
comments regarding: FMCS referrals to
Richard Lopez, Civil Rights Division,
the Patient Safety Act to Linda Sanches,
Privacy Division, student volunteers to
Sheila D. Marshall, of the Management
Operations Division, Office for Civil
Rights, Department of Health and
Human Services, Room 553E, Hubert H.
Humphrey Building, 200 Independence
Avenue, SW., Washington, DC 20201.
Comments also may be sent via e-mail
to OCRmail@hhs.gov. Comments
received will be available for review at
this location, by appointment, during
regular business hours, Monday through
Friday from 9 a.m.–3 p.m., Eastern
Standard Time.
FOR FURTHER INFORMATION CONTACT: For
further information regarding FMCS
referrals contact Richard Lopez, Civil
Rights Division, telephone number (202)
260–1602, the Patient Safety Act contact
Linda Sanches, Privacy Division,
telephone number (202) 260–7106,
student volunteers contact Sheila D.
Marshall, of the Management
Operations Division, telephone number
(202) 619–2742, Office for Civil Rights,
Department of Health and Human
Services, Room 553E, Hubert H.
Humphrey Building, 200 Independence
Avenue, SW., Washington, DC 20201.
SUPPLEMENTARY INFORMATION: The
system of records (i.e., PIMS) described
in the OCR’s September 6, 2002 Privacy
Act notice is used by OCR staff and
consists of an electronic repository of
information and documents, and
supplementary paper document files.
PIMS effectively combined and replaced
OCR’s two previous systems of records,
(CIMS and the Complaint File and Log),
into a single integrated system with
enhanced electronic storage, retrieval
and tracking capacities. While the types
of information collected and stored in
PIMS is the same as the information
collected in CIMS and the Complaint
File and Log, PIMS allows OCR to
manage more effectively the information
that it does collect.
The Privacy Act permits the OCR to
disclose information or records
pertaining to an individual without that
individual’s consent if the information
is to be used for a purpose that is
compatible with the purpose(s) for
which the information was collected, 5
U.S.C. 552a (b) (3). Any such disclosure
is known as a ‘‘routine use.’’ This
modified notice identifies two new
routine uses for the OCR’s system of
E:\FR\FM\27FEN1.SGM
27FEN1
cprice-sewell on PROD1PC62 with NOTICES
Federal Register / Vol. 72, No. 38 / Tuesday, February 27, 2007 / Notices
records, as described below. The OCR
expects that the routine use disclosures
will not result in any unwarranted
invasion of personal privacy.
The Office for Civil Rights (OCR) is
responsible for enforcing Title VI of the
Civil Rights Act of 1964, Section 504 of
the Rehabilitation Act of 1973, the Age
Discrimination Act of 1975 and other
statutes which prohibit discrimination
by programs or entities that receive
Federal financial assistance. OCR also
has jurisdiction over Federally
conducted programs in cases involving
disability-based discrimination under
Section 504 of the Rehabilitation Act,
over state and local public entities in
cases involving disability-based
discrimination under Title II of the
Americans with Disabilities Act and
over health plans, health care
clearinghouses and certain health care
providers with respect to enforcement of
medical privacy obligations under the
Health Insurance Portability and
Accountability Act. We give notice that
OCR now enforces the confidentiality
provisions of a new authority, the
Patient Safety and Quality Improvement
Act of 2005 (Patient Safety Act).
The PIMS system conforms to
applicable law and policy governing the
privacy and security of Federal
automated information systems. These
include, but are not limited to: the
Privacy Act of 1974, Computer Security
Act of 1987, the Paperwork Reduction
Act of 1995, the Clinger-Cohen Act of
1996, and OMB Circular A–130,
Appendix, III, ‘‘Security of Federal
Automated Information Resources.’’
OCR has prepared a system security
plan as required by OMB Circular A–
130, Appendix III. This plan conforms
fully to guidance issued by the National
Institute for Standards and Technology
(NIST) in NIST Special Publication 800–
18, ‘‘Guide for Developing Security
Plans for Information Technology
Systems.’’ The plan includes conduct of
a risk assessment that addresses the
confidentiality and integrity of the data.
Only authorized users whose official
duties require the use of such
information have regular access to the
records in this system.
The routine uses for this system are
compatible with the stated purpose of
the system. The first routine use for this
system, permitting disclosure to a
congressional office, allows subject
individuals to obtain assistance from
their representatives in Congress,
should they so desire. Such disclosure
would be made only pursuant to the
request of the individual. The second
routine use allows disclosure to the
Department of Justice or a court in the
event of litigation. The third routine use
VerDate Aug<31>2005
15:22 Feb 26, 2007
Jkt 211001
allows referral to the appropriate
agency, in the event that a System of
Records maintained by this agency to
carry out its functions indicates a
violation or potential violation of law.
The fourth routine use allows disclosure
of records to contractors for the purpose
of processing or refining records in the
system. OCR is proposing to add two
new routine uses. The fifth and new
routine use allows records to be
disclosed to student volunteers,
individuals working under a personal
services contract, and other individuals
performing functions for the Department
but technically not having the status of
agency employees, if they need access to
the records in order to perform their
assigned agency functions. The new
sixth and final routine use allows
referrals of Age Discrimination Act
Complaints to the Federal Mediation
and Conciliation Service (FMCS) for
purposes of mediation.
The following amended notice is
written in the present, rather than future
tense, in order to avoid the unnecessary
expenditure of public funds to modify
the amended notice after the system has
become effective.
Dated: February 13, 2007.
Winston Wilkinson,
Director, Office for Civil Rights.
09–90–0052
SYSTEM NAME:
‘‘Program Information Management
System (PIMS), HHS/OS/OCR.’’
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
The automated portion of the system
is maintained at OCR Headquarters.
Paper files are maintained in
headquarters and regional offices as
noted in Appendix I.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Covered individuals include persons
who file complaints alleging
discrimination or violation of their
rights or other violations under the
statutes identified below (Authority for
Maintenance) and covered entities (e.g.,
service providers) that are individuals
and not organization or institutions,
investigated by OCR as a result of
complaints filed or through reviews
conducted by OCR. Covered individuals
also include persons who submit
correspondence to OCR related to other
compliance activities, (e.g., outreach
and public education) and other
correspondence unrelated to a
complaint or review and requiring
PO 00000
Frm 00058
Fmt 4703
Sfmt 4703
8735
responses by OCR. In addition, OCR
employees who use the system to record
the status of their work are covered.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system encompasses a variety of
records having to do with complaints,
reviews, and correspondence. The
complaint files and log include
complaint allegations, information
gathered during the complaint
investigation, findings and results of the
investigation, and correspondence
relating to the investigation, as well as
status information for all complaints.
This component of PIMS is exempt from
the notification, access, correction and
amendment provisions of the Privacy
Act (see below: Systems Exempted From
Certain Provisions of the Act).
Equivalent types of information are
maintained for reviews and
correspondence activities—namely
information gathered, findings, results,
correspondence and status.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title VI of the 1964 Civil Rights Act;
Sections 533, 542, 794, 855, 1947 and
1908 of the Public Health Service Act;
Sections 504 and 508 of the
Rehabilitation Act of 1973: Title II of the
Americans with Disabilities Act of 1990;
the Age Discrimination Act of 1975; the
Equal Employment Opportunity
Provisions of the Public
Telecommunications Financing Act of
1978; Title VI and Title XVI of the
Public Health Service Act (the
‘‘community services obligation’’ of
facilities funded under the Act); Title IX
of the 1972 Education Amendments;
Section 407 of the Drug Abuse Office
and Treatment Act; Section 321 of the
Comprehensive Alcohol Abuse and
Alcoholism Prevention, Treatment, and
Rehabilitation Act of 1970; Section 508
of the Social Security Act, the Family
Violence Prevention and Services Act;
Low-Income Home Energy Assistance
Act of 1981; Section 1808 of the Small
Business Job Protection Act of 1996; the
Health Insurance Portability and
Accountability Act of 1996; and the
Patient Safety and Quality Improvement
Act of 2005 (Patient Safety Act).
PURPOSE(S) OF THE SYSTEM:
PIMS is used by OCR staff and
consists of an electronic repository of
information and documents, and
supplementary paper document files.
PIMS effectively combines and replaces
OCR’s two previous systems of records,
the ‘‘Case Information Management
System (CIMS), HHS/OS/OCR, 09–90–
0050,’’ and the ‘‘Complaint File and
Log, HHS/OS/OCR 09–00–0051,’’ into a
single integrated system with enhanced
E:\FR\FM\27FEN1.SGM
27FEN1
8736
Federal Register / Vol. 72, No. 38 / Tuesday, February 27, 2007 / Notices
electronic storage, retrieval and tracking
capacities. While the types of
information collected and stored in
PIMS is the same as the information
collected in CIMS and the Complaint
File and Log, PIMS allows OCR to
manage more effectively the information
that it does collect. The system is
designed to allow OCR to integrate all
of OCR’s various business processes,
including all its compliance activities,
to allow for real time access and results
reporting and other varied information
management needs. PIMS provides: (1)
A single, central, electronic, repository
of all significant OCR documents and
information, including investigative
files, correspondence, administrative
records, policy and procedure manuals
and other documents and information
developed or maintained by OCR; (2)
easy, robust capability to search all the
information in OCR’s repository; (3)
better quality control at the front end
with simplified data entry and stronger
data validation; (4) tools to help staff
work on and manage their casework,
and (5) supplementary paper document
files. The system has the capacity to
generate reports concerning the status of
all current and closed complaints,
reviews and correspondence, and allows
OCR to track outreach, training and
other activities and to locate and
retrieve information in order to manage
more efficiently its work and report
results. In addition, PIMS allows for the
tracking of work assignments to
employees to facilitate workload
balancing, timely response to
complaints and completion of reviews,
and outreach and public education
initiatives focused on organizations and
individuals.
cprice-sewell on PROD1PC62 with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OR USERS AND
THE PURPOSES OF SUCH USES:
The Privacy Act allows us to disclose
information without an individual’s
consent if the information is to be used
for a purpose that is compatible with the
purpose(s) for which the information
was collected. Any such compatible use
of data is known as a ‘‘routine use.’’ The
routine uses in this system meet the
compatibility requirement of the Privacy
Act. We are establishing the following
routine use disclosures of information
maintained in the system:
I. The first routine use for this system,
permitting disclosure to a congressional
office, allows subject individuals to
obtain assistance from their
representatives in Congress, should they
so desire. Such disclosure would be
made only pursuant to the request of the
individual.
VerDate Aug<31>2005
15:22 Feb 26, 2007
Jkt 211001
II. The second routine use allows
disclosure to the Department of Justice
or a court in the event of litigation.
III. The third routine use allows
referral to the appropriate agency, in the
event that a System of Records
maintained by this agency to carry out
its functions indicates a violation or
potential violation of law.
IV. The fourth routine use allows
disclosure of records to contractors for
the purpose of processing or refining
records in the system.
V. The fifth routine use allows records
to be disclosed to student volunteers,
individuals working under a personal
services contract, and other individuals
performing functions for the Department
but technically not having the status of
agency employees, if they need access to
the records in order to perform their
assigned agency functions.
VI. The sixth routine use allows
referrals of Age Discrimination Act
Complaints to the Federal Mediation
and Conciliation Service (FMCS) for
purposes of mediation.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Automated records are maintained on
magnetic disc and tape back-up. Paper
records are kept in file folders.
RETRIEVABILITY:
Records are indexed by transaction
number, but may be retrieved by name,
street address, and other complainant or
covered entity characteristic (such as
type of entity, city, state and type of
service provided) by OCR staff engaged
in compliance activities.
SAFEGUARDS:
The PIMS system conforms to
applicable law and policy governing the
privacy and security of Federal
automated information systems. These
include but are not limited to: the
Privacy Act of 1974, Computer Security
Act of 1987, the Paperwork Reduction
Act of 1995, the Clinger-Cohen Act of
1996, and OMB Circular A–130,
Appendix, III, ‘‘Security of Federal
Automated Information Resources.’’
OCR has prepared a system security
plan as required by OMB Circular A–
130, Appendix III. This plan conforms
fully to guidance issued by the National
Institute for Standards and Technology
(NIST) in NIST Special Publication 800–
18, ‘‘Guide for Developing Security
Plans for Information Technology
Systems.’’ The plan includes conduct of
a risk assessment that addresses the
confidentiality and integrity of the data.
Only authorized users have access to
the information in the system.
PO 00000
Frm 00059
Fmt 4703
Sfmt 4703
Categories of users include: OCR
investigators, regional and headquarters
managers, team leaders, OCR budget
and Government Performance and
Results Act planning staff, program and
policy staff, and data analysts. Specific
access is structured around need and is
determined by the person’s role in the
organization. Access is managed
through the use of electronic access
control lists, which regulate the ability
to read, change and delete information
in the system. Each OCR user has read
access to designated information in the
system, with the ability to modify only
their own submissions or those of others
within their region or group. Data
identified as confidential is so
designated and only specified
individuals are granted access. The
system maintains an audit trail of all
actions against the data base.
All electronic data is stored on servers
maintained in locked facilities with
computerized access control allowing
access to only those support personnel
with a demonstrated need for access. A
database is kept of all individuals
granted security card access to the room,
and all visitors are escorted while in the
room. The server facility has
appropriate environmental security
controls, including measures to mitigate
damage to automated information
system resources caused by fire,
electricity, water and inadequate
climate controls.
Access control to servers, individual
computers and databases includes a
required user log-on with a password,
inactivity lockout to systems based on a
specified period of time, legal notices
and security warnings at log-on, and
remote access security that allows user
access for remote users (e.g., while on
government travel) under the same
terms and conditions as for users within
the office. System administrators have
appropriate security clearance.
Printed materials are filed in secure
cabinets in secure Federal buildings
with access based on need as described
above for the automated component of
the PIMS system.
RETENTION AND DISPOSAL:
Documents related to complaints and
reviews are retained at OCR for two
years from the date the complaint is
closed and then are archived at the
National Archives and Records
Administration for 15 years.
Correspondence is retained for one year
following the end of the fiscal year in
which processed.
SYSTEM MANAGER AND ADDRESS:
PIMS Project Manager, Resource
Management Division, Office for Civil
E:\FR\FM\27FEN1.SGM
27FEN1
Federal Register / Vol. 72, No. 38 / Tuesday, February 27, 2007 / Notices
Rights, 200 Independence Ave. SW.,
Room 509F, Washington, DC 20201.
NOTIFICATION PROCEDURE:
Contact System Manager (above).
Include name and address of
complainant, and name of the recipient
against which the allegation was filed.
The Department is exempting all
investigative records from this provision
(see below: Records Exempted).
RECORD ACCESS PROCEDURE:
Same as notification procedures.
Requesters should also reasonably
specify the record contents being
sought. Requests should be made to the
system manager (above). The
Department is exempting all
investigative records from this provision
(see below: Records Exempted).
CONTESTING RECORD PROCEDURE:
Contact the official(s) at the address
specified under System Manager, and
reasonably identify the record and
specify the information to be contested
and corrective action sought with
supporting justification. (These
procedures are in accordance with
Department Regulations (45 CFR 5b.7)
Federal Register, October 8, 1975, page
47411.) The Department is exempting
all investigative records from this
provision (see below: Records
Exempted).
RECORD SOURCE CATEGORIES:
Information is provided by
complainants and covered entities.
SYSTEM RECORDS EXEMPTED FROM CERTAIN
PROVISIONS OF THE ACT:
OCR investigative records maintained
in PIMS, either as paper records or
electronic documents are records
compiled for law enforcement purposes
are exempt under subsection (k)(2) from
the notification, access, correction and
amendment provisions of the Privacy
Act.
cprice-sewell on PROD1PC62 with NOTICES
APPENDIX NUMBER 1—SYSTEM LOCATIONS:
This system is located at HHS offices
in the following cities.
Headquarters, PIMS Project Manager,
Resource Management Division,
Office for Civil Rights, 200
Independence Ave., SW., Room 509F,
Washington, DC 20201.
Region I, Regional Manager, OCR/HHS,
J.F. Kennedy Federal Building—Room
1875 Boston, Massachusetts 02203.
Region II, Regional Manager, OCR/HHS,
26 Federal Plaza—Suite 3312, New
York, NY 10278.
Region III, Regional Manager, OCR/
HHS, 150 S. Independence Mall West,
Suite 372, Public Ledger Building,
Philadelphia, PA 19106.
VerDate Aug<31>2005
15:22 Feb 26, 2007
Jkt 211001
Region IV, Regional Manager, OCR/
HHS, Atlanta Federal Center, Suite
3B70, 61 Forsyth Street, SW., Atlanta,
GA 30303.
Region V, Regional Manager, OCR/HHS,
233 N. Michigan Ave, Suite 240,
Chicago, IL 60601.
Region VI, Regional Manager, OCR/
HHS, 1301 Young Street, Suite 1169,
Dallas, TX 75202.
Region VII, Regional Manager, OCR/
HHS, 601 E. 12th Street—Room 248,
Kansas City, MO 64106.
Region VIII, Regional Manager, OCR/
HHS, Federal Office Building, 1961
Stout Street—Room 1185, Denver, CO
80294.
Region IX, Regional Manager, OCR/
HHS, 50 United Nations Plaza—Room
322, San Francisco, CA 94102.
Region X, Regional Manager, OCR/HHS,
2201 Sixth Avenue—Suite 900,
Seattle, WA 98121.
[FR Doc. E7–3283 Filed 2–26–07; 8:45 am]
BILLING CODE 4153–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Disease Control and
Prevention
[60Day–07–05CZ]
Proposed Data Collections Submitted
for Public Comment and
Recommendations
In compliance with the requirement
of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995 for
opportunity for public comment on
proposed data collection projects, the
Centers for Disease Control and
Prevention (CDC) will publish periodic
summaries of proposed projects. To
request more information on the
proposed projects or to obtain a copy of
the data collection plans and
instruments, call 404–639–5960 and
send comments to Joan Karr, CDC
Acting Reports Clearance Officer, 1600
Clifton Road, MS–D74, Atlanta, GA
30333 or send an e-mail to
omb@cdc.gov.
Comments are invited on: (a) Whether
the proposed collection of information
is necessary for the proper performance
of the functions of the agency, including
whether the information shall have
practical utility; (b) the accuracy of the
agency’s estimate of the burden of the
proposed collection of information; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the collection of information
on respondents, including through the
use of automated collection techniques
PO 00000
Frm 00060
Fmt 4703
Sfmt 4703
8737
or other forms of information
technology. Written comments should
be received within 60 days of this
notice.
Proposed Project
Assessing Diabetes Detection
Initiative for Policy Decision—New—
National Center for Chronic Disease
Prevention and Health Promotion
(NCCDPHP), Centers for Disease Control
and Prevention (CDC).
Background and Brief Description
Type 2 diabetes is a chronic disease
that affects more than 18 million
Americans, approximately 5 million of
whom do not know that they have the
disease. As the disease progresses, it
often causes severe complications,
including heart disease, blindness,
lower extremity arterial disease, and
kidney failure. American Indians,
African Americans, Latino Americans,
and some Asian Americans and Pacific
Islanders are disproportionately affected
by diabetes. Identifying persons who
have undiagnosed diabetes and treating
them could prevent or delay diabetes
complications.
In November 2003 the Diabetes
Detection Initiative (DDI) was launched
in 10 locations around the U.S. to
identify a portion of the estimated 5
million people with undiagnosed Type
2 diabetes, targeting specific areas in
each of 10 locales in which residents are
likely to be at higher risk for Type 2
diabetes. Implementation of the DDI
involved distributing a paper-and-pencil
risk test. Individuals whose score
indicated that they were at an increased
risk for diabetes were advised to see
their regular doctor (or to schedule an
appointment at one of several clinics
that had agreed to participate in the
DDI), to receive a finger-stick or other
tests to confirm whether or not they
have diabetes. Whether or not the DDI
should be expanded to other
communities depends on the health
benefits and costs of the program. The
CDC is planning to conduct a study to
provide this critical information.
The planned study will assess the
resources used, the cost per case
detected, and the perceived benefit of
the DDI to participants. Data for the
economic assessment will be obtained
by conducting three separate surveys:
(1) A local implementation team survey
will be administered to the 10 DDI local
implementation leaders to obtain
information on resources used by the
members of DDI local implementation
teams and community based
organizations to implement the nonmedical service delivery activities for
the DDI program; (2) a health clinic
E:\FR\FM\27FEN1.SGM
27FEN1
]]>Agencies
[Federal Register Volume 72, Number 38 (Tuesday, February 27, 2007)]
[Notices]
[Pages 8734-8737]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-3283]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office For Civil Rights; Privacy Act of 1974; Amended System of
Records
ACTION: Notice of modified or altered System of Records (SOR).
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act, we are proposing to modify
or alter an existing SOR, ``Program Information Management System
(PIMS),'' System No. 09-90-0052, published at 67 FR 57011, September 6,
2002.
First, we propose to add a new authority, the Patient Safety and
Quality Improvement Act of 2005 (Patient Safety Act), to those under
which OCR collects information. The Secretary of HHS has delegated to
OCR the authority to enforce the confidentiality provisions of that
statute.
Second, we propose a new routine use which allows referrals of Age
Discrimination Act Complaints to the Federal Mediation and Conciliation
Service (FMCS), for purposes of mediation.
Third, we give notice of a new routine use permitting disclosure of
records to student volunteers, individuals working under a personal
services contract, and other individuals performing functions for the
Department but technically not having the status of OCR employees, if
they need access to the records in order to perform their assigned
agency functions. OCR invites interested parties to submit comments on
the proposed additional authority and routine uses. See Effective Dates
section for comment period.
EFFECTIVE DATES: OCR filed a modified system report with the Chair of
the House Committee on Government Reform and Oversight, the Chair of
the Senate Committee on Homeland Security and Governmental Affairs, and
the Administrator, Office of Information and Regulatory Affairs, Office
of Management and Budget (OMB) February 15, 2007. To ensure that all
parties have adequate time in which to comment, the modified SOR,
including routine uses, will become effective 40 days from the
publication of the notice, or from the date it was submitted to OMB and
the Congress, whichever is later, unless OCR receives comments that
require alterations to this notice.
ADDRESSES: The public should address comments regarding: FMCS referrals
to Richard Lopez, Civil Rights Division, the Patient Safety Act to
Linda Sanches, Privacy Division, student volunteers to Sheila D.
Marshall, of the Management Operations Division, Office for Civil
Rights, Department of Health and Human Services, Room 553E, Hubert H.
Humphrey Building, 200 Independence Avenue, SW., Washington, DC 20201.
Comments also may be sent via e-mail to OCRmail@hhs.gov. Comments
received will be available for review at this location, by appointment,
during regular business hours, Monday through Friday from 9 a.m.-3
p.m., Eastern Standard Time.
FOR FURTHER INFORMATION CONTACT: For further information regarding FMCS
referrals contact Richard Lopez, Civil Rights Division, telephone
number (202) 260-1602, the Patient Safety Act contact Linda Sanches,
Privacy Division, telephone number (202) 260-7106, student volunteers
contact Sheila D. Marshall, of the Management Operations Division,
telephone number (202) 619-2742, Office for Civil Rights, Department of
Health and Human Services, Room 553E, Hubert H. Humphrey Building, 200
Independence Avenue, SW., Washington, DC 20201.
SUPPLEMENTARY INFORMATION: The system of records (i.e., PIMS) described
in the OCR's September 6, 2002 Privacy Act notice is used by OCR staff
and consists of an electronic repository of information and documents,
and supplementary paper document files. PIMS effectively combined and
replaced OCR's two previous systems of records, (CIMS and the Complaint
File and Log), into a single integrated system with enhanced electronic
storage, retrieval and tracking capacities. While the types of
information collected and stored in PIMS is the same as the information
collected in CIMS and the Complaint File and Log, PIMS allows OCR to
manage more effectively the information that it does collect.
The Privacy Act permits the OCR to disclose information or records
pertaining to an individual without that individual's consent if the
information is to be used for a purpose that is compatible with the
purpose(s) for which the information was collected, 5 U.S.C. 552a (b)
(3). Any such disclosure is known as a ``routine use.'' This modified
notice identifies two new routine uses for the OCR's system of
[[Page 8735]]
records, as described below. The OCR expects that the routine use
disclosures will not result in any unwarranted invasion of personal
privacy.
The Office for Civil Rights (OCR) is responsible for enforcing
Title VI of the Civil Rights Act of 1964, Section 504 of the
Rehabilitation Act of 1973, the Age Discrimination Act of 1975 and
other statutes which prohibit discrimination by programs or entities
that receive Federal financial assistance. OCR also has jurisdiction
over Federally conducted programs in cases involving disability-based
discrimination under Section 504 of the Rehabilitation Act, over state
and local public entities in cases involving disability-based
discrimination under Title II of the Americans with Disabilities Act
and over health plans, health care clearinghouses and certain health
care providers with respect to enforcement of medical privacy
obligations under the Health Insurance Portability and Accountability
Act. We give notice that OCR now enforces the confidentiality
provisions of a new authority, the Patient Safety and Quality
Improvement Act of 2005 (Patient Safety Act).
The PIMS system conforms to applicable law and policy governing the
privacy and security of Federal automated information systems. These
include, but are not limited to: the Privacy Act of 1974, Computer
Security Act of 1987, the Paperwork Reduction Act of 1995, the Clinger-
Cohen Act of 1996, and OMB Circular A-130, Appendix, III, ``Security of
Federal Automated Information Resources.'' OCR has prepared a system
security plan as required by OMB Circular A-130, Appendix III. This
plan conforms fully to guidance issued by the National Institute for
Standards and Technology (NIST) in NIST Special Publication 800-18,
``Guide for Developing Security Plans for Information Technology
Systems.'' The plan includes conduct of a risk assessment that
addresses the confidentiality and integrity of the data.
Only authorized users whose official duties require the use of such
information have regular access to the records in this system.
The routine uses for this system are compatible with the stated
purpose of the system. The first routine use for this system,
permitting disclosure to a congressional office, allows subject
individuals to obtain assistance from their representatives in
Congress, should they so desire. Such disclosure would be made only
pursuant to the request of the individual. The second routine use
allows disclosure to the Department of Justice or a court in the event
of litigation. The third routine use allows referral to the appropriate
agency, in the event that a System of Records maintained by this agency
to carry out its functions indicates a violation or potential violation
of law. The fourth routine use allows disclosure of records to
contractors for the purpose of processing or refining records in the
system. OCR is proposing to add two new routine uses. The fifth and new
routine use allows records to be disclosed to student volunteers,
individuals working under a personal services contract, and other
individuals performing functions for the Department but technically not
having the status of agency employees, if they need access to the
records in order to perform their assigned agency functions. The new
sixth and final routine use allows referrals of Age Discrimination Act
Complaints to the Federal Mediation and Conciliation Service (FMCS) for
purposes of mediation.
The following amended notice is written in the present, rather than
future tense, in order to avoid the unnecessary expenditure of public
funds to modify the amended notice after the system has become
effective.
Dated: February 13, 2007.
Winston Wilkinson,
Director, Office for Civil Rights.
09-90-0052
System Name:
``Program Information Management System (PIMS), HHS/OS/OCR.''
Security Classification:
None.
System Location:
The automated portion of the system is maintained at OCR
Headquarters. Paper files are maintained in headquarters and regional
offices as noted in Appendix I.
Categories of Individuals Covered by the System:
Covered individuals include persons who file complaints alleging
discrimination or violation of their rights or other violations under
the statutes identified below (Authority for Maintenance) and covered
entities (e.g., service providers) that are individuals and not
organization or institutions, investigated by OCR as a result of
complaints filed or through reviews conducted by OCR. Covered
individuals also include persons who submit correspondence to OCR
related to other compliance activities, (e.g., outreach and public
education) and other correspondence unrelated to a complaint or review
and requiring responses by OCR. In addition, OCR employees who use the
system to record the status of their work are covered.
Categories of Records in the System:
The system encompasses a variety of records having to do with
complaints, reviews, and correspondence. The complaint files and log
include complaint allegations, information gathered during the
complaint investigation, findings and results of the investigation, and
correspondence relating to the investigation, as well as status
information for all complaints. This component of PIMS is exempt from
the notification, access, correction and amendment provisions of the
Privacy Act (see below: Systems Exempted From Certain Provisions of the
Act). Equivalent types of information are maintained for reviews and
correspondence activities--namely information gathered, findings,
results, correspondence and status.
Authority for Maintenance of the System:
Title VI of the 1964 Civil Rights Act; Sections 533, 542, 794, 855,
1947 and 1908 of the Public Health Service Act; Sections 504 and 508 of
the Rehabilitation Act of 1973: Title II of the Americans with
Disabilities Act of 1990; the Age Discrimination Act of 1975; the Equal
Employment Opportunity Provisions of the Public Telecommunications
Financing Act of 1978; Title VI and Title XVI of the Public Health
Service Act (the ``community services obligation'' of facilities funded
under the Act); Title IX of the 1972 Education Amendments; Section 407
of the Drug Abuse Office and Treatment Act; Section 321 of the
Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and
Rehabilitation Act of 1970; Section 508 of the Social Security Act, the
Family Violence Prevention and Services Act; Low-Income Home Energy
Assistance Act of 1981; Section 1808 of the Small Business Job
Protection Act of 1996; the Health Insurance Portability and
Accountability Act of 1996; and the Patient Safety and Quality
Improvement Act of 2005 (Patient Safety Act).
Purpose(s) of the System:
PIMS is used by OCR staff and consists of an electronic repository
of information and documents, and supplementary paper document files.
PIMS effectively combines and replaces OCR's two previous systems of
records, the ``Case Information Management System (CIMS), HHS/OS/OCR,
09-90-0050,'' and the ``Complaint File and Log, HHS/OS/OCR 09-00-
0051,'' into a single integrated system with enhanced
[[Page 8736]]
electronic storage, retrieval and tracking capacities. While the types
of information collected and stored in PIMS is the same as the
information collected in CIMS and the Complaint File and Log, PIMS
allows OCR to manage more effectively the information that it does
collect. The system is designed to allow OCR to integrate all of OCR's
various business processes, including all its compliance activities, to
allow for real time access and results reporting and other varied
information management needs. PIMS provides: (1) A single, central,
electronic, repository of all significant OCR documents and
information, including investigative files, correspondence,
administrative records, policy and procedure manuals and other
documents and information developed or maintained by OCR; (2) easy,
robust capability to search all the information in OCR's repository;
(3) better quality control at the front end with simplified data entry
and stronger data validation; (4) tools to help staff work on and
manage their casework, and (5) supplementary paper document files. The
system has the capacity to generate reports concerning the status of
all current and closed complaints, reviews and correspondence, and
allows OCR to track outreach, training and other activities and to
locate and retrieve information in order to manage more efficiently its
work and report results. In addition, PIMS allows for the tracking of
work assignments to employees to facilitate workload balancing, timely
response to complaints and completion of reviews, and outreach and
public education initiatives focused on organizations and individuals.
Routine Uses of Records Maintained in the System, Including Categories
or Users and the Purposes of Such Uses:
The Privacy Act allows us to disclose information without an
individual's consent if the information is to be used for a purpose
that is compatible with the purpose(s) for which the information was
collected. Any such compatible use of data is known as a ``routine
use.'' The routine uses in this system meet the compatibility
requirement of the Privacy Act. We are establishing the following
routine use disclosures of information maintained in the system:
I. The first routine use for this system, permitting disclosure to
a congressional office, allows subject individuals to obtain assistance
from their representatives in Congress, should they so desire. Such
disclosure would be made only pursuant to the request of the
individual.
II. The second routine use allows disclosure to the Department of
Justice or a court in the event of litigation.
III. The third routine use allows referral to the appropriate
agency, in the event that a System of Records maintained by this agency
to carry out its functions indicates a violation or potential violation
of law.
IV. The fourth routine use allows disclosure of records to
contractors for the purpose of processing or refining records in the
system.
V. The fifth routine use allows records to be disclosed to student
volunteers, individuals working under a personal services contract, and
other individuals performing functions for the Department but
technically not having the status of agency employees, if they need
access to the records in order to perform their assigned agency
functions.
VI. The sixth routine use allows referrals of Age Discrimination
Act Complaints to the Federal Mediation and Conciliation Service (FMCS)
for purposes of mediation.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated records are maintained on magnetic disc and tape back-up.
Paper records are kept in file folders.
Retrievability:
Records are indexed by transaction number, but may be retrieved by
name, street address, and other complainant or covered entity
characteristic (such as type of entity, city, state and type of service
provided) by OCR staff engaged in compliance activities.
Safeguards:
The PIMS system conforms to applicable law and policy governing the
privacy and security of Federal automated information systems. These
include but are not limited to: the Privacy Act of 1974, Computer
Security Act of 1987, the Paperwork Reduction Act of 1995, the Clinger-
Cohen Act of 1996, and OMB Circular A-130, Appendix, III, ``Security of
Federal Automated Information Resources.'' OCR has prepared a system
security plan as required by OMB Circular A-130, Appendix III. This
plan conforms fully to guidance issued by the National Institute for
Standards and Technology (NIST) in NIST Special Publication 800-18,
``Guide for Developing Security Plans for Information Technology
Systems.'' The plan includes conduct of a risk assessment that
addresses the confidentiality and integrity of the data.
Only authorized users have access to the information in the system.
Categories of users include: OCR investigators, regional and
headquarters managers, team leaders, OCR budget and Government
Performance and Results Act planning staff, program and policy staff,
and data analysts. Specific access is structured around need and is
determined by the person's role in the organization. Access is managed
through the use of electronic access control lists, which regulate the
ability to read, change and delete information in the system. Each OCR
user has read access to designated information in the system, with the
ability to modify only their own submissions or those of others within
their region or group. Data identified as confidential is so designated
and only specified individuals are granted access. The system maintains
an audit trail of all actions against the data base.
All electronic data is stored on servers maintained in locked
facilities with computerized access control allowing access to only
those support personnel with a demonstrated need for access. A database
is kept of all individuals granted security card access to the room,
and all visitors are escorted while in the room. The server facility
has appropriate environmental security controls, including measures to
mitigate damage to automated information system resources caused by
fire, electricity, water and inadequate climate controls.
Access control to servers, individual computers and databases
includes a required user log-on with a password, inactivity lockout to
systems based on a specified period of time, legal notices and security
warnings at log-on, and remote access security that allows user access
for remote users (e.g., while on government travel) under the same
terms and conditions as for users within the office. System
administrators have appropriate security clearance.
Printed materials are filed in secure cabinets in secure Federal
buildings with access based on need as described above for the
automated component of the PIMS system.
Retention And Disposal:
Documents related to complaints and reviews are retained at OCR for
two years from the date the complaint is closed and then are archived
at the National Archives and Records Administration for 15 years.
Correspondence is retained for one year following the end of the fiscal
year in which processed.
System Manager and Address:
PIMS Project Manager, Resource Management Division, Office for
Civil
[[Page 8737]]
Rights, 200 Independence Ave. SW., Room 509F, Washington, DC 20201.
Notification Procedure:
Contact System Manager (above). Include name and address of
complainant, and name of the recipient against which the allegation was
filed. The Department is exempting all investigative records from this
provision (see below: Records Exempted).
Record Access Procedure:
Same as notification procedures. Requesters should also reasonably
specify the record contents being sought. Requests should be made to
the system manager (above). The Department is exempting all
investigative records from this provision (see below: Records
Exempted).
Contesting Record Procedure:
Contact the official(s) at the address specified under System
Manager, and reasonably identify the record and specify the information
to be contested and corrective action sought with supporting
justification. (These procedures are in accordance with Department
Regulations (45 CFR 5b.7) Federal Register, October 8, 1975, page
47411.) The Department is exempting all investigative records from this
provision (see below: Records Exempted).
Record Source Categories:
Information is provided by complainants and covered entities.
System Records Exempted From Certain Provisions Of The Act:
OCR investigative records maintained in PIMS, either as paper
records or electronic documents are records compiled for law
enforcement purposes are exempt under subsection (k)(2) from the
notification, access, correction and amendment provisions of the
Privacy Act.
Appendix Number 1--System Locations:
This system is located at HHS offices in the following cities.
Headquarters, PIMS Project Manager, Resource Management Division,
Office for Civil Rights, 200 Independence Ave., SW., Room 509F,
Washington, DC 20201.
Region I, Regional Manager, OCR/HHS, J.F. Kennedy Federal Building--
Room 1875 Boston, Massachusetts 02203.
Region II, Regional Manager, OCR/HHS, 26 Federal Plaza--Suite 3312, New
York, NY 10278.
Region III, Regional Manager, OCR/HHS, 150 S. Independence Mall West,
Suite 372, Public Ledger Building, Philadelphia, PA 19106.
Region IV, Regional Manager, OCR/HHS, Atlanta Federal Center, Suite
3B70, 61 Forsyth Street, SW., Atlanta, GA 30303.
Region V, Regional Manager, OCR/HHS, 233 N. Michigan Ave, Suite 240,
Chicago, IL 60601.
Region VI, Regional Manager, OCR/HHS, 1301 Young Street, Suite 1169,
Dallas, TX 75202.
Region VII, Regional Manager, OCR/HHS, 601 E. 12th Street--Room 248,
Kansas City, MO 64106.
Region VIII, Regional Manager, OCR/HHS, Federal Office Building, 1961
Stout Street--Room 1185, Denver, CO 80294.
Region IX, Regional Manager, OCR/HHS, 50 United Nations Plaza--Room
322, San Francisco, CA 94102.
Region X, Regional Manager, OCR/HHS, 2201 Sixth Avenue--Suite 900,
Seattle, WA 98121.
[FR Doc. E7-3283 Filed 2-26-07; 8:45 am]
BILLING CODE 4153-01-P
