Privacy Act of 1974: New System of Records, 23313-23315 [2013-09133]

Download as PDF Federal Register / Vol. 78, No. 75 / Thursday, April 18, 2013 / Notices 23313 NRC CASCADES AUTHORIZATION LETTERS—Continued Authorization letters Cascade Cascade Cascade Cascade Cascade Cascade Cascade numbered numbered numbered numbered numbered numbered numbered 3.3 3.4 3.5 3.6 3.7 3.8 3.9 Date ............................................................................................. ............................................................................................. ............................................................................................. ............................................................................................. ............................................................................................. ............................................................................................. ............................................................................................. October 31, 2012 .................................... October 31, 2012 .................................... November 21, 2012 ................................. December 20, 2012 ................................. January 14, 2013 .................................... February 13, 2013 ................................... March 14, 2013 ....................................... ADAMS accession No. ML12306A048 ML12306A048 ML12326A563 ML12355A171 ML13015A042 ML13044A527 ML13074A068 NRC AUTHORIZATION LETTERS RELATED TO THE CYLINDER RECEIPT AND DISPATCH BUILDING Authorization letters Date CRDB Chemistry Laboratory ..................................................................................... CRDB Phase 2a ........................................................................................................ January 16, 2013 .................................... January 30, 2013 .................................... If you do not have access to ADAMS or if there are problems in accessing the documents located in ADAMS, contact the NRC Public Document Room (PDR) Reference staff at 1–800–397–4209, 301– 415–4737 or by email to pdr.resource@nrc.gov. These documents may also be viewed electronically on the public computers located at the NRC’s PDR, O 1 F21, One White Flint North, 11555 Rockville Pike Rockville, MD 20852. The PDR reproduction contractor will copy documents for a fee. Dated at Rockville, Maryland this 11th day of April. For the Nuclear Regulatory Commission. Brian W. Smith, Chief, Uranium Enrichment Branch, Division of Fuel Cycle Safety, and Safeguards Office of Nuclear Material Safety, and Safeguards. [FR Doc. 2013–09127 Filed 4–17–13; 8:45 am] BILLING CODE 7590–01–P OFFICE OF PERSONNEL MANAGEMENT Privacy Act of 1974: New System of Records U.S. Office of Personnel Management (OPM). ACTION: Notice of amendment to system of records. AGENCY: OPM has amended an existing system of records subject to the Privacy Act of 1974 (5 U.S.C. 552a) to reflect the fact that the Office of Planning and Policy Analysis (PPA) is receiving Federal Employees Health Benefits Program (FEHBP) Health Claims data directly from some FEHBP carriers, and processing and analyzing this data within OPM. PPA is developing the alternative data intake process to sroberts on DSK5SPTVN1PROD with NOTICES SUMMARY: VerDate Mar<15>2010 18:54 Apr 17, 2013 Jkt 229001 acquire data from plans and/or carriers that are outside of the scope of existing OPM systems. DATES: This action will be effective without further notice on May 20, 2013 unless comments are received that would result in a contrary determination. Send written comments by mail to the Office of Personnel Management, ATTN: Dennis Hardy, PMP, HCDW Project Manager, U. S. Office of Personnel Management, 1900 E Street NW., Room 2340A, Washington, DC 20415, or by email to dennis.hardy@opm.gov. ADDRESSES: FOR FURTHER INFORMATION CONTACT: Dennis Hardy, PMP, HCDW Project Manager, 202–606–4281. SUPPLEMENTARY INFORMATION: The Office of Planning and Policy Analysis, in cooperation with the OPM/Chief Information Officer (CIO), is implementing an alternate data intake and transformation infrastructure within the OPM environment to allow OPM to develop, process, and analyze this additional data in an expeditious manner. This alternate infrastructure, which is a scaled down version of the Health Claims Data Warehouse (HCDW) system, also provides a ‘‘hot site’’ disaster recovery capability should the primary environment be unavailable for data processing and/or analysis. This alternate infrastructure is easily scalable to support the demands of OPM. In addition to building the alternative data intake process, PPA will continue to receive carrier information from OPM’s Office of Inspector General (OIG). The carrier data will be transmitted securely from the physically secured servers managed by OIG to the secure data intake infrastructure managed by OPM’s OCIO. In total, PPA will be receiving PO 00000 Frm 00110 Fmt 4703 Sfmt 4703 ADAMS accession No. ML13016A011 ML13030A327 data from nine plans and/or carriers. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the Agency (5 U.S.C. 552a(e)(4)). OPM first published a system of records notice pertaining to the Health Claims Data Warehouse on October 5, 2010, with the comment period closing November 15, 2010. On November 15, 2010, OPM extended the comment period to December 15, 2010, and indicated its intent to modify certain aspects of the system of records notice. On December 15, 2010, OPM published a notice closing the comment period. Based on the comments received during the comment period, OPM issued a revised notice that, among other things, limited the scope of the system to information pertaining to FEHBP, significantly narrowed the circumstances under which routine use disclosures will be made from the system, clarified that only de-identified data will be released outside of OPM, provided greater detail regarding OPM authorities for maintaining the system, and further described systems security measures that will be taken to protect the records. The purpose of this system of records is to provide a central database from which OPM may analyze costs and utilization of services associated with FEHBP to ensure the best value for both enrollees and taxpayers. OPM collects, manages, and analyzes health services data that health insurers and administrators provide through secure data transfer for the program. OPM’s analysis of the data includes the cost of care, utilization of services, and quality of care for specific population groups, geographic areas, health plans, health care providers, disease conditions, and E:\FR\FM\18APN1.SGM 18APN1 23314 Federal Register / Vol. 78, No. 75 / Thursday, April 18, 2013 / Notices other relevant categories. The information contained in the database assists in improving the effectiveness and efficiency of care delivered by health care providers to the enrollees by facilitating robust contract negotiations, health plan accountability, performance management, and program evaluation. OPM uses identifiable data to create person-level longitudinal records, which are long-term health records that allow us to examine individual health information over time. Access to personally identifiable information is highly restricted to personnel needed to create person-level longitudinal records and to select OPM analysts using the database for analytical purposes. Office of Personnel Management. John Berry, Director. OPM CENTRAL—15 SYSTEM NAME: Health Claims Data Warehouse (HCDW). SYSTEM LOCATION: Office of Personnel Management, 1900 E Street NW., Washington, DC 20415. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: This system contains records on the Federal Employees Health Benefits Program (FEHBP). The FEHBP includes Federal employees, Postal employees, uniformed service members, retirees, and their family members who voluntarily participate in the Program. sroberts on DSK5SPTVN1PROD with NOTICES CATEGORIES OF RECORDS IN THE SYSTEM: The records in the system may contain the following types of information on participating enrollees and covered dependents: a. Name, social security number, date of birth, gender. b. Home address. c. Covered dependent information (spouse, dependents)—name, social security number, date of birth, gender. d. Enrollee’s employing agency. e. Name of health care provider. f. Health care provider address. g. Health care provider taxpayer identification number (TIN) or carrier identifier. h. Health care coverage information regarding benefit coverage for the plan in which the person is enrolled. i. Health care procedures performed on the individual in the form of ICD, CPT and other appropriate codes. j. Health care diagnoses in the form of ICD codes, and treatments, including prescribed drugs, derived from clinical medical records. VerDate Mar<15>2010 18:54 Apr 17, 2013 Jkt 229001 k. Provider charges, amounts paid by the plan and amounts paid by the enrollee for the above coverage, procedures, and diagnoses. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Authority for requiring FEHBP carriers to allow OPM access to records and for requiring reports, as well as authority for OPM’s maintenance of FEHBP health claims information, is provided by 5 U.S.C. 8901, et seq. In particular, section 8910 states, in relevant part: ‘‘(a) The Office of Personnel Management shall make a continuing study of the operation and administration of this chapter, including surveys and reports on health benefit plans available to employees and on the experience of the plans. (b) Each contract entered into under section 8902 of this title shall contain provisions requiring carriers to—(1) furnish such reasonable reports as the Office determines to be necessary to enable it to carry out its functions under this chapter; and (2) permit the Office and representatives of the Government Accountability Office to examine records of the carriers as may be necessary to carry out the purposes of this chapter.’’ As explained in greater detail in the ‘‘Purpose’’ section below, OPM uses the information collected in this system to assist in its administration of, and in carrying out its functions under 5 U.S.C. chapter 89. PURPOSE: The primary purpose of this system of records is to provide a central database from which OPM may analyze the FEHBP to support the management of the program to ensure the best value for the enrollees and taxpayers. OPM collects, manages, and analyzes health services data provided by health insurers and administrators through secure data transfer. OPM analyzes the data in order to evaluate the cost of care, utilization of services, and quality of care for specific population groups, geographic areas, health plans, health care providers, disease conditions, and other relevant categories. Information contained in the database assists in improving the effectiveness and efficiency of care delivered by health care providers to the enrollees by facilitating robust contract negotiations, health plan accountability, performance management, and program evaluation. OPM uses identifiable data to create person-level longitudinal records. Access to PII is restricted to personnel needed to create person-level longitudinal records and to select OPM analysts using the database for the analytical purposes described in this PO 00000 Frm 00111 Fmt 4703 Sfmt 4703 notice. Only de-identified data will be released by OPM externally for all other research and analysis purposes. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: 1. To disclose FEHBP data to analysts inside and outside the Federal Government for the purpose of conducting analysis of health care and health insurance trends and topical health-related issues compatible with the purposes for which the records were collected and formulating health care program changes and enhancements to limit cost growth, improve outcomes, increase accountability, and improve efficiency in program administration. In all disclosures to analysts external to OPM under this routine use, only deidentified data will be disclosed. A public use file that will be maintained will only contain de-identified data and will be structured, where appropriate, to protect enrollee confidentiality where identities may be discerned because there are fewer records under certain demographic or other variables. POLICIES AND PRACTICES OF STORING, RETRIEVING, SAFEGUARDING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: These records are maintained in electronic systems. RETRIEVABILITY: These records are retrieved by a unique identifier that will be based on identifying information (primarily name and social security number) of the individual. SAFEGUARDS: The Health Claims Data Warehouse (HCDW), to include the new alternate data intake and transformation infrastructure, is operated within the OPM environment. All employees who have a need to access the information are required to have an appropriate background investigation consistent with the risk and sensitivity designation of that position. The investigation must be favorably adjudicated before they are allowed physical access to OPM and access to the HCDW system. Employees of contractors are required to have an appropriate background investigation consistent with the credentialing policy of the agency and/or the terms of the underlying contract. Again, the investigation must be favorably adjudicated before they are allowed physical access to OPM and access to the HCDW system. The OPM environment is equipped with electronic badge readers restricting E:\FR\FM\18APN1.SGM 18APN1 Federal Register / Vol. 78, No. 75 / Thursday, April 18, 2013 / Notices access to authorized personnel only and has safeguards in place to alert security personnel if unauthorized personnel attempt to gain access to OPM’s environment. OPM employs armed physical security guards 365 days a year, 24 hours a day that patrol OPM headquarters, to include entry and exit points. Computer firewalls are maintained to prevent access by unauthorized personnel. The HCDW employs National Institute of Standards and Technology (NIST) Physical and Environmental Security Controls identified in Special Publication SP 800–53 revision 3. The HCDW will perform a Security Assessment and Authorization (SA&A) following the NIST 800–53 rev 3 standard in order to obtain an Authority to Operate (ATO). Users within the Office of Planning and Policy Analysis (PPA) use the system to perform cost and quality analysis for health care plans. Two sub-groups of PPA users have been identified in the system, those who are permitted to view PII and those who are not. HCDW employs role based access controls (RBAC) to further restrict access to data contained within HCDW based on users’ roles. The data warehouse is fully compliant with all applicable provisions of the Privacy Act, Health Insurance Portability and Accountability Act (HIPAA) as an oversight agency, Federal Information Security Management Act (FISMA), Records Act and National Institute of Standards and Technology (NIST) guidance. RETENTION AND DISPOSAL: The records in this system are retained for 7 years. Computer records will be destroyed by electronic erasure. The system has been approved by NARA to maintain a 7-year record retention. SYSTEM MANAGERS AND ADDRESSES: The system manager is Dennis Hardy, PMP, HCDW Project Manager, U. S. Office of Personnel Management, 1900 E Street NW., Room 2340A, Washington, DC 20415, 202–606–4281. sroberts on DSK5SPTVN1PROD with NOTICES NOTIFICATION AND RECORD ACCESS PROCEDURE: Individuals wishing to determine whether this system of records contains information about them may do so by writing to the U.S. Office of Personnel Management, FOIA/PA Requester Service Center, 1900 E Street NW., Room 5415, Washington, DC 20415– 7900 or by emailing foia@opm.gov. Individuals must furnish the following information for their records to be located: 1. Full name. 2. Date and place of birth. VerDate Mar<15>2010 18:54 Apr 17, 2013 Jkt 229001 3. Social security number. 4. Signature. 5. Available information regarding the type of information requested. 6. The reason why the individual believes this system contains information about him/her. 7. The address to which the information should be sent. Individuals requesting access must also comply with OPM’s Privacy Act regulations regarding verification of identity and access to records (5 CFR 297). CONTESTING RECORD PROCEDURE: Individuals wishing to request amendment of records about them should write to the Office of Personnel Management, FOIA/PA Requester Service Center, 1900 E Street NW., Room 5415, Washington, DC 20415– 7900. ATTN: Planning and Policy Analysis. Individuals must furnish the following information in writing for their records to be located: 1. Full name. 2. Date and place of birth. 3. Social Security Number. 4. City, state, and zip code of their Federal Agency. 5. Signature. 6. Precise identification of the information to be amended. Individuals requesting amendment must also follow OPM’s Privacy Act regulations regarding verification of identity and amendment to records (5 CFR 297). RECORD SOURCE CATEGORIES: OPM, which has the authority to obtain this information from health care insurers and administrators contracted by OPM to manage the FEHBP, will obtain the FEHBP records from health care insurers and administrators. OPM’s OIG also maintains the FEHBP records in a separate system of records under its own authorities. SYSTEM EXEMPTIONS: None. [FR Doc. 2013–09133 Filed 4–17–13; 8:45 am] BILLING CODE 6325–63–P SECURITIES AND EXCHANGE COMMISSION Proposed Collection; Comment Request Upon Written Request, Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy, Washington, DC 20549–0213. PO 00000 Frm 00112 Fmt 4703 Sfmt 4703 23315 Extension: Rule 15c3–1; SEC File No. 270–197, OMB Control No. 3235– 0200. Notice is hereby given that pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) (‘‘PRA’’), the Securities and Exchange Commission (‘‘Commission’’) is soliciting comments on the existing collection of information provided for in Rule 15c3–1 (17 CFR 240.15c3–1), under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.). The Commission plans to submit this existing collection of information to the Office of Management and Budget (‘‘OMB’’) for extension and approval. Rule 15c3–1 requires brokers-dealers to have at all times sufficient liquid assets to meet their current liabilities, particularly the claims of customers. The rule facilitates the monitoring of the financial condition of broker-dealers by the Commission and the various selfregulatory organizations. It is estimated that broker-dealer respondents registered with the Commission and subject to the collection of information requirements of Rule 15c3–1 incur an aggregate annual time burden of 71,818 hours to comply with this rule and an aggregate annual external cost of $160,000. Written comments are invited on: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information shall have practical utility; (b) the accuracy of the Commission’s estimates of the burden of the proposed collection of information; (c) ways to enhance the quality, utility, and clarity of the information collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology. Consideration will be given to comments and suggestions submitted in writing within 60 days of this publication. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Please direct your written comments to: Thomas Bayer, Director/Chief Information Officer, Securities and Exchange Commission, c/o Remi PavlikSimon, 6432 General Green Way, Alexandria, Virginia 22312 or send an email to: PRA_Mailbox@sec.gov. E:\FR\FM\18APN1.SGM 18APN1

Agencies

Office of Personnel Management

[Federal Register Volume 78, Number 75 (Thursday, April 18, 2013)]
[Notices]
[Pages 23313-23315]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-09133]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF PERSONNEL MANAGEMENT


Privacy Act of 1974: New System of Records

AGENCY: U.S. Office of Personnel Management (OPM).

ACTION: Notice of amendment to system of records.

-----------------------------------------------------------------------

SUMMARY: OPM has amended an existing system of records subject to the 
Privacy Act of 1974 (5 U.S.C. 552a) to reflect the fact that the Office 
of Planning and Policy Analysis (PPA) is receiving Federal Employees 
Health Benefits Program (FEHBP) Health Claims data directly from some 
FEHBP carriers, and processing and analyzing this data within OPM. PPA 
is developing the alternative data intake process to acquire data from 
plans and/or carriers that are outside of the scope of existing OPM 
systems.

DATES: This action will be effective without further notice on May 20, 
2013 unless comments are received that would result in a contrary 
determination.

ADDRESSES: Send written comments by mail to the Office of Personnel 
Management, ATTN: Dennis Hardy, PMP, HCDW Project Manager, U. S. Office 
of Personnel Management, 1900 E Street NW., Room 2340A, Washington, DC 
20415, or by email to dennis.hardy@opm.gov.

FOR FURTHER INFORMATION CONTACT: Dennis Hardy, PMP, HCDW Project 
Manager, 202-606-4281.

SUPPLEMENTARY INFORMATION: The Office of Planning and Policy Analysis, 
in cooperation with the OPM/Chief Information Officer (CIO), is 
implementing an alternate data intake and transformation infrastructure 
within the OPM environment to allow OPM to develop, process, and 
analyze this additional data in an expeditious manner. This alternate 
infrastructure, which is a scaled down version of the Health Claims 
Data Warehouse (HCDW) system, also provides a ``hot site'' disaster 
recovery capability should the primary environment be unavailable for 
data processing and/or analysis. This alternate infrastructure is 
easily scalable to support the demands of OPM. In addition to building 
the alternative data intake process, PPA will continue to receive 
carrier information from OPM's Office of Inspector General (OIG). The 
carrier data will be transmitted securely from the physically secured 
servers managed by OIG to the secure data intake infrastructure managed 
by OPM's OCIO. In total, PPA will be receiving data from nine plans 
and/or carriers. This action is necessary to meet the requirements of 
the Privacy Act to publish in the Federal Register notice of the 
existence and character of records maintained by the Agency (5 U.S.C. 
552a(e)(4)). OPM first published a system of records notice pertaining 
to the Health Claims Data Warehouse on October 5, 2010, with the 
comment period closing November 15, 2010. On November 15, 2010, OPM 
extended the comment period to December 15, 2010, and indicated its 
intent to modify certain aspects of the system of records notice. On 
December 15, 2010, OPM published a notice closing the comment period. 
Based on the comments received during the comment period, OPM issued a 
revised notice that, among other things, limited the scope of the 
system to information pertaining to FEHBP, significantly narrowed the 
circumstances under which routine use disclosures will be made from the 
system, clarified that only de-identified data will be released outside 
of OPM, provided greater detail regarding OPM authorities for 
maintaining the system, and further described systems security measures 
that will be taken to protect the records.
    The purpose of this system of records is to provide a central 
database from which OPM may analyze costs and utilization of services 
associated with FEHBP to ensure the best value for both enrollees and 
taxpayers. OPM collects, manages, and analyzes health services data 
that health insurers and administrators provide through secure data 
transfer for the program. OPM's analysis of the data includes the cost 
of care, utilization of services, and quality of care for specific 
population groups, geographic areas, health plans, health care 
providers, disease conditions, and

[[Page 23314]]

other relevant categories. The information contained in the database 
assists in improving the effectiveness and efficiency of care delivered 
by health care providers to the enrollees by facilitating robust 
contract negotiations, health plan accountability, performance 
management, and program evaluation. OPM uses identifiable data to 
create person-level longitudinal records, which are long-term health 
records that allow us to examine individual health information over 
time. Access to personally identifiable information is highly 
restricted to personnel needed to create person-level longitudinal 
records and to select OPM analysts using the database for analytical 
purposes.

Office of Personnel Management.
John Berry,
Director.
OPM CENTRAL--15

SYSTEM NAME:
    Health Claims Data Warehouse (HCDW).

SYSTEM LOCATION:
    Office of Personnel Management, 1900 E Street NW., Washington, DC 
20415.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains records on the Federal Employees Health 
Benefits Program (FEHBP). The FEHBP includes Federal employees, Postal 
employees, uniformed service members, retirees, and their family 
members who voluntarily participate in the Program.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records in the system may contain the following types of 
information on participating enrollees and covered dependents:
    a. Name, social security number, date of birth, gender.
    b. Home address.
    c. Covered dependent information (spouse, dependents)--name, social 
security number, date of birth, gender.
    d. Enrollee's employing agency.
    e. Name of health care provider.
    f. Health care provider address.
    g. Health care provider taxpayer identification number (TIN) or 
carrier identifier.
    h. Health care coverage information regarding benefit coverage for 
the plan in which the person is enrolled.
    i. Health care procedures performed on the individual in the form 
of ICD, CPT and other appropriate codes.
    j. Health care diagnoses in the form of ICD codes, and treatments, 
including prescribed drugs, derived from clinical medical records.
    k. Provider charges, amounts paid by the plan and amounts paid by 
the enrollee for the above coverage, procedures, and diagnoses.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Authority for requiring FEHBP carriers to allow OPM access to 
records and for requiring reports, as well as authority for OPM's 
maintenance of FEHBP health claims information, is provided by 5 U.S.C. 
8901, et seq. In particular, section 8910 states, in relevant part: 
``(a) The Office of Personnel Management shall make a continuing study 
of the operation and administration of this chapter, including surveys 
and reports on health benefit plans available to employees and on the 
experience of the plans. (b) Each contract entered into under section 
8902 of this title shall contain provisions requiring carriers to--(1) 
furnish such reasonable reports as the Office determines to be 
necessary to enable it to carry out its functions under this chapter; 
and (2) permit the Office and representatives of the Government 
Accountability Office to examine records of the carriers as may be 
necessary to carry out the purposes of this chapter.'' As explained in 
greater detail in the ``Purpose'' section below, OPM uses the 
information collected in this system to assist in its administration 
of, and in carrying out its functions under 5 U.S.C. chapter 89.

PURPOSE:
    The primary purpose of this system of records is to provide a 
central database from which OPM may analyze the FEHBP to support the 
management of the program to ensure the best value for the enrollees 
and taxpayers. OPM collects, manages, and analyzes health services data 
provided by health insurers and administrators through secure data 
transfer. OPM analyzes the data in order to evaluate the cost of care, 
utilization of services, and quality of care for specific population 
groups, geographic areas, health plans, health care providers, disease 
conditions, and other relevant categories. Information contained in the 
database assists in improving the effectiveness and efficiency of care 
delivered by health care providers to the enrollees by facilitating 
robust contract negotiations, health plan accountability, performance 
management, and program evaluation. OPM uses identifiable data to 
create person-level longitudinal records. Access to PII is restricted 
to personnel needed to create person-level longitudinal records and to 
select OPM analysts using the database for the analytical purposes 
described in this notice. Only de-identified data will be released by 
OPM externally for all other research and analysis purposes.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. To disclose FEHBP data to analysts inside and outside the 
Federal Government for the purpose of conducting analysis of health 
care and health insurance trends and topical health-related issues 
compatible with the purposes for which the records were collected and 
formulating health care program changes and enhancements to limit cost 
growth, improve outcomes, increase accountability, and improve 
efficiency in program administration. In all disclosures to analysts 
external to OPM under this routine use, only de-identified data will be 
disclosed. A public use file that will be maintained will only contain 
de-identified data and will be structured, where appropriate, to 
protect enrollee confidentiality where identities may be discerned 
because there are fewer records under certain demographic or other 
variables.

POLICIES AND PRACTICES OF STORING, RETRIEVING, SAFEGUARDING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    These records are maintained in electronic systems.

RETRIEVABILITY:
    These records are retrieved by a unique identifier that will be 
based on identifying information (primarily name and social security 
number) of the individual.

SAFEGUARDS:
    The Health Claims Data Warehouse (HCDW), to include the new 
alternate data intake and transformation infrastructure, is operated 
within the OPM environment. All employees who have a need to access the 
information are required to have an appropriate background 
investigation consistent with the risk and sensitivity designation of 
that position. The investigation must be favorably adjudicated before 
they are allowed physical access to OPM and access to the HCDW system. 
Employees of contractors are required to have an appropriate background 
investigation consistent with the credentialing policy of the agency 
and/or the terms of the underlying contract. Again, the investigation 
must be favorably adjudicated before they are allowed physical access 
to OPM and access to the HCDW system. The OPM environment is equipped 
with electronic badge readers restricting

[[Page 23315]]

access to authorized personnel only and has safeguards in place to 
alert security personnel if unauthorized personnel attempt to gain 
access to OPM's environment. OPM employs armed physical security guards 
365 days a year, 24 hours a day that patrol OPM headquarters, to 
include entry and exit points. Computer firewalls are maintained to 
prevent access by unauthorized personnel. The HCDW employs National 
Institute of Standards and Technology (NIST) Physical and Environmental 
Security Controls identified in Special Publication SP 800-53 revision 
3. The HCDW will perform a Security Assessment and Authorization (SA&A) 
following the NIST 800-53 rev 3 standard in order to obtain an 
Authority to Operate (ATO). Users within the Office of Planning and 
Policy Analysis (PPA) use the system to perform cost and quality 
analysis for health care plans. Two sub-groups of PPA users have been 
identified in the system, those who are permitted to view PII and those 
who are not. HCDW employs role based access controls (RBAC) to further 
restrict access to data contained within HCDW based on users' roles. 
The data warehouse is fully compliant with all applicable provisions of 
the Privacy Act, Health Insurance Portability and Accountability Act 
(HIPAA) as an oversight agency, Federal Information Security Management 
Act (FISMA), Records Act and National Institute of Standards and 
Technology (NIST) guidance.

RETENTION AND DISPOSAL:
    The records in this system are retained for 7 years. Computer 
records will be destroyed by electronic erasure. The system has been 
approved by NARA to maintain a 7-year record retention.

SYSTEM MANAGERS AND ADDRESSES:
    The system manager is Dennis Hardy, PMP, HCDW Project Manager, U. 
S. Office of Personnel Management, 1900 E Street NW., Room 2340A, 
Washington, DC 20415, 202-606-4281.

NOTIFICATION AND RECORD ACCESS PROCEDURE:
    Individuals wishing to determine whether this system of records 
contains information about them may do so by writing to the U.S. Office 
of Personnel Management, FOIA/PA Requester Service Center, 1900 E 
Street NW., Room 5415, Washington, DC 20415-7900 or by emailing 
foia@opm.gov. Individuals must furnish the following information for 
their records to be located:
    1. Full name.
    2. Date and place of birth.
    3. Social security number.
    4. Signature.
    5. Available information regarding the type of information 
requested.
    6. The reason why the individual believes this system contains 
information about him/her.
    7. The address to which the information should be sent.
    Individuals requesting access must also comply with OPM's Privacy 
Act regulations regarding verification of identity and access to 
records (5 CFR 297).

CONTESTING RECORD PROCEDURE:
    Individuals wishing to request amendment of records about them 
should write to the Office of Personnel Management, FOIA/PA Requester 
Service Center, 1900 E Street NW., Room 5415, Washington, DC 20415-
7900. ATTN: Planning and Policy Analysis.
    Individuals must furnish the following information in writing for 
their records to be located:
    1. Full name.
    2. Date and place of birth.
    3. Social Security Number.
    4. City, state, and zip code of their Federal Agency.
    5. Signature.
    6. Precise identification of the information to be amended.
    Individuals requesting amendment must also follow OPM's Privacy Act 
regulations regarding verification of identity and amendment to records 
(5 CFR 297).

RECORD SOURCE CATEGORIES:
    OPM, which has the authority to obtain this information from health 
care insurers and administrators contracted by OPM to manage the FEHBP, 
will obtain the FEHBP records from health care insurers and 
administrators. OPM's OIG also maintains the FEHBP records in a 
separate system of records under its own authorities.

SYSTEM EXEMPTIONS:
    None.

[FR Doc. 2013-09133 Filed 4-17-13; 8:45 am]
BILLING CODE 6325-63-P

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.