Privacy Act of 1974; System of Records Notice, 78959-78962 [2013-31118]
Download as PDF
<![CDATA[
78959
Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices
in Medicaid, through the establishment
of the MFCUs. This law amended
section 1903 of the Social Security Act
to establish operating requirements for
MFCUs and provide FFP to State
governments for the cost of establishing
MFCUs, training State personnel, and
keeping the MFCUs operational.
Under section 1903(q)(7), each MFCU
must annually submit to the Secretary of
Health and Human Services (Secretary)
an application and annual report
containing information that the
Secretary determines is necessary to
certify the MFCU as meeting the
requirements for FFP. FFP is available
only for activities directly related to the
investigation and prosecution of health
care providers suspected of committing
Medicaid fraud. The MFCUs also review
complaints of alleged abuse or neglect of
patients and the misuse of patients’
personal funds in health care facilities.
OIG reviews the information collected
to ensure that Federal matching funds
are expended by MFCUs only for
allowable costs. In addition, OIG
analyzes each MFCU’s submission to
determine whether there is a need for
OIG technical assistance and to
establish priorities for onsite reviews to
further monitor program activities.
Likely Respondents: 50.
Burden Statement: Burden in this
context means the time expended by
persons to generate, maintain, retain,
disclose or provide the information
requested. This includes the time
needed to review instructions, to
develop, acquire, install and utilize
technology and systems for the purpose
of collecting, validating and verifying
information, processing and
maintaining information, and disclosing
and providing information, to train
personnel and to be able to respond to
a collection of information, to search
data sources, to complete and review
the collection of information, and to
transmit or otherwise disclose the
information. The total annual burden
hours estimated for this ICR are
summarized in the table below.
TOTAL ESTIMATED ANNUALIZED BURDEN—HOURS
Number of
respondents
Number of
responses
per
respondent
Average
burden per
response
(in hours)
Total
burden
hours
Respondent
Form
MFCU ................................................
MFCU, estimating a ‘‘medium’’ 1
level of State participation in data
mining activities.
MFCU ................................................
Annual Report ..................................
Annual Report, data mining reporting only.
50
13
1
1
88
1
4,400
13
Recertification Application ................
50
1
5
250
Total ...........................................
...........................................................
50
2
94
4,663
1 For
medium participation, we estimate 25 percent of the 50 MFCUs participating, or 13 Units.
Darius Taylor,
Deputy, Information Collection Clearance
Officer.
[FR Doc. 2013–30988 Filed 12–26–13; 8:45 am]
BILLING CODE 4152–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Privacy Act of 1974; System of
Records Notice
National Disaster Medical
System (NDMS), Office of Emergency
Management (OEM), Office of the
Assistant Secretary for Preparedness
and Response (ASPR), Department of
Health and Human Services (HHS).
ACTION: Notice to revise an existing
system of records.
AGENCY:
In accordance with the
requirements of the Privacy Act of 1974,
as amended (5 U.S.C. 552a), HHS is
altering an existing system of records,
‘‘National Disaster Medical System
(NDMS) Patient Treatment and
Tracking,’’ system number 09–90–0040.
The system of records was originally
published June 26, 2007 (see 72 FR
35052) and previously revised March
27, 2008 (see 73 FR 16307). The
alterations include: (1) Changing the
system name to ‘‘National Disaster
tkelley on DSK3SPTVN1PROD with NOTICES
SUMMARY:
VerDate Mar<15>2010
23:48 Dec 26, 2013
Jkt 232001
Medical System (NDMS) Disaster
Medical Information Suite (DMIS);’’ (2)
revising the categories of individuals to
reflect that patients may include
disaster workers and others who are
provided medical countermeasures; (3)
dividing the records into three
categories (patient treatment, patient
tracking, and veterinarian treatment)
instead of two (patient treatment and
veterinarian treatment); (4) adding, as a
purpose for which information from this
system is used, that the system provides
HHS’ NDMS claims processing system
with records needed to reimburse
NDMS providers for their services; (5)
revising the first routine use to include
these additional disclosure recipients:
state and city governmental agencies,
Non-Governmental Organizations
(NGOs; e.g., American Red Cross), and
hospitals that provide care to NDMS
patients; and (6) adding one new routine
use, pertaining to security breach
response.
Effective Dates: Effective 30 days
after publication. Written comments
should be submitted on or before the
effective date. HHS/ASPR/OEM/NDMS
may publish an amended System of
Records Notice (SORN) in light of any
comments received.
DATES:
PO 00000
Frm 00150
Fmt 4703
Sfmt 4703
The public should address
written comments to: NDMS Director,
National Disaster Medical System, 200 C
Street SW., Washington, DC 20024. To
review comments in person, please
contact the Director NDMS, 200 C Street
SW., Washington, DC 20024.
FOR FURTHER INFORMATION CONTACT: CDR
Sumner Bossler, NDMS Disaster
Medical Information Suite (DMIS), IT
Program Manager, ASPR/OEM/NDMS,
200 C Street SW., C1L07, Washington,
DC 20024. sumner.bossler@hhs.gov.
SUPPLEMENTARY INFORMATION:
ADDRESSES:
I. National Disaster Medical System
(NDMS) Disaster Medical Information
Suite (DMIS)
This system was established pursuant
to Section 2812 of the Public Health
Service (PHS) Act (42 U.S.C. 300hh–11),
as amended, and resides in HHS/ASPR/
OEM. Under section 2801 of the PHS
Act, the HHS Secretary leads all Federal
public health and medical response to
public health emergencies and incidents
covered by the National Response
Framework, or any successor plan. The
Secretary delegates to ASPR the
leadership role for all health and
medical services support functions in a
health emergency or public health
event, including National Special
Security Events. In such events, ASPR
E:\FR\FM\27DEN1.SGM
27DEN1
78960
Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices
tkelley on DSK3SPTVN1PROD with NOTICES
may deploy this system, Field Medical
Station assets, and other HHS
employees under the control of the
Secretary and provide operational
oversight over officers of the U.S. Public
Health Service Commissioned Corps
and other Federal public health and
medical personnel. Under the National
Response Framework, HHS is the lead
agency for Emergency Support Function
8, Public Health and Medical. HHS uses
this system to collect medical records
and share them with the other Federal
agencies and departments that share
ESF 8 responsibilities with HHS. The
ESF 8 agencies have shared statutory
authority to collect and use medical
information as needed to coordinate the
following three key functions with
Federal, state, local and private
partners, to augment public health and
medical activities of State and local
governments in disaster or public health
emergency situations:
• Medical response—this function
involves activation and deployment of
Federal response teams comprised of
medical and logistical personnel, to
assess the health and medical needs of
disaster victims and to provide physical
and mental health care during a public
health emergency, including National
Special Security Events.
• Patient evacuation—this function
involves establishment of
communications, transportation, patient
tracking, and a medical regulating
system to evacuate and move patients
from a staging center near a disaster site
to patient reception sites known as
Federal Coordinating Centers (FCCs).
The Department of Defense (DOD) and
Veterans Administration (VA) have the
prime responsibility for activating and
managing the FCCs. In turn, upon
receiving the patients, the FCCs have
the authority to arrange for necessary
referrals and admissions of evacuated
patients.
The information collected by the
NDMS–DMIS system and the purposes
for which the information is used and
disclosed by HHS are described in more
detail in the revised SORN that follows
below. Because some of the revisions
constitute significant changes, HHS
provided adequate advance notice of the
altered SORN to the Office of
Management and Budget (OMB) and
Congress as required by the Privacy Act
at 5 U.S.C. 552a(r).
II. The Privacy Act
The Privacy Act (5 U.S.C. 552a)
governs the means by which the U.S.
Government collects, maintains, and
uses information about individuals in a
system of records. A ‘‘system of
records’’ is a group of any records under
VerDate Mar<15>2010
23:48 Dec 26, 2013
Jkt 232001
the control of a Federal agency from
which information about an individual
is retrieved by the individual’s name or
other personal identifier. The Privacy
Act requires each agency to publish in
the Federal Register a system of records
notice (SORN) identifying and
describing each system of records the
agency maintains, including the
purposes for which the agency uses
information about individuals in the
system, the routine uses for which the
agency discloses such information
outside the agency, and how individual
record subjects can exercise their rights
under the Privacy Act (e.g., to determine
if the system contains information about
them).
SYSTEM NUMBER:
09–90–0040
SYSTEM NAME:
National Disaster Medical System
(NDMS) Disaster Medical Information
Suite (DMIS).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Paper records are stored at NDMS
headquarters, 200 C. Street SW.,
Washington, DC 20024. The electronic
database and server where information
is entered and stored is maintained at
the MAHC data center in Reston,
Virginia.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Records in this system pertain to:
• patients who are treated and
evacuated by Federal public health and
medical personnel, including NDMS
and PHS teams, that are activated to
respond to an emergency or other
situation; and
• owners of animals that are treated
and evacuated by NDMS and PHS
teams.
Patients may include disaster
workers/responders and others who are
provided medical countermeasures;
however, this SORN excludes patient
treatment records for federal employeeworkers to the extent such records are
covered under the Office of Personnel
Management (OPM) SORN titled
‘‘Employee Medical File System
Records’’ (OPM/GOVT–10). Patient
records may include information about
patients’ family members and nonmedical attendants, but only the
patients—not their family members and
non-medical attendants—are considered
record subjects.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system includes the following
categories of records containing
PO 00000
Frm 00151
Fmt 4703
Sfmt 4703
personally identifiable information
about patients or owners of animals:
CATEGORY A:
Completed Patient Treatment Record
that includes
1. Team/personnel identification
record, for patients who are disaster
workers/responders on NDMS teams or
other Federal public health and medical
teams.
2. Patient treatment record.
a. Chart Number.
b. Time and Date Patient seeks
treatment.
c. Triage Category and health status.
d. Location where Patient is seen and
transferred.
e. Patient Identification: Name,
Address, City, State, Zip, Date of Birth,
Phone Number, Employment, Weight,
Next of Kin.
f. Complaints/Symptoms.
g. Patient Acuity, health status, Vital
Signs/Treatment Recommended and/or
Prescribed, laboratory tests
h. Reported Medications and allergies
i. History of present illness and
reported past medical history
j. Digital Images of patient and nonmedical attendant for Identification
k. Digital images, audio or video used
for medical assessment
l. Discharge—Time, Date, Disposition,
Recommendations.
3. Patient Authorization—Requires
Patient Signature in Front of Witness
and Witness Verification through
Signature.
4. Any potential attachments such as
X-rays and laboratory reports showing
test results.
CATEGORY B:
Completed Patient Tracking Record
that includes
1. Patient Tracking Record.
a. Patient Identification: Name,
gender, and Address, City, State, Zip,
Date of Birth, Phone Number,
Employment, Weight, Next of Kin,
unique ID.
b. Attendant Identification: Name,
gender, Address, City, State, Zip, Date of
Birth, Phone Number, Next of Kin,
email address, unique ID
c. Triage Category and health status.
d. Location where Patient is seen and
transferred.
e. Patient Acuity, health status
f. Digital Images of patient and nonmedical attendant for Identification
g. Discharge: Time, Date, Disposition
CATEGORY C:
Veterinarian Treatment Records on
animals
1. Privacy Act Data such as the name,
address and telephone contact
E:\FR\FM\27DEN1.SGM
27DEN1
Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices
information of owners of animals will
be maintained to be associated with the
animal patient. However, animal
treatment records themselves are not
subject to the Privacy Act protections.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The PHS Act, primarily section 2812
(42 U.S.C. 300hh–11); Title VI of the
Civil Rights Act of 1964 (42 U.S.C.
2000d et seq.); and Section 504 of the
Rehabilitation Act of 1973 (29 U.S.C.
794).
PURPOSES(S):
NDMS staff and other relevant HHS
personnel use personally identifiable
information from this system, on a need
to know basis, for the following
purposes:
• To document medical treatment
rendered to patients, e.g., for use if
questions of liability arise about the
treatment or the subsequent condition of
the patient while under the care of
NDMS.
• To conduct medical quality
assurance reviews and establish a
quality improvement process (QIP), by
reviewing medical treatment on a
specific deployment, spotting best
practices and developing process
improvements for future deployments.
• For research projects related to the
prevention of disease or disability as a
result of a disaster and for situational
awareness required for ASPR operations
during disasters.
• To provide HHS’ NDMS claims
processing system with records needed
to reimburse NDMS providers for their
services.
tkelley on DSK3SPTVN1PROD with NOTICES
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C. 552a
(b) of the Privacy Act, all or a portion
of the records or information contained
in this system may be disclosed to
parties outside HHS as follows:
1. To Federal agencies that are ESF 8
partners, including but not limited to
DHS, DoD, and the VA, or that
participate in National Special Security
Events; state and city governmental
agencies; Non-Governmental
Organizations such as the American Red
Cross; and hospitals providing care to
NDMS patients; which share
responsibility with HHS for the medical
treatment and movement of patients
(including responders), decedents, and
animals, for the purpose of discharging
those responsibilities, including
ensuring that patients treated receive
the maximum level of health care
possible. The medical and demographic
VerDate Mar<15>2010
23:48 Dec 26, 2013
Jkt 232001
information collected during the
treatment of a patient is shared with
relevant partners to ensure that patients
treated through NDMS–DMIS receive
the appropriate level of health care. The
health information disclosed among the
partners is limited to what is needed for
continuity of health care operations.
2. To a member of Congress or a
Congressional staff member in response
to an inquiry from the Congressional
office made at the written request of the
constituent about whom the record is
maintained.
3. To the Department of Justice (DOJ),
a court, or an adjudicatory body when
the following situations arise:
a. The agency or any component
thereof, or
b. Any employee of the agency
whether in his/her official or individual
capacity, where DOJ has agreed to
represent the employee, or
c. The United States government, is a
party to litigation or has an interest in
such litigation and, after careful review,
the agency deems that the records
requested are relevant and necessary to
the litigation and that the use of such
records by DOJ, the court or the
adjudicatory body is compliant with the
purposes for which the agency collected
the records.
4. To contractors, consultants,
grantees, or volunteers that have been
engaged by HHS to assist in the
performance of a service related to this
collection and who have a need to have
access to the records in order to perform
the activity.
5. To assist another federal or state
agency, or its fiscal agent:
a. To establish the benefit entitlement
of the patient.
b. To establish the relationship
between the existing state benefit and
the benefit funded in whole or part with
federal funds, such as the one associated
with the NDMS definitive care.
c. To collaborate with the state and
state agencies on behalf of family
members regarding the current location
and placement of their evacuated family
member or patient population.
6. To family members of a patient, to
provide them with information about
the location or the status of the patient.
Disclosure of a patient’s location or
status is not permitted when there is a
reasonable belief that disclosing such
information could endanger the life,
safety, health, or well-being of the
patient.
7. To appropriate Federal agencies
and Department contractors that have a
need to know the information for the
purpose of assisting HHS’s efforts to
respond to a suspected or confirmed
breach of the security or confidentiality
PO 00000
Frm 00152
Fmt 4703
Sfmt 4703
78961
of information maintained in this
system of records, provided the
information disclosed is relevant and
necessary for that assistance.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM—
STORAGE:
Records are stored in paper files kept
at NDMS headquarters and in an
electronic database housed in Reston,
Virginia.
RETRIEVABILITY:
Records are organized by event,
location, and date of treatment. Data are
retrieved by name and other
demographic information provided by
the patient (or for veterinary records, by
animal owner), as well as by location of
treatment, diagnosis, and other data
fields within the database.
SAFEGUARDS:
Information in this system is
safeguarded in accordance with
applicable laws, rules and policies,
including the HHS Information
Technology Security Program
Handbook, all pertinent National
Institutes of Standards and Technology
publications and OMB Circular A–130,
Management of Federal Resources.
Records are protected from
unauthorized access through
appropriate administrative, physical,
and technical safeguards. These
safeguards include restricting access to
authorized personnel who have need-toknow, using physical locks in the office
environment, and the process of
authentication using user IDs and
passwords function as identification
protection features. HHS file areas are
locked after normal duty hours and the
facilities are protected from the outside
by security personnel. Personnel with
authorized access to the system have
been trained in the Privacy Act and
information security requirements for
both paper copies and electronically
stored information.
RETENTION AND DISPOSAL:
Records are retained in accordance
with records disposition schedule N1–
468–07–1, approved by the National
Archives and Records Administration
(NARA) for the Office of Public Health
and Emergency Preparedness (OPHEP);
the Pandemic and All Hazards
Preparedness Act (Pub. L. 109–417)
established the ASPR to serve in a
similar capacity as OPHEP for medical
disaster response. Schedule N1–486–
08–1 covers Patient Care Forms or other
Medical Records regulated under the
Health Insurance Portability and
E:\FR\FM\27DEN1.SGM
27DEN1
78962
Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices
Accountability Act (HIPAA), created by
the Federal Medical Station(s) or by any
component of HHS/ASPR during a
response to an event while caring for
victims of that event, and provides the
following disposition authority:
Cutoff is at the end of the response
activity by the Federal Medical
Station(s) for a particular event. Retire
to the Washington National Records
Center 2 years after cutoff. Destroy 75
years after cutoff.
Cutoff refers to breaking, or ending
files at regular intervals, usually at the
close of a fiscal or calendar year, to
permit their disposal or transfer in
complete blocks and, in this case, cutoff
is at the end of the response activity.
The cutoff date marks the beginning of
the records retention period.
Veterinarian treatment records
pertaining to animals and their owners
are not included in the above schedule,
and cannot be destroyed until NARA
approves a disposition schedule for
them.
RECORD SOURCE CATEGORIES:
Information in patient treatment and
tracking records is obtained directly
from the patients and from medical or
clinical personnel treating or evacuating
the patients or accessing their personal
health records (PHR). In the case of
minors or other patients who are unable
to explain symptoms, information may
be obtained from a parent or guardian,
or other family members or individuals
attending. Information in veterinarian
treatment records about owners of
animals is obtained from NDMS
veterinary personnel and/or the owners
or caretakers of the animals.
SYSTEM EXEMPTED FROM CERTAIN PROVISION OF
THE PRIVACY ACT:
None.
Dated: December 6, 2013.
Nicole Lurie,
Assistant Secretary for Preparedness and
Response.
[FR Doc. 2013–31118 Filed 12–26–13; 8:45 am]
BILLING CODE 4150–37–P
SYSTEM MANAGER AND ADDRESS:
NDMS Director, 200 C. Street SW.,
Washington, DC 20024.
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
NOTIFICATION PROCEDURE:
Centers for Disease Control and
Prevention (CDC)
Individuals seeking to know if this
system contains records about them
must submit a written request to the
System Manager at the above mailing
address, clearly marked as a ‘‘Privacy
Act Request’’ on the envelope and letter
(see, generally, HHS Privacy Act
regulations found at 45 CFR Part 5b).
Requests pertaining to patients should
include the full name of the patient,
appropriate verification of identity,
current address of the patient and the
name of the requester, appropriate
verification of identity, current address
of the requester, and the nature of the
record sought, as required by HHS
Privacy Act regulations at 45 CFR 5b.5.
Requests pertaining to owners of
animals should include the full name of
the owner and the animal, appropriate
verification of identity, current address
of the requester, and the nature of the
record sought, as required by HHS
Privacy Act regulations at 45 CFR 5b.5
RECORD ACCESS PROCEDURES:
Same as the notification procedure
above.
tkelley on DSK3SPTVN1PROD with NOTICES
CONTESTING RECORD PROCEDURES:
Same as the notification procedure
above; the request should also clearly
and concisely describe the information
contested, the reasons for contesting it,
and the proposed amendment sought,
pursuant to HHS Privacy Act
regulations at 45 CFR 5b.7.
VerDate Mar<15>2010
23:48 Dec 26, 2013
Jkt 232001
[CDC–2013–0025, Docket Number NIOSH–
266]
Criteria for a Recommended Standard;
Occupational Exposure to Heat and
Hot Environments; Draft Criteria
Document Availability
National Institute for
Occupational Safety and Health
(NIOSH) of the Centers for Disease
Control and Prevention (CDC),
Department of Health and Human
Services (HHS).
ACTION: Notice of draft document for
public comment and public meeting.
AGENCY:
The National Institute for
Occupational Safety and Health of the
Centers for Disease Control and
Prevention announces the availability of
a draft Criteria Document entitled
Criteria for a Recommended Standard:
Occupational Exposure to Heat and Hot
Environments for public comment. To
view the notice and related materials,
visit https://www.regulations.gov and
enter CDC–2013–0025 in the search
field and click ‘‘Search.’’ Comments
may be provided to the NIOSH docket,
as well as given orally at the meeting.
DATES: Public comment period:
Comments must be received by
February 25, 2014.
Public Meeting Time and Date:
February 13, 2014, 9 a.m.–4 p.m.,
SUMMARY:
PO 00000
Frm 00153
Fmt 4703
Sfmt 4703
Eastern Time. Please note that public
comments may end before the time
indicated, following the last call for
comments. Members of the public who
wish to provide public comments
should plan to attend the meeting at the
start time listed.
Place: Robert A. Taft Laboratories,
4676 Columbia Pkwy., Cincinnati, OH
45226. Room: Taft Auditorium.
Status: The meeting is open to the
public, limited only by the space
available. The meeting space
accommodates approximately 100
people. In addition, there will be an
audio teleconference line for those who
cannot attend in person. There is no
registration fee to attend this public
meeting. However, those wishing to
attend are encouraged to register by
February 5, 2014 with the NIOSH
Docket Office at 513/533–8611 or email
nioshdocket@cdc.gov.
Security Considerations: Due to
mandatory security clearance
procedures at the Robert A. Taft
Laboratories, in-person attendees must
present valid government-issued picture
identification to security personnel
upon entering the building and go
through an airport-type security check.
Non-U.S. Citizens: Because of CDC
Security Regulations, any non-U.S.
citizen wishing to attend this meeting
must provide the following information
in writing to the NIOSH Docket Officer
at the address below no later than
January 13, 2014 to allow time for
mandatory CDC facility security
clearance procedures to be completed.
1. Name:
2. Gender:
3. Date of Birth:
4. Place of Birth (city, province, state,
country):
5. Citizenship:
6. Passport Number:
7. Date of Passport Issue:
8. Date of Passport Expiration:
9. Type of Visa:
10. U.S. Naturalization Number (if a
naturalized citizen):
11. U.S. Naturalization Date (if a
naturalized citizen):
12. Visitor’s Organization:
13. Organization Address:
14. Organization Telephone Number:
15. Visitor’s Position/Title within the
Organization:
This information will be transmitted
to the CDC Security Office for approval.
Visitors will be notified as soon as
approval has been obtained. Non-U.S.
citizens are encouraged to participate in
the audio conferencing due to the extra
clearance involved with in-person
attendance.
Attendee and Speaker Registration:
Attendees are encouraged to sign up by
E:\FR\FM\27DEN1.SGM
27DEN1
]]>Agencies
[Federal Register Volume 78, Number 249 (Friday, December 27, 2013)]
[Notices]
[Pages 78959-78962]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-31118]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Privacy Act of 1974; System of Records Notice
AGENCY: National Disaster Medical System (NDMS), Office of Emergency
Management (OEM), Office of the Assistant Secretary for Preparedness
and Response (ASPR), Department of Health and Human Services (HHS).
ACTION: Notice to revise an existing system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended (5 U.S.C. 552a), HHS is altering an existing system of
records, ``National Disaster Medical System (NDMS) Patient Treatment
and Tracking,'' system number 09-90-0040. The system of records was
originally published June 26, 2007 (see 72 FR 35052) and previously
revised March 27, 2008 (see 73 FR 16307). The alterations include: (1)
Changing the system name to ``National Disaster Medical System (NDMS)
Disaster Medical Information Suite (DMIS);'' (2) revising the
categories of individuals to reflect that patients may include disaster
workers and others who are provided medical countermeasures; (3)
dividing the records into three categories (patient treatment, patient
tracking, and veterinarian treatment) instead of two (patient treatment
and veterinarian treatment); (4) adding, as a purpose for which
information from this system is used, that the system provides HHS'
NDMS claims processing system with records needed to reimburse NDMS
providers for their services; (5) revising the first routine use to
include these additional disclosure recipients: state and city
governmental agencies, Non-Governmental Organizations (NGOs; e.g.,
American Red Cross), and hospitals that provide care to NDMS patients;
and (6) adding one new routine use, pertaining to security breach
response.
DATES: Effective Dates: Effective 30 days after publication. Written
comments should be submitted on or before the effective date. HHS/ASPR/
OEM/NDMS may publish an amended System of Records Notice (SORN) in
light of any comments received.
ADDRESSES: The public should address written comments to: NDMS
Director, National Disaster Medical System, 200 C Street SW.,
Washington, DC 20024. To review comments in person, please contact the
Director NDMS, 200 C Street SW., Washington, DC 20024.
FOR FURTHER INFORMATION CONTACT: CDR Sumner Bossler, NDMS Disaster
Medical Information Suite (DMIS), IT Program Manager, ASPR/OEM/NDMS,
200 C Street SW., C1L07, Washington, DC 20024. sumner.bossler@hhs.gov.
SUPPLEMENTARY INFORMATION:
I. National Disaster Medical System (NDMS) Disaster Medical Information
Suite (DMIS)
This system was established pursuant to Section 2812 of the Public
Health Service (PHS) Act (42 U.S.C. 300hh-11), as amended, and resides
in HHS/ASPR/OEM. Under section 2801 of the PHS Act, the HHS Secretary
leads all Federal public health and medical response to public health
emergencies and incidents covered by the National Response Framework,
or any successor plan. The Secretary delegates to ASPR the leadership
role for all health and medical services support functions in a health
emergency or public health event, including National Special Security
Events. In such events, ASPR
[[Page 78960]]
may deploy this system, Field Medical Station assets, and other HHS
employees under the control of the Secretary and provide operational
oversight over officers of the U.S. Public Health Service Commissioned
Corps and other Federal public health and medical personnel. Under the
National Response Framework, HHS is the lead agency for Emergency
Support Function 8, Public Health and Medical. HHS uses this system to
collect medical records and share them with the other Federal agencies
and departments that share ESF 8 responsibilities with HHS. The ESF 8
agencies have shared statutory authority to collect and use medical
information as needed to coordinate the following three key functions
with Federal, state, local and private partners, to augment public
health and medical activities of State and local governments in
disaster or public health emergency situations:
Medical response--this function involves activation and
deployment of Federal response teams comprised of medical and
logistical personnel, to assess the health and medical needs of
disaster victims and to provide physical and mental health care during
a public health emergency, including National Special Security Events.
Patient evacuation--this function involves establishment
of communications, transportation, patient tracking, and a medical
regulating system to evacuate and move patients from a staging center
near a disaster site to patient reception sites known as Federal
Coordinating Centers (FCCs). The Department of Defense (DOD) and
Veterans Administration (VA) have the prime responsibility for
activating and managing the FCCs. In turn, upon receiving the patients,
the FCCs have the authority to arrange for necessary referrals and
admissions of evacuated patients.
The information collected by the NDMS-DMIS system and the purposes
for which the information is used and disclosed by HHS are described in
more detail in the revised SORN that follows below. Because some of the
revisions constitute significant changes, HHS provided adequate advance
notice of the altered SORN to the Office of Management and Budget (OMB)
and Congress as required by the Privacy Act at 5 U.S.C. 552a(r).
II. The Privacy Act
The Privacy Act (5 U.S.C. 552a) governs the means by which the U.S.
Government collects, maintains, and uses information about individuals
in a system of records. A ``system of records'' is a group of any
records under the control of a Federal agency from which information
about an individual is retrieved by the individual's name or other
personal identifier. The Privacy Act requires each agency to publish in
the Federal Register a system of records notice (SORN) identifying and
describing each system of records the agency maintains, including the
purposes for which the agency uses information about individuals in the
system, the routine uses for which the agency discloses such
information outside the agency, and how individual record subjects can
exercise their rights under the Privacy Act (e.g., to determine if the
system contains information about them).
System Number:
09-90-0040
System name:
National Disaster Medical System (NDMS) Disaster Medical
Information Suite (DMIS).
Security classification:
Unclassified.
System location:
Paper records are stored at NDMS headquarters, 200 C. Street SW.,
Washington, DC 20024. The electronic database and server where
information is entered and stored is maintained at the MAHC data center
in Reston, Virginia.
Categories of individuals covered by the system:
Records in this system pertain to:
patients who are treated and evacuated by Federal public
health and medical personnel, including NDMS and PHS teams, that are
activated to respond to an emergency or other situation; and
owners of animals that are treated and evacuated by NDMS
and PHS teams.
Patients may include disaster workers/responders and others who are
provided medical countermeasures; however, this SORN excludes patient
treatment records for federal employee-workers to the extent such
records are covered under the Office of Personnel Management (OPM) SORN
titled ``Employee Medical File System Records'' (OPM/GOVT-10). Patient
records may include information about patients' family members and non-
medical attendants, but only the patients--not their family members and
non-medical attendants--are considered record subjects.
Categories of records in the system:
The system includes the following categories of records containing
personally identifiable information about patients or owners of
animals:
Category A:
Completed Patient Treatment Record that includes
1. Team/personnel identification record, for patients who are
disaster workers/responders on NDMS teams or other Federal public
health and medical teams.
2. Patient treatment record.
a. Chart Number.
b. Time and Date Patient seeks treatment.
c. Triage Category and health status.
d. Location where Patient is seen and transferred.
e. Patient Identification: Name, Address, City, State, Zip, Date of
Birth, Phone Number, Employment, Weight, Next of Kin.
f. Complaints/Symptoms.
g. Patient Acuity, health status, Vital Signs/Treatment Recommended
and/or Prescribed, laboratory tests
h. Reported Medications and allergies
i. History of present illness and reported past medical history
j. Digital Images of patient and non-medical attendant for
Identification
k. Digital images, audio or video used for medical assessment
l. Discharge--Time, Date, Disposition, Recommendations.
3. Patient Authorization--Requires Patient Signature in Front of
Witness and Witness Verification through Signature.
4. Any potential attachments such as X-rays and laboratory reports
showing test results.
Category B:
Completed Patient Tracking Record that includes
1. Patient Tracking Record.
a. Patient Identification: Name, gender, and Address, City, State,
Zip, Date of Birth, Phone Number, Employment, Weight, Next of Kin,
unique ID.
b. Attendant Identification: Name, gender, Address, City, State,
Zip, Date of Birth, Phone Number, Next of Kin, email address, unique ID
c. Triage Category and health status.
d. Location where Patient is seen and transferred.
e. Patient Acuity, health status
f. Digital Images of patient and non-medical attendant for
Identification
g. Discharge: Time, Date, Disposition
Category C:
Veterinarian Treatment Records on animals
1. Privacy Act Data such as the name, address and telephone contact
[[Page 78961]]
information of owners of animals will be maintained to be associated
with the animal patient. However, animal treatment records themselves
are not subject to the Privacy Act protections.
Authority for maintenance of the system:
The PHS Act, primarily section 2812 (42 U.S.C. 300hh-11); Title VI
of the Civil Rights Act of 1964 (42 U.S.C. 2000d et seq.); and Section
504 of the Rehabilitation Act of 1973 (29 U.S.C. 794).
Purposes(s):
NDMS staff and other relevant HHS personnel use personally
identifiable information from this system, on a need to know basis, for
the following purposes:
To document medical treatment rendered to patients, e.g.,
for use if questions of liability arise about the treatment or the
subsequent condition of the patient while under the care of NDMS.
To conduct medical quality assurance reviews and establish
a quality improvement process (QIP), by reviewing medical treatment on
a specific deployment, spotting best practices and developing process
improvements for future deployments.
For research projects related to the prevention of disease
or disability as a result of a disaster and for situational awareness
required for ASPR operations during disasters.
To provide HHS' NDMS claims processing system with records
needed to reimburse NDMS providers for their services.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a (b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed to parties
outside HHS as follows:
1. To Federal agencies that are ESF 8 partners, including but not
limited to DHS, DoD, and the VA, or that participate in National
Special Security Events; state and city governmental agencies; Non-
Governmental Organizations such as the American Red Cross; and
hospitals providing care to NDMS patients; which share responsibility
with HHS for the medical treatment and movement of patients (including
responders), decedents, and animals, for the purpose of discharging
those responsibilities, including ensuring that patients treated
receive the maximum level of health care possible. The medical and
demographic information collected during the treatment of a patient is
shared with relevant partners to ensure that patients treated through
NDMS-DMIS receive the appropriate level of health care. The health
information disclosed among the partners is limited to what is needed
for continuity of health care operations.
2. To a member of Congress or a Congressional staff member in
response to an inquiry from the Congressional office made at the
written request of the constituent about whom the record is maintained.
3. To the Department of Justice (DOJ), a court, or an adjudicatory
body when the following situations arise:
a. The agency or any component thereof, or
b. Any employee of the agency whether in his/her official or
individual capacity, where DOJ has agreed to represent the employee, or
c. The United States government, is a party to litigation or has an
interest in such litigation and, after careful review, the agency deems
that the records requested are relevant and necessary to the litigation
and that the use of such records by DOJ, the court or the adjudicatory
body is compliant with the purposes for which the agency collected the
records.
4. To contractors, consultants, grantees, or volunteers that have
been engaged by HHS to assist in the performance of a service related
to this collection and who have a need to have access to the records in
order to perform the activity.
5. To assist another federal or state agency, or its fiscal agent:
a. To establish the benefit entitlement of the patient.
b. To establish the relationship between the existing state benefit
and the benefit funded in whole or part with federal funds, such as the
one associated with the NDMS definitive care.
c. To collaborate with the state and state agencies on behalf of
family members regarding the current location and placement of their
evacuated family member or patient population.
6. To family members of a patient, to provide them with information
about the location or the status of the patient. Disclosure of a
patient's location or status is not permitted when there is a
reasonable belief that disclosing such information could endanger the
life, safety, health, or well-being of the patient.
7. To appropriate Federal agencies and Department contractors that
have a need to know the information for the purpose of assisting HHS's
efforts to respond to a suspected or confirmed breach of the security
or confidentiality of information maintained in this system of records,
provided the information disclosed is relevant and necessary for that
assistance.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system--
Storage:
Records are stored in paper files kept at NDMS headquarters and in
an electronic database housed in Reston, Virginia.
Retrievability:
Records are organized by event, location, and date of treatment.
Data are retrieved by name and other demographic information provided
by the patient (or for veterinary records, by animal owner), as well as
by location of treatment, diagnosis, and other data fields within the
database.
Safeguards:
Information in this system is safeguarded in accordance with
applicable laws, rules and policies, including the HHS Information
Technology Security Program Handbook, all pertinent National Institutes
of Standards and Technology publications and OMB Circular A-130,
Management of Federal Resources. Records are protected from
unauthorized access through appropriate administrative, physical, and
technical safeguards. These safeguards include restricting access to
authorized personnel who have need-to-know, using physical locks in the
office environment, and the process of authentication using user IDs
and passwords function as identification protection features. HHS file
areas are locked after normal duty hours and the facilities are
protected from the outside by security personnel. Personnel with
authorized access to the system have been trained in the Privacy Act
and information security requirements for both paper copies and
electronically stored information.
Retention and Disposal:
Records are retained in accordance with records disposition
schedule N1-468-07-1, approved by the National Archives and Records
Administration (NARA) for the Office of Public Health and Emergency
Preparedness (OPHEP); the Pandemic and All Hazards Preparedness Act
(Pub. L. 109-417) established the ASPR to serve in a similar capacity
as OPHEP for medical disaster response. Schedule N1-486-08-1 covers
Patient Care Forms or other Medical Records regulated under the Health
Insurance Portability and
[[Page 78962]]
Accountability Act (HIPAA), created by the Federal Medical Station(s)
or by any component of HHS/ASPR during a response to an event while
caring for victims of that event, and provides the following
disposition authority:
Cutoff is at the end of the response activity by the Federal
Medical Station(s) for a particular event. Retire to the Washington
National Records Center 2 years after cutoff. Destroy 75 years after
cutoff.
Cutoff refers to breaking, or ending files at regular intervals,
usually at the close of a fiscal or calendar year, to permit their
disposal or transfer in complete blocks and, in this case, cutoff is at
the end of the response activity. The cutoff date marks the beginning
of the records retention period. Veterinarian treatment records
pertaining to animals and their owners are not included in the above
schedule, and cannot be destroyed until NARA approves a disposition
schedule for them.
System manager and address:
NDMS Director, 200 C. Street SW., Washington, DC 20024.
Notification procedure:
Individuals seeking to know if this system contains records about
them must submit a written request to the System Manager at the above
mailing address, clearly marked as a ``Privacy Act Request'' on the
envelope and letter (see, generally, HHS Privacy Act regulations found
at 45 CFR Part 5b). Requests pertaining to patients should include the
full name of the patient, appropriate verification of identity, current
address of the patient and the name of the requester, appropriate
verification of identity, current address of the requester, and the
nature of the record sought, as required by HHS Privacy Act regulations
at 45 CFR 5b.5. Requests pertaining to owners of animals should include
the full name of the owner and the animal, appropriate verification of
identity, current address of the requester, and the nature of the
record sought, as required by HHS Privacy Act regulations at 45 CFR
5b.5
Record access procedures:
Same as the notification procedure above.
Contesting record procedures:
Same as the notification procedure above; the request should also
clearly and concisely describe the information contested, the reasons
for contesting it, and the proposed amendment sought, pursuant to HHS
Privacy Act regulations at 45 CFR 5b.7.
Record source categories:
Information in patient treatment and tracking records is obtained
directly from the patients and from medical or clinical personnel
treating or evacuating the patients or accessing their personal health
records (PHR). In the case of minors or other patients who are unable
to explain symptoms, information may be obtained from a parent or
guardian, or other family members or individuals attending. Information
in veterinarian treatment records about owners of animals is obtained
from NDMS veterinary personnel and/or the owners or caretakers of the
animals.
System exempted from certain provision of the Privacy Act:
None.
Dated: December 6, 2013.
Nicole Lurie,
Assistant Secretary for Preparedness and Response.
[FR Doc. 2013-31118 Filed 12-26-13; 8:45 am]
BILLING CODE 4150-37-P
