Privacy Act of 1974; System of Records Notice, 78959-78962 [2013-31118]

Download as PDF 78959 Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices in Medicaid, through the establishment of the MFCUs. This law amended section 1903 of the Social Security Act to establish operating requirements for MFCUs and provide FFP to State governments for the cost of establishing MFCUs, training State personnel, and keeping the MFCUs operational. Under section 1903(q)(7), each MFCU must annually submit to the Secretary of Health and Human Services (Secretary) an application and annual report containing information that the Secretary determines is necessary to certify the MFCU as meeting the requirements for FFP. FFP is available only for activities directly related to the investigation and prosecution of health care providers suspected of committing Medicaid fraud. The MFCUs also review complaints of alleged abuse or neglect of patients and the misuse of patients’ personal funds in health care facilities. OIG reviews the information collected to ensure that Federal matching funds are expended by MFCUs only for allowable costs. In addition, OIG analyzes each MFCU’s submission to determine whether there is a need for OIG technical assistance and to establish priorities for onsite reviews to further monitor program activities. Likely Respondents: 50. Burden Statement: Burden in this context means the time expended by persons to generate, maintain, retain, disclose or provide the information requested. This includes the time needed to review instructions, to develop, acquire, install and utilize technology and systems for the purpose of collecting, validating and verifying information, processing and maintaining information, and disclosing and providing information, to train personnel and to be able to respond to a collection of information, to search data sources, to complete and review the collection of information, and to transmit or otherwise disclose the information. The total annual burden hours estimated for this ICR are summarized in the table below. TOTAL ESTIMATED ANNUALIZED BURDEN—HOURS Number of respondents Number of responses per respondent Average burden per response (in hours) Total burden hours Respondent Form MFCU ................................................ MFCU, estimating a ‘‘medium’’ 1 level of State participation in data mining activities. MFCU ................................................ Annual Report .................................. Annual Report, data mining reporting only. 50 13 1 1 88 1 4,400 13 Recertification Application ................ 50 1 5 250 Total ........................................... ........................................................... 50 2 94 4,663 1 For medium participation, we estimate 25 percent of the 50 MFCUs participating, or 13 Units. Darius Taylor, Deputy, Information Collection Clearance Officer. [FR Doc. 2013–30988 Filed 12–26–13; 8:45 am] BILLING CODE 4152–01–P DEPARTMENT OF HEALTH AND HUMAN SERVICES Privacy Act of 1974; System of Records Notice National Disaster Medical System (NDMS), Office of Emergency Management (OEM), Office of the Assistant Secretary for Preparedness and Response (ASPR), Department of Health and Human Services (HHS). ACTION: Notice to revise an existing system of records. AGENCY: In accordance with the requirements of the Privacy Act of 1974, as amended (5 U.S.C. 552a), HHS is altering an existing system of records, ‘‘National Disaster Medical System (NDMS) Patient Treatment and Tracking,’’ system number 09–90–0040. The system of records was originally published June 26, 2007 (see 72 FR 35052) and previously revised March 27, 2008 (see 73 FR 16307). The alterations include: (1) Changing the system name to ‘‘National Disaster tkelley on DSK3SPTVN1PROD with NOTICES SUMMARY: VerDate Mar<15>2010 23:48 Dec 26, 2013 Jkt 232001 Medical System (NDMS) Disaster Medical Information Suite (DMIS);’’ (2) revising the categories of individuals to reflect that patients may include disaster workers and others who are provided medical countermeasures; (3) dividing the records into three categories (patient treatment, patient tracking, and veterinarian treatment) instead of two (patient treatment and veterinarian treatment); (4) adding, as a purpose for which information from this system is used, that the system provides HHS’ NDMS claims processing system with records needed to reimburse NDMS providers for their services; (5) revising the first routine use to include these additional disclosure recipients: state and city governmental agencies, Non-Governmental Organizations (NGOs; e.g., American Red Cross), and hospitals that provide care to NDMS patients; and (6) adding one new routine use, pertaining to security breach response. Effective Dates: Effective 30 days after publication. Written comments should be submitted on or before the effective date. HHS/ASPR/OEM/NDMS may publish an amended System of Records Notice (SORN) in light of any comments received. DATES: PO 00000 Frm 00150 Fmt 4703 Sfmt 4703 The public should address written comments to: NDMS Director, National Disaster Medical System, 200 C Street SW., Washington, DC 20024. To review comments in person, please contact the Director NDMS, 200 C Street SW., Washington, DC 20024. FOR FURTHER INFORMATION CONTACT: CDR Sumner Bossler, NDMS Disaster Medical Information Suite (DMIS), IT Program Manager, ASPR/OEM/NDMS, 200 C Street SW., C1L07, Washington, DC 20024. sumner.bossler@hhs.gov. SUPPLEMENTARY INFORMATION: ADDRESSES: I. National Disaster Medical System (NDMS) Disaster Medical Information Suite (DMIS) This system was established pursuant to Section 2812 of the Public Health Service (PHS) Act (42 U.S.C. 300hh–11), as amended, and resides in HHS/ASPR/ OEM. Under section 2801 of the PHS Act, the HHS Secretary leads all Federal public health and medical response to public health emergencies and incidents covered by the National Response Framework, or any successor plan. The Secretary delegates to ASPR the leadership role for all health and medical services support functions in a health emergency or public health event, including National Special Security Events. In such events, ASPR E:\FR\FM\27DEN1.SGM 27DEN1 78960 Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices tkelley on DSK3SPTVN1PROD with NOTICES may deploy this system, Field Medical Station assets, and other HHS employees under the control of the Secretary and provide operational oversight over officers of the U.S. Public Health Service Commissioned Corps and other Federal public health and medical personnel. Under the National Response Framework, HHS is the lead agency for Emergency Support Function 8, Public Health and Medical. HHS uses this system to collect medical records and share them with the other Federal agencies and departments that share ESF 8 responsibilities with HHS. The ESF 8 agencies have shared statutory authority to collect and use medical information as needed to coordinate the following three key functions with Federal, state, local and private partners, to augment public health and medical activities of State and local governments in disaster or public health emergency situations: • Medical response—this function involves activation and deployment of Federal response teams comprised of medical and logistical personnel, to assess the health and medical needs of disaster victims and to provide physical and mental health care during a public health emergency, including National Special Security Events. • Patient evacuation—this function involves establishment of communications, transportation, patient tracking, and a medical regulating system to evacuate and move patients from a staging center near a disaster site to patient reception sites known as Federal Coordinating Centers (FCCs). The Department of Defense (DOD) and Veterans Administration (VA) have the prime responsibility for activating and managing the FCCs. In turn, upon receiving the patients, the FCCs have the authority to arrange for necessary referrals and admissions of evacuated patients. The information collected by the NDMS–DMIS system and the purposes for which the information is used and disclosed by HHS are described in more detail in the revised SORN that follows below. Because some of the revisions constitute significant changes, HHS provided adequate advance notice of the altered SORN to the Office of Management and Budget (OMB) and Congress as required by the Privacy Act at 5 U.S.C. 552a(r). II. The Privacy Act The Privacy Act (5 U.S.C. 552a) governs the means by which the U.S. Government collects, maintains, and uses information about individuals in a system of records. A ‘‘system of records’’ is a group of any records under VerDate Mar<15>2010 23:48 Dec 26, 2013 Jkt 232001 the control of a Federal agency from which information about an individual is retrieved by the individual’s name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a system of records notice (SORN) identifying and describing each system of records the agency maintains, including the purposes for which the agency uses information about individuals in the system, the routine uses for which the agency discloses such information outside the agency, and how individual record subjects can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them). SYSTEM NUMBER: 09–90–0040 SYSTEM NAME: National Disaster Medical System (NDMS) Disaster Medical Information Suite (DMIS). SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Paper records are stored at NDMS headquarters, 200 C. Street SW., Washington, DC 20024. The electronic database and server where information is entered and stored is maintained at the MAHC data center in Reston, Virginia. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Records in this system pertain to: • patients who are treated and evacuated by Federal public health and medical personnel, including NDMS and PHS teams, that are activated to respond to an emergency or other situation; and • owners of animals that are treated and evacuated by NDMS and PHS teams. Patients may include disaster workers/responders and others who are provided medical countermeasures; however, this SORN excludes patient treatment records for federal employeeworkers to the extent such records are covered under the Office of Personnel Management (OPM) SORN titled ‘‘Employee Medical File System Records’’ (OPM/GOVT–10). Patient records may include information about patients’ family members and nonmedical attendants, but only the patients—not their family members and non-medical attendants—are considered record subjects. CATEGORIES OF RECORDS IN THE SYSTEM: The system includes the following categories of records containing PO 00000 Frm 00151 Fmt 4703 Sfmt 4703 personally identifiable information about patients or owners of animals: CATEGORY A: Completed Patient Treatment Record that includes 1. Team/personnel identification record, for patients who are disaster workers/responders on NDMS teams or other Federal public health and medical teams. 2. Patient treatment record. a. Chart Number. b. Time and Date Patient seeks treatment. c. Triage Category and health status. d. Location where Patient is seen and transferred. e. Patient Identification: Name, Address, City, State, Zip, Date of Birth, Phone Number, Employment, Weight, Next of Kin. f. Complaints/Symptoms. g. Patient Acuity, health status, Vital Signs/Treatment Recommended and/or Prescribed, laboratory tests h. Reported Medications and allergies i. History of present illness and reported past medical history j. Digital Images of patient and nonmedical attendant for Identification k. Digital images, audio or video used for medical assessment l. Discharge—Time, Date, Disposition, Recommendations. 3. Patient Authorization—Requires Patient Signature in Front of Witness and Witness Verification through Signature. 4. Any potential attachments such as X-rays and laboratory reports showing test results. CATEGORY B: Completed Patient Tracking Record that includes 1. Patient Tracking Record. a. Patient Identification: Name, gender, and Address, City, State, Zip, Date of Birth, Phone Number, Employment, Weight, Next of Kin, unique ID. b. Attendant Identification: Name, gender, Address, City, State, Zip, Date of Birth, Phone Number, Next of Kin, email address, unique ID c. Triage Category and health status. d. Location where Patient is seen and transferred. e. Patient Acuity, health status f. Digital Images of patient and nonmedical attendant for Identification g. Discharge: Time, Date, Disposition CATEGORY C: Veterinarian Treatment Records on animals 1. Privacy Act Data such as the name, address and telephone contact E:\FR\FM\27DEN1.SGM 27DEN1 Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices information of owners of animals will be maintained to be associated with the animal patient. However, animal treatment records themselves are not subject to the Privacy Act protections. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: The PHS Act, primarily section 2812 (42 U.S.C. 300hh–11); Title VI of the Civil Rights Act of 1964 (42 U.S.C. 2000d et seq.); and Section 504 of the Rehabilitation Act of 1973 (29 U.S.C. 794). PURPOSES(S): NDMS staff and other relevant HHS personnel use personally identifiable information from this system, on a need to know basis, for the following purposes: • To document medical treatment rendered to patients, e.g., for use if questions of liability arise about the treatment or the subsequent condition of the patient while under the care of NDMS. • To conduct medical quality assurance reviews and establish a quality improvement process (QIP), by reviewing medical treatment on a specific deployment, spotting best practices and developing process improvements for future deployments. • For research projects related to the prevention of disease or disability as a result of a disaster and for situational awareness required for ASPR operations during disasters. • To provide HHS’ NDMS claims processing system with records needed to reimburse NDMS providers for their services. tkelley on DSK3SPTVN1PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a (b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to parties outside HHS as follows: 1. To Federal agencies that are ESF 8 partners, including but not limited to DHS, DoD, and the VA, or that participate in National Special Security Events; state and city governmental agencies; Non-Governmental Organizations such as the American Red Cross; and hospitals providing care to NDMS patients; which share responsibility with HHS for the medical treatment and movement of patients (including responders), decedents, and animals, for the purpose of discharging those responsibilities, including ensuring that patients treated receive the maximum level of health care possible. The medical and demographic VerDate Mar<15>2010 23:48 Dec 26, 2013 Jkt 232001 information collected during the treatment of a patient is shared with relevant partners to ensure that patients treated through NDMS–DMIS receive the appropriate level of health care. The health information disclosed among the partners is limited to what is needed for continuity of health care operations. 2. To a member of Congress or a Congressional staff member in response to an inquiry from the Congressional office made at the written request of the constituent about whom the record is maintained. 3. To the Department of Justice (DOJ), a court, or an adjudicatory body when the following situations arise: a. The agency or any component thereof, or b. Any employee of the agency whether in his/her official or individual capacity, where DOJ has agreed to represent the employee, or c. The United States government, is a party to litigation or has an interest in such litigation and, after careful review, the agency deems that the records requested are relevant and necessary to the litigation and that the use of such records by DOJ, the court or the adjudicatory body is compliant with the purposes for which the agency collected the records. 4. To contractors, consultants, grantees, or volunteers that have been engaged by HHS to assist in the performance of a service related to this collection and who have a need to have access to the records in order to perform the activity. 5. To assist another federal or state agency, or its fiscal agent: a. To establish the benefit entitlement of the patient. b. To establish the relationship between the existing state benefit and the benefit funded in whole or part with federal funds, such as the one associated with the NDMS definitive care. c. To collaborate with the state and state agencies on behalf of family members regarding the current location and placement of their evacuated family member or patient population. 6. To family members of a patient, to provide them with information about the location or the status of the patient. Disclosure of a patient’s location or status is not permitted when there is a reasonable belief that disclosing such information could endanger the life, safety, health, or well-being of the patient. 7. To appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting HHS’s efforts to respond to a suspected or confirmed breach of the security or confidentiality PO 00000 Frm 00152 Fmt 4703 Sfmt 4703 78961 of information maintained in this system of records, provided the information disclosed is relevant and necessary for that assistance. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM— STORAGE: Records are stored in paper files kept at NDMS headquarters and in an electronic database housed in Reston, Virginia. RETRIEVABILITY: Records are organized by event, location, and date of treatment. Data are retrieved by name and other demographic information provided by the patient (or for veterinary records, by animal owner), as well as by location of treatment, diagnosis, and other data fields within the database. SAFEGUARDS: Information in this system is safeguarded in accordance with applicable laws, rules and policies, including the HHS Information Technology Security Program Handbook, all pertinent National Institutes of Standards and Technology publications and OMB Circular A–130, Management of Federal Resources. Records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. These safeguards include restricting access to authorized personnel who have need-toknow, using physical locks in the office environment, and the process of authentication using user IDs and passwords function as identification protection features. HHS file areas are locked after normal duty hours and the facilities are protected from the outside by security personnel. Personnel with authorized access to the system have been trained in the Privacy Act and information security requirements for both paper copies and electronically stored information. RETENTION AND DISPOSAL: Records are retained in accordance with records disposition schedule N1– 468–07–1, approved by the National Archives and Records Administration (NARA) for the Office of Public Health and Emergency Preparedness (OPHEP); the Pandemic and All Hazards Preparedness Act (Pub. L. 109–417) established the ASPR to serve in a similar capacity as OPHEP for medical disaster response. Schedule N1–486– 08–1 covers Patient Care Forms or other Medical Records regulated under the Health Insurance Portability and E:\FR\FM\27DEN1.SGM 27DEN1 78962 Federal Register / Vol. 78, No. 249 / Friday, December 27, 2013 / Notices Accountability Act (HIPAA), created by the Federal Medical Station(s) or by any component of HHS/ASPR during a response to an event while caring for victims of that event, and provides the following disposition authority: Cutoff is at the end of the response activity by the Federal Medical Station(s) for a particular event. Retire to the Washington National Records Center 2 years after cutoff. Destroy 75 years after cutoff. Cutoff refers to breaking, or ending files at regular intervals, usually at the close of a fiscal or calendar year, to permit their disposal or transfer in complete blocks and, in this case, cutoff is at the end of the response activity. The cutoff date marks the beginning of the records retention period. Veterinarian treatment records pertaining to animals and their owners are not included in the above schedule, and cannot be destroyed until NARA approves a disposition schedule for them. RECORD SOURCE CATEGORIES: Information in patient treatment and tracking records is obtained directly from the patients and from medical or clinical personnel treating or evacuating the patients or accessing their personal health records (PHR). In the case of minors or other patients who are unable to explain symptoms, information may be obtained from a parent or guardian, or other family members or individuals attending. Information in veterinarian treatment records about owners of animals is obtained from NDMS veterinary personnel and/or the owners or caretakers of the animals. SYSTEM EXEMPTED FROM CERTAIN PROVISION OF THE PRIVACY ACT: None. Dated: December 6, 2013. Nicole Lurie, Assistant Secretary for Preparedness and Response. [FR Doc. 2013–31118 Filed 12–26–13; 8:45 am] BILLING CODE 4150–37–P SYSTEM MANAGER AND ADDRESS: NDMS Director, 200 C. Street SW., Washington, DC 20024. DEPARTMENT OF HEALTH AND HUMAN SERVICES NOTIFICATION PROCEDURE: Centers for Disease Control and Prevention (CDC) Individuals seeking to know if this system contains records about them must submit a written request to the System Manager at the above mailing address, clearly marked as a ‘‘Privacy Act Request’’ on the envelope and letter (see, generally, HHS Privacy Act regulations found at 45 CFR Part 5b). Requests pertaining to patients should include the full name of the patient, appropriate verification of identity, current address of the patient and the name of the requester, appropriate verification of identity, current address of the requester, and the nature of the record sought, as required by HHS Privacy Act regulations at 45 CFR 5b.5. Requests pertaining to owners of animals should include the full name of the owner and the animal, appropriate verification of identity, current address of the requester, and the nature of the record sought, as required by HHS Privacy Act regulations at 45 CFR 5b.5 RECORD ACCESS PROCEDURES: Same as the notification procedure above. tkelley on DSK3SPTVN1PROD with NOTICES CONTESTING RECORD PROCEDURES: Same as the notification procedure above; the request should also clearly and concisely describe the information contested, the reasons for contesting it, and the proposed amendment sought, pursuant to HHS Privacy Act regulations at 45 CFR 5b.7. VerDate Mar<15>2010 23:48 Dec 26, 2013 Jkt 232001 [CDC–2013–0025, Docket Number NIOSH– 266] Criteria for a Recommended Standard; Occupational Exposure to Heat and Hot Environments; Draft Criteria Document Availability National Institute for Occupational Safety and Health (NIOSH) of the Centers for Disease Control and Prevention (CDC), Department of Health and Human Services (HHS). ACTION: Notice of draft document for public comment and public meeting. AGENCY: The National Institute for Occupational Safety and Health of the Centers for Disease Control and Prevention announces the availability of a draft Criteria Document entitled Criteria for a Recommended Standard: Occupational Exposure to Heat and Hot Environments for public comment. To view the notice and related materials, visit http://www.regulations.gov and enter CDC–2013–0025 in the search field and click ‘‘Search.’’ Comments may be provided to the NIOSH docket, as well as given orally at the meeting. DATES: Public comment period: Comments must be received by February 25, 2014. Public Meeting Time and Date: February 13, 2014, 9 a.m.–4 p.m., SUMMARY: PO 00000 Frm 00153 Fmt 4703 Sfmt 4703 Eastern Time. Please note that public comments may end before the time indicated, following the last call for comments. Members of the public who wish to provide public comments should plan to attend the meeting at the start time listed. Place: Robert A. Taft Laboratories, 4676 Columbia Pkwy., Cincinnati, OH 45226. Room: Taft Auditorium. Status: The meeting is open to the public, limited only by the space available. The meeting space accommodates approximately 100 people. In addition, there will be an audio teleconference line for those who cannot attend in person. There is no registration fee to attend this public meeting. However, those wishing to attend are encouraged to register by February 5, 2014 with the NIOSH Docket Office at 513/533–8611 or email nioshdocket@cdc.gov. Security Considerations: Due to mandatory security clearance procedures at the Robert A. Taft Laboratories, in-person attendees must present valid government-issued picture identification to security personnel upon entering the building and go through an airport-type security check. Non-U.S. Citizens: Because of CDC Security Regulations, any non-U.S. citizen wishing to attend this meeting must provide the following information in writing to the NIOSH Docket Officer at the address below no later than January 13, 2014 to allow time for mandatory CDC facility security clearance procedures to be completed. 1. Name: 2. Gender: 3. Date of Birth: 4. Place of Birth (city, province, state, country): 5. Citizenship: 6. Passport Number: 7. Date of Passport Issue: 8. Date of Passport Expiration: 9. Type of Visa: 10. U.S. Naturalization Number (if a naturalized citizen): 11. U.S. Naturalization Date (if a naturalized citizen): 12. Visitor’s Organization: 13. Organization Address: 14. Organization Telephone Number: 15. Visitor’s Position/Title within the Organization: This information will be transmitted to the CDC Security Office for approval. Visitors will be notified as soon as approval has been obtained. Non-U.S. citizens are encouraged to participate in the audio conferencing due to the extra clearance involved with in-person attendance. Attendee and Speaker Registration: Attendees are encouraged to sign up by E:\FR\FM\27DEN1.SGM 27DEN1

Agencies

[Federal Register Volume 78, Number 249 (Friday, December 27, 2013)]
[Notices]
[Pages 78959-78962]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-31118]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES


Privacy Act of 1974; System of Records Notice

AGENCY: National Disaster Medical System (NDMS), Office of Emergency 
Management (OEM), Office of the Assistant Secretary for Preparedness 
and Response (ASPR), Department of Health and Human Services (HHS).

ACTION: Notice to revise an existing system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended (5 U.S.C. 552a), HHS is altering an existing system of 
records, ``National Disaster Medical System (NDMS) Patient Treatment 
and Tracking,'' system number 09-90-0040. The system of records was 
originally published June 26, 2007 (see 72 FR 35052) and previously 
revised March 27, 2008 (see 73 FR 16307). The alterations include: (1) 
Changing the system name to ``National Disaster Medical System (NDMS) 
Disaster Medical Information Suite (DMIS);'' (2) revising the 
categories of individuals to reflect that patients may include disaster 
workers and others who are provided medical countermeasures; (3) 
dividing the records into three categories (patient treatment, patient 
tracking, and veterinarian treatment) instead of two (patient treatment 
and veterinarian treatment); (4) adding, as a purpose for which 
information from this system is used, that the system provides HHS' 
NDMS claims processing system with records needed to reimburse NDMS 
providers for their services; (5) revising the first routine use to 
include these additional disclosure recipients: state and city 
governmental agencies, Non-Governmental Organizations (NGOs; e.g., 
American Red Cross), and hospitals that provide care to NDMS patients; 
and (6) adding one new routine use, pertaining to security breach 
response.

DATES: Effective Dates: Effective 30 days after publication. Written 
comments should be submitted on or before the effective date. HHS/ASPR/
OEM/NDMS may publish an amended System of Records Notice (SORN) in 
light of any comments received.

ADDRESSES: The public should address written comments to: NDMS 
Director, National Disaster Medical System, 200 C Street SW., 
Washington, DC 20024. To review comments in person, please contact the 
Director NDMS, 200 C Street SW., Washington, DC 20024.

FOR FURTHER INFORMATION CONTACT: CDR Sumner Bossler, NDMS Disaster 
Medical Information Suite (DMIS), IT Program Manager, ASPR/OEM/NDMS, 
200 C Street SW., C1L07, Washington, DC 20024. sumner.bossler@hhs.gov.

SUPPLEMENTARY INFORMATION:

I. National Disaster Medical System (NDMS) Disaster Medical Information 
Suite (DMIS)

    This system was established pursuant to Section 2812 of the Public 
Health Service (PHS) Act (42 U.S.C. 300hh-11), as amended, and resides 
in HHS/ASPR/OEM. Under section 2801 of the PHS Act, the HHS Secretary 
leads all Federal public health and medical response to public health 
emergencies and incidents covered by the National Response Framework, 
or any successor plan. The Secretary delegates to ASPR the leadership 
role for all health and medical services support functions in a health 
emergency or public health event, including National Special Security 
Events. In such events, ASPR

[[Page 78960]]

may deploy this system, Field Medical Station assets, and other HHS 
employees under the control of the Secretary and provide operational 
oversight over officers of the U.S. Public Health Service Commissioned 
Corps and other Federal public health and medical personnel. Under the 
National Response Framework, HHS is the lead agency for Emergency 
Support Function 8, Public Health and Medical. HHS uses this system to 
collect medical records and share them with the other Federal agencies 
and departments that share ESF 8 responsibilities with HHS. The ESF 8 
agencies have shared statutory authority to collect and use medical 
information as needed to coordinate the following three key functions 
with Federal, state, local and private partners, to augment public 
health and medical activities of State and local governments in 
disaster or public health emergency situations:
     Medical response--this function involves activation and 
deployment of Federal response teams comprised of medical and 
logistical personnel, to assess the health and medical needs of 
disaster victims and to provide physical and mental health care during 
a public health emergency, including National Special Security Events.
     Patient evacuation--this function involves establishment 
of communications, transportation, patient tracking, and a medical 
regulating system to evacuate and move patients from a staging center 
near a disaster site to patient reception sites known as Federal 
Coordinating Centers (FCCs). The Department of Defense (DOD) and 
Veterans Administration (VA) have the prime responsibility for 
activating and managing the FCCs. In turn, upon receiving the patients, 
the FCCs have the authority to arrange for necessary referrals and 
admissions of evacuated patients.
    The information collected by the NDMS-DMIS system and the purposes 
for which the information is used and disclosed by HHS are described in 
more detail in the revised SORN that follows below. Because some of the 
revisions constitute significant changes, HHS provided adequate advance 
notice of the altered SORN to the Office of Management and Budget (OMB) 
and Congress as required by the Privacy Act at 5 U.S.C. 552a(r).

II. The Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the U.S. 
Government collects, maintains, and uses information about individuals 
in a system of records. A ``system of records'' is a group of any 
records under the control of a Federal agency from which information 
about an individual is retrieved by the individual's name or other 
personal identifier. The Privacy Act requires each agency to publish in 
the Federal Register a system of records notice (SORN) identifying and 
describing each system of records the agency maintains, including the 
purposes for which the agency uses information about individuals in the 
system, the routine uses for which the agency discloses such 
information outside the agency, and how individual record subjects can 
exercise their rights under the Privacy Act (e.g., to determine if the 
system contains information about them).

System Number:
    09-90-0040

System name:
    National Disaster Medical System (NDMS) Disaster Medical 
Information Suite (DMIS).

Security classification:
    Unclassified.

System location:
    Paper records are stored at NDMS headquarters, 200 C. Street SW., 
Washington, DC 20024. The electronic database and server where 
information is entered and stored is maintained at the MAHC data center 
in Reston, Virginia.

Categories of individuals covered by the system:
    Records in this system pertain to:
     patients who are treated and evacuated by Federal public 
health and medical personnel, including NDMS and PHS teams, that are 
activated to respond to an emergency or other situation; and
     owners of animals that are treated and evacuated by NDMS 
and PHS teams.
    Patients may include disaster workers/responders and others who are 
provided medical countermeasures; however, this SORN excludes patient 
treatment records for federal employee-workers to the extent such 
records are covered under the Office of Personnel Management (OPM) SORN 
titled ``Employee Medical File System Records'' (OPM/GOVT-10). Patient 
records may include information about patients' family members and non-
medical attendants, but only the patients--not their family members and 
non-medical attendants--are considered record subjects.

Categories of records in the system:
    The system includes the following categories of records containing 
personally identifiable information about patients or owners of 
animals:

Category A:
    Completed Patient Treatment Record that includes
    1. Team/personnel identification record, for patients who are 
disaster workers/responders on NDMS teams or other Federal public 
health and medical teams.
    2. Patient treatment record.
    a. Chart Number.
    b. Time and Date Patient seeks treatment.
    c. Triage Category and health status.
    d. Location where Patient is seen and transferred.
    e. Patient Identification: Name, Address, City, State, Zip, Date of 
Birth, Phone Number, Employment, Weight, Next of Kin.
    f. Complaints/Symptoms.
    g. Patient Acuity, health status, Vital Signs/Treatment Recommended 
and/or Prescribed, laboratory tests
    h. Reported Medications and allergies
    i. History of present illness and reported past medical history
    j. Digital Images of patient and non-medical attendant for 
Identification
    k. Digital images, audio or video used for medical assessment
    l. Discharge--Time, Date, Disposition, Recommendations.
    3. Patient Authorization--Requires Patient Signature in Front of 
Witness and Witness Verification through Signature.
    4. Any potential attachments such as X-rays and laboratory reports 
showing test results.

Category B:
    Completed Patient Tracking Record that includes
    1. Patient Tracking Record.
    a. Patient Identification: Name, gender, and Address, City, State, 
Zip, Date of Birth, Phone Number, Employment, Weight, Next of Kin, 
unique ID.
    b. Attendant Identification: Name, gender, Address, City, State, 
Zip, Date of Birth, Phone Number, Next of Kin, email address, unique ID
    c. Triage Category and health status.
    d. Location where Patient is seen and transferred.
    e. Patient Acuity, health status
    f. Digital Images of patient and non-medical attendant for 
Identification
    g. Discharge: Time, Date, Disposition

Category C:
    Veterinarian Treatment Records on animals
    1. Privacy Act Data such as the name, address and telephone contact

[[Page 78961]]

information of owners of animals will be maintained to be associated 
with the animal patient. However, animal treatment records themselves 
are not subject to the Privacy Act protections.

Authority for maintenance of the system:
    The PHS Act, primarily section 2812 (42 U.S.C. 300hh-11); Title VI 
of the Civil Rights Act of 1964 (42 U.S.C. 2000d et seq.); and Section 
504 of the Rehabilitation Act of 1973 (29 U.S.C. 794).

Purposes(s):
    NDMS staff and other relevant HHS personnel use personally 
identifiable information from this system, on a need to know basis, for 
the following purposes:
     To document medical treatment rendered to patients, e.g., 
for use if questions of liability arise about the treatment or the 
subsequent condition of the patient while under the care of NDMS.
     To conduct medical quality assurance reviews and establish 
a quality improvement process (QIP), by reviewing medical treatment on 
a specific deployment, spotting best practices and developing process 
improvements for future deployments.
     For research projects related to the prevention of disease 
or disability as a result of a disaster and for situational awareness 
required for ASPR operations during disasters.
     To provide HHS' NDMS claims processing system with records 
needed to reimburse NDMS providers for their services.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a (b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to parties 
outside HHS as follows:
    1. To Federal agencies that are ESF 8 partners, including but not 
limited to DHS, DoD, and the VA, or that participate in National 
Special Security Events; state and city governmental agencies; Non-
Governmental Organizations such as the American Red Cross; and 
hospitals providing care to NDMS patients; which share responsibility 
with HHS for the medical treatment and movement of patients (including 
responders), decedents, and animals, for the purpose of discharging 
those responsibilities, including ensuring that patients treated 
receive the maximum level of health care possible. The medical and 
demographic information collected during the treatment of a patient is 
shared with relevant partners to ensure that patients treated through 
NDMS-DMIS receive the appropriate level of health care. The health 
information disclosed among the partners is limited to what is needed 
for continuity of health care operations.
    2. To a member of Congress or a Congressional staff member in 
response to an inquiry from the Congressional office made at the 
written request of the constituent about whom the record is maintained.
    3. To the Department of Justice (DOJ), a court, or an adjudicatory 
body when the following situations arise:
    a. The agency or any component thereof, or
    b. Any employee of the agency whether in his/her official or 
individual capacity, where DOJ has agreed to represent the employee, or
    c. The United States government, is a party to litigation or has an 
interest in such litigation and, after careful review, the agency deems 
that the records requested are relevant and necessary to the litigation 
and that the use of such records by DOJ, the court or the adjudicatory 
body is compliant with the purposes for which the agency collected the 
records.
    4. To contractors, consultants, grantees, or volunteers that have 
been engaged by HHS to assist in the performance of a service related 
to this collection and who have a need to have access to the records in 
order to perform the activity.
    5. To assist another federal or state agency, or its fiscal agent:
    a. To establish the benefit entitlement of the patient.
    b. To establish the relationship between the existing state benefit 
and the benefit funded in whole or part with federal funds, such as the 
one associated with the NDMS definitive care.
    c. To collaborate with the state and state agencies on behalf of 
family members regarding the current location and placement of their 
evacuated family member or patient population.
    6. To family members of a patient, to provide them with information 
about the location or the status of the patient. Disclosure of a 
patient's location or status is not permitted when there is a 
reasonable belief that disclosing such information could endanger the 
life, safety, health, or well-being of the patient.
    7. To appropriate Federal agencies and Department contractors that 
have a need to know the information for the purpose of assisting HHS's 
efforts to respond to a suspected or confirmed breach of the security 
or confidentiality of information maintained in this system of records, 
provided the information disclosed is relevant and necessary for that 
assistance.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system--
Storage:
    Records are stored in paper files kept at NDMS headquarters and in 
an electronic database housed in Reston, Virginia.

Retrievability:
    Records are organized by event, location, and date of treatment. 
Data are retrieved by name and other demographic information provided 
by the patient (or for veterinary records, by animal owner), as well as 
by location of treatment, diagnosis, and other data fields within the 
database.

Safeguards:
    Information in this system is safeguarded in accordance with 
applicable laws, rules and policies, including the HHS Information 
Technology Security Program Handbook, all pertinent National Institutes 
of Standards and Technology publications and OMB Circular A-130, 
Management of Federal Resources. Records are protected from 
unauthorized access through appropriate administrative, physical, and 
technical safeguards. These safeguards include restricting access to 
authorized personnel who have need-to-know, using physical locks in the 
office environment, and the process of authentication using user IDs 
and passwords function as identification protection features. HHS file 
areas are locked after normal duty hours and the facilities are 
protected from the outside by security personnel. Personnel with 
authorized access to the system have been trained in the Privacy Act 
and information security requirements for both paper copies and 
electronically stored information.

Retention and Disposal:
    Records are retained in accordance with records disposition 
schedule N1-468-07-1, approved by the National Archives and Records 
Administration (NARA) for the Office of Public Health and Emergency 
Preparedness (OPHEP); the Pandemic and All Hazards Preparedness Act 
(Pub. L. 109-417) established the ASPR to serve in a similar capacity 
as OPHEP for medical disaster response. Schedule N1-486-08-1 covers 
Patient Care Forms or other Medical Records regulated under the Health 
Insurance Portability and

[[Page 78962]]

Accountability Act (HIPAA), created by the Federal Medical Station(s) 
or by any component of HHS/ASPR during a response to an event while 
caring for victims of that event, and provides the following 
disposition authority:
    Cutoff is at the end of the response activity by the Federal 
Medical Station(s) for a particular event. Retire to the Washington 
National Records Center 2 years after cutoff. Destroy 75 years after 
cutoff.
    Cutoff refers to breaking, or ending files at regular intervals, 
usually at the close of a fiscal or calendar year, to permit their 
disposal or transfer in complete blocks and, in this case, cutoff is at 
the end of the response activity. The cutoff date marks the beginning 
of the records retention period. Veterinarian treatment records 
pertaining to animals and their owners are not included in the above 
schedule, and cannot be destroyed until NARA approves a disposition 
schedule for them.

System manager and address:
    NDMS Director, 200 C. Street SW., Washington, DC 20024.

Notification procedure:
    Individuals seeking to know if this system contains records about 
them must submit a written request to the System Manager at the above 
mailing address, clearly marked as a ``Privacy Act Request'' on the 
envelope and letter (see, generally, HHS Privacy Act regulations found 
at 45 CFR Part 5b). Requests pertaining to patients should include the 
full name of the patient, appropriate verification of identity, current 
address of the patient and the name of the requester, appropriate 
verification of identity, current address of the requester, and the 
nature of the record sought, as required by HHS Privacy Act regulations 
at 45 CFR 5b.5. Requests pertaining to owners of animals should include 
the full name of the owner and the animal, appropriate verification of 
identity, current address of the requester, and the nature of the 
record sought, as required by HHS Privacy Act regulations at 45 CFR 
5b.5

Record access procedures:
    Same as the notification procedure above.

Contesting record procedures:
    Same as the notification procedure above; the request should also 
clearly and concisely describe the information contested, the reasons 
for contesting it, and the proposed amendment sought, pursuant to HHS 
Privacy Act regulations at 45 CFR 5b.7.

Record source categories:
    Information in patient treatment and tracking records is obtained 
directly from the patients and from medical or clinical personnel 
treating or evacuating the patients or accessing their personal health 
records (PHR). In the case of minors or other patients who are unable 
to explain symptoms, information may be obtained from a parent or 
guardian, or other family members or individuals attending. Information 
in veterinarian treatment records about owners of animals is obtained 
from NDMS veterinary personnel and/or the owners or caretakers of the 
animals.

System exempted from certain provision of the Privacy Act:
    None.

    Dated: December 6, 2013.
Nicole Lurie,
Assistant Secretary for Preparedness and Response.
[FR Doc. 2013-31118 Filed 12-26-13; 8:45 am]
BILLING CODE 4150-37-P