Privacy Act of 1974; System of Records Notice, 17463-17467 [2016-07060]
Download as PDF
<![CDATA[
Federal Register / Vol. 81, No. 60 / Tuesday, March 29, 2016 / Notices
Dated: March 23, 2016.
Leslie Kux,
Associate Commissioner for Policy.
[FR Doc. 2016–07012 Filed 3–28–16; 8:45 am]
BILLING CODE 4164–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of the Secretary
Privacy Act of 1974; System of
Records Notice
AGENCY:
Assistant Secretary for Public
Affairs (ASPA), Office of the Secretary
(OS), Department of Health and Human
Services (HHS).
ACTION: Notice of an altered system of
records.
mstockstill on DSK4VPTVN1PROD with NOTICES
SUMMARY:
In accordance with the
requirements of the Privacy Act of 1974,
as amended (5 U.S.C. 552a), HHS is
updating a department-wide system of
records, System No. 09–90–0058,
currently titled ‘‘Freedom of
Information Case Files and
Correspondence Control Log, HHS/OS/
ASPA/FOIA.’’ This system of records
was established prior to 1979 (see 44 FR
58144) and was previously revised in
1989 and 1994 (see 54 FR 41684 and 59
FR 55845). Due to the length of time
since the last revision, the updates
published in this Notice affect most
sections of the System of Records Notice
(SORN). The updates include changing
the system name to ‘‘Tracking Records
and Case Files for FOIA and Privacy Act
Requests and Appeals;’’ expanding the
scope of the system to include tracking
records and case files pertaining to not
only FOIA and Privacy Act requests
processed in agency FOIA offices, but
Privacy Act requests and appeals
handled by System Managers for
Privacy Act systems and related privacy
personnel, when those records are
retrieved by personal identifier; adding
several new routine uses; and clarifying
that some of the records in this system
of records may be exempt from certain
Privacy Act requirements. The updates
are more fully explained in the
SUPPLEMENTARY INFORMATION section of
this Notice.
DATES: This Notice is effective on
publication, with the exception of the
new and revised routine uses. The new
and revised routine uses will be
effective 30 days after publication of
this Notice, unless comments are
received that warrant a revision to this
Notice. Written comments on the
routine uses should be submitted within
30 days. Until the new and revised
routine uses are effective, the routine
VerDate Sep<11>2014
19:43 Mar 28, 2016
Jkt 238001
uses previously published for the
system will remain in effect.
ADDRESSES: You may submit comments
to Beth Kramer, HHS Privacy Act
Officer, FOIA/PA Division, by email to:
HHS.ACFO@hhs.gov.
FOR FURTHER INFORMATION CONTACT: Beth
Kramer, HHS Privacy Act Officer, FOIA/
PA Division, Hubert H. Humphrey
Building—Suite 729H, 200
Independence Avenue SW.,
Washington, DC 20201. Ms. Kramer can
also be reached by telephone at 202–
690–7453.
SUPPLEMENTARY INFORMATION:
I. Explanation of Revisions to System
No. 09–90–0058
The revised System of Records Notice
(SORN) published in this Notice for
System No. 09–90–0058 includes the
following significant changes, in
addition to minor wording changes
throughout:
• The system name and scope have
been revised to cover not only tracking
records and case files used by HHS
Freedom of Information Act (FOIA)
offices to process FOIA and Privacy Act
requests and appeals (which typically
involve only ‘‘access’’ to agency
records), but tracking records and case
files used by System Managers of
Privacy Act systems and related privacy
personnel to process any type of Privacy
Act request or appeal (e.g., seeking
access, notification, correction and
amendment, or an accounting of
disclosures), when those tracking
records and case files are retrieved by
personal identifier.
• The Categories of Individuals
section has been revised to omit
organizations (because the Privacy Act
applies only to individuals, not
entities), but not to add any additional
categories of individuals besides
individual FOIA and Privacy Act
requesters and appellants. The result is
that only an individual FOIA or Privacy
Act requester or appellant may make a
Privacy Act request under this SORN for
access to, correction of, notification as
to, or an accounting of disclosures with
respect to tracking records and/or case
files used by HHS to process a FOIA
and/or Privacy Act request in which
that individual was the requester or
appellant. Further, because agency
records processed in response to a thirdparty FOIA request are not about the
requester or appellant, a provision has
been added to make clear that Privacy
Act rights are afforded to an individual
requester or appellant only to the extent
that the information in the tracking
record and case file retrieved by that
individual’s identifier is, in fact, about
PO 00000
Frm 00039
Fmt 4703
Sfmt 4703
17463
that individual requester or appellant.
The intent is to include in the
Categories of Individuals section only
individual requesters and appellants
(not, for example, individual
representatives who requested records
under FOIA on behalf of an entity).
Æ Note: Privacy Act case files and
tracking records are about individual
requesters and appellants only, because
Privacy Act requests can only be made
by an individual record subject
personally, not by a third party or
through a representative (unless the
representative is the parent of or courtappointed guardian for a minor or
legally-declared incompetent who is the
record subject). The agency’s position is
that FOIA case files and tracking
records, likewise, are about requesters
and appellants only, not other
individuals who may be identified in
the agency records sought by FOIA
requesters and appellants. This is
because HHS’ FOIA case files and
tracking records are not keyed or
indexed to individuals mentioned in
records requested under FOIA, but are
keyed to requesters and appellants, and
because the purpose for which records
are processed under FOIA is to release
information about the agency (not to
release information about individuals
mentioned in the records to third party
FOIA requesters, except as required to
shed light on conduct of the agency).
• The Categories of Records section
has been rewritten, to reflect two
distinct categories (tracking records and
case files); to describe the contents in
more detail; to clarify that any classified
records responsive to a FOIA request or
appeal are considered part of the case
file for that request or appeal, even if the
classified records must be maintained in
a security office instead of in the FOIA
office; and to specifically exclude
related categories of records covered by
other SORNs, to avoid duplicating other
systems of records.
• The Purposes section has been
rewritten to provide a broader
description of uses and users of the
records within HHS. (The prior
description mentioned only ‘‘FOIA
correspondence and processing,’’
‘‘Freedom of Information staff,’’ and
‘‘appeals officials and members of the
Office of General Counsel.’’)
• An existing routine use authorizing
disclosures to contractors (routine use 2)
has been revised to be more accurate in
reflecting the broad purposes for which
contractors may be engaged to assist
HHS and require access to records in the
system. (The former description was
limited to ‘‘collating, aggregating,
analyzing, or otherwise refining records
in this system.’’)
E:\FR\FM\29MRN1.SGM
29MRN1
17464
Federal Register / Vol. 81, No. 60 / Tuesday, March 29, 2016 / Notices
• Four new routine uses have been
added (see routine uses 6 through 9).
• The System Locations and System
Manager sections have been updated
with current information and expanded
to be consistent with the scope of the
system.
• The Policies and Practices section
has been revised. Specifically, the
Storage and Safeguards descriptions
have been revised to reflect that any of
the records (not just tracking records)
may be maintained electronically, and
to include safeguards applicable to
classified records. The Retention
description has been updated to refer to
new General Records Schedule (GRS)
4.2, issued August 2015 (superseding
GRS 14).
• The Exemptions section has been
changed from stating ‘‘none’’ to
including an explanation that certain
records in this system may be exempt if
they are from other Privacy Act systems
that have promulgated exemptions.
Because the revised SORN includes
significant changes, a report on the
altered system has been sent to Congress
and OMB in accordance with 5 U.S.C.
552a(r).
mstockstill on DSK4VPTVN1PROD with NOTICES
II. Background on the Privacy Act
Requirement To Publish a System of
Records Notice
The Privacy Act governs the means by
which the U.S. Government collects,
maintains, and uses information about
individuals in a system of records. A
‘‘system of records’’ is a group of any
records under the control of a federal
agency from which records about
individuals are retrieved by the
individuals’ names or other personal
identifiers. While FOIA entitles any
person to seek access to agency records,
an individual has a right of access under
the Privacy Act, in addition to FOIA,
with respect to agency records about
him that are maintained in a Privacy Act
system of records. The Privacy Act
requires each agency to publish in the
Federal Register a system of records
notice (SORN) identifying and
describing each system of records the
agency maintains, including the
purposes for which the agency uses
information about individuals in the
system, the routine uses for which the
agency discloses such information to
parties outside the agency, and how an
individual record subject can exercise
his rights under the Privacy Act (e.g., to
request notification of whether the
system contains records about him, or to
request access to or correction or
amendment of his records).
VerDate Sep<11>2014
19:43 Mar 28, 2016
Jkt 238001
SYSTEM NUMBER:
09–90–0058
SYSTEM NAME:
Tracking Records and Case Files for
FOIA and Privacy Act Requests and
Appeals.
SECURITY CLASSIFICATION:
Classified and Unclassified.
SYSTEM LOCATIONS:
Physical locations for the case files
and tracking records covered by this
SORN include:
• The HHS Freedom of Information/
Privacy Acts Division within the Office
of the Assistant Secretary for Public
Affairs (ASPA) in Washington, DC;
• HHS FOIA Requester Service
Centers in Washington, DC; Baltimore,
MD; Bethesda, MD; Research Triangle,
NC; Rockville, MD; and Atlanta, GA;
• Any contractor locations that
support FOIA and/or Privacy Act
request processing (for example, the
Centers for Medicare & Medicaid
Services (CMS) uses contractors located
near its Regional Offices in Boston, MA;
New York, NY; Philadelphia, PA;
Atlanta, GA; Chicago, IL; Dallas, TX;
Kansas City, MO; Denver, CO; San
Francisco, CA; and Seattle, WA);
• Server locations for electronic
systems used by HHS FOIA offices,
System Managers, and/or related
privacy personnel (for example, server
locations for agency-developed FOIA
systems include Bethesda, MD for the
system used by National Institutes of
Health; White Oak, MD and Ashburn,
VA for the system used by the Food and
Drug Administration; and Baltimore,
MD for the system used by CMS and
PSC; locations for commercial off-theshelf FOIA systems include
Gaithersburg, MD for FOIAXpress and
Washington, DC for the Request
Management System);
• Security office locations where
classified records responsive to FOIA
and Privacy Act requests may be stored,
including the Office of Security and
Strategic Information (OSSI) in
Washington, DC; and
• System Manager locations
identified in each SORN posted at
https://www.hhs.gov/foia/privacy/
sorns.html, where any tracking records
and case files used by System Managers
and related privacy personnel to process
Privacy Act requests and appeals would
be maintained.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The records in this system of records
pertain to individual FOIA and Privacy
Act requesters and appellants only.
Individual FOIA and Privacy Act
requesters and appellants include:
PO 00000
Frm 00040
Fmt 4703
Sfmt 4703
• Any individual who the agency
treated as the requester or appellant for
an access request or appeal that was
received in or referred to a HHS FOIA
office for processing under FOIA (and
under the Privacy Act, if applicable),
excluding individual representatives
who requested records under FOIA on
behalf of an entity; and
• Any individual who made any type
of Privacy Act request or appeal that
was received by or referred to the
System Manager (or related privacy
personnel) for the relevant HHS Privacy
Act system of records for handling—but
only if the System Manager’s (or related
privacy personnel’s) Privacy Act
tracking records and case files are
retrieved by requester or appellant
identifier.
For a FOIA request or appeal
involving non-Privacy Act records, the
individual treated as the requester or
appellant may have made the FOIA
request or appeal personally, through a
representative, or as a representative for
another individual. For a Privacy Act
request or appeal, the individual
requester or appellant may have made
the request or appeal personally, or as
the parent of or court-appointed
guardian for a minor or legally-declared
incompetent who is the subject of the
records, or with the prior, written
consent of the record subject. When any
of the aforementioned individual
requesters or appellants seeks to
exercise Privacy Act rights under this
SORN with respect to the tracking
record and case file pertaining to his or
her FOIA or Privacy Act request or
appeal, the information in the tracking
record and case file must be about him,
as required by 5 U.S.C. 552a(a)(4) (i.e.,
not merely be retrieved by his
identifier), for the individual to be
afforded Privacy Act rights with respect
to those records.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records consist of tracking records
and case files for FOIA and Privacy Act
requests and appeals made by
individuals. This system of records
excludes tracking records and case files
for FOIA requests and appeals made by
or on behalf of entities.
Tracking records typically include the
requester/appellant’s name and contact
information, case tracking number, date
of request or appeal, a brief description
of the request or appeal, processing
status, and response date or appeal
decision date. A tracking record for a
FOIA request may include additional
information, such as the requester’s fee
category and whether expedited
processing or a fee waiver or reduction
was sought and was granted or denied.
E:\FR\FM\29MRN1.SGM
29MRN1
mstockstill on DSK4VPTVN1PROD with NOTICES
Federal Register / Vol. 81, No. 60 / Tuesday, March 29, 2016 / Notices
A case file typically includes a copy
of the request and any appeal, which
would include the requester/appellant’s
name; contact information; a description
of the records that were the subject of
the access, correction, or other request;
issues raised on appeal; copies of any
documents included with the request or
appeal; the case tracking number; the
agency’s response letter and any appeal
decision letter; copies of records
responsive to the request;
correspondence about the request or
appeal with the requester and with
other involved parties and agencies; and
any fee-related information. A case file
also may include identity verification
documents and information (such as
photocopies of the requester’s driver’s
license, passport, alien or voter
registration card, or union card;
identifying particulars about the records
sought, such as an account number; or
a statement certifying that the requester
is the individual who he or she claims
to be) if the case file pertains to a firstparty request; a consent form signed by
an individual record subject,
authorizing HHS to provide records
about that individual to a third party;
and photocopies of documents
establishing a parent, guardian, or other
legal relationship (such as a court order
or birth certificate) if the request or
appeal was made by a legal
representative. Any classified records
responsive to a FOIA request or appeal
are considered to be part of the FOIA
case file, even if maintained in a
security office instead of in the FOIA
case file.
Note that the scope of this system of
records excludes the following related
records:
• Litigation files maintained in the
HHS Office of General Counsel related
to requests covered in this system of
records (see instead the SORN for
System No. 09–90–0064 ‘‘Litigation
Files, Administrative Complaints and
Adverse Personnel Actions’’);
• Records pertaining to Privacy Act
violation claims (see instead the SORNs
for System Nos. 09–90–0062
‘‘Administrative Claims’’ and 09–90–
0064 ‘‘Litigation Files, Administrative
Complaints and Adverse Personnel
Actions’’); and
• Records about agency personnel
who process FOIA and Privacy Act
requests (see instead SORNs covering
personnel records; e.g., 09–90–0018
‘‘Personnel Records in Operating
Offices,’’ 09–40–0001 ‘‘Public Health
Service (PHS) Commissioned Corps
General Personnel Records,’’ and OPM/
GOVT–2 ‘‘Employee Performance File
System Records’’).
VerDate Sep<11>2014
19:43 Mar 28, 2016
Jkt 238001
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552, 552a; 44 U.S.C. 3301.
PURPOSE(S) OF THE SYSTEM:
FOIA and Privacy Act tracking
records and case files are used on a
need-to-know basis within the agency,
primarily by FOIA office personnel,
FOIA Coordinators and subject matter
experts in program offices who locate
and provide records responsive to
requests, attorneys in the Office of
General Counsel, Privacy Officers, and
System Managers for Privacy Act
systems of records. HHS uses the
tracking records and case files to:
• Track, process, and respond to the
requests and any related administrative
appeals, litigation, and mediation
actions and communicate with the
requesters and appellants;
• locate records responsive to
requests and appeals and verify the
identity of first-party requesters and
appellants;
• identify related requests and
records frequently requested under
FOIA and generate publicly-releasable
versions of FOIA request logs;
• provide aggregate and statistical
data for reports and facilitate
management and oversight reviews of
FOIA and Privacy Act operations; and
• share relevant information with
other HHS offices that manage related
matters arising from processing FOIA
and Privacy Act requests and appeals,
such as investigating erroneous release
incidents and responding to lawsuits
alleging Privacy Act violation claims or
other claims. (Records used for such
purposes, if retrieved by personal
identifier, would be covered under other
SORNs.)
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
The Privacy Act allows us to disclose
information without an individual’s
consent to parties outside the agency if
the information is to be used for a
purpose that is compatible with the
purpose(s) for which the information
was collected. Any such compatible use
of data is known as a ‘‘routine use.’’ The
proposed routine uses in this system
meet the compatibility requirement of
the Privacy Act. To the extent this
system contains Protected Health
Information (PHI) as defined by HHS
regulation ‘‘Standards for Privacy of
Individually Identifiable Health
Information’’ (45 CFR parts 160 and 164,
65 FR 82462 (December 28, 2000),
Subparts A and E), disclosures of such
PHI that are otherwise authorized by
these routine uses may only be made if,
and as, permitted or required by the
PO 00000
Frm 00041
Fmt 4703
Sfmt 4703
17465
‘‘Standards for Privacy of Individually
Identifiable Health Information.’’ This
system may make the following routine
use disclosures:
1. Records may be disclosed to the
Department of Justice (DOJ) for the
purpose of obtaining DOJ’s advice as to
whether or not records are required to
be disclosed under FOIA and/or the
Privacy Act in response to an access
request.
2. Records may be disclosed to federal
agencies and Department contractors
that have been engaged by HHS to assist
in accomplishing an HHS function
related to the purposes of the system
and that need to have access to the
records in order to assist HHS. Any
contractor will be required to comply
with the requirements of the Privacy Act
of 1974 and appropriately safeguard the
records. These safeguards are explained
in the ‘‘Safeguards’’ section.
3. Records may be disclosed to
student volunteers and other
individuals performing functions for the
Department but technically not having
the status of agency employees, if they
need access to the records in order to
perform their assigned agency functions.
4. Records may be disclosed to a
Member of Congress or to a
congressional staff member in response
to a written inquiry of the congressional
office made at the written request of the
constituent about whom the record is
maintained. The Member of Congress
does not have any greater authority to
obtain records than the individual
would have if requesting the records
directly.
5. Records may be disclosed to the
Department of Justice (DOJ) or to a court
or other tribunal when:
a. The agency or any component
thereof, or
b. any employee of the agency in his
or her official capacity, or
c. any employee of the agency in his
or her individual capacity where DOJ
has agreed to represent the employee, or
d. the United States Government, is a
party to litigation or has an interest in
such litigation and, by careful review,
HHS determines that the records are
both relevant and necessary to the
litigation and that, therefore, the use of
such records by the DOJ, court, or other
tribunal is deemed by HHS to be
compatible with the purpose for which
the agency collected the records.
6. Records may be disclosed to
another federal, foreign, state, local,
tribal, or other public agency with an
interest in or control over information in
records responsive to or otherwise
related to an access or amendment
request, for the following purposes:
E:\FR\FM\29MRN1.SGM
29MRN1
17466
Federal Register / Vol. 81, No. 60 / Tuesday, March 29, 2016 / Notices
a. Consulting the other agency for its
views about providing access to the
information or assistance in verifying
the identity of an individual or the
accuracy of information sought to be
amended or corrected;
b. informing the other agency of HHS’
response or intended response to the
request; or
c. referring the request to the most
appropriate federal agency for response.
7. The identity of the requester or
appellant may be disclosed to a
submitter of business records that are
sought by that requester or appellant,
when obtaining the submitter’s views
concerning release of the submitter’s
business information under FOIA.
8. Records may be disclosed to the
National Archives and Records
Administration, Office of Government
Information Services (OGIS), to the
extent necessary to fulfill its
responsibilities under 5 U.S.C. 552(h) to
review administrative agency policies,
procedures, and compliance with FOIA,
and to facilitate OGIS’ offering of
mediation services to resolve disputes
between persons making FOIA requests
and administrative agencies.
9. Records may be disclosed to
appropriate federal agencies and
Department contractors that have a need
to know the information for the purpose
of assisting the Department’s efforts to
respond to a suspected or confirmed
breach of the security or confidentiality
of information maintained in this
system of records, when the information
disclosed is relevant and necessary for
that assistance.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM—
STORAGE:
Electronic records are stored in secure
electronic tracking and/or storage
applications, and on compact disks,
DVDs, and network drives. Hard-copy
files are stored at office locations, in file
rooms, shelves, safes, cabinets,
bookcases or desks.
RETRIEVAL:
RETENTION AND DISPOSAL:
Records are retrieved by personal
identifier (i.e., requester or appellant
name).
mstockstill on DSK4VPTVN1PROD with NOTICES
SAFEGUARDS:
Safeguards conform to the HHS
Information Security and Privacy
Program, https://www.hhs.gov/ocio/
securityprivacy/ and HHS
Office of Security and Strategic
Information (OSSI) policies regarding
classified information, and include the
following:
Administrative Safeguards:
Authorized users are limited to HHS
VerDate Sep<11>2014
19:43 Mar 28, 2016
Jkt 238001
employees and officials who are
responsible for processing FOIA and
Privacy Act requests and appeals,
authorized personnel of any contractors
or federal agencies assisting HHS with
those functions, and any other
authorized individuals who work for
HHS and assist HHS with those
functions but technically do not have
the status of agency employees. Only
personnel with a ‘‘need to know’’ and
appropriate security clearances issued
by OSSI or the Office of Inspector
General (OIG) regarding OIG personnel
are allowed to access classified records.
Each user’s access is limited, based on
the user’s role, to the records that are
essential to the user’s duties. Security
safeguards are imposed on contractors
through inclusion of Privacy Actrequired clauses in contracts and
through monitoring by contract and
project officers.
Technical Safeguards: Access to
electronic systems and records is
controlled and protected by a secure
log-in method (using passwords that are
unique, complex, and frequently
changed), time-out features, NSA and/or
NIST-approved encryption methods,
firewalls, intrusion detection systems,
and cybersecurity monitoring systems.
Physical Safeguards: Hard-copy
records and records displayed on
computer screens are protected from the
view of unauthorized individuals while
the records are in use by an authorized
employee. Hard-copy records and
electronic storage media are secured
during nonbusiness hours in locked file
cabinets, locked desk drawers, locked
offices, or locked storage areas. Office
buildings are protected by cameras and
uniformed guards. When records are
photocopied, printed, scanned, or faxed
for authorized purposes, care is taken to
ensure that no copies are left where they
can be read by unauthorized
individuals. When eligible for
destruction, records are securely
disposed of using destruction methods
prescribed by NSA and/or NIST SP 800–
88.
Records are retained and disposed of
in accordance with General Records
Schedule (GRS) 4.2 ‘‘Information Access
and Protection Records’’ (superseding
GRS 14 ‘‘Information Services
Records’’), which prescribes retention
periods ranging from approximately two
years to six years after final agency
action or adjudication by a court, date
of closure, or last entry. For specific
periods, see GRS 4.2 Items 020 access
and disclosure request files; 030 general
administrative (tracking) records; 050
Privacy Act accounting of disclosure
PO 00000
Frm 00042
Fmt 4703
Sfmt 4703
files; and 090 Privacy Act amendment
request files.
SYSTEM MANAGER(S) AND ADDRESS(ES):
HHS Privacy Act Officer, Freedom of
Information/Privacy Acts Division, OS/
ASPA, Hubert H. Humphrey Building—
Suite 729H, 200 Independence Avenue
SW., Washington, DC 20201.
NOTIFICATION PROCEDURE:
An individual who wishes to know if
this system contains tracking records
and case files for FOIA and Privacy Act
requests or appeals in which he was the
requester or appellant must submit a
written request to the System Manager
identified above. The request should
include the full name of the individual,
information to verify the individual’s
identity, and the individual’s current
address.
RECORD ACCESS PROCEDURE:
An individual requester or appellant
may request access to tracking records
and case files about his FOIA or Privacy
Act request or appeal by making a
written request to the System Manager
identified above, and by identifying or
describing the records sought, providing
information to verify his identity, and
including his current address.
CONTESTING RECORD PROCEDURES:
An individual may contest
information in tracking records and case
files about his FOIA or Privacy Act
request or appeal by contacting the
System Manager identified above, and
by identifying the information
contested, the corrective action sought,
and the reasons for requesting the
correction, along with supporting
information to show how the record is
inaccurate, incomplete, untimely, or
irrelevant.
RECORD SOURCE CATEGORIES:
Information is obtained from
individual requesters and appellants,
responsive records, program offices that
provide responsive records, and
personnel at HHS, other agencies, and
outside organizations (e.g., consultants
and business submitters) who provide
information relevant to processing the
requests.
EXEMPTIONS CLAIMED FOR THIS SYSTEM:
This system of records is not a type
of system eligible to promulgate
exemptions under subsections (j) and (k)
of the Privacy Act (5 U.S.C. 552a(j), (k));
however, any record in this system that
is from another Privacy Act system of
records that has promulgated
exemptions will be exempt from access
and other requirements of the Privacy
Act if and to the same extent that the
E:\FR\FM\29MRN1.SGM
29MRN1
Federal Register / Vol. 81, No. 60 / Tuesday, March 29, 2016 / Notices
BILLING CODE 4150–25–P
Boulevard, Bethesda, MD 20892–5452, (301)
594–7791, goterrobinsonc@
extra.niddk.nih.gov.
Name of Committee: National Institute of
Diabetes and Digestive and Kidney Diseases
Special Emphasis Panel; NIDDK Central
Repositories Sample Access (X01)-Diabetes,
obesity and Kidney Diseases-PAR14–301.
Date: May 26, 2016.
Time: 11:00 a.m. to 1:30 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, Two
Democracy Plaza, 6707 Democracy
Boulevard, Bethesda, MD 20892 (Telephone
Conference Call).
Contact Person: Najma Begum, Ph.D.,
Scientific Review Officer, Review Branch,
DEA, NIDDK, National Institutes of Health,
Room 7349, 6707 Democracy Boulevard,
Bethesda, MD 20892–5452, (301) 594–8894,
begumn@niddk.nih.gov.
(Catalogue of Federal Domestic Assistance
Program Nos. 93.847, Diabetes,
Endocrinology and Metabolic Research;
93.848, Digestive Diseases and Nutrition
Research; 93.849, Kidney Diseases, Urology
and Hematology Research, National Institutes
of Health, HHS)
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Dated: March 23, 2016.
David Clary,
Program Analyst, Office of Federal Advisory
Committee Policy.
record is exempt from such
requirements in the source system.
Records in this system that are from a
system described in 5 U.S.C. 552a(j)(2)
may be exempt from the requirements in
these subsections of the Privacy Act:
(c)(3), (c)(4), (d), (e)(1), (e)(2), (e)(3),
(e)(4)G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8),
(e)(12), (f), (g), and (h). Records in this
system that are from a system described
in 5 U.S.C. 552a(k) may be exempt from
the requirements in these subsections of
the Privacy Act: (c)(3), (d), (e)(1),
(e)(4)G), (e)(4)(H), (e)(4)(I), and (f). Any
records compiled in reasonable
anticipation of a civil action or
proceeding are excluded from the
Privacy Act access requirement in all
systems of records, as provided in 5
U.S.C. 552a(d)(5).
Dated: March 9, 2016.
Catherine Teti,
Executive Officer, Deputy Agency Chief FOIA
Officer, Assistant Secretary for Public Affairs.
[FR Doc. 2016–07060 Filed 3–28–16; 8:45 am]
National Institutes of Health
[FR Doc. 2016–06983 Filed 3–28–16; 8:45 am]
National Institute of Diabetes and
Digestive and Kidney Diseases; Notice
of Closed Meetings
mstockstill on DSK4VPTVN1PROD with NOTICES
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended (5 U.S.C. App.), notice is
hereby given of the following meetings.
The meetings will be closed to the
public in accordance with the
provisions set forth in sections
552b(c)(4) and 552b(c)(6), title 5 U.S.C.,
as amended. The grant applications and
the discussions could disclose
confidential trade secrets or commercial
property such as patentable material,
and personal information concerning
individuals associated with the grant
applications, the disclosure of which
would constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: National Institute of
Diabetes and Digestive and Kidney Diseases
Special Emphasis Panel; Fellowship and
Career Award Grants.
Date: April 13, 2016.
Time: 4:00 p.m. to 5:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: National Institutes of Health, Two
Democracy Plaza, 6707 Democracy
Boulevard, Bethesda, MD 20892 (Telephone
Conference Call).
Contact Person: Carol J. Goter-Robinson,
Ph.D., Scientific Review Officer, Review
Branch, DEA, NIDDK, National Institutes of
Health, Room 7347, 6707 Democracy
VerDate Sep<11>2014
19:43 Mar 28, 2016
Jkt 238001
BILLING CODE 4140–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
National Heart, Lung, and Blood
Institute; Notice of Closed Meeting
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended (5 U.S.C. App.), notice is
hereby given of the following meeting.
The meeting will be closed to the
public in accordance with the
provisions set forth in sections
552b(c)(4) and 552b(c)(6), title 5 U.S.C.,
as amended. The grant applications and
the discussions could disclose
confidential trade secrets or commercial
property such as patentable material,
and personal information concerning
individuals associated with the grant
applications, the disclosure of which
would constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: National Heart, Lung,
and Blood Institute Special Emphasis Panel,
Translational Programs in Lung Diseases.
Date: April 20–21, 2016.
Time: 1:00 p.m. to 3:00 p.m.
Agenda: To review and evaluate grant
applications.
Place: Crystal Gateway Marriott, 1700
Jefferson Davis Highway Arlington, VA
22202.
PO 00000
Frm 00043
Fmt 4703
Sfmt 4703
17467
Contact Person: William J Johnson, Ph.D.,
Scientific Review Officer, Office of Scientific
Review/DERA National Heart, Lung, and
Blood Institute, 6701 Rockledge Drive, Room
7178, Bethesda, MD 20892, 301–435–0725,
johnsonwj@nhlbi.nih.gov.
(Catalogue of Federal Domestic Assistance
Program Nos. 93.233, National Center for
Sleep Disorders Research; 93.837, Heart and
Vascular Diseases Research; 93.838, Lung
Diseases Research; 93.839, Blood Diseases
and Resources Research, National Institutes
of Health, HHS)
Dated: March 23, 2016.
Anna Snouffer,
Deputy Director, Office of Federal Advisory
Committee Policy.
[FR Doc. 2016–06981 Filed 3–28–16; 8:45 am]
BILLING CODE 4140–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
National Institutes of Health
National Institute of Biomedical
Imaging and Bioengineering; Notice of
Meeting
Pursuant to section 10(d) of the
Federal Advisory Committee Act, as
amended (5 U.S.C. App.), notice is
hereby given of a meeting of the
National Advisory Council for
Biomedical Imaging and Bioengineering.
The meeting will be open to the
public as indicated below, with
attendance limited to space available.
Individuals who plan to attend and
need special assistance, such as sign
language interpretation or other
reasonable accommodations, should
notify the Contact Person listed below
in advance of the meeting.
The meeting will be closed to the
public in accordance with the
provisions set forth in sections
552b(c)(4) and 552b(c)(6), Title 5 U.S.C.,
as amended. The grant applications
and/or contract proposals and the
discussions could disclose confidential
trade secrets or commercial property
such as patentable material, and
personal information concerning
individuals associated with the grant
applications and/or contract proposals,
the disclosure of which would
constitute a clearly unwarranted
invasion of personal privacy.
Name of Committee: National Advisory
Council for Biomedical Imaging and
Bioengineering.
Date: May 19, 2016.
Open: 9:00 a.m. to 12:30 p.m.
Agenda: Report from the Institute Director,
other Institute Staff, presentation of Task
Force reports, and Scientific Presentation.
Place: The William F. Bolger Center,
Franklin Building, Classroom 15/16, 9600
Newbridge Drive, Potomac, MD 20854.
E:\FR\FM\29MRN1.SGM
29MRN1
]]>Agencies
[Federal Register Volume 81, Number 60 (Tuesday, March 29, 2016)]
[Notices]
[Pages 17463-17467]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-07060]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
Privacy Act of 1974; System of Records Notice
AGENCY: Assistant Secretary for Public Affairs (ASPA), Office of the
Secretary (OS), Department of Health and Human Services (HHS).
ACTION: Notice of an altered system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended (5 U.S.C. 552a), HHS is updating a department-wide
system of records, System No. 09-90-0058, currently titled ``Freedom of
Information Case Files and Correspondence Control Log, HHS/OS/ASPA/
FOIA.'' This system of records was established prior to 1979 (see 44 FR
58144) and was previously revised in 1989 and 1994 (see 54 FR 41684 and
59 FR 55845). Due to the length of time since the last revision, the
updates published in this Notice affect most sections of the System of
Records Notice (SORN). The updates include changing the system name to
``Tracking Records and Case Files for FOIA and Privacy Act Requests and
Appeals;'' expanding the scope of the system to include tracking
records and case files pertaining to not only FOIA and Privacy Act
requests processed in agency FOIA offices, but Privacy Act requests and
appeals handled by System Managers for Privacy Act systems and related
privacy personnel, when those records are retrieved by personal
identifier; adding several new routine uses; and clarifying that some
of the records in this system of records may be exempt from certain
Privacy Act requirements. The updates are more fully explained in the
SUPPLEMENTARY INFORMATION section of this Notice.
DATES: This Notice is effective on publication, with the exception of
the new and revised routine uses. The new and revised routine uses will
be effective 30 days after publication of this Notice, unless comments
are received that warrant a revision to this Notice. Written comments
on the routine uses should be submitted within 30 days. Until the new
and revised routine uses are effective, the routine uses previously
published for the system will remain in effect.
ADDRESSES: You may submit comments to Beth Kramer, HHS Privacy Act
Officer, FOIA/PA Division, by email to: HHS.ACFO@hhs.gov.
FOR FURTHER INFORMATION CONTACT: Beth Kramer, HHS Privacy Act Officer,
FOIA/PA Division, Hubert H. Humphrey Building--Suite 729H, 200
Independence Avenue SW., Washington, DC 20201. Ms. Kramer can also be
reached by telephone at 202-690-7453.
SUPPLEMENTARY INFORMATION:
I. Explanation of Revisions to System No. 09-90-0058
The revised System of Records Notice (SORN) published in this
Notice for System No. 09-90-0058 includes the following significant
changes, in addition to minor wording changes throughout:
The system name and scope have been revised to cover not
only tracking records and case files used by HHS Freedom of Information
Act (FOIA) offices to process FOIA and Privacy Act requests and appeals
(which typically involve only ``access'' to agency records), but
tracking records and case files used by System Managers of Privacy Act
systems and related privacy personnel to process any type of Privacy
Act request or appeal (e.g., seeking access, notification, correction
and amendment, or an accounting of disclosures), when those tracking
records and case files are retrieved by personal identifier.
The Categories of Individuals section has been revised to
omit organizations (because the Privacy Act applies only to
individuals, not entities), but not to add any additional categories of
individuals besides individual FOIA and Privacy Act requesters and
appellants. The result is that only an individual FOIA or Privacy Act
requester or appellant may make a Privacy Act request under this SORN
for access to, correction of, notification as to, or an accounting of
disclosures with respect to tracking records and/or case files used by
HHS to process a FOIA and/or Privacy Act request in which that
individual was the requester or appellant. Further, because agency
records processed in response to a third-party FOIA request are not
about the requester or appellant, a provision has been added to make
clear that Privacy Act rights are afforded to an individual requester
or appellant only to the extent that the information in the tracking
record and case file retrieved by that individual's identifier is, in
fact, about that individual requester or appellant. The intent is to
include in the Categories of Individuals section only individual
requesters and appellants (not, for example, individual representatives
who requested records under FOIA on behalf of an entity).
[cir] Note: Privacy Act case files and tracking records are about
individual requesters and appellants only, because Privacy Act requests
can only be made by an individual record subject personally, not by a
third party or through a representative (unless the representative is
the parent of or court-appointed guardian for a minor or legally-
declared incompetent who is the record subject). The agency's position
is that FOIA case files and tracking records, likewise, are about
requesters and appellants only, not other individuals who may be
identified in the agency records sought by FOIA requesters and
appellants. This is because HHS' FOIA case files and tracking records
are not keyed or indexed to individuals mentioned in records requested
under FOIA, but are keyed to requesters and appellants, and because the
purpose for which records are processed under FOIA is to release
information about the agency (not to release information about
individuals mentioned in the records to third party FOIA requesters,
except as required to shed light on conduct of the agency).
The Categories of Records section has been rewritten, to
reflect two distinct categories (tracking records and case files); to
describe the contents in more detail; to clarify that any classified
records responsive to a FOIA request or appeal are considered part of
the case file for that request or appeal, even if the classified
records must be maintained in a security office instead of in the FOIA
office; and to specifically exclude related categories of records
covered by other SORNs, to avoid duplicating other systems of records.
The Purposes section has been rewritten to provide a
broader description of uses and users of the records within HHS. (The
prior description mentioned only ``FOIA correspondence and
processing,'' ``Freedom of Information staff,'' and ``appeals officials
and members of the Office of General Counsel.'')
An existing routine use authorizing disclosures to
contractors (routine use 2) has been revised to be more accurate in
reflecting the broad purposes for which contractors may be engaged to
assist HHS and require access to records in the system. (The former
description was limited to ``collating, aggregating, analyzing, or
otherwise refining records in this system.'')
[[Page 17464]]
Four new routine uses have been added (see routine uses 6
through 9).
The System Locations and System Manager sections have been
updated with current information and expanded to be consistent with the
scope of the system.
The Policies and Practices section has been revised.
Specifically, the Storage and Safeguards descriptions have been revised
to reflect that any of the records (not just tracking records) may be
maintained electronically, and to include safeguards applicable to
classified records. The Retention description has been updated to refer
to new General Records Schedule (GRS) 4.2, issued August 2015
(superseding GRS 14).
The Exemptions section has been changed from stating
``none'' to including an explanation that certain records in this
system may be exempt if they are from other Privacy Act systems that
have promulgated exemptions.
Because the revised SORN includes significant changes, a report on
the altered system has been sent to Congress and OMB in accordance with
5 U.S.C. 552a(r).
II. Background on the Privacy Act Requirement To Publish a System of
Records Notice
The Privacy Act governs the means by which the U.S. Government
collects, maintains, and uses information about individuals in a system
of records. A ``system of records'' is a group of any records under the
control of a federal agency from which records about individuals are
retrieved by the individuals' names or other personal identifiers.
While FOIA entitles any person to seek access to agency records, an
individual has a right of access under the Privacy Act, in addition to
FOIA, with respect to agency records about him that are maintained in a
Privacy Act system of records. The Privacy Act requires each agency to
publish in the Federal Register a system of records notice (SORN)
identifying and describing each system of records the agency maintains,
including the purposes for which the agency uses information about
individuals in the system, the routine uses for which the agency
discloses such information to parties outside the agency, and how an
individual record subject can exercise his rights under the Privacy Act
(e.g., to request notification of whether the system contains records
about him, or to request access to or correction or amendment of his
records).
SYSTEM NUMBER:
09-90-0058
SYSTEM NAME:
Tracking Records and Case Files for FOIA and Privacy Act Requests
and Appeals.
SECURITY CLASSIFICATION:
Classified and Unclassified.
SYSTEM LOCATIONS:
Physical locations for the case files and tracking records covered
by this SORN include:
The HHS Freedom of Information/Privacy Acts Division
within the Office of the Assistant Secretary for Public Affairs (ASPA)
in Washington, DC;
HHS FOIA Requester Service Centers in Washington, DC;
Baltimore, MD; Bethesda, MD; Research Triangle, NC; Rockville, MD; and
Atlanta, GA;
Any contractor locations that support FOIA and/or Privacy
Act request processing (for example, the Centers for Medicare &
Medicaid Services (CMS) uses contractors located near its Regional
Offices in Boston, MA; New York, NY; Philadelphia, PA; Atlanta, GA;
Chicago, IL; Dallas, TX; Kansas City, MO; Denver, CO; San Francisco,
CA; and Seattle, WA);
Server locations for electronic systems used by HHS FOIA
offices, System Managers, and/or related privacy personnel (for
example, server locations for agency-developed FOIA systems include
Bethesda, MD for the system used by National Institutes of Health;
White Oak, MD and Ashburn, VA for the system used by the Food and Drug
Administration; and Baltimore, MD for the system used by CMS and PSC;
locations for commercial off-the-shelf FOIA systems include
Gaithersburg, MD for FOIAXpress and Washington, DC for the Request
Management System);
Security office locations where classified records
responsive to FOIA and Privacy Act requests may be stored, including
the Office of Security and Strategic Information (OSSI) in Washington,
DC; and
System Manager locations identified in each SORN posted at
https://www.hhs.gov/foia/privacy/sorns.html, where any tracking records
and case files used by System Managers and related privacy personnel to
process Privacy Act requests and appeals would be maintained.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records in this system of records pertain to individual FOIA
and Privacy Act requesters and appellants only. Individual FOIA and
Privacy Act requesters and appellants include:
Any individual who the agency treated as the requester or
appellant for an access request or appeal that was received in or
referred to a HHS FOIA office for processing under FOIA (and under the
Privacy Act, if applicable), excluding individual representatives who
requested records under FOIA on behalf of an entity; and
Any individual who made any type of Privacy Act request or
appeal that was received by or referred to the System Manager (or
related privacy personnel) for the relevant HHS Privacy Act system of
records for handling--but only if the System Manager's (or related
privacy personnel's) Privacy Act tracking records and case files are
retrieved by requester or appellant identifier.
For a FOIA request or appeal involving non-Privacy Act records, the
individual treated as the requester or appellant may have made the FOIA
request or appeal personally, through a representative, or as a
representative for another individual. For a Privacy Act request or
appeal, the individual requester or appellant may have made the request
or appeal personally, or as the parent of or court-appointed guardian
for a minor or legally-declared incompetent who is the subject of the
records, or with the prior, written consent of the record subject. When
any of the aforementioned individual requesters or appellants seeks to
exercise Privacy Act rights under this SORN with respect to the
tracking record and case file pertaining to his or her FOIA or Privacy
Act request or appeal, the information in the tracking record and case
file must be about him, as required by 5 U.S.C. 552a(a)(4) (i.e., not
merely be retrieved by his identifier), for the individual to be
afforded Privacy Act rights with respect to those records.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records consist of tracking records and case files for FOIA and
Privacy Act requests and appeals made by individuals. This system of
records excludes tracking records and case files for FOIA requests and
appeals made by or on behalf of entities.
Tracking records typically include the requester/appellant's name
and contact information, case tracking number, date of request or
appeal, a brief description of the request or appeal, processing
status, and response date or appeal decision date. A tracking record
for a FOIA request may include additional information, such as the
requester's fee category and whether expedited processing or a fee
waiver or reduction was sought and was granted or denied.
[[Page 17465]]
A case file typically includes a copy of the request and any
appeal, which would include the requester/appellant's name; contact
information; a description of the records that were the subject of the
access, correction, or other request; issues raised on appeal; copies
of any documents included with the request or appeal; the case tracking
number; the agency's response letter and any appeal decision letter;
copies of records responsive to the request; correspondence about the
request or appeal with the requester and with other involved parties
and agencies; and any fee-related information. A case file also may
include identity verification documents and information (such as
photocopies of the requester's driver's license, passport, alien or
voter registration card, or union card; identifying particulars about
the records sought, such as an account number; or a statement
certifying that the requester is the individual who he or she claims to
be) if the case file pertains to a first-party request; a consent form
signed by an individual record subject, authorizing HHS to provide
records about that individual to a third party; and photocopies of
documents establishing a parent, guardian, or other legal relationship
(such as a court order or birth certificate) if the request or appeal
was made by a legal representative. Any classified records responsive
to a FOIA request or appeal are considered to be part of the FOIA case
file, even if maintained in a security office instead of in the FOIA
case file.
Note that the scope of this system of records excludes the
following related records:
Litigation files maintained in the HHS Office of General
Counsel related to requests covered in this system of records (see
instead the SORN for System No. 09-90-0064 ``Litigation Files,
Administrative Complaints and Adverse Personnel Actions'');
Records pertaining to Privacy Act violation claims (see
instead the SORNs for System Nos. 09-90-0062 ``Administrative Claims''
and 09-90-0064 ``Litigation Files, Administrative Complaints and
Adverse Personnel Actions''); and
Records about agency personnel who process FOIA and
Privacy Act requests (see instead SORNs covering personnel records;
e.g., 09-90-0018 ``Personnel Records in Operating Offices,'' 09-40-0001
``Public Health Service (PHS) Commissioned Corps General Personnel
Records,'' and OPM/GOVT-2 ``Employee Performance File System
Records'').
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552, 552a; 44 U.S.C. 3301.
PURPOSE(S) OF THE SYSTEM:
FOIA and Privacy Act tracking records and case files are used on a
need-to-know basis within the agency, primarily by FOIA office
personnel, FOIA Coordinators and subject matter experts in program
offices who locate and provide records responsive to requests,
attorneys in the Office of General Counsel, Privacy Officers, and
System Managers for Privacy Act systems of records. HHS uses the
tracking records and case files to:
Track, process, and respond to the requests and any
related administrative appeals, litigation, and mediation actions and
communicate with the requesters and appellants;
locate records responsive to requests and appeals and
verify the identity of first-party requesters and appellants;
identify related requests and records frequently requested
under FOIA and generate publicly-releasable versions of FOIA request
logs;
provide aggregate and statistical data for reports and
facilitate management and oversight reviews of FOIA and Privacy Act
operations; and
share relevant information with other HHS offices that
manage related matters arising from processing FOIA and Privacy Act
requests and appeals, such as investigating erroneous release incidents
and responding to lawsuits alleging Privacy Act violation claims or
other claims. (Records used for such purposes, if retrieved by personal
identifier, would be covered under other SORNs.)
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
The Privacy Act allows us to disclose information without an
individual's consent to parties outside the agency if the information
is to be used for a purpose that is compatible with the purpose(s) for
which the information was collected. Any such compatible use of data is
known as a ``routine use.'' The proposed routine uses in this system
meet the compatibility requirement of the Privacy Act. To the extent
this system contains Protected Health Information (PHI) as defined by
HHS regulation ``Standards for Privacy of Individually Identifiable
Health Information'' (45 CFR parts 160 and 164, 65 FR 82462 (December
28, 2000), Subparts A and E), disclosures of such PHI that are
otherwise authorized by these routine uses may only be made if, and as,
permitted or required by the ``Standards for Privacy of Individually
Identifiable Health Information.'' This system may make the following
routine use disclosures:
1. Records may be disclosed to the Department of Justice (DOJ) for
the purpose of obtaining DOJ's advice as to whether or not records are
required to be disclosed under FOIA and/or the Privacy Act in response
to an access request.
2. Records may be disclosed to federal agencies and Department
contractors that have been engaged by HHS to assist in accomplishing an
HHS function related to the purposes of the system and that need to
have access to the records in order to assist HHS. Any contractor will
be required to comply with the requirements of the Privacy Act of 1974
and appropriately safeguard the records. These safeguards are explained
in the ``Safeguards'' section.
3. Records may be disclosed to student volunteers and other
individuals performing functions for the Department but technically not
having the status of agency employees, if they need access to the
records in order to perform their assigned agency functions.
4. Records may be disclosed to a Member of Congress or to a
congressional staff member in response to a written inquiry of the
congressional office made at the written request of the constituent
about whom the record is maintained. The Member of Congress does not
have any greater authority to obtain records than the individual would
have if requesting the records directly.
5. Records may be disclosed to the Department of Justice (DOJ) or
to a court or other tribunal when:
a. The agency or any component thereof, or
b. any employee of the agency in his or her official capacity, or
c. any employee of the agency in his or her individual capacity
where DOJ has agreed to represent the employee, or
d. the United States Government, is a party to litigation or has an
interest in such litigation and, by careful review, HHS determines that
the records are both relevant and necessary to the litigation and that,
therefore, the use of such records by the DOJ, court, or other tribunal
is deemed by HHS to be compatible with the purpose for which the agency
collected the records.
6. Records may be disclosed to another federal, foreign, state,
local, tribal, or other public agency with an interest in or control
over information in records responsive to or otherwise related to an
access or amendment request, for the following purposes:
[[Page 17466]]
a. Consulting the other agency for its views about providing access
to the information or assistance in verifying the identity of an
individual or the accuracy of information sought to be amended or
corrected;
b. informing the other agency of HHS' response or intended response
to the request; or
c. referring the request to the most appropriate federal agency for
response.
7. The identity of the requester or appellant may be disclosed to a
submitter of business records that are sought by that requester or
appellant, when obtaining the submitter's views concerning release of
the submitter's business information under FOIA.
8. Records may be disclosed to the National Archives and Records
Administration, Office of Government Information Services (OGIS), to
the extent necessary to fulfill its responsibilities under 5 U.S.C.
552(h) to review administrative agency policies, procedures, and
compliance with FOIA, and to facilitate OGIS' offering of mediation
services to resolve disputes between persons making FOIA requests and
administrative agencies.
9. Records may be disclosed to appropriate federal agencies and
Department contractors that have a need to know the information for the
purpose of assisting the Department's efforts to respond to a suspected
or confirmed breach of the security or confidentiality of information
maintained in this system of records, when the information disclosed is
relevant and necessary for that assistance.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM--
STORAGE:
Electronic records are stored in secure electronic tracking and/or
storage applications, and on compact disks, DVDs, and network drives.
Hard-copy files are stored at office locations, in file rooms, shelves,
safes, cabinets, bookcases or desks.
RETRIEVAL:
Records are retrieved by personal identifier (i.e., requester or
appellant name).
SAFEGUARDS:
Safeguards conform to the HHS Information Security and Privacy
Program, https://www.hhs.gov/ocio/securityprivacy/ and HHS
Office of Security and Strategic Information (OSSI) policies regarding
classified information, and include the following:
Administrative Safeguards: Authorized users are limited to HHS
employees and officials who are responsible for processing FOIA and
Privacy Act requests and appeals, authorized personnel of any
contractors or federal agencies assisting HHS with those functions, and
any other authorized individuals who work for HHS and assist HHS with
those functions but technically do not have the status of agency
employees. Only personnel with a ``need to know'' and appropriate
security clearances issued by OSSI or the Office of Inspector General
(OIG) regarding OIG personnel are allowed to access classified records.
Each user's access is limited, based on the user's role, to the records
that are essential to the user's duties. Security safeguards are
imposed on contractors through inclusion of Privacy Act-required
clauses in contracts and through monitoring by contract and project
officers.
Technical Safeguards: Access to electronic systems and records is
controlled and protected by a secure log-in method (using passwords
that are unique, complex, and frequently changed), time-out features,
NSA and/or NIST-approved encryption methods, firewalls, intrusion
detection systems, and cybersecurity monitoring systems.
Physical Safeguards: Hard-copy records and records displayed on
computer screens are protected from the view of unauthorized
individuals while the records are in use by an authorized employee.
Hard-copy records and electronic storage media are secured during
nonbusiness hours in locked file cabinets, locked desk drawers, locked
offices, or locked storage areas. Office buildings are protected by
cameras and uniformed guards. When records are photocopied, printed,
scanned, or faxed for authorized purposes, care is taken to ensure that
no copies are left where they can be read by unauthorized individuals.
When eligible for destruction, records are securely disposed of using
destruction methods prescribed by NSA and/or NIST SP 800-88.
RETENTION AND DISPOSAL:
Records are retained and disposed of in accordance with General
Records Schedule (GRS) 4.2 ``Information Access and Protection
Records'' (superseding GRS 14 ``Information Services Records''), which
prescribes retention periods ranging from approximately two years to
six years after final agency action or adjudication by a court, date of
closure, or last entry. For specific periods, see GRS 4.2 Items 020
access and disclosure request files; 030 general administrative
(tracking) records; 050 Privacy Act accounting of disclosure files; and
090 Privacy Act amendment request files.
SYSTEM MANAGER(S) AND ADDRESS(ES):
HHS Privacy Act Officer, Freedom of Information/Privacy Acts
Division, OS/ASPA, Hubert H. Humphrey Building--Suite 729H, 200
Independence Avenue SW., Washington, DC 20201.
NOTIFICATION PROCEDURE:
An individual who wishes to know if this system contains tracking
records and case files for FOIA and Privacy Act requests or appeals in
which he was the requester or appellant must submit a written request
to the System Manager identified above. The request should include the
full name of the individual, information to verify the individual's
identity, and the individual's current address.
RECORD ACCESS PROCEDURE:
An individual requester or appellant may request access to tracking
records and case files about his FOIA or Privacy Act request or appeal
by making a written request to the System Manager identified above, and
by identifying or describing the records sought, providing information
to verify his identity, and including his current address.
CONTESTING RECORD PROCEDURES:
An individual may contest information in tracking records and case
files about his FOIA or Privacy Act request or appeal by contacting the
System Manager identified above, and by identifying the information
contested, the corrective action sought, and the reasons for requesting
the correction, along with supporting information to show how the
record is inaccurate, incomplete, untimely, or irrelevant.
RECORD SOURCE CATEGORIES:
Information is obtained from individual requesters and appellants,
responsive records, program offices that provide responsive records,
and personnel at HHS, other agencies, and outside organizations (e.g.,
consultants and business submitters) who provide information relevant
to processing the requests.
EXEMPTIONS CLAIMED FOR THIS SYSTEM:
This system of records is not a type of system eligible to
promulgate exemptions under subsections (j) and (k) of the Privacy Act
(5 U.S.C. 552a(j), (k)); however, any record in this system that is
from another Privacy Act system of records that has promulgated
exemptions will be exempt from access and other requirements of the
Privacy Act if and to the same extent that the
[[Page 17467]]
record is exempt from such requirements in the source system. Records
in this system that are from a system described in 5 U.S.C. 552a(j)(2)
may be exempt from the requirements in these subsections of the Privacy
Act: (c)(3), (c)(4), (d), (e)(1), (e)(2), (e)(3), (e)(4)G), (e)(4)(H),
(e)(4)(I), (e)(5), (e)(8), (e)(12), (f), (g), and (h). Records in this
system that are from a system described in 5 U.S.C. 552a(k) may be
exempt from the requirements in these subsections of the Privacy Act:
(c)(3), (d), (e)(1), (e)(4)G), (e)(4)(H), (e)(4)(I), and (f). Any
records compiled in reasonable anticipation of a civil action or
proceeding are excluded from the Privacy Act access requirement in all
systems of records, as provided in 5 U.S.C. 552a(d)(5).
Dated: March 9, 2016.
Catherine Teti,
Executive Officer, Deputy Agency Chief FOIA Officer, Assistant
Secretary for Public Affairs.
[FR Doc. 2016-07060 Filed 3-28-16; 8:45 am]
BILLING CODE 4150-25-P
