Privacy Act of 1974; System of Records, 72245-72248 [2021-27324]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Administration for Children and Families

[Federal Register Volume 86, Number 242 (Tuesday, December 21, 2021)]
[Notices]
[Pages 72245-72248]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-27324]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Administration for Children and Families


Privacy Act of 1974; System of Records

AGENCY: Administration for Children and Families, Department of Health 
and Human Services.

ACTION: Notice of a New Systems of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department of Health and Human Services (HHS) is 
establishing a new system of records to be maintained by the 
Administration for Children and Families (ACF), Office of Child Support 
Enforcement (OCSE) that will support state child support agencies' 
enforcement of child support obligations System Number 09-80-0389, 
``OCSE Data Center General Support System, HHS/ACF/OCSE.''

DATES: This Notice is applicable December 21, 2021, subject to a 30-day 
period in which to comment on the routine uses, described below. Please 
submit any comments by January 20, 2022.

ADDRESSES: The public should address written comments by mail or email 
to Anita Alford, Senior Official for Privacy, Administration for 
Children and Families, 330 C St. SW, Washington, DC 20201, or 
[email protected].

FOR FURTHER INFORMATION CONTACT: General questions about the new system 
of records should be submitted by mail or email to Linda Boyer, Deputy 
Commissioner, Office of Child Support Enforcement, at 330 C St. SW, 5th 
Floor, Washington, DC 20201, 202-401-5410, or [email protected].

SUPPLEMENTARY INFORMATION: The new system of records will consist of 
information maintained in a secure gateway system (the OCSE Data Center

[[Page 72246]]

General Support System) established by OCSE. OCSE and (at their option) 
external partners will use the system to facilitate electronic 
exchanges of information between (1) a state child support enforcement 
agency and (2) another external child support program partner, such as 
an employer, a health plan administrator, or a financial institution, 
through OCSE. The information will be about individual participants in 
child support cases and will include income withholding order 
information, medical support information, financial institution account 
information, and levy file information.
    The external partners will provide information to and receive 
information from the secure gateway system but will not have access to 
the information within the system. Before the new gateway system was 
established, the information was exchanged directly between external 
partners via the U.S. mail, without passing through OCSE, and that will 
continue to be an option.
    OCSE will maintain the records in the gateway system, receiving 
them from one party and transmitting them to another party, in order to 
control the data flow and secure and protect the records and the 
transfer of information. OCSE will not use the information for its 
purposes, but will directly receive, retrieve (including by personal 
identifier), and disclose the information to facilitate the information 
exchanges. Some of the same information may exist in other OCSE systems 
of records, but other systems of records will not be sources of the 
records in this system of records. All information exchanged will 
originate with the external partners.

Linda Boyer,
Deputy Commissioner, Office of Child Support Enforcement.

SYSTEM NAME AND NUMBER:
    OCSE Data Center General Support System, HHS/ACF/OCSE, 09-80-0389.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The address of the agency component responsible for the system of 
records is Office of Child Support Enforcement, Administration for 
Children and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Deputy Commissioner, Office of Child Support Enforcement, 
Administration for Children and Families, Department of Health and 
Human Services, 330 C St. SW, 5th Floor, Washington, DC 20201, or 
[email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 652, 659, 666, 669a.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system of records is to support the enforcement 
of child support obligations by providing a secure gateway (the OCSE 
Data Center General Support System, or any successor system) that OCSE 
will use to facilitate electronic exchanges of information about 
individual participants in child support cases between state child 
support enforcement agencies and other external partners such as 
employers, health plan administrators, and financial institutions. The 
child support enforcement agencies and other external partners will use 
the gateway system to electronically submit information to and receive 
information from each other through OCSE.
    The gateway system will support, for example:
     The Electronic Income Withholding Order (e-IWO) program, 
which provides the means to electronically exchange income withholding 
order information between state child support enforcement agencies and 
employers.
     The Electronic National Medical Support Notice (e-NMSN) 
program, which allows state child support enforcement agencies, 
employers, and health plan administrators to electronically send and 
receive National Medical Support Notices used to enroll children in 
medical insurance plans pursuant to child support orders.
     The Federally Assisted State Transmitted (FAST) Levy 
program, which allows states and financial institutions to exchange 
information about levy actions through an electronic process.
    Multiple child support program partners will utilize the gateway 
system to electronically send and receive information:
     State child support enforcement agencies will use the 
system to transmit e-IWOs to employers and e-NMSNs to employers and 
health plan administrators. State child support enforcement agencies 
will also use the system to create levy actions for distribution to 
multiple financial institutions.
     Employers will use the system to respond to state child 
support enforcement agencies regarding e-IWOs and to provide 
information about health insurance coverage provided by the employer. 
Employers and health plan administrators will use the system to respond 
to state child support enforcement agencies regarding e-NMSNs.
     Financial institutions will use the system to receive and 
respond to levy actions from multiple state child support enforcement 
agencies.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records in the system of records are about custodial and 
noncustodial parents, legal guardians, and third-party caretakers who 
are participants in child support program cases and whose names and 
Social Security numbers (SSNs) are used to retrieve the records. 
Children's personal identifiers are not used to retrieve records in 
this system of records, so children are not subject individuals for 
purposes of this system of records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records exchanged in the gateway system include:
    1. Child support case information used to populate an e-IWO, which 
may include:
    a. Name of state, tribe, territory, or private individual entity 
issuing an e-IWO;
    b. Order ID and Case ID;
    c. Remittance ID;
    d. Employer/income withholder name, address, federal employer 
identification number (FEIN), telephone number, FAX number, email, or 
website;
    e. Employee/obligor's name, SSN, date of birth;
    f. Custodial parent's/obligee's name;
    g. Child(ren)'s name(s) and date(s) of birth;
    h. Income withholding amounts for current child support, past-due 
child support, current cash medical support, past-due cash medical 
support, current spousal support, past-due spousal support;
    i. Child support state disbursement unit or tribal order payee name 
and address;
    j. Judge/issuing official's name, title, and signature; and
    k. Employee/obligor termination date, last known telephone number, 
last known address, new employer/income withholder's name and address.
    2. Child support case information used to populate an e-NMSN, and 
medical insurance information included in e-NMSN responses from 
employers and health plan administrators, which may include:
    a. Custodial parent/obligee's name and mailing address;
    b. Substituted official/agency name and address (if custodial 
parent/obligee's address is left blank);

[[Page 72247]]

    c. Name, telephone number, and mailing address of representative of 
child(ren);
    d. Child(ren)'s name(s), gender, date of birth, and SSN;
    e. Employee's name, SSN, and mailing address;
    f. Plan administrator name, contact person, FAX number, and 
telephone number;
    g. Employer and/or employer representative name, FEIN, and 
telephone number;
    h. Date of medical support termination, reason for termination, and 
child(ren) to be terminated from medical support;
    i. Medical insurance provider name, group number, policy number, 
address;
    j. Dental insurance provider name, group number, policy number, 
address;
    k. Vision insurance provider name, group number, policy number, 
address;
    l. Prescription drug insurance provider name, group number, policy 
number, address;
    m. Mental health insurance provider name, group number, policy 
number, address;
    n. Other insurance, specified by name, group number, policy number, 
address; and
    o. Plan administrator name, title, telephone number, and address.
    3. Child support case information used to administer the FAST Levy 
program, which includes:
    a. Requesting state agency name, address, and state Federal 
Information Processing Standard (FIPS) code;
    b. Financial institution's name and FEIN;
    c. Obligor's name, SSN, and date of birth;
    d. Account number of account from which to withhold funds;
    e. Withholding amount; and
    f. Contact name, phone number, and email for point of contact in 
requesting state.

RECORD SOURCE CATEGORIES:
    The sources of the information in the system of records include:
     State child support enforcement agencies initiating e-IWO, 
e-NMSN, and FAST Levy program transactions.
     Employers or authorized third parties responding to e-IWOs 
and e-NMSNs.
     Health plan administrators responding to e-NMSNs.
     Financial institutions responding to FAST Levy requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to the disclosures authorized directly in the Privacy 
Act at 5 U.S.C. 552a(b)(1)-(b)(2) and (b)(4)-(b)(11), these routine 
uses specify circumstances under which the agency may disclose 
information from this system of records to a non-HHS officer or 
employee without the consent of the data subject. ACF will prohibit 
redisclosures, or may permit only certain redisclosures, as required or 
authorized by law. Each proposed disclosure or redisclosure of 
information permitted directly in the Privacy Act or under these 
routine uses will be evaluated to ensure that the disclosure or 
redisclosure is legally permissible.
    Any information defined as ``return'' or ``return information'' 
under 26 U.S.C. 6103 (Internal Revenue Code) is not disclosed unless 
authorized by a statute, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. Disclosure to Financial Institution to Collect Past-Due Support. 
Pursuant to 42 U.S.C. 652(l), information pertaining to an individual 
owing past-due child support may be disclosed to a financial 
institution doing business in two or more states to identify an 
individual who maintains an account at the institution for the purpose 
of collecting past-due support. Information pertaining to requests by 
the state child support enforcement agencies for the placement of a 
lien or levy of such accounts may also be disclosed.
    2. Disclosure of Financial Institution Information to State Child 
Support Enforcement Agency for Assistance in Collecting Past-Due 
Support. Pursuant to 42 U.S.C. 652(l), the results of a comparison 
between information pertaining to an individual owing past-due child 
support and information provided by multistate financial institutions 
may be disclosed to a state child support enforcement agency for the 
purpose of assisting the state agency in collecting past-due support. 
Information pertaining to responses to requests by a state child 
support enforcement agency for the placement of a lien or levy of such 
accounts may also be disclosed.
    3. Disclosure to Employer to Enforce Child Support Obligations. 
Pursuant to 42 U.S.C. 666(b), information pertaining to an individual 
owing current or past-due child support may be disclosed to an employer 
for the purpose of collecting current or past-due support by way of an 
e-IWO.
    4. Disclosure of Employer Information to State Child Support 
Enforcement Agency in Response to an e-IWO. Information pertaining to a 
response by an employer to an e-IWO issued by a state child support 
enforcement agency for the collection of child support may be disclosed 
to the state child support enforcement agency.
    5. Disclosure to Employer and Health Plan Administrator to Enforce 
Medical Support Obligations. Pursuant to 42 U.S.C. 666(a)(19), 
information pertaining to participants in a child support case may be 
disclosed to an employer or a health plan administrator for the purpose 
of enforcing medical support for a child by way of an e-NMSN.
    6. Disclosure of Employer and Health Plan Administrator Information 
to State Child Support Enforcement Agency in Response to an e-NMSN. 
Information pertaining to a response by an employer or a health plan 
administrator to an e-NMSN issued by a state child support enforcement 
agency for the enforcement of medical support may be disclosed to the 
state child support enforcement agency.
    7. Disclosure to Department of Justice or in Proceedings. Records 
may be disclosed to the Department of Justice (DOJ) or to a court or 
other adjudicative body in litigation or other proceedings when HHS or 
any of its components, or any employee of HHS acting in the employee's 
official capacity, or any employee of HHS acting in the employee's 
individual capacity where the DOJ or HHS has agreed to represent the 
employee, or the United States Government, is a party to the 
proceedings or has an interest in the proceedings and, by careful 
review, HHS determines that the records are both relevant and necessary 
to the proceedings.
    8. Disclosure to Congressional Office. Information may be disclosed 
to a congressional office from the record of an individual in response 
to a written inquiry from the congressional office made at the written 
request of the individual.
    9. Disclosure to Contractor to Perform Duties. Records may be 
disclosed to a contractor performing or working on a contract for HHS 
and who has a need to have access to the information in the performance 
of its duties or activities for HHS in accordance with law and with the 
contract.
    10. Disclosure in the Event of a Security Breach. a. Information 
may be disclosed to appropriate agencies, entities, and persons when 
(1) HHS suspects or has confirmed that there has been a breach of the 
system of records; (2) HHS has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
HHS (including its information systems, programs, and operations), the 
federal government, or national security; and (3) the disclosure made 
to such

[[Page 72248]]

agencies, entities, and persons is reasonably necessary to assist in 
connection with HHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    b. Information may be disclosed to another federal agency or 
federal entity when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records are stored electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the parent's, guardian's, or third-party 
caretaker's name or SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Upon approval of a disposition schedule by the National Archives 
and Records Administration (NARA), the records will be deleted when 
eligible for destruction under the schedule, if the records are no 
longer needed for administrative, audit, legal, or operational 
purposes. ACF anticipates requesting NARA's approval of retention 
periods of approximately 60 days for the information contained in the 
transmission files (i.e., long enough to confirm receipt or to resend 
if necessary) and up to 7 years for the audit log records. Approved 
disposal methods for electronic records and media include overwriting, 
degaussing, erasing, disintegration, pulverization, burning, melting, 
incineration, shredding, or sanding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The system leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including Federal Risk and Authorization Management Program 
(FedRAMP) requirements. Specific administrative, technical, and 
physical controls are in place to ensure that the records collected, 
maintained, and transmitted using the OCSE Data Center General Support 
System are secure from unauthorized access. Access to the records 
within the system is restricted to authorized personnel who are advised 
of the confidentiality of the records and the civil and criminal 
penalties for misuse, and who sign a nondisclosure oath to that effect. 
Agency personnel are provided privacy and security training before 
being granted access to the records and annually thereafter. Additional 
safeguards include protecting the facilities where records are stored 
or accessed with security guards, badges, and cameras; limiting access 
to electronic databases to authorized users based on roles and either 
two-factor authentication or user ID and password (as appropriate); 
using a secured operating system protected by encryption, firewalls, 
and intrusion detection systems; reviewing security controls on a 
periodic basis; and using secure destruction methods prescribed in NIST 
SP 800-88 to dispose of eligible records. All safeguards conform to the 
HHS Information Security and Privacy Program, https://www.hhs.gov/ocio/securityprivacy/.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written access request to the System Manager identified in the 
``System Manager'' section of this System of Records Notice (SORN). The 
request must reasonably describe the record sought and must include 
(for contact purposes and identity verification purposes) your full 
name, current address, telephone number and/or email address, date and 
place of birth, and signature, and (if needed by the agency) sufficient 
particulars contained in the records (such as your SSN) to enable the 
System Manager to distinguish between records on subject individuals 
with the same name. In addition, to verify your identity, your 
signature must be notarized or the request must include your written 
certification that you are the individual who you claim to be and that 
you understand that the knowing and willful request for or acquisition 
of a record pertaining to an individual under false pretenses is a 
criminal offense subject to a fine of up to $5,000. You may request 
that copies of the records be sent to you, or you may request an 
appointment to review the records in person (including with a person of 
your choosing, if you provide written authorization for agency 
personnel to discuss the records in that person's presence). You may 
also request an accounting of disclosures that have been made of 
records about you, if any.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to the System Manager 
identified in the ``System Manager'' section of this SORN. The request 
must contain the same information required for an access request and 
include verification of your identity in the same manner required for 
an access request. In addition, the request must reasonably identify 
the record and specify the information contested, the corrective action 
sought, and the reasons for requesting the correction; and should 
include supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if the system of records contains a record about you, 
submit a written notification request to the System Manager identified 
in the ``System Manager'' section of this SORN. The request must 
identify this system of records, contain the same information required 
for an access request, and include verification of your identity in the 
same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2021-27324 Filed 12-20-21; 8:45 am]
BILLING CODE 4184-42-P