Privacy Act of 1974; System of Records, 44823-44827 [2023-14877]
Download as PDF
<![CDATA[
ddrumheller on DSK120RN23PROD with NOTICES1
Federal Register / Vol. 88, No. 133 / Thursday, July 13, 2023 / Notices
• Study director and contact
information;
• Principal clinical field trial
coordinator name;
• Study monitor’s name and
addresses;
• Investigator’s name and addresses;
• Proposed study start and
completion dates;
• Background, purpose, and
objectives of study;
• Study materials;
• Experimental units;
• Entrance criteria;
• Identification of treatment groups;
• Treatment schedules;
• Treatment response parameters;
• Recordkeeping procedures;
• Disposition of investigational
animals;
• Disposition of investigational drug;
• Data handling, quality control,
monitoring, and administrative
responsibilities;
• Plans for data analysis;
• Protocol and protocol amendments;
and
• Protocol deviations.
The Service’s AADAP Program will
use the information that is collected on
the study forms to ensure the studies are
following the guidelines set by the FDA.
The study data will be downloaded to
a spreadsheet where it will be analyzed
for compliance. Summary reports will
be created from the data collected from
the forms and will be submitted to the
FDA, as required. Submission of the
data forms is required by the FDA for
the facility to participate in the INAD
Program.
A cooperative agreement is also
needed between the participating
companies/agencies and the Service’s
AADAP Program. This agreement
establishes obligations to be met and
procedures to be followed by the
Service and participant to establish and
maintain cooperative INADs to enable
the use of certain drugs and chemicals
under the INAD process as set forth by
the FDA. The goal of this agreement is
to consolidate the INAD process;
eliminate duplication of effort; reduce
workloads and costs; and ensure needed
drugs are made available to aquaculture
and fisheries management facilities in
the U.S. in compliance with FDA
regulations.
Additional information for the INAD
Program and how to participate can be
found at the following link: https://
www.fws.gov/service/investigationalnew-animal-drugs. This web page
describes frequently asked questions
regarding how to participate in the
INAD Program and what is expected of
the participants. The site also includes
the investigator and monitor guides
VerDate Sep<11>2014
17:24 Jul 12, 2023
Jkt 259001
created to explain the INAD Program
process to study participants. We are
currently developing additional study
templates for the INADs, for use as a
guide for filling out the forms. These
templates will provide study
participants with helpful information to
correctly complete each form. We also
created a user manual for the online
INAD database.
The public may request copies of any
form or document contained in this
information collection by sending a
request to the Service Information
Collection Clearance Officer in
ADDRESSES, above.
Title of Collection: Administration of
U.S. Fish and Wildlife Service
Investigational New Animal Drug
(INAD) Program.
OMB Control Number: 1018–New.
Form Number(s): Form-W, Form-1,
Form-2, Form-2A or 2B, Form-3, Form4, Form-4a, and Form-5.
Type of Review: Existing collection in
use without an OMB control number.
Respondents/Affected Public: Private
aquaculture facilities; universities; and
State, local, and Tribal governments that
have a need to use INADs.
Total Estimated Number of Annual
Respondents: 273.
Total Estimated Number of Annual
Responses: 302.
Estimated Completion Time per
Response: Varies from 2 hours to 5
hours, depending on activity.
Total Estimated Number of Annual
Burden Hours: 1,215.
Respondent’s Obligation: Required to
obtain or retain a benefit.
Frequency of Collection: One time for
the initial registration and submission of
cooperative agreement, and on occasion
for submission of study data.
Total Estimated Annual Nonhour
Burden Cost: $289,232 ($197,400 for
enrollment fees (282 INADS × $700 per
INAD per facility each year), along with
$91,832 associated with the costs of
purchasing the INAD from the
appropriate drug supplier).
An agency may not conduct or
sponsor and a person is not required to
respond to a collection of information
unless it displays a currently valid OMB
control number.
The authority for this action is the
Paperwork Reduction Act of 1995 (44
U.S.C. 3501 et seq.).
Madonna Baucum,
Information Collection Clearance Officer, U.S.
Fish and Wildlife Service.
[FR Doc. 2023–14834 Filed 7–12–23; 8:45 am]
BILLING CODE 4333–15–P
PO 00000
Frm 00049
Fmt 4703
Sfmt 4703
44823
DEPARTMENT OF THE INTERIOR
Bureau of Indian Affairs
[DOI–2023–0009; 2341A2100DD/
AAKC0010130/A0A501010.999900]
Privacy Act of 1974; System of
Records
Bureau of Indian Affairs,
Interior.
ACTION: Notice of a new system of
records.
AGENCY:
Pursuant to the Privacy Act of
1974, as amended, the Department of
the Interior (DOI) is issuing a public
notice of its intent to create the Bureau
of Indian Affairs (BIA) Privacy Act
system of records, INTERIOR/BIA–35,
Behavioral Health and Wellness
Program. This system helps the
Behavioral Health and Wellness
Program (BHWP) provide immediate
behavioral health crisis support, clinical
counseling services, crisis care
coordination, and communication with
the client and appropriate points of
contact for referrals and continued
service delivery or emergency care. This
newly established system will be
included in DOI’s inventory of systems
of records.
DATES: This new system will be effective
upon publication on July 13, 2023. New
routine uses will be effective August 14,
2023. Submit comments on or before
August 14, 2023.
ADDRESSES: You may send comments
identified by docket number [DOI–
2023–0009] by any of the following
methods:
• Federal eRulemaking Portal:
https://www.regulations.gov. Follow the
instructions for sending comments.
• Email: DOI_Privacy@ios.doi.gov.
Include docket number [DOI–2023–
0009] in the subject line of the message.
• U.S. mail or hand-delivery: Teri
Barnett, Departmental Privacy Officer,
U.S. Department of the Interior, 1849 C
Street NW, Room 7112, Washington, DC
20240.
Instructions: All submissions received
must include the agency name and
docket number [DOI–2023–0009]. All
comments received will be posted
without change to https://
www.regulations.gov, including any
personal information provided.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.regulations.gov.
SUMMARY:
FOR FURTHER INFORMATION CONTACT:
Richard Gibbs, Associate Privacy
Officer, Assistant Secretary—Indian
Affairs, 1011 Indian School Road NW,
E:\FR\FM\13JYN1.SGM
13JYN1
44824
Federal Register / Vol. 88, No. 133 / Thursday, July 13, 2023 / Notices
ddrumheller on DSK120RN23PROD with NOTICES1
Room 164, Albuquerque, New Mexico
87104, Privacy_Officer@bia.gov or (505)
563–5023.
SUPPLEMENTARY INFORMATION:
I. Background
The DOI is establishing a new system
of records for the INTERIOR/BIA–35,
Behavioral Health and Wellness
Program. The Assistant Secretary—
Indian Affairs consists of two bureaus,
which are the BIA and Bureau of Indian
Education (BIE). The BIA supports the
functions of the BIE and is publishing
this notice to describe the purpose of
the BHWP that provides immediate
behavioral health crisis support, clinical
counseling services, crisis care
coordination, and facilitates
communication between clients and
appropriate points of contact for
referrals and continued service delivery
or emergency care.
The BIE is responsible for providing
quality educational opportunities from
early childhood through adulthood in
accordance with Federal trust
responsibilities for approximately
43,000 students. The BIE funds 183
elementary, secondary, and residential
schools across 64 Indian reservations
and 23 states. Of these, 53 are BIEoperated and 130 are tribally-controlled.
Additionally, BIE directly operates two
post-secondary institutions and funds
and/or operates off-reservation boarding
schools and peripheral dormitories near
reservations for students attending
public schools. The BIE also serves
many American Indian and Alaska
Native post-secondary students through
higher education scholarships and
support funding for tribal colleges and
universities.
The BIE identified the need for
comprehensive behavioral health and
wellness services at a multitude of
Bureau-funded schools, dormitories,
colleges, and universities. The BIE is
committed to creating positive, safe, and
culturally relevant learning
environments where students can gain
knowledge, skills, and behaviors
necessary for physical, mental, and
emotional wellbeing. The BIE
established the BHWP to address the
significant mental health needs of
students and staff at all BIE-funded
institutions including BIE-operated
schools, tribally-controlled schools,
post-secondary institutions, and tribal
colleges and universities.
II. Privacy Act
The Privacy Act of 1974, as amended,
embodies fair information practice
principles in a statutory framework
governing the means by which Federal
agencies collect, maintain, use, and
VerDate Sep<11>2014
17:24 Jul 12, 2023
Jkt 259001
disseminate individuals’ records. The
Privacy Act applies to records about
individuals that are maintained in a
‘‘system of records.’’ A ‘‘system of
records’’ is a group of any records under
the control of an agency from which
information is retrieved by the name of
an individual or by some identifying
number, symbol, or other identifying
particular assigned to the individual.
The Privacy Act defines an individual
as a United States citizen or lawful
permanent resident. Individuals may
request access to their own records that
are maintained in a system of records in
the possession or under the control of
DOI by complying with DOI Privacy Act
regulations at 43 CFR part 2, subpart K,
and following the procedures outlined
in the Records Access, Contesting
Record, and Notification Procedures
sections of this notice.
The Privacy Act requires each agency
to publish in the Federal Register a
description denoting the existence and
character of each system of records that
the agency maintains, and the routine
uses of each system. The INTERIOR/
BIA–35, Behavioral Health and
Wellness Program, system of records
notice is published in its entirety below.
In accordance with 5 U.S.C. 552a(r), DOI
has provided a report of this system of
records to the Office of Management and
Budget and to Congress.
III. Public Participation
You should be aware your entire
comment including your personally
identifiable information, such as your
address, phone number, email address,
or any other personal information in
your comment, may be made publicly
available at any time. While you may
request to withhold your personally
identifiable information from public
review, we cannot guarantee we will be
able to do so.
SYSTEM NAME AND NUMBER:
INTERIOR/BIA–35, Behavioral Health
and Wellness Program.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained by the Office
of the Director, Bureau of Indian
Education, 1849 C Street NW, MIB–
3621, Washington, DC 20240, and at BIE
contractor facilities. A current listing of
contractor facilities may be obtained by
writing to the System Manager
identified below.
SYSTEM MANAGER(S):
Student Health Program Specialist,
Office of the Director, Bureau of Indian
PO 00000
Frm 00050
Fmt 4703
Sfmt 4703
Education, 1849 C Street NW, MIB–
3621, Washington, DC 20240.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Every Student Succeeds Act, Public
Law 114–95; Indian Education Policies,
25 CFR part 32; Expenditure of
appropriations by Bureau, 25 U.S.C.
2006; Congressional statement of
findings, 25 U.S.C. 5301; Indian Child
Welfare Act of 1978, Public Law 95–
60825 U.S.C. 1901; Confidentiality of
Substance Use Disorder Patient Records,
42 CFR part 2; Enforcement of
Nondiscrimination on the Basis of
Handicap in Programs or Activities
Conducted by the Department of the
Interior, 43 CFR Subpart E;
Rehabilitation Act of 1973, as amended,
Public Law 93–112, Section 504, 29
U.S.C. 794; Tribally Controlled Schools
Act of 1988, 25 U.S.C. 2501 et seq.;
Indian Self-Determination and
Education Assistance Act, 25 U.S.C.
5301 et seq.; Health Insurance
Portability and Accountability Act of
1996 (HIPAA), Public Law 104–191;
Individuals with Disabilities Act (IDEA),
20 U.S.C. 1400 et seq.; and Maintenance
and Control of Student Records in
Bureau Schools, 25 CFR part 43.
PURPOSE(S) OF THE SYSTEM:
The primary purposes of the system
are to provide immediate behavioral
health crisis support, clinical
counseling services and crisis care
coordination, and to facilitate
communication between the client and
appropriate points of contact for
referrals and continued service delivery
or emergency care.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Individuals covered by the system
include current and former BIE
employees, contractors, students,
parents, guardians or caretakers of
students, and staff at BIE-operated K–12
schools, BIE-operated post-secondary
institutions, tribally-controlled schools
operated pursuant to a grant under the
Tribally Controlled Schools Act of 1988
or a contract under the Indian SelfDetermination and Education
Assistance Act, and tribal colleges and
universities. These individuals are
collectively referred to as clients for
purposes of this program.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records in the
system include information collected on
forms from BHWP clients as follows:
(1) Student Information. Name, date
of birth, mailing address, physical
address, home and cell phone number,
email address, parent, guardian, or
caretaker information, emergency
E:\FR\FM\13JYN1.SGM
13JYN1
ddrumheller on DSK120RN23PROD with NOTICES1
Federal Register / Vol. 88, No. 133 / Thursday, July 13, 2023 / Notices
contact information, school of
enrollment, grade level, tribe of
enrollment and disability information
such as a client’s Individualized
Education Plan (IEP) or 504 Plan.
Information about clinical services
provided by the service provider may be
maintained in the student’s records and
may be viewed by the Student Health
Program Specialist, as authorized and
necessary to facilitate behavioral health,
counseling or crisis care coordination or
referrals for this program.
(2) Parent, Guardian, or Caretaker
Information. Name, relationship to
student, mailing address, email address,
physical address, home and/or cell
phone number, and tribe of enrollment.
(3) BIE Staff/Employee Information.
Name, date of birth, mailing address,
physical address, home and/or cell
phone number, email address, school
affiliation, tribe of enrollment, and
emergency contact information.
(4) School Level Staff and Employee
Information. Name, date of birth,
mailing address, physical address, home
and/or cell phone number, email
address, school affiliation, tribe of
enrollment, and emergency contact
information.
(5) Tribal Staff and Employee
Information. Name, date of birth,
mailing address, physical address, home
and/phone number, email address,
school affiliation, tribe of enrollment,
and emergency contact information.
(6) Emergency Contact Person.
Contact name, relationship to client,
and emergency contact phone, cell
phone number, and email address.
(7) In the case of a critical incident,
sentinel event, death, or crisis incident,
the PII may also include client name,
age, date of birth, address, parent,
guardian, or caretaker information if
applicable, emergency contact
information, manner of death or
incident type, location of death or
incident, date and time of death or
incident, any known witness or
collateral contact, and their contact
information at time of client death or
client related incident. This information
may be shared with appropriate local,
tribal, city, county, state, or Federal law
enforcement officials and first
responders for immediate emergency
response engagement, medical centers
for emergency medical care, and social
services or other agencies in the event
of abuse or neglect. This information
may be shared with appropriate BIE and
BHWP officials and administrators as
needed, as well as tribal officials for
appropriate critical incident or sentinel
event reporting.
VerDate Sep<11>2014
17:24 Jul 12, 2023
Jkt 259001
RECORD SOURCE CATEGORIES:
Information comes primarily from
BHWP Care Coordinators and BHWP
licensed providers from the school point
of contact at time of client referral,
directly from the client, and the client’s
parent, guardian, emergency contact or
caretaker when necessary.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed outside DOI as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as
follows:
A. To the Department of Justice (DOJ),
including Offices of the U.S. Attorneys,
or other Federal agency conducting
litigation or in proceedings before any
court, adjudicative, or administrative
body, when it is relevant or necessary to
the litigation and one of the following
is a party to the litigation or has an
interest in such litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency
appearing before the Office of Hearings
and Appeals;
(3) Any DOI employee or former
employee acting in his or her official
capacity;
(4) Any DOI employee or former
employee acting in his or her individual
capacity when DOI or DOJ has agreed to
represent that employee or pay for
private representation of the employee;
or
(5) The United States Government or
any agency thereof, when DOJ
determines that DOI is likely to be
affected by the proceeding.
B. To a congressional office when
requesting information on behalf of, and
at the request of, the individual who is
the subject of the record.
C. To the Executive Office of the
President in response to an inquiry from
that office made at the request of the
subject of a record or a third party on
that person’s behalf, or for a purpose
compatible with the reason for which
the records are collected or maintained.
D. To any criminal, civil, or regulatory
law enforcement authority (whether
Federal, state, territorial, local, Tribal, or
foreign) when a record, either alone or
in conjunction with other information,
indicates a violation or potential
violation of law—criminal, civil, or
regulatory in nature, and the disclosure
is compatible with the purpose for
which the records were compiled.
E. To an official of another Federal
agency to provide information needed
PO 00000
Frm 00051
Fmt 4703
Sfmt 4703
44825
in the performance of official duties
related to reconciling or reconstructing
data files or to enable that agency to
respond to an inquiry by the individual
to whom the record pertains.
F. To Federal, state, territorial, local,
tribal, or foreign agencies that have
requested information relevant or
necessary to the hiring, firing or
retention of an employee or contractor,
or the issuance of a security clearance,
license, contract, grant, or other benefit,
when the disclosure is compatible with
the purpose for which the records were
compiled.
G. To representatives of the National
Archives and Records Administration
(NARA) to conduct records management
inspections under the authority of 44
U.S.C. 2904 and 2906.
H. To state, territorial, and local
governments and tribal organizations to
provide information needed in response
to court order and/or discovery
purposes related to litigation, when the
disclosure is compatible with the
purpose for which the records were
compiled.
I. To an expert, consultant, grantee,
shared service provider, or contractor
(including employees of the contractor)
of DOI that performs services requiring
access to these records on DOI’s behalf
to carry out the purposes of the system.
J. To appropriate agencies, entities,
and persons when:
(1) DOI suspects or has confirmed that
there has been a breach of the system of
records;
(2) DOI has determined that as a result
of the suspected or confirmed breach
there is a risk of harm to individuals,
DOI (including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with DOI’s efforts to respond
to the suspected or confirmed breach or
to prevent, minimize, or remedy such
harm.
K. To another Federal agency or
Federal entity, when DOI determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in:
(1) responding to a suspected or
confirmed breach; or
(2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
L. To the Office of Management and
Budget (OMB) during the coordination
E:\FR\FM\13JYN1.SGM
13JYN1
44826
Federal Register / Vol. 88, No. 133 / Thursday, July 13, 2023 / Notices
and clearance process in connection
with legislative affairs as mandated by
OMB Circular A–19.
M. To the Department of the Treasury
to recover debts owed to the United
States.
N. To the news media and the public,
with the approval of the Public Affairs
Officer in consultation with counsel and
the Senior Agency Official for Privacy,
where there exists a legitimate public
interest in the disclosure of the
information, except to the extent it is
determined that release of the specific
information in the context of a
particular case would constitute an
unwarranted invasion of personal
privacy.
O. To a parent or guardian, medical
facility, service provider, BIE-funded
school official, or appropriate parties to
provide immediate behavioral health
crisis support, clinical counseling
services and crisis care coordination,
and to facilitate communication
between the client and appropriate
points of contact for referrals and
continued service delivery or emergency
care pursuant to the Individuals with
Disabilities Education Act (IDEA), 20
U.S.C. 1400 et seq.; Maintenance and
Control of Student Records in Bureau
Schools, 25 CFR part 43; Confidentiality
of Substance Use Disorder Patient
Records, 42 CFR part 2; and other
applicable laws and regulations.
P. To Federal, tribal, state, local, or
private agencies for referral to continue
providing services, to report,
investigate, and treat any incidents of
suspected abuse or neglect pursuant to
the Indian Child Protection and Family
Violence Prevention Act, Public Law
101–630, or in the event of any critical
incident as required by 25 CFR part 43,
other applicable laws, and BHWP policy
and procedures.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Paper records are contained in file
folders stored within filing cabinets in
secured rooms. Electronic records are
stored on electronic media at a Federal
Risk and Authorization Management
Program (FedRAMP) approved cloud
service provider.
ddrumheller on DSK120RN23PROD with NOTICES1
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Information from the BHWP is
retrievable by client name, age, gender,
school affiliation, address, call type, and
client identified record number by
authorized users of the system.
Additionally, de-identified aggregate
data, such as diagnosis codes, numbers
of encounters, and types of encounters,
and general demographics may be
retrieved.
VerDate Sep<11>2014
17:24 Jul 12, 2023
Jkt 259001
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records retention schedules for the
BHWP are being developed and will be
submitted to NARA for scheduling and
approval. These records will be treated
as permanent until the records are
scheduled and have been approved by
NARA. Upon termination of the BHWP
service contract with the Contracting
Agency, the contractor will transfer all
electronic health record information to
the BIE for appropriate record keeping
and storage in alignment with all
Federal requirements.
BHWP system usage records are
covered by the Departmental Records
Schedule 1.4A, Short Term Information
Technology Records, System
Maintenance and Use Records (DAA–
0048–2013–0001–0013), which was
approved by NARA. These records
include system operations reports, login
and password files, audit trail records
and backup files. The disposition is
temporary. Records are cut-off when
superseded or obsolete and destroyed
no later than three years after cut-off.
Records associated with a 42 CFR part
2 program that is discontinued or is
taken over or acquired by another
program will be processed in
accordance with 42 CFR 2.16, Security
for records, and 2.19, Disposition of
records by discontinued programs.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Access to records in the system is
limited to authorized personnel who
have a need to access the records in the
performance of their official duties, and
each user’s access is restricted to only
the functions and data necessary to
perform that person’s job
responsibilities. System administrators
and authorized users are trained and
required to follow established internal
security protocols and must complete
all security, privacy, and records
management training and sign the DOI
Rules of Behavior.
The records contained in this system
are safeguarded in accordance with 43
CFR 2.226 and other applicable security
and privacy rules and policies. Paper
records are maintained in locked file
cabinets and/or safes under the control
of authorized personnel during normal
hours of operation. Computer servers on
which electronic records are stored are
located at a FedRAMP-approved cloud
service provider with physical,
technical, and administrative levels of
security to prevent unauthorized access
to the system and information assets.
The cloud service provider implements
protections, controls and access
restrictions as required to maintain the
PO 00000
Frm 00052
Fmt 4703
Sfmt 4703
necessary FedRAMP certification and to
mitigate the privacy risks. Authorized
DOI and contractor personnel must
complete mandatory security, privacy,
records management, and HIPAA
training specific to their roles to ensure
they are knowledgeable about how to
protect personally identifiable
information before they are granted
access to the system of records.
Computerized records systems follow
the National Institute of Standards and
Technology privacy and security
standards as developed to comply with
the Privacy Act of 1974, as amended, 5
U.S.C. 552a; Paperwork Reduction Act
of 1995, 44 U.S.C. 3501 et seq.; the
Federal Information Security
Modernization Act of 2014, 44 U.S.C.
3551 et seq.; and the Federal
Information Processing Standards 199:
Standards for Security Categorization of
Federal Information and Information
Systems. Security controls include user
identification, multi-factor
authentication, database permissions,
encryption, firewalls, audit logs, and
network system security monitoring,
and software controls which establish
access levels according to the type of
user. Access to records in the system is
limited to authorized personnel who
have a need to access the records in the
performance of their official duties, and
each user’s access is restricted to only
the functions and data necessary to
perform that person’s job
responsibilities. Audit trails are
maintained and reviewed periodically
to identify unauthorized access or use.
A Privacy Impact Assessment was
conducted on the Behavioral Health and
Wellness Program System to ensure that
Privacy Act requirements are met, and
appropriate privacy controls were
implemented to safeguard the
personally identifiable information
contained in the system.
RECORD ACCESS PROCEDURES:
An individual requesting access to
their records should send a written
inquiry to the applicable System
Manager identified above. DOI forms
and instructions for submitting a
Privacy Act request may be obtained
from the DOI Privacy Act Requests
website at https://www.doi.gov/privacy/
privacy-act-requests. The request must
include a general description of the
records sought and the requester’s full
name, current address, and sufficient
identifying information such as date of
birth or other information required for
verification of the requester’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
E:\FR\FM\13JYN1.SGM
13JYN1
Federal Register / Vol. 88, No. 133 / Thursday, July 13, 2023 / Notices
Signed:
Teri Barnett,
Departmental Privacy Officer, Department of
the Interior.
by mail must be clearly marked
‘‘PRIVACY ACT REQUEST FOR
ACCESS’’ on both the envelope and
letter. A request for access must meet
the requirements of 43 CFR 2.238.
[FR Doc. 2023–14877 Filed 7–12–23; 8:45 am]
BILLING CODE 4337–15–P
CONTESTING RECORD PROCEDURES:
An individual requesting amendment
of their records should send a written
request to the applicable System
Manager as identified above. DOI
instructions for submitting a request for
amendment of records are available on
the DOI Privacy Act Requests website at
https://www.doi.gov/privacy/privacyact-requests. The request must clearly
identify the records for which
amendment is being sought, the reasons
for requesting the amendment, and the
proposed amendment to the record. The
request must include the requester’s full
name, current address, and sufficient
identifying information such as date of
birth or other information required for
verification of the requester’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT REQUEST FOR
AMENDMENT’’ on both the envelope
and letter. A request for amendment
must meet the requirements of 43 CFR
2.246.
ddrumheller on DSK120RN23PROD with NOTICES1
NOTIFICATION PROCEDURES:
An individual requesting notification
of the existence of records about them
should send a written inquiry to the
applicable System Manager as identified
above. DOI instructions for submitting a
request for notification are available on
the DOI Privacy Act Requests website at
https://www.doi.gov/privacy/privacyact-requests. The request must include a
general description of the records and
the requester’s full name, current
address, and sufficient identifying
information such as date of birth or
other information required for
verification of the requester’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT INQUIRY’’ on both the
envelope and letter. A request for
notification must meet the requirements
of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
VerDate Sep<11>2014
17:24 Jul 12, 2023
Jkt 259001
DEPARTMENT OF THE INTERIOR
Office of the Secretary
[DOI–2023–0005; 234D0104IG, DG10100000,
DIG000000.000000]
Privacy Act of 1974; System of
Records
Office of Inspector General,
Interior.
ACTION: Notice of a modified system of
records.
AGENCY:
Pursuant to the provisions of
the Privacy Act of 1974, as amended,
the Department of the Interior (DOI) is
issuing a public notice of its intent to
modify the Office of Inspector General
(OIG) Privacy Act system of records,
INTERIOR/OIG–02, Investigative
Records. DOI is publishing this revised
notice to update the system location,
record source categories, storage and
records retention, expand and clarify
categories of individuals and records,
propose a new routine use and modify
existing routines uses, and provide
general administrative updates to
remaining sections to accurately reflect
management of the system of records in
accordance with the Office of
Management and Budget (OMB) policy.
Additionally, DOI is publishing a notice
of proposed rulemaking (NPRM)
elsewhere in the Federal Register to
claim exemptions in this system of
records from certain provisions of the
Privacy Act. This modified system will
be included in DOI’s inventory of record
systems.
DATES: This modified system will be
effective upon publication. New or
modified routine uses will be effective
August 14, 2023. Submit comments on
or before August 14, 2023.
ADDRESSES: You may send comments
identified by docket number [DOI–
2023–0005] by any of the following
methods:
• Federal eRulemaking Portal:
https://www.regulations.gov. Follow the
instructions for sending comments.
• Email: DOI_Privacy@ios.doi.gov.
Include docket number [DOI–2023–
0005] in the subject line of the message.
• U.S. mail or hand-delivery: Teri
Barnett, Departmental Privacy Officer,
U.S. Department of the Interior, 1849 C
Street NW, Room 7112, Washington, DC
20240.
SUMMARY:
PO 00000
Frm 00053
Fmt 4703
Sfmt 4703
44827
Instructions: All submissions received
must include the agency name and
docket number [DOI–2023–0005]. All
comments received will be posted
without change to https://
www.regulations.gov, including any
personal information provided.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Eric
Trader, Associate Privacy Officer, Office
of Inspector General, U.S. Department of
the Interior, 1849 C Street NW, Mail
Stop 4428–MIB, Washington, DC 20240,
oig_privacy@doioig.gov or (202) 208–
1644.
SUPPLEMENTARY INFORMATION:
I. Background
The OIG maintains the INTERIOR/
OIG–02, Investigative Records, system
of records. The purpose of this system
is to maintain certain investigative case
files and other materials created or
gathered during the course of an official
investigation. DOI last published the
INTERIOR/OIG–02, Investigative Files,
system of records notice in the Federal
Register at 76 FR 60519 (September 29,
2011); modification published at 86 FR
50156 (September 7, 2021). DOI is
publishing this revised notice to update
the system location; record source
categories; policies and practices for
storage and records retention; expand
the categories of individuals; update
categories of records to clarify that the
system may contain additional
personally identifiable information
obtained from any source relevant to an
OIG investigation; update the record
access, contesting record, and
notification procedures; and provide
general and administrative updates to
the remaining sections of the notice in
accordance with the OMB Circular A–
108, Federal Agency Responsibilities for
Review, Reporting, and Publication
under the Privacy Act. Additionally,
OIG is changing the routine uses from
a numeric to an alphabetic list, and is
proposing to modify existing routine
uses and add a new routine use to
provide clarity and transparency, and to
reflect updates consistent with standard
DOI routine uses.
Routine uses A, B, F, H, J, N, and P
have been modified to provide
additional clarification on external
organizations and circumstances where
disclosures are proper and necessary to
facilitate investigations or comply with
Federal requirements. Routine use A
was slightly modified to further clarify
disclosures to the Department of Justice
(DOJ) or other Federal agencies, or other
E:\FR\FM\13JYN1.SGM
13JYN1
]]>Agencies
[Federal Register Volume 88, Number 133 (Thursday, July 13, 2023)]
[Notices]
[Pages 44823-44827]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-14877]
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Bureau of Indian Affairs
[DOI-2023-0009; 2341A2100DD/AAKC0010130/A0A501010.999900]
Privacy Act of 1974; System of Records
AGENCY: Bureau of Indian Affairs, Interior.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974, as amended, the
Department of the Interior (DOI) is issuing a public notice of its
intent to create the Bureau of Indian Affairs (BIA) Privacy Act system
of records, INTERIOR/BIA-35, Behavioral Health and Wellness Program.
This system helps the Behavioral Health and Wellness Program (BHWP)
provide immediate behavioral health crisis support, clinical counseling
services, crisis care coordination, and communication with the client
and appropriate points of contact for referrals and continued service
delivery or emergency care. This newly established system will be
included in DOI's inventory of systems of records.
DATES: This new system will be effective upon publication on July 13,
2023. New routine uses will be effective August 14, 2023. Submit
comments on or before August 14, 2023.
ADDRESSES: You may send comments identified by docket number [DOI-2023-
0009] by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for sending comments.
Email: [email protected]. Include docket number
[DOI-2023-0009] in the subject line of the message.
U.S. mail or hand-delivery: Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
Instructions: All submissions received must include the agency name
and docket number [DOI-2023-0009]. All comments received will be posted
without change to https://www.regulations.gov, including any personal
information provided.
Docket: For access to the docket to read background documents or
comments received, go to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Richard Gibbs, Associate Privacy
Officer, Assistant Secretary--Indian Affairs, 1011 Indian School Road
NW,
[[Page 44824]]
Room 164, Albuquerque, New Mexico 87104, [email protected] or
(505) 563-5023.
SUPPLEMENTARY INFORMATION:
I. Background
The DOI is establishing a new system of records for the INTERIOR/
BIA-35, Behavioral Health and Wellness Program. The Assistant
Secretary--Indian Affairs consists of two bureaus, which are the BIA
and Bureau of Indian Education (BIE). The BIA supports the functions of
the BIE and is publishing this notice to describe the purpose of the
BHWP that provides immediate behavioral health crisis support, clinical
counseling services, crisis care coordination, and facilitates
communication between clients and appropriate points of contact for
referrals and continued service delivery or emergency care.
The BIE is responsible for providing quality educational
opportunities from early childhood through adulthood in accordance with
Federal trust responsibilities for approximately 43,000 students. The
BIE funds 183 elementary, secondary, and residential schools across 64
Indian reservations and 23 states. Of these, 53 are BIE-operated and
130 are tribally-controlled. Additionally, BIE directly operates two
post-secondary institutions and funds and/or operates off-reservation
boarding schools and peripheral dormitories near reservations for
students attending public schools. The BIE also serves many American
Indian and Alaska Native post-secondary students through higher
education scholarships and support funding for tribal colleges and
universities.
The BIE identified the need for comprehensive behavioral health and
wellness services at a multitude of Bureau-funded schools, dormitories,
colleges, and universities. The BIE is committed to creating positive,
safe, and culturally relevant learning environments where students can
gain knowledge, skills, and behaviors necessary for physical, mental,
and emotional wellbeing. The BIE established the BHWP to address the
significant mental health needs of students and staff at all BIE-funded
institutions including BIE-operated schools, tribally-controlled
schools, post-secondary institutions, and tribal colleges and
universities.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information
practice principles in a statutory framework governing the means by
which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals that are maintained in a ``system of records.'' A ``system
of records'' is a group of any records under the control of an agency
from which information is retrieved by the name of an individual or by
some identifying number, symbol, or other identifying particular
assigned to the individual. The Privacy Act defines an individual as a
United States citizen or lawful permanent resident. Individuals may
request access to their own records that are maintained in a system of
records in the possession or under the control of DOI by complying with
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following
the procedures outlined in the Records Access, Contesting Record, and
Notification Procedures sections of this notice.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the existence and character of each
system of records that the agency maintains, and the routine uses of
each system. The INTERIOR/BIA-35, Behavioral Health and Wellness
Program, system of records notice is published in its entirety below.
In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this
system of records to the Office of Management and Budget and to
Congress.
III. Public Participation
You should be aware your entire comment including your personally
identifiable information, such as your address, phone number, email
address, or any other personal information in your comment, may be made
publicly available at any time. While you may request to withhold your
personally identifiable information from public review, we cannot
guarantee we will be able to do so.
SYSTEM NAME AND NUMBER:
INTERIOR/BIA-35, Behavioral Health and Wellness Program.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Records are maintained by the Office of the Director, Bureau of
Indian Education, 1849 C Street NW, MIB-3621, Washington, DC 20240, and
at BIE contractor facilities. A current listing of contractor
facilities may be obtained by writing to the System Manager identified
below.
SYSTEM MANAGER(S):
Student Health Program Specialist, Office of the Director, Bureau
of Indian Education, 1849 C Street NW, MIB-3621, Washington, DC 20240.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Every Student Succeeds Act, Public Law 114-95; Indian Education
Policies, 25 CFR part 32; Expenditure of appropriations by Bureau, 25
U.S.C. 2006; Congressional statement of findings, 25 U.S.C. 5301;
Indian Child Welfare Act of 1978, Public Law 95-60825 U.S.C. 1901;
Confidentiality of Substance Use Disorder Patient Records, 42 CFR part
2; Enforcement of Nondiscrimination on the Basis of Handicap in
Programs or Activities Conducted by the Department of the Interior, 43
CFR Subpart E; Rehabilitation Act of 1973, as amended, Public Law 93-
112, Section 504, 29 U.S.C. 794; Tribally Controlled Schools Act of
1988, 25 U.S.C. 2501 et seq.; Indian Self-Determination and Education
Assistance Act, 25 U.S.C. 5301 et seq.; Health Insurance Portability
and Accountability Act of 1996 (HIPAA), Public Law 104-191; Individuals
with Disabilities Act (IDEA), 20 U.S.C. 1400 et seq.; and Maintenance
and Control of Student Records in Bureau Schools, 25 CFR part 43.
PURPOSE(S) OF THE SYSTEM:
The primary purposes of the system are to provide immediate
behavioral health crisis support, clinical counseling services and
crisis care coordination, and to facilitate communication between the
client and appropriate points of contact for referrals and continued
service delivery or emergency care.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include current and former BIE
employees, contractors, students, parents, guardians or caretakers of
students, and staff at BIE-operated K-12 schools, BIE-operated post-
secondary institutions, tribally-controlled schools operated pursuant
to a grant under the Tribally Controlled Schools Act of 1988 or a
contract under the Indian Self-Determination and Education Assistance
Act, and tribal colleges and universities. These individuals are
collectively referred to as clients for purposes of this program.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records in the system include information
collected on forms from BHWP clients as follows:
(1) Student Information. Name, date of birth, mailing address,
physical address, home and cell phone number, email address, parent,
guardian, or caretaker information, emergency
[[Page 44825]]
contact information, school of enrollment, grade level, tribe of
enrollment and disability information such as a client's Individualized
Education Plan (IEP) or 504 Plan. Information about clinical services
provided by the service provider may be maintained in the student's
records and may be viewed by the Student Health Program Specialist, as
authorized and necessary to facilitate behavioral health, counseling or
crisis care coordination or referrals for this program.
(2) Parent, Guardian, or Caretaker Information. Name, relationship
to student, mailing address, email address, physical address, home and/
or cell phone number, and tribe of enrollment.
(3) BIE Staff/Employee Information. Name, date of birth, mailing
address, physical address, home and/or cell phone number, email
address, school affiliation, tribe of enrollment, and emergency contact
information.
(4) School Level Staff and Employee Information. Name, date of
birth, mailing address, physical address, home and/or cell phone
number, email address, school affiliation, tribe of enrollment, and
emergency contact information.
(5) Tribal Staff and Employee Information. Name, date of birth,
mailing address, physical address, home and/phone number, email
address, school affiliation, tribe of enrollment, and emergency contact
information.
(6) Emergency Contact Person. Contact name, relationship to client,
and emergency contact phone, cell phone number, and email address.
(7) In the case of a critical incident, sentinel event, death, or
crisis incident, the PII may also include client name, age, date of
birth, address, parent, guardian, or caretaker information if
applicable, emergency contact information, manner of death or incident
type, location of death or incident, date and time of death or
incident, any known witness or collateral contact, and their contact
information at time of client death or client related incident. This
information may be shared with appropriate local, tribal, city, county,
state, or Federal law enforcement officials and first responders for
immediate emergency response engagement, medical centers for emergency
medical care, and social services or other agencies in the event of
abuse or neglect. This information may be shared with appropriate BIE
and BHWP officials and administrators as needed, as well as tribal
officials for appropriate critical incident or sentinel event
reporting.
RECORD SOURCE CATEGORIES:
Information comes primarily from BHWP Care Coordinators and BHWP
licensed providers from the school point of contact at time of client
referral, directly from the client, and the client's parent, guardian,
emergency contact or caretaker when necessary.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including Offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency appearing before the Office of
Hearings and Appeals;
(3) Any DOI employee or former employee acting in his or her
official capacity;
(4) Any DOI employee or former employee acting in his or her
individual capacity when DOI or DOJ has agreed to represent that
employee or pay for private representation of the employee; or
(5) The United States Government or any agency thereof, when DOJ
determines that DOI is likely to be affected by the proceeding.
B. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
C. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
D. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, state, territorial, local, Tribal, or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
E. To an official of another Federal agency to provide information
needed in the performance of official duties related to reconciling or
reconstructing data files or to enable that agency to respond to an
inquiry by the individual to whom the record pertains.
F. To Federal, state, territorial, local, tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant, or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
G. To representatives of the National Archives and Records
Administration (NARA) to conduct records management inspections under
the authority of 44 U.S.C. 2904 and 2906.
H. To state, territorial, and local governments and tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
I. To an expert, consultant, grantee, shared service provider, or
contractor (including employees of the contractor) of DOI that performs
services requiring access to these records on DOI's behalf to carry out
the purposes of the system.
J. To appropriate agencies, entities, and persons when:
(1) DOI suspects or has confirmed that there has been a breach of
the system of records;
(2) DOI has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DOI (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with DOI's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
K. To another Federal agency or Federal entity, when DOI determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in:
(1) responding to a suspected or confirmed breach; or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
L. To the Office of Management and Budget (OMB) during the
coordination
[[Page 44826]]
and clearance process in connection with legislative affairs as
mandated by OMB Circular A-19.
M. To the Department of the Treasury to recover debts owed to the
United States.
N. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy, where there exists a legitimate public
interest in the disclosure of the information, except to the extent it
is determined that release of the specific information in the context
of a particular case would constitute an unwarranted invasion of
personal privacy.
O. To a parent or guardian, medical facility, service provider,
BIE-funded school official, or appropriate parties to provide immediate
behavioral health crisis support, clinical counseling services and
crisis care coordination, and to facilitate communication between the
client and appropriate points of contact for referrals and continued
service delivery or emergency care pursuant to the Individuals with
Disabilities Education Act (IDEA), 20 U.S.C. 1400 et seq.; Maintenance
and Control of Student Records in Bureau Schools, 25 CFR part 43;
Confidentiality of Substance Use Disorder Patient Records, 42 CFR part
2; and other applicable laws and regulations.
P. To Federal, tribal, state, local, or private agencies for
referral to continue providing services, to report, investigate, and
treat any incidents of suspected abuse or neglect pursuant to the
Indian Child Protection and Family Violence Prevention Act, Public Law
101-630, or in the event of any critical incident as required by 25 CFR
part 43, other applicable laws, and BHWP policy and procedures.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper records are contained in file folders stored within filing
cabinets in secured rooms. Electronic records are stored on electronic
media at a Federal Risk and Authorization Management Program (FedRAMP)
approved cloud service provider.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information from the BHWP is retrievable by client name, age,
gender, school affiliation, address, call type, and client identified
record number by authorized users of the system. Additionally, de-
identified aggregate data, such as diagnosis codes, numbers of
encounters, and types of encounters, and general demographics may be
retrieved.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records retention schedules for the BHWP are being developed and
will be submitted to NARA for scheduling and approval. These records
will be treated as permanent until the records are scheduled and have
been approved by NARA. Upon termination of the BHWP service contract
with the Contracting Agency, the contractor will transfer all
electronic health record information to the BIE for appropriate record
keeping and storage in alignment with all Federal requirements.
BHWP system usage records are covered by the Departmental Records
Schedule 1.4A, Short Term Information Technology Records, System
Maintenance and Use Records (DAA-0048-2013-0001-0013), which was
approved by NARA. These records include system operations reports,
login and password files, audit trail records and backup files. The
disposition is temporary. Records are cut-off when superseded or
obsolete and destroyed no later than three years after cut-off. Records
associated with a 42 CFR part 2 program that is discontinued or is
taken over or acquired by another program will be processed in
accordance with 42 CFR 2.16, Security for records, and 2.19,
Disposition of records by discontinued programs.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to records in the system is limited to authorized personnel
who have a need to access the records in the performance of their
official duties, and each user's access is restricted to only the
functions and data necessary to perform that person's job
responsibilities. System administrators and authorized users are
trained and required to follow established internal security protocols
and must complete all security, privacy, and records management
training and sign the DOI Rules of Behavior.
The records contained in this system are safeguarded in accordance
with 43 CFR 2.226 and other applicable security and privacy rules and
policies. Paper records are maintained in locked file cabinets and/or
safes under the control of authorized personnel during normal hours of
operation. Computer servers on which electronic records are stored are
located at a FedRAMP-approved cloud service provider with physical,
technical, and administrative levels of security to prevent
unauthorized access to the system and information assets. The cloud
service provider implements protections, controls and access
restrictions as required to maintain the necessary FedRAMP
certification and to mitigate the privacy risks. Authorized DOI and
contractor personnel must complete mandatory security, privacy, records
management, and HIPAA training specific to their roles to ensure they
are knowledgeable about how to protect personally identifiable
information before they are granted access to the system of records.
Computerized records systems follow the National Institute of
Standards and Technology privacy and security standards as developed to
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a;
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; the Federal
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.;
and the Federal Information Processing Standards 199: Standards for
Security Categorization of Federal Information and Information Systems.
Security controls include user identification, multi-factor
authentication, database permissions, encryption, firewalls, audit
logs, and network system security monitoring, and software controls
which establish access levels according to the type of user. Access to
records in the system is limited to authorized personnel who have a
need to access the records in the performance of their official duties,
and each user's access is restricted to only the functions and data
necessary to perform that person's job responsibilities. Audit trails
are maintained and reviewed periodically to identify unauthorized
access or use. A Privacy Impact Assessment was conducted on the
Behavioral Health and Wellness Program System to ensure that Privacy
Act requirements are met, and appropriate privacy controls were
implemented to safeguard the personally identifiable information
contained in the system.
RECORD ACCESS PROCEDURES:
An individual requesting access to their records should send a
written inquiry to the applicable System Manager identified above. DOI
forms and instructions for submitting a Privacy Act request may be
obtained from the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must include a
general description of the records sought and the requester's full
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requester's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
[[Page 44827]]
by mail must be clearly marked ``PRIVACY ACT REQUEST FOR ACCESS'' on
both the envelope and letter. A request for access must meet the
requirements of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting amendment of their records should send a
written request to the applicable System Manager as identified above.
DOI instructions for submitting a request for amendment of records are
available on the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must clearly
identify the records for which amendment is being sought, the reasons
for requesting the amendment, and the proposed amendment to the record.
The request must include the requester's full name, current address,
and sufficient identifying information such as date of birth or other
information required for verification of the requester's identity. The
request must be signed and dated and be either notarized or submitted
under penalty of perjury in accordance with 28 U.S.C. 1746. Requests
submitted by mail must be clearly marked ``PRIVACY ACT REQUEST FOR
AMENDMENT'' on both the envelope and letter. A request for amendment
must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
about them should send a written inquiry to the applicable System
Manager as identified above. DOI instructions for submitting a request
for notification are available on the DOI Privacy Act Requests website
at https://www.doi.gov/privacy/privacy-act-requests. The request must
include a general description of the records and the requester's full
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requester's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Signed:
Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2023-14877 Filed 7-12-23; 8:45 am]
BILLING CODE 4337-15-P
