Privacy Act of 1974; System of Records, 42881-42883 [2024-10776]
Download as PDF
<![CDATA[
ddrumheller on DSK120RN23PROD with NOTICES1
Federal Register / Vol. 89, No. 96 / Thursday, May 16, 2024 / Notices
notice to www.reginfo.gov/public/do/
PRAMain. Find this particular
information collection by selecting
‘‘Currently under 30-day Review—Open
for Public Comments’’ or by using the
search function.
To obtain copies of a supporting
statement and any related forms for the
proposed collection(s) summarized in
this notice, please access the CMS PRA
website by copying and pasting the
following web address into your web
browser: https://www.cms.gov/
Regulations-and-Guidance/Legislation/
PaperworkReductionActof1995/PRAListing.
FOR FURTHER INFORMATION CONTACT:
William Parham at (410) 786–4669.
SUPPLEMENTARY INFORMATION: Under the
Paperwork Reduction Act of 1995 (PRA)
(44 U.S.C. 3501–3520), Federal agencies
must obtain approval from the Office of
Management and Budget (OMB) for each
collection of information they conduct
or sponsor. The term ‘‘collection of
information’’ is defined in 44 U.S.C.
3502(3) and 5 CFR 1320.3(c) and
includes agency requests or
requirements that members of the public
submit reports, keep records, or provide
information to a third party. Section
3506(c)(2)(A) of the PRA (44 U.S.C.
3506(c)(2)(A)) requires Federal agencies
to publish a 30-day notice in the
Federal Register concerning each
proposed collection of information,
including each proposed extension or
reinstatement of an existing collection
of information, before submitting the
collection to OMB for approval. To
comply with this requirement, CMS is
publishing this notice that summarizes
the following proposed collection(s) of
information for public comment:
1. Type of Information Collection
Request: Extension of a currently
approved collection; Title of
Information Collection: Prior
Authorization Process and
Requirements for Certain Hospital
Outpatient Department (OPD) Services;
Use: Section 1833(t)(2)(F) of the Act
authorizes CMS to develop a method for
controlling unnecessary increases in the
volume of covered OPD services. CMS
believes the increases in volume
associated with certain covered OPD
services are unnecessary because the
data show that the volume of utilization
of these OPD service categories far
exceeds what would be expected in
light of the average rate-of-increase in
the number of Medicare beneficiaries.
Therefore, CMS is using the authority
under section 1833(t)(2)(F) of the Act to
require prior authorization for certain
covered OPD services as a condition of
Medicare payment. The reviews
VerDate Sep<11>2014
17:50 May 15, 2024
Jkt 262001
conducted under the program help to
reduce unnecessary utilization and
payments for these services. The
information required for the prior
authorization request includes all
documentation necessary to show that
the service meets applicable Medicare
coverage, coding, and payment rules.
Trained clinical reviewers at the
Medicare Administrative Contractors
(MACs) receive and review the
information required for this collection.
Review of that documentation is used to
determine if the requested services are
medically necessary and meet Medicare
requirements to help reduce
unnecessary increases for these services.
Form Number: CMS–10711 (OMB
Control Number: 0938–1368);
Frequency: Occasionally; Affected
Public: Business or other for-profits;
Number of Respondents: 11,469;
Number of Responses: 564,010; Annual
Hours: 316,412. (For policy questions
regarding this collection contact Yuliya
Cook at Yuliya.Cook@cms.hhs.gov).
William N. Parham, III,
Director, Division of Information Collections
and Regulatory Impacts, Office of Strategic
Operations and Regulatory Affairs.
[FR Doc. 2024–10784 Filed 5–15–24; 8:45 am]
BILLING CODE 4120–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Administration for Children and
Families
Privacy Act of 1974; System of
Records
42881
Families, 330 C St. SW, Washington, DC
20201, or anita.alford@acf.hhs.gov.
FOR FURTHER INFORMATION CONTACT:
General questions about the new system
of records should be submitted by mail
or email to Venkata Kondapolu, Office
of Child Support Services, at 330 C St.
SW—5th Floor, Washington, DC 20201,
or venkata.kondapolu@acf.hhs.gov, or
by phone at 202–260–4712.
SUPPLEMENTARY INFORMATION: The new
system of records will consist of
information about individual
participants in child support cases
which originates in one or more other
OCSS system(s) of records (and,
possibly, information technology (IT)
systems of other HHS components,
other agencies such as the Social
Security Administration, or external
parties) and is used to build
deidentified datasets for research
purposes likely to contribute to the
purposes of the Temporary Assistance
for Needy Families program, authorized
under title IV–A of the Social Security
Act, or the child support program,
authorized under title IV–D of the Social
Security Act.
Venkata Kondapolu,
Director, Division of Federal Systems, Office
of Child Support Services, Administration for
Children and Families, U.S. Department of
Health and Human Services.
SYSTEM NAME AND NUMBER:
OCSS Research Platform, 09–80–0391.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Administration for Children
and Families, Department of Health and
Human Services.
ACTION: Notice of a new systems of
records.
Office of Child Support Services,
Administration for Children and
Families, 330 C St. SW—5th Floor,
Washington, DC 20201.
In accordance with the
requirements of the Privacy Act of 1974,
as amended, the Department of Health
and Human Services (HHS) is
establishing a new system of records to
be maintained by the Administration for
Children and Families (ACF), Office of
Child Support Services (OCSS): System
Number 09–80–0391, ‘‘OCSS Research
Platform.’’
DATES: In accordance with 5 U.S.C.
552a(e)(4) and (11), this Notice is
applicable May 16, 2024, subject to a 30day period in which to comment on the
routine uses, described below. Please
submit any comments by June 17, 2024.
ADDRESSES: The public should address
written comments by mail or email to:
Anita Alford, Senior Official for Privacy,
Administration for Children and
Director, Division of Federal Systems,
Office of Child Support Services,
Administration for Children and
Families, Department of Health and
Human Services, 330 C St. SW—5th
Floor, Washington, DC 20201, (202)
260–4712, venkata.kondapolu@
acf.hhs.gov.
AGENCY:
SUMMARY:
PO 00000
Frm 00048
Fmt 4703
Sfmt 4703
SYSTEM MANAGER(S):
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 653(j)(5).
PURPOSE(S) OF THE SYSTEM:
The purpose of the system of records
is to cover records which are retrieved
by personal identifier to build
deidentified datasets for research
purposes likely to contribute to the
purposes of the Temporary Assistance
for Needy Families program, authorized
under title IV–A of the Social Security
E:\FR\FM\16MYN1.SGM
16MYN1
42882
Federal Register / Vol. 89, No. 96 / Thursday, May 16, 2024 / Notices
Act, or the child support program,
authorized under title IV–D of the Social
Security Act.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The records are about individuals
who are involved in child support cases
in which services are being provided by
State or Tribal IV–D child support
agencies; although information about
other individuals is also contained in
the records, only personal identifiers
about individuals who are involved in
child support cases are used for
retrieval.
Note: Information about child participants
will be included in the de-identified datasets
as part of a child support case household, but
will only be used to provide information
about unique case and family structure;
analysis of individuals will be limited to
adult participants.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records consist of child support
case-related data from ACF/OCSS
information technology (IT) systems,
and possibly IT systems of other HHS
components, other agencies such as the
Social Security Administration, or
external parties, which are combined to
create deidentified datasets to provide
relevant and meaningful information for
research purposes. Examples of specific
data elements that may be included
about individuals involved in a child
support case are listed below.
• Identifying information (e.g., name,
Social Security Number (SSN), date of
birth).
• Address and contact information.
• Employment and wage information.
• Child support debt information.
• Income, financial assets, and benefit
information (e.g., information about
financial accounts, lump sum payments,
workers’ compensation, retirement
benefits, and insurance claims,
settlements, awards, and payments).
ddrumheller on DSK120RN23PROD with NOTICES1
RECORD SOURCE CATEGORIES:
Sources of data retrieved by personal
identifier to create deidentified datasets
include OCSS IT systems, and possibly
IT systems of other HHS components,
and other agencies or external parties,
which contain data that may have
originally been collected from the child
support case participant to whom it
pertains, or from an agency, employer,
insurance company, or financial
institution registered to use the CSP.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to other disclosures
authorized directly in the Privacy Act at
5 U.S.C. 552a(b)(1) and (2) and (b)(4)
VerDate Sep<11>2014
17:50 May 15, 2024
Jkt 262001
through (11), HHS may disclose records
about an individual from this system of
records to parties outside HHS as
described in these routine uses, without
the subject individual’s prior written
consent.
(1) Disclosure to Contractor to
Perform Duties.
Records may be disclosed to a
contractor performing or working on a
contract for HHS who has a need for the
records in the performance of its duties
or activities in accordance with law and
with the contract.
(2) Disclosure in the Event of a
Security Breach.
(a) Records may be disclosed to
appropriate agencies, entities, and
persons when (1) HHS suspects or has
confirmed that there has been a breach
of the system of records; (2) HHS has
determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, HHS
(including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with HHS’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
(b) Records may be disclosed to
another Federal agency or Federal entity
when HHS determines that records from
this system of records are reasonably
necessary to assist in (1) responding to
a suspected or confirmed breach; or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
The records will be stored on
electronic media, but paper printouts
may be generated.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records about individuals involved in
child support cases will be retrieved by
the individuals’ assigned identifiers,
including child support case identifier,
if any, or combination of identifiers, to
disaggregate duplicate records and to
combine records that are about the same
individual.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
The records used to create the
deidentified datasets will be retained
and disposed of in accordance with
PO 00000
Frm 00049
Fmt 4703
Sfmt 4703
General Records Schedule 5.2, Items
010 and 020 (DAA–GRS–2022–0009–
0001 and DAA–GRS–2022–0009–0002),
which provides these disposition
periods:
• Item 010 Transitory records:
Destroy when no longer needed for
business use, or according to an agency
predetermined time period or business
rule.
• Item 020 Intermediary records:
Destroy upon creation or update of the
final record, or when no longer needed
for business use, whichever is later.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
The system leverages cloud service
providers that maintain an authority to
operate in accordance with applicable
laws, rules, and policies, including
Federal Risk and Authorization
Management Program (FedRAMP)
requirements. Specific administrative,
technical, and physical controls are in
place to ensure that the records
collected and maintained in the OCSS
Data Analytics system are secure from
unauthorized access. Access to the
records is restricted to authorized
personnel who are advised of the
confidentiality of the records and the
civil and criminal penalties for misuse
and who sign a nondisclosure oath to
that effect. Personnel are provided
privacy and security training before
being granted access to the records and
annually thereafter.
Logical access controls are in place to
limit access to the records to authorized
personnel, to limit their access based on
their roles, and to prevent browsing.
The records are processed and stored in
a secure environment. All records are
stored in an area that is always
physically safe from unauthorized
access.
Safeguards conform to the HHS
Information Security and Privacy
Program, which may be found at https://
www.hhs.gov/ocio/securityprivacy/
index.html.
RECORD ACCESS PROCEDURES:
To request access to a record about
you in this system of records, submit a
written access request to the System
Manager. The request must include your
name, telephone number or email
address, current address, signature, and
sufficient particulars (such as date of
birth or SSN) to enable the System
Manager to distinguish between records
on subject individuals with the same
name. To verify your identity, your
signature must be notarized, or your
request must include your written
certification that you are the individual
who you claim to be and that you
E:\FR\FM\16MYN1.SGM
16MYN1
42883
Federal Register / Vol. 89, No. 96 / Thursday, May 16, 2024 / Notices
understand that the knowing and willful
request for, or acquisition of, a record
pertaining to an individual under false
pretenses is a criminal offense subject to
a fine of up to $5,000.
CONTESTING RECORD PROCEDURES:
To request correction of a record
about you in this system of records,
submit a written amendment request to
the System Manager. The request must
contain the same information required
for an access request and include
verification of your identity in the same
manner required for an access request.
In addition, the request must reasonably
identify the record and specify the
information contested, the corrective
action sought, and the reasons for
requesting the correction; it should
include supporting information to show
how the record is inaccurate,
incomplete, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
To find out if this system of records
contains a record about you, submit a
written notification request to the
System Manager. The request must
identify this system of records, contain
the same information required for an
access request, and include verification
of your identity in the same manner
required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2024–10776 Filed 5–15–24; 8:45 am]
BILLING CODE 4184–42–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Administration for Children and
Families
Proposed Information Collection
Activity; Office of Community Services
Medical-Legal Partnerships Plus Data
Collection (New Collection)
Office of Community Services,
Administration for Children and
AGENCY:
Families, U.S. Department of Health and
Human Services.
ACTION: Request for public comments.
The Office of Community
Services (OCS), Administration for
Children and Families (ACF), U.S.
Department of Health and Human
Services (HHS), is proposing a new
information collection for an evaluation
of a new demonstration program, the
Medical-Legal Partnerships Plus
(MLP+). The information collection will
include grant recipient reports of service
delivery and outcomes, as well as
interviews with program staff and
participants to understand program
implementation and participant
experiences.
SUMMARY:
Comments due within 60 days of
publication. In compliance with the
requirements of the Paperwork
Reduction Act of 1995, ACF is soliciting
public comment on the specific aspects
of the information collection described
above.
ADDRESSES: You can obtain copies of the
proposed collection of information and
submit comments by emailing
infocollection@acf.hhs.gov. Identify all
requests by the title of the information
collection.
SUPPLEMENTARY INFORMATION:
Description: In fiscal year 2023, OCS
began administering the MLP+ program,
which was appropriated in HR 117–403,
Departments of Labor, Health and
Human Services, and Related Agencies
Appropriations Bill, 2023 through the
Social Services Research Demonstration
program. OCS awarded $1.6 million to
eight MLPs to expand and strengthen
the delivery of legal and social services
that address health-harming needs for
families and individuals with low
incomes. The proposed information
collection will support program
performance monitoring, the provision
of technical assistance to grant
recipients, and an implementation
evaluation. This information collection
includes the following activities:
• Collecting program data describing
implementation, outcomes, and
DATES:
participant characteristics through a
narrative quarterly Performance
Progress Report (PPR) and a semiannual report.
• Conducting interviews with
program directors to better understand
their program implementation efforts
and responses to client needs.
• Conducting interviews with
members of the legal team to better
understand their program
implementation efforts and responses to
client needs.
• Conducting interviews with
members of the social services team to
better understand their program
implementation efforts and responses to
client needs.
• Conducting interviews with
members of the clinical team to better
understand their program
implementation efforts and responses to
client needs.
• Conducting individual patient
interviews with beneficiary clients to
understand their needs and experiences
with the medical, legal, and social
services offered through the medicallegal partnership.
Respondents: There will be three
types of respondents to the proposed
instruments. First, the direct
beneficiaries, the clients working with
the MLP teams, will participate in the
patient interviews and provide
information about their characteristics,
needs, and outcomes for the grant
recipients’ semi-annual reporting.
Second, the program directors, legal
staff, clinical staff, and social services
staff will respond to interview
instruments tailored to their roles. Grant
recipients and project partners will also
be asked to supply information that
grant recipients will compile for
quarterly PPRs and semi-annual reports,
which will include information
aggregated across partner sites and
individuals participating in the
program.
ANNUAL BURDEN ESTIMATES
Total
number of
respondents
ddrumheller on DSK120RN23PROD with NOTICES1
Information collection title
Total
number of
responses per
respondent
Average
burden
hours per
response
Total
burden
hours
Annual
burden
hours
Quarterly PPR Collections ....................................................................................
Semi-Annual Report—Grant Recipients ...............................................................
Semi-Annual Report—Partner Organizations .......................................................
Semi-Annual Report—Beneficiaries ......................................................................
Interviews with Staff ..............................................................................................
Beneficiary Interviews ...........................................................................................
8
8
15
13,800
64
32
8
4
4
1
1
1
2
40
2
.25
1.5
1.5
128
1,280
120
3,450
96
48
64
640
60
1,725
48
24
Estimated Annual Burden Total: ....................................................................
........................
........................
........................
5,122
2,561
VerDate Sep<11>2014
17:50 May 15, 2024
Jkt 262001
PO 00000
Frm 00050
Fmt 4703
Sfmt 4703
E:\FR\FM\16MYN1.SGM
16MYN1
]]>Agencies
[Federal Register Volume 89, Number 96 (Thursday, May 16, 2024)]
[Notices]
[Pages 42881-42883]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-10776]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Administration for Children and Families
Privacy Act of 1974; System of Records
AGENCY: Administration for Children and Families, Department of Health
and Human Services.
ACTION: Notice of a new systems of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the Department of Health and Human Services (HHS) is
establishing a new system of records to be maintained by the
Administration for Children and Families (ACF), Office of Child Support
Services (OCSS): System Number 09-80-0391, ``OCSS Research Platform.''
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is
applicable May 16, 2024, subject to a 30-day period in which to comment
on the routine uses, described below. Please submit any comments by
June 17, 2024.
ADDRESSES: The public should address written comments by mail or email
to: Anita Alford, Senior Official for Privacy, Administration for
Children and Families, 330 C St. SW, Washington, DC 20201, or
[email protected].
FOR FURTHER INFORMATION CONTACT: General questions about the new system
of records should be submitted by mail or email to Venkata Kondapolu,
Office of Child Support Services, at 330 C St. SW--5th Floor,
Washington, DC 20201, or [email protected], or by phone at
202-260-4712.
SUPPLEMENTARY INFORMATION: The new system of records will consist of
information about individual participants in child support cases which
originates in one or more other OCSS system(s) of records (and,
possibly, information technology (IT) systems of other HHS components,
other agencies such as the Social Security Administration, or external
parties) and is used to build deidentified datasets for research
purposes likely to contribute to the purposes of the Temporary
Assistance for Needy Families program, authorized under title IV-A of
the Social Security Act, or the child support program, authorized under
title IV-D of the Social Security Act.
Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support
Services, Administration for Children and Families, U.S. Department of
Health and Human Services.
SYSTEM NAME AND NUMBER:
OCSS Research Platform, 09-80-0391.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of Child Support Services, Administration for Children and
Families, 330 C St. SW--5th Floor, Washington, DC 20201.
SYSTEM MANAGER(S):
Director, Division of Federal Systems, Office of Child Support
Services, Administration for Children and Families, Department of
Health and Human Services, 330 C St. SW--5th Floor, Washington, DC
20201, (202) 260-4712, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 653(j)(5).
PURPOSE(S) OF THE SYSTEM:
The purpose of the system of records is to cover records which are
retrieved by personal identifier to build deidentified datasets for
research purposes likely to contribute to the purposes of the Temporary
Assistance for Needy Families program, authorized under title IV-A of
the Social Security
[[Page 42882]]
Act, or the child support program, authorized under title IV-D of the
Social Security Act.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records are about individuals who are involved in child support
cases in which services are being provided by State or Tribal IV-D
child support agencies; although information about other individuals is
also contained in the records, only personal identifiers about
individuals who are involved in child support cases are used for
retrieval.
Note: Information about child participants will be included in
the de-identified datasets as part of a child support case
household, but will only be used to provide information about unique
case and family structure; analysis of individuals will be limited
to adult participants.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records consist of child support case-related data from ACF/
OCSS information technology (IT) systems, and possibly IT systems of
other HHS components, other agencies such as the Social Security
Administration, or external parties, which are combined to create
deidentified datasets to provide relevant and meaningful information
for research purposes. Examples of specific data elements that may be
included about individuals involved in a child support case are listed
below.
Identifying information (e.g., name, Social Security
Number (SSN), date of birth).
Address and contact information.
Employment and wage information.
Child support debt information.
Income, financial assets, and benefit information (e.g.,
information about financial accounts, lump sum payments, workers'
compensation, retirement benefits, and insurance claims, settlements,
awards, and payments).
RECORD SOURCE CATEGORIES:
Sources of data retrieved by personal identifier to create
deidentified datasets include OCSS IT systems, and possibly IT systems
of other HHS components, and other agencies or external parties, which
contain data that may have originally been collected from the child
support case participant to whom it pertains, or from an agency,
employer, insurance company, or financial institution registered to use
the CSP.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to other disclosures authorized directly in the Privacy
Act at 5 U.S.C. 552a(b)(1) and (2) and (b)(4) through (11), HHS may
disclose records about an individual from this system of records to
parties outside HHS as described in these routine uses, without the
subject individual's prior written consent.
(1) Disclosure to Contractor to Perform Duties.
Records may be disclosed to a contractor performing or working on a
contract for HHS who has a need for the records in the performance of
its duties or activities in accordance with law and with the contract.
(2) Disclosure in the Event of a Security Breach.
(a) Records may be disclosed to appropriate agencies, entities, and
persons when (1) HHS suspects or has confirmed that there has been a
breach of the system of records; (2) HHS has determined that as a
result of the suspected or confirmed breach there is a risk of harm to
individuals, HHS (including its information systems, programs, and
operations), the Federal Government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with HHS's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
(b) Records may be disclosed to another Federal agency or Federal
entity when HHS determines that records from this system of records are
reasonably necessary to assist in (1) responding to a suspected or
confirmed breach; or (2) preventing, minimizing, or remedying the risk
of harm to individuals, the recipient agency or entity (including its
information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records will be stored on electronic media, but paper printouts
may be generated.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records about individuals involved in child support cases will be
retrieved by the individuals' assigned identifiers, including child
support case identifier, if any, or combination of identifiers, to
disaggregate duplicate records and to combine records that are about
the same individual.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The records used to create the deidentified datasets will be
retained and disposed of in accordance with General Records Schedule
5.2, Items 010 and 020 (DAA-GRS-2022-0009-0001 and DAA-GRS-2022-0009-
0002), which provides these disposition periods:
Item 010 Transitory records: Destroy when no longer needed
for business use, or according to an agency predetermined time period
or business rule.
Item 020 Intermediary records: Destroy upon creation or
update of the final record, or when no longer needed for business use,
whichever is later.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The system leverages cloud service providers that maintain an
authority to operate in accordance with applicable laws, rules, and
policies, including Federal Risk and Authorization Management Program
(FedRAMP) requirements. Specific administrative, technical, and
physical controls are in place to ensure that the records collected and
maintained in the OCSS Data Analytics system are secure from
unauthorized access. Access to the records is restricted to authorized
personnel who are advised of the confidentiality of the records and the
civil and criminal penalties for misuse and who sign a nondisclosure
oath to that effect. Personnel are provided privacy and security
training before being granted access to the records and annually
thereafter.
Logical access controls are in place to limit access to the records
to authorized personnel, to limit their access based on their roles,
and to prevent browsing. The records are processed and stored in a
secure environment. All records are stored in an area that is always
physically safe from unauthorized access.
Safeguards conform to the HHS Information Security and Privacy
Program, which may be found at https://www.hhs.gov/ocio/securityprivacy/.
RECORD ACCESS PROCEDURES:
To request access to a record about you in this system of records,
submit a written access request to the System Manager. The request must
include your name, telephone number or email address, current address,
signature, and sufficient particulars (such as date of birth or SSN) to
enable the System Manager to distinguish between records on subject
individuals with the same name. To verify your identity, your signature
must be notarized, or your request must include your written
certification that you are the individual who you claim to be and that
you
[[Page 42883]]
understand that the knowing and willful request for, or acquisition of,
a record pertaining to an individual under false pretenses is a
criminal offense subject to a fine of up to $5,000.
CONTESTING RECORD PROCEDURES:
To request correction of a record about you in this system of
records, submit a written amendment request to the System Manager. The
request must contain the same information required for an access
request and include verification of your identity in the same manner
required for an access request. In addition, the request must
reasonably identify the record and specify the information contested,
the corrective action sought, and the reasons for requesting the
correction; it should include supporting information to show how the
record is inaccurate, incomplete, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
To find out if this system of records contains a record about you,
submit a written notification request to the System Manager. The
request must identify this system of records, contain the same
information required for an access request, and include verification of
your identity in the same manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2024-10776 Filed 5-15-24; 8:45 am]
BILLING CODE 4184-42-P
