[Federal Register Volume 59, Number 154 (Thursday, August 11, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-19579]


[[Page Unknown]]

[Federal Register: August 11, 1994]


-----------------------------------------------------------------------


DEPARTMENT OF HEALTH AND HUMAN SERVICES
 

Privacy Act of 1974; System of Records

AGENCY: Department of Health and Human Services (HHS), Health Care 
Financing Administration (HCFA).

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the provisions of the Privacy Act of 1974, 
we are proposing to establish a new system of records, ``Individuals 
Authorized Access to the Health Care Financing Administration (HCFA) 
Data Center,'' HHS/HCFA/BDMS, No. 09-70-0064. We have provided 
background information about the system in the SUPPLEMENTARY 
INFORMATION section below.

DATES: HCFA filed a new system report with the Chairman of the 
Committee on Government Operations of the House of Representatives; the 
Chairman of the Committee on Governmental Affairs of the Senate; the 
Administrator, Office of Information and Regulatory Affairs; and the 
Office of Management and Budget (OMB) on August 4, 1994. The system of 
records, including routine uses, will become effective 40 days from the 
date published unless HCFA receives comments which would necessitate 
changes to the system.

ADDRESS: Members of the public should address comments to Mr. Richard 
A. De Meo, Privacy Act Officer, Office of Customer Relations and 
Communications, Health Care Financing Administration, Room 2-H-4, East 
Low Rise Building, 6325 Security Boulevard, Baltimore, Maryland 21207-
5187. Comments received will be available for inspection at this 
location.

FOR FURTHER INFORMATION CONTACT:
Gene Strother, ADP Services Branch, Office of Computer Operations, 
Bureau of Data Management and Strategy, Health Care Financing 
Administration, Room 100, Lyon Building, 6325 Security Boulevard, 
Baltimore, Maryland 21207-5187, telephone (410) 966-4088.

SUPPLEMENTARY INFORMATION: HCFA proposes to initiate a new system of 
records that controls and monitors access to and use of HCFA 
computerized information and resources, pursuant to the authority of 42 
CFR 401.101-401.148 and section 1106(a) of the Social Security Act, 42 
U.S.C. 1306(a). These regulations and directives establish the 
conditions under which information about the access to and use of 
HCFA's computerized information and resources shall be made available 
to the public as well as Freedom of Information Act rules that apply to 
such disclosures of information.

    Subsection (b)(3) of the Privacy Act (5 U.S.C. 552a(b)(3)) permits 
us to disclose information without the consent of the individual for 
``routine uses''--that is, disclosure for purposes that are compatible 
with the purpose for which we collect the information. The proposed 
routine uses in the system meet the compatibility criteria since the 
information is collected for the purposes of assigning, controlling, 
tracking, and reporting authorized access to and use of HCFA's 
computerized information and resources.
    We anticipate that disclosure under the routine uses will not 
result in any unwarranted adverse effects on personal privacy.

    Dated: August 2, 1994.
Bruce C. Vladeck,
Administrator, Health Care Financing Administration.
    Individuals Authorized Access to the Health Care Financing 
Administration (HCFA) Data Center.
    None.
    Health Care Financing Administration, Bureau of Data Management and 
Strategy, 7131 Rutherford Road, Baltimore, Maryland 21244.
    Those individuals with an approved need for access to the computer 
resources and information maintained by the Health Care Financing 
Administration.
    The system contains name, work address, work phone number, an 
assigned user identification (UserID) number, an associated password, 
and the software system(s) that the individual is authorized to use.
    5 U.S.C. 552(e)(10)
    This system is used for assigning, controlling, tracking, and 
reporting authorized access to and use of HCFA's computerized 
information and resources.
    Disclosure may be made to:
    1. To a congressional office, from the record of an individual in 
response to an inquiry from the congressional office made at the 
request of that individual.
    2. To the Department of Justice, to a court or other tribunal, or 
to another party before such tribunal, when:
    a. HHS, or any component thereof; or
    b. Any HHS employee in his or her official capacity; or
    c. Any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or
    d. The United States or any agency thereof when HHS determines that 
the litigation is likely to affect HHS or any of its components;

Is a party to litigation or has an interest in such litigation, and HHS 
determines that the use of such records by the Department of Justice, 
the tribunal, or other party is relevant and necessary to the 
litigation and would help in the effective representation of the 
governmental party, provided, however, that in each case, HHS 
determines that each disclosure is compatible with the purpose for 
which the records were collected.
    3. To a contractor for the purpose of collating, analyzing, 
aggregating, or otherwise refining or processing records in this 
system, or for developing, modifying, and/or manipulating it with ADP 
software. Data would also be available to users incidental to 
consultation, programming, operation, user assistance, or maintenance 
for an ADP or telecommunications system containing or supporting 
records in the system.
    The records are maintained in magnetic media (e.g., magnetic tape 
and computer diskettes) and in paper form.
    Magnetic records may be retrieved by name or UserId number. Paper 
records are retrieved by UserID number.
    Physical safeguards are established in accordance with Department 
standards and National Institute of Standards and Technology guidelines 
(e.g., security codes will be used, limiting access to authorized 
personnel. System securities are established in accordance with HHS 
Information Resource Management (IRM) Circular #10, Automated 
Information Systems Security Program, and HCFA Automated Information 
Systems (AIS) Guide, Systems Security Policies. All HCFA agency 
employees and contractor personnel will be notified of the 
confidentiality of the records and of criminal sanctions for 
unauthorized disclosure of the information.
    HCFA retains hardcopy for 3 years following expiration of an 
individual's authorized use of HCFA's computerized information and 
resources. When an individual is no longer authorized access to HCFA's 
computer resources, their record is deleted from magnetic media.
    Director, Bureau of Data Management and Strategy, Health Care 
Financing Administration, Room 1-A-1, Security Office Park Building, 
6325 Security Boulevard, Baltimore, Maryland 21207-5187.
    An individual can determine if this system contains a record about 
him or her and its contents by writing to the system manager at the 
above address. When requesting notification, the individual should 
provide his or her name, assigned UserID number, and signature. Further 
details of the procedure are contained in 45 CFR 5b.5.
    Same as notification procedures. Requesters should reasonably 
specify the records content being sought. They may also request an 
accounting of disclosures that have been made of their records, if any. 
Further details of the procedure are contained in 45 CFR 5b.5(a)(2).
    Same as notification procedures. Requestors should reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought. The statement should also contain 
the reasons for the correction with supporting information to show how 
the record is inaccurate, incomplete, untimely, or irrelevant. Further 
details of the procedure are contained in 45 CFR 5b.7.
    User identification (name, work address, work phone number) is 
provided by HCFA by the individual. HCFA specifies the unique UserID 
number and the software system(s) authorized for use by the individual.
    None.

[FR Doc. 94-19579 Filed 8-10-94; 8:45 am]
BILLING CODE 4120-03-M