[Federal Register Volume 59, Number 207 (Thursday, October 27, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-26626]


[[Page Unknown]]

[Federal Register: October 27, 1994]


-----------------------------------------------------------------------


DEPARTMENT OF HEALTH AND HUMAN SERVICES
 

National Institutes of Health; Privacy Act of 1974; New System of 
Records

AGENCY: Public Health Service, DHHS.

ACTION: Notification of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act, the 
Public Health Service (PHS) is publishing a notice of a new system of 
records, 09-25-0169, ``Medical Staff Credentials Files, HHS/NIH/CC.'' 
We are also proposing routine uses for this new system.

DATES: PHS invites interested parties to submit comments on the 
proposed internal and routine uses on or before November 28, 1994. PHS 
has sent a report of a New System to the Congress and to the Office of 
Management and Budget (OMB) on October 14, 1994. This system of records 
will be effective 40 days from the date of publication unless PHS 
receives comments on the routine uses which would result in a contrary 
determination.

ADDRESSES: Please submit comments to: NIH Privacy Act Officer, Building 
31, Room 3B03, 9000 Rockville Pike, Bethesda, MD 20892, 301-496-2832.
    Comments received will be available for inspection at this same 
address from 9 a.m. to 3 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Chief, Medical Record Department, 
Warren G. Magnuson Clinical Center, National Institutes of Health, 
Building 10, Room 1N208, 9000 Rockville Pike, Bethesda, Maryland 20892, 
301-496-2292.
    The numbers listed above are not toll free.

SUPPLEMENTARY INFORMATION: The National Institutes of Health (NIH) 
proposes to establish a new system of records: 09-25-0169, ``Medical 
Staff Credentials Files, HHS/NIH/CC.'' This system of records will be 
used by NIH staff to: (1) Maintain information used in the 
credentialing and privileging of active medical staff members at the 
Warren G. Magnuson Clinical Center; (2) document patient care 
privileges for active members of the medical staff; (3) provide 
information about active and non-active members of the medical staff to 
authorized individuals; and (4) report to the National Practitioner 
Data Bank as required by the provisions of Title IV of Public Law 99-
660, as amended.

    The system will comprise records that contain medical staff names, 
date of birth, home address and telephone number, office address and 
telephone number, citizenship, visa information, appointment date, 
hospital-wide computer access privileges, Institute/Center/Division 
designation, branch/lab, type of medical staff membership, privilege 
delineation, professional degree(s) including school of attendance and 
graduation dates, foreign medical examinations, specialty board 
certifications, licensing information (including state of licensure and 
license number), record or disciplinary actions, documentation of 
training, and admitting privileges.
    The amount of information recorded on each individual will be only 
that which is necessary to accomplish the purposes of the system. 
Records are established from forms and documentation submitted by 
individual medical staff members to the Medical Record Department.
    The records in this system will be maintained in a secure manner 
compatible with their content and use. NIH and Contractor staff will be 
required to adhere to the provisions of the Privacy Act and the HHS 
Privacy Act regulations. The System Manager will control access to the 
data. Only authorized users whose official duties require the use of 
such information will have regular access to the records in this 
system. Authorized users are HHS employees and Contractor staff 
responsible for implementing the medical staff credentials data system.
    Records will be stored on paper forms in file folders and on 
computer disk. Manual and computerized records will be maintained in 
accordance with the standards of Chapter 45-13 of the HHS General 
Administration Manual, ``Safeguarding Records Contained in Systems of 
Records,'' supplementary Chapter PHS hf: 45-13, the Department's 
Automated Information System Security Program Handbook, and the 
National Institute of Standards and Technology Federal Information 
Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
    Data stored in computers is accessed through a network system by 
use of a password known only to authorized users. Rooms where records 
are stored are locked when not in use. During regular business hours, 
rooms are unlocked by entry is controlled by on-site personnel.
    The routine uses proposed for this system are compatible with the 
stated purposes of the system. The first routine use permitting 
disclosure to a congressional office is proposed to allow subject 
individuals to obtain assistance from their representatives in 
Congress, should they so desire. Such disclosure would be made only 
pursuant to a request of the individual. The second routine use of this 
system allows disclosure to the Department of Justice to defend the 
Federal Government, the Department, or employees of the Department in 
the event of litigation. The third routine use allows referral to the 
appropriate agency in the event that a system of records maintained by 
this agency to carry out its functions indicates a violation or 
potential violation of law. The fourth routine use allows disclosure of 
records to contractors for the purpose of processing or refining 
records in the system. The fifth routine use permits disclosure to 
representatives of the Joint Commission on Accreditation of Healthcare 
Organizations for the purpose of conducting quality assurance reviews 
and inspections of the Warren G. Magnuson Clinical Center credentialing 
policies and procedures. The sixth routine use permits disclosure to 
State medical boards for purposes of professional quality assurance 
activities. The seventh routine use allows disclosure to health care 
facilities for the purpose of verifying that an individual to whom they 
intend to grant medical staff or patient care privileges has or 
previously held such privileges at the Warren G. Magnuson Clincial 
Center.
    The following notice is written in the present, rather than future 
tense, in order to avoid the unnecessary expenditure of public funds to 
republish the notice after the system has become effective.

    Dated: October 18, 1994.
Ellen Wormser,
Director, Office of Organization and Management Systems.
09-25-0169
    Medical Staff-Credentials Files, HHS/NIH/CC.
    None.
    Medical Record Department, Warren G. Magnuson Clinical Center, 
National Institutes of Health, Building 10, Room 1N208, 9000 Rockville 
Pike, Bethesda, Maryland 20892.
    Write to the System Manager at the address below for a list of 
Contractor locations, including the address of any Federal Records 
Center where records from this system may be stored.
    Individuals who have been approved as members of the medical staff 
at the Warren G. Magnuson Clinical Center.
    Medical staff names, date of birth, home address and telephone 
number, office address and telephone number, citizenship, visa 
information, appointment date, hospital-wide computer access 
privileges, Institute/Center/Division designation, branch/lab, type of 
medical staff membership, privilege delineation, professional degree(s) 
including school of attendance and graduation dates, foreign medical 
examinations, specialty board certifications, licensing information 
(including state of licensure and license number), record of 
disciplinary actions, documentation of training, and admitting 
privileges.
    Authority for collecting the requested information is contained in 
section 301 (42 U.S.C. 241) of the Public Health Service Act, as 
amended, outlining the authority of the Secretary to, within the Public 
Health Service (PHS), promote the coordination of various research and 
associated activities, including for purposes of study, admitting and 
treating individuals at PHS facilities. Section 402(b) of the Public 
Health Service Act (42 U.S.C. 282(b)), as amended, outlining the 
authority of the Director of the National Institutes of Health (NIH) 
with respect to the admission and treatment of individuals at NIH 
facilities for purposes of study.
    These records are used to: (1) Maintain information used in the 
credentialing and privileging of active medical staff members at the 
Warren G. Magnuson Clinical Center; (2) document patient care 
privileges for active members of the medical staff; (3) provide 
information about active and non-active members of the medical staff to 
authorized individuals; and (4) report to the National Practitioner 
Data Bank as required by the provisions of Title IV of Pub. L. 99-660, 
as amended.
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation, and HHS 
determines that the use of such records by the Department of Justice, 
court or other tribunal is relevant and necessary to the litigation and 
would help in the effective representation of the governmental party, 
provided, however, that in each case HHS determines that such 
disclosure is compatible with the purpose for which the records were 
collected.
    3. In the event that a system of records maintained by this agency 
to carry out its functions indicates a violation or potential violation 
of law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule or order issued pursuant thereto, the relevant records 
in the system of records may be referred to the appropriate agency, 
whether Federal, State, or local, charged with enforcing or 
implementing the statute or rule, regulation or order issued pursuant 
thereto.
    4. NIH may disclosure records to Department contractors and 
subcontractors for the purpose of collecting, compiling, aggregating, 
analyzing, or refining records in the system. Contractors maintain, and 
are also required to ensure that subcontractors maintain, Privacy Act 
safeguards with respect to such records.
    5. NIH may disclose information to representatives of the Joint 
Commission on Accreditation of Healthcare Organizations for the purpose 
of conducting quality assurance reviews and inspections of the Warren 
G. Magnuson Clinical Center credentialing policies and procedures.
    6. NIH disclose information from this system of records to State 
medical boards for purposes of professional quality assurance 
activities.
    7. NIH may disclose information from this system of records to 
health care facilities for the purpose of verifying that an individual 
to whom they intend to grant medical staff or patient care privileges 
has or previously held such privileges at the Warren G. Magnuson 
Clinical Center.
    Records are stored on paper forms in file folders and on computer 
disks.
    Records are retrieved by name, date of birth, type of medical staff 
membership, Institute/Center/Division and licensing status.
    1. Authorized users: Data on the computer network system is 
accessed by a password known only to authorized users who are NIH 
employees and Contractor staff responsible for implementing the medical 
staff credentials data system. Access to information is thus limited to 
those with a need to know.
    2. Physical safeguards: Rooms where records are stored are locked 
when not in use. During regular business hours rooms are unlocked but 
entry is controlled by on-site personnel.
    3. Procedural and technical safeguards: Access to files is strictly 
controlled by the system manager. Names and other identifying 
particulars are deleted when data from original records are encoded for 
analysis. Data stored in computers is accessed through a network system 
by use of a password known only to authorized users. All authorized 
users of personal information in connection with the performance of 
their jobs (see Authorized Users, above) protect information from 
public view and from unauthorized personnel entering an unsupervised 
office. These practices are in compliance with the standards of Chapter 
45-13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the Department's Automated Information System Security Program 
Handbook, and the National Institute of Standards and Technology 
Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 
31).
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2300-293-4, ``Medical Staffs' Credential Files,'' 
which allows inactive records to be transferred to the Federal Records 
Center at five year intervals and to be destroyed after thirty years. 
Refer to the NIH Manual Chapter for specific disposition instructions.
    Chief, Medical Record Department, Warren G. Magnuson Clinical 
Center, National Institutes of Health, Building 10, Room 1N208, 9000 
Rockville Pike, Bethesda, Maryland 20892.
    To determine if a record exists, write to the System Manager at the 
above address. The requester must provide tangible proof of identity 
(e.g., driver's license). If no identification papers are available, 
the requester must verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.
    Write to the System Manager specified above to attain access to 
records and provide the same information as that required under the 
Notification Procedures. Requesters should also reasonably specify the 
record contents being requested. Individuals may also request an 
accounting of disclosure of their records, if any.
    Contact the System Manager specified above and reasonably identify 
the record, specify the information to be contested, the corrective 
action sought, and your reasons for requesting the correction, along 
with supporting information to show how the record is inaccurate, 
incomplete, untimely or irrelevant. The right to contest records is 
limited to information which is incomplete, irrelevant, incorrect, or 
untimely (obsolete).
    Subject individual.
    None.

[FR Doc. 94-26626 Filed 10-26-94; 8:45 am]
BILLING CODE 4140-01-M