[Federal Register Volume 62, Number 19 (Wednesday, January 29, 1997)] [Rules and Regulations] [Pages 4142-4163] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 97-1271] ======================================================================= ----------------------------------------------------------------------- SOCIAL SECURITY ADMINISTRATION 20 CFR Parts 401, 402, and 422 RIN 0960-AE24 Privacy and Disclosure of Official Records and Information; Availability of Information and Records to the Public AGENCY: Social Security Administration. ACTION: Final rules. ----------------------------------------------------------------------- SUMMARY: The Social Security Administration (SSA) was formerly an operating division of the Department of Health and Human Services (HHS). Under that organizational structure, SSA followed the HHS regulations on privacy (45 CFR part 5b) as supplemented by regulations specific to SSA included in 20 CFR part 401, ``Disclosure of Official Records and Information'' and the HHS regulations on freedom of information (45 CFR part 5) as supplemented by specific rules on availability of information to the public (20 CFR part 422, subpart E). However, SSA became an independent agency on March 31, 1995. Accordingly, we are promulgating our own regulations on privacy and on availability of information by duplicating much of the HHS regulations on privacy and on freedom of information and merging them with our regulations on disclosure and availability of information. No substantive changes are intended. This will result in a revised part 401 in 20 CFR and a new part 402 in 20 CFR which will include our rules implementing the Privacy Act and our rules on disclosure. These new rules will be independent of HHS regulations, and will enable us to remove our availability regulations from 20 CFR part 422, subpart E. EFFECTIVE DATE: These regulations are effective January 29, 1997. FOR FURTHER INFORMATION CONTACT: Henry D. Lerner, Legal Assistant, 3-B- 1 Operations Building, 6401 Security Boulevard, Baltimore, MD 21235, (410) 965-1762 for information about these rules. For information on eligibility or claiming benefits, call our national toll-free number 1- 800-772-1213. SUPPLEMENTARY INFORMATION: Public Law 103-296, the Social Security Independence and Program Improvements Act of 1994, established SSA as an independent agency apart from HHS. Section 106(b) of that Act provides that all rules and regulations issued for functions which were exercised by the Secretary of Health and Human Services and are now vested in the Commissioner of Social Security continue in effect until modified by the Commissioner. Disclosure of Official Records and Information HHS Regulations at 45 CFR part 5b contain rules that SSA follows in administering the Privacy Act. 20 CFR part 401, ``Disclosure of Official Records and Information,'' includes rules specific to SSA which supplement these HHS regulations. Now that SSA is an independent agency, we are publishing regulations which modify HHS regulations to reflect only structural and procedural differences between the two agencies. Thus the new regulations, which are a revised part 401 of 20 CFR, duplicate much of the existing 45 CFR part 5b and 20 CFR part 401. In this revised part 401, we clarify existing rules in 20 CFR and 45 CFR by replacing the passive voice with the active and by relocating and redesignating some text. Additionally, we have not carried over text in 45 CFR part 5b which does not pertain to SSA. We have not duplicated 45 CFR 5b.12(c) because it pertains to contracts amended by July 1, 1976 and is therefore obsolete. We have not included Appendix B to part 5b because it is obsolete. As required by the Privacy Act, SSA currently publishes in the Federal Register comprehensive routine use disclosures for each of the systems of records it maintains. Availability of Information and Records to the Public Regulations at 45 CFR part 5 contain the rules that HHS follows in handling requests for records under the Freedom of Information Act. These regulations [[Page 4143]] are supplemented by HHS regulations specific to SSA at 20 CFR part 422, subpart E on the availability of SSA records to the public. We have other regulations, i.e., 20 CFR part 401, which provide rules we follow in deciding whether we can disclose or provide access to personal information in SSA's benefit records. Now that SSA is an independent agency, we are publishing regulations which modify HHS regulations to reflect only structural and procedural differences between the two agencies. Thus the subject regulations, which are a new part 402 of 20 CFR, duplicate much of the existing 45 CFR part 5 and 20 CFR part 422, subpart E. Since these new regulations adopt all the necessary provisions of subpart E, we are removing that subpart. In this new part 402, we clarify existing rules in 20 CFR and 45 CFR by replacing the passive voice with the active and by relocating and redesignating some text. Additionally, we have not duplicated text in 45 CFR part 5 which does not pertain to SSA, e.g., 45 CFR 5.3 on the scope of the HHS Freedom of Information regulations. In the new sections 402.35 and 402.50, we are updating the existing 20 CFR 422.406(a)(4) to indicate that the listing of administrative staff manuals and instructions to staff that affect the public are no longer published in the Social Security Rulings, but are published in the Index of Administrative Staff Manuals and Instructions which is available for inspection at social security offices. In the new section 402.135, we are not including the current section 422.428 reference to the HHS Regional Office Public Affairs Directors because those individuals are no longer involved in the processing of requests for SSA records. The existing section 422.444 shows the Director, Office of Public Inquiries as the official who may deny a request for records. Since that official no longer has such responsibility, the new section 402.190 shows the Director, Office of Disclosure Policy as the appropriate official. Regulatory Procedures As authorized by 5 U.S.C. 553(d)(3), we find good cause for dispensing with the 30-day delay in the effective date of a substantive rule. As explained above, these regulations do no more than merge existing HHS and SSA regulations and create new rules by merging existing HHS and SSA regulations without any substantive changes. Thus, we find that it is in the public interest to make these regulations effective upon publication. Justification for Final Rules When required, we follow the notice of proposed rulemaking and public comment procedures specified in the Administrative Procedure Act (APA), 5 U.S.C. 553. The APA provides exceptions to its notice and comment procedures when an agency finds there is good cause for dispensing with such procedures because they are impracticable, unnecessary, or contrary to the public interest. We have determined that, under 5 U.S.C. 553 (b)(B), good cause exists for dispensing with the notice of proposed rulemaking and public comment procedures in this case. We are duplicating, without substantive change, much of the existing regulations on the Privacy Act, disclosure of official records and information, the Freedom of Information Act and availability of information, and are merging those materials into a revised part and a new CFR part. Therefore, opportunity for prior comment is unnecessary and we are issuing revised part 401 and a new part 402 to 20 CFR as final rules. Executive Order No. 12866 We have consulted with the Office of Management and Budget (OMB) and determined that these rules do not meet the criteria for a significant regulatory action under Executive Order 12866. Thus, they were not subject to OMB review. Regulatory Flexibility Act The Regulatory Flexibility Act, 5 U.S.C. 601 et seq., requires the preparation of a regulatory flexibility analysis for any rule which is likely to have significant economic impact on a substantial number of small entities. These regulations restate existing policies and procedures on availability of information to the public and do not contain any new policies or procedures which would impact the public. Therefore, the undersigned hereby certifies that these regulations will not have a significant economic impact on a substantial number of small entities in accordance with 5 U.S.C. 605(b). Thus, a regulatory flexibility analysis has not been prepared. Paperwork Reduction Act This final rule contains reporting requirements in part 401, Secs. 401.40, 401.55, 401.65, and reporting/recordkeeping requirements in Sec. 401.100. There are also reporting requirements in part 402, Secs. 402.130 and 402.185. We have submitted these collection requirements to OMB for its review under section 3507(d) of the Paperwork Reduction Act of 1995. (Catalog of Federal Domestic Assistance Program Nos. 96.001 Social Security-Disability Insurance; 96.002 Social Security-Retirement Insurance; 96.004 Social Security-Survivors Insurance; 96.006 Supplemental Security Income) List of Subjects 20 CFR Part 401 Administrative practice and procedure, Archives and records, Privacy Act. 20 CFR Part 402 Administrative practice and procedure, Archives and records, Freedom of information. 20 CFR Part 422 Administrative practice and procedure, Freedom of information, Privact Act. Dated: January 7, 1997. Shirley Chater, Commissioner of Social Security. For the reasons set out in the preamble, 20 CFR chapter III is amended as follows: 1. Part 401 is revised to read as follows: PART 401--PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND INFORMATION Subpart A--General Sec. 401.5 Purpose. 401.10 Applicability. 401.15 Limitations on scope. 401.20 Scope. 401.25 Terms defined. Subpart B--The Privacy Act 401.30 Privacy Act responsibilities. 401.35 Your right to request records. 401.40 How to get your own records. 401.45 Verifying your identity. 401.50 Granting notification of or access to a record. 401.55 Special procedures for notification of or access to medical records. 401.60 Access or notification of program records about two or more individuals. 401.65 How to correct your record. 401.70 Appeals of refusals to correct or amend records. 401.75 Rights of parents or legal guardians. 401.80 Accounting for disclosures. 401.85 Exempt systems. 401.90 Contractors. 401.95 Fees. Subpart C--Disclosure of Official Records and Information 401.100 Disclosure of records with the consent of the subject of the record. 401.105 Disclosure of personal information without the consent of the subject of the record. 401.110 Disclosure of personal information in nonprogram records without the consent of the subject of the record. [[Page 4144]] 401.115 Disclosure of personal information in program records without the consent of the subject of the record. 401.120 Disclosures required by law. 401.125 Disclosures prohibited by law. 401.130 Freedom of Information Act. 401.135 Other laws. 401.140 General principles. 401.145 Safeguards against unauthorized redisclosure or use. 401.150 Compatible purposes. 401.155 Law enforcement purposes. 401.160 Health or safety. 401.165 Statistical and research activities. 401.170 Congress. 401.175 General Accounting Office. 401.180 Courts. 401.185 Other specific recipients. 401.190 Deceased persons. 401.195 Situations not specified in this part. 401.200 Blood donor locator service. Appendix A to Part 401--Employee Standards of Conduct Authority: Secs. 205, 702(a)(5), 1106, and 1141 of the Social Security Act (42 U.S.C. 405, 902(a)(5), 1306, and 1320b-11); 5 U.S.C. 552 and 552a; 8 U.S.C. 1360; 26 U.S.C. 6103; 30 U.S.C. 923. Subpart A--General Sec. 401.5 Purpose of the regulations. (a) General. The purpose of this part is to describe the Social Security Administration (SSA) policies and procedures for implementing the requirements of the Privacy Act of 1974, 5 U.S.C. 552a and section 1106 of the Social Security Act concerning disclosure of information about individuals, both with and without their consent. This part also complies with other applicable statutes. (b) Privacy. This part implements the Privacy Act by establishing agency policies and procedures for the maintenance of records. This part also establishes agency policies and procedures under which you can ask us whether we maintain records about you or obtain access to your records. Additionally, this part establishes policies and procedures under which you may seek to have your record corrected or amended if you believe that your record is not accurate, timely, complete, or relevant. (c) Disclosure. This part also sets out the general guidelines which we follow in deciding whether to make disclosures. However, we must examine the facts of each case separately to decide if we should disclose the information or keep it confidential. Sec. 401.10 Applicability. (a) SSA. All SSA employees and components are governed by this part. SSA employees governed by this part include all regular and special government employees of SSA; experts and consultants whose temporary (not in excess of 1 year) or intermittent services have been procured by SSA by contract pursuant to 5 U.S.C. 3109; volunteers where acceptance of their services are authorized by law; those individuals performing gratuitous services as permitted under conditions prescribed by the Office of Personnel Management; and, participants in work-study or training programs. (b) Other entities. This part also applies to advisory committees and councils within the meaning of the Federal Advisory Committee Act which provide advice to: Any official or component of SSA; or the President and for which SSA has been delegated responsibility for providing services. Sec. 401.15 Limitations on scope. The regulations in this part do not-- (a) Make available to an individual records which are not retrieved by that individual's name or other personal identifier. (b) Make available to the general public records which are retrieved by an individual's name or other personal identifier or make available to the general public records which would otherwise not be available to the general public under the Freedom of Information Act, 5 U.S.C. 552, and part 402 of this title. (c) Govern the maintenance or disclosure of, notification about or access to, records in the possession of SSA which are subject to the regulations of another agency, such as personnel records which are part of a system of records administered by the Office of Personnel Management. (d) Apply to grantees, including State and local governments or subdivisions thereof, administering federally funded programs. (e) Make available records compiled by SSA in reasonable anticipation of court litigation or formal administrative proceedings. The availability of such records to the general public or to any subject individual or party to such litigation or proceedings shall be governed by applicable constitutional principles, rules of discovery, and applicable regulations of the agency. Sec. 401.20 Scope. (a) Privacy. Sections 401.30 through 401.95, which set out SSA's rules for implementing the Privacy Act, apply to all agency records accessed by an individual's name or personal identifier subject to the Privacy Act. (b) Disclosure--(1) Program records. Regulations that apply to the disclosure of information about an individual contained in SSA's program records are set out in Secs. 401.100 through 401.103 and 401.115 through 401.195. These regulations also apply to the disclosure of other Federal program information which SSA maintains. That information includes: (i) Health insurance records which SSA maintains for the Health Care Financing Administration's (HCFA) programs under title XVIII of the Social Security Act. We will disclose these records to HCFA. HCFA may redisclose these records under the regulations applying to records in HCFA's custody; (ii) Black lung benefit records which SSA maintains for the administration of the Federal Coal Mine Health and Safety Act; (However, this information is not covered by section 1106 of the Social Security Act.) and (iii) Records kept by consultants. Information retained by a medical, psychological or vocational professional concerning an examination performed under contract in the social security program shall not be disclosed except as permitted by this part. (2) Nonprogram records. Section 401.110 sets out rules applicable to the disclosure of nonprogram records, e.g., SSA's administrative and personnel records. Sec. 401.25 Terms defined. Access means making a record available to a subject individual. Act means the Social Security Act. Agency means the Social Security Administration. Commissioner means the Commissioner of Social Security. Disclosure means making a record about an individual available to or releasing it to another party. FOIA means the Freedom of Information Act. Individual when used in connection with the Privacy Act or for disclosure of nonprogram records, means a living person who is a citizen of the United States or an alien lawfully admitted for permanent residence. It does not include persons such as sole proprietorships, partnerships, or corporations. A business firm which is identified by the name of one or more persons is not an individual. When used in connection with the rules governing program information, individual means a living natural person; this does not include corporations, partnerships, and unincorporated business or professional groups of two or more persons. Information means information about an individual, and includes, but is not limited to, vital statistics; race, sex, or other physical characteristics; earnings information; professional fees paid to an [[Page 4145]] individual and other financial information; benefit data or other claims information; the social security number, employer identification number, or other individual identifier; address; phone number; medical information, including psychological or psychiatric information or lay information used in a medical determination; and information about marital and family relationships and other personal relationships. Maintain means to establish, collect, use, or disseminate when used in connection with the term record; and, to have control over or responsibility for a system of records when used in connection with the term system of records. Notification means communication to an individual whether he is a subject individual. (Subject individual is defined further on in this section.) Program Information means personal information and records collected and compiled by SSA in order to discharge its responsibilities under titles I, II, IV part A, X, XI, XIV, XVI and XVIII of the Act and parts B and C of the Federal Coal Mine Health and Safety Act. Record means any item, collection, or grouping of information about an individual that is maintained by SSA including, but not limited to, information such as an individual's education, financial transactions, medical history, and criminal or employment history that contains the individual's name, or an identifying number, symbol, or any other means by which an individual can be identified. When used in this part, record means only a record which is in a system of records. Routine use means the disclosure of a record outside SSA, without the consent of the subject individual, for a purpose which is compatible with the purpose for which the record was collected. It includes disclosures required to be made by statutes other than the Freedom of Information Act, 5 U.S.C. 552. It does not include disclosures which the Privacy Act otherwise permits without the consent of the subject individual and without regard to whether they are compatible with the purpose for which the information is collected, such as disclosures to the Bureau of the Census, the General Accounting Office, or to Congress. Social Security Administration (SSA) means (1) that Federal agency which has administrative responsibilities under titles, I, II, X, XI, XIV, XVI, and XVIII of the Act; and (2) units of State governments which make determinations under agreements made under sections 221 and 1633 of the Act. Social Security program means any program or provision of law which SSA is responsible for administering, including the Freedom of Information Act and Privacy Act. This includes our responsibilities under parts B and C of the Federal Coal Mine Health and Safety Act. Statistical record means a record maintained for statistical research or reporting purposes only and not maintained to make determinations about a particular subject individual. Subject individual means the person to whom a record pertains. System of records means a group of records under our control from which information about an individual is retrieved by the name of the individual or by an identifying number, symbol, or other identifying particular. Single records or groups of records which are not retrieved by a personal identifier are not part of a system of records. Papers maintained by individual Agency employees which are prepared, maintained, or discarded at the discretion of the employee and which are not subject to the Federal Records Act, 44 U.S.C. 2901, are not part of a system of records; provided, that such personal papers are not used by the employee or the Agency to determine any rights, benefits, or privileges of individuals. We and our mean the Social Security Administration. Subpart B--The Privacy Act Sec. 401.30 Privacy Act responsibilities. (a) Policy. Our policy is to protect the privacy of individuals to the fullest extent possible while nonetheless permitting the exchange of records required to fulfill our administrative and program responsibilities, and responsibilities for disclosing records which the general public is entitled to have under the Freedom of Information Act, 5 U.S.C. 552, and 20 CFR part 402. (b) Maintenance of Records. We will maintain no record unless: (1) It is relevant and necessary to accomplish an SSA function which is required to be accomplished by statute or Executive Order; (2) We obtain the information in the record, as much as it is practicable, from the subject individual if we may use the record to determine an individual's rights, benefits or privileges under Federal programs; (3) We inform the individual providing the record to us of the authority for our asking him or her to provide the record (including whether providing the record is mandatory or voluntary, the principal purpose for maintaining the record, the routine uses for the record, and what effect his or her refusal to provide the record may have on him or her). Further, the individual agrees to provide the record, if the individual is not required by statute or Executive Order to do so. (c) First Amendment rights. We will keep no record which describes how an individual exercises rights guaranteed by the First Amendment unless we are expressly authorized: (1) By statute, (2) By the subject individual, or (3) Unless pertinent to and within the scope of an authorized law enforcement activity. Sec. 401.35 Your right to request records. The Privacy Act gives you the right to direct access to most records about yourself that are in our systems of records. Exceptions to this Privacy Act right include-- (a) Special procedures for access to certain medical records (see 5 U.S.C. 552a(f)(3) and Sec. 401.55); (b) Unavailability of certain criminal law enforcement records (see 5 U.S.C. 552a(k), and Sec. 401.85); and (c) Unavailability of records compiled in reasonable anticipation of a court action or formal administrative proceeding. Note to Sec. 401.35: The Freedom of Information Act (see 20 CFR part 402) allows you to request information from SSA whether or not it is in a system of records. Sec. 401.40 How to get your own records. (a) Your right to notification and access. Subject to the provisions governing medical records in Sec. 401.55, you may ask for notification of or access to any record about yourself that is in an SSA system of records. If you are a minor, you may get information about yourself under the same rules as for an adult. Under the Privacy Act, if you are the parent or guardian of a minor, or the legal guardian of someone who has been declared legally incompetent, and you are acting on his or her behalf, you may ask for information about that individual. You may be accompanied by another individual of your choice when you request access to a record in person, provided that you affirmatively authorize the presence of such other individual during any discussion of a record to which you are requesting access. (b) Identifying the records. At the time of your request, you must specify which systems of records you wish to have searched and the records to which you wish to have access. You may also request copies of all or any such records. Also, we may ask you to [[Page 4146]] provide sufficient particulars to enable us to distinguish between records on individuals with the same name. The necessary particulars are set forth in the notices of systems of records which are published in the Federal Register. (c) Requesting notification or access. To request notification of or access to a record, you may visit your local social security office or write to the manager of the SSA system of records. The name and address of the manager of the system is part of the notice of systems of records. Every local social security office keeps a copy of the Federal Register containing that notice. That office can also help you get access to your record. You do not need to use any special form to ask for a record about you in our files, but your request must give enough identifying information about the record you want to enable us to find your particular record. This identifying information should include the system of records in which the record is located and the name and social security number (or other identifier) under which the record is filed. We do not honor requests for all records, all information, or similar blanket requests. Before granting notification of or access to a record, we may, if you are making your request in person, require you to put your request in writing if you have not already done so. Sec. 401.45 Verifying your identity. (a) When required. Unless you are making a request for notification of or access to a record in person, and you are personally known to the SSA representative, you must verify your identity in accordance with paragraph (b) of this section if: (1) You make a request for notification of a record and we determine that the mere notice of the existence of the record would be a clearly unwarranted invasion of privacy if disclosed to someone other than the subject individual; or, (2) You make a request for access to a record which is not required to be disclosed to the general public under the Freedom of Information Act, 5 U.S.C. 552, and part 402 of this chapter. (b) Manner of verifying identity--(1) Request in person. If you make a request to us in person, you must provide at least one piece of tangible identification such as a driver's license, passport, alien or voter registration card, or union card to verify your identity. If you do not have identification papers to verify your identity, you must certify in writing that you are the individual who you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense. (2) Request by telephone. If you make a request by telephone, you must verify your identity by providing identifying particulars which parallel the record to which notification or access is being sought. If we determine that the particulars provided by telephone are insufficient, you will be required to submit your request in writing or in person. We will not accept telephone requests where an individual is requesting notification of or access to sensitive records such as medical records. (3) Requests not in person. Except as provided in paragraph (b)(2) of this section, if you do not make a request in person, you must submit a notarized request to SSA to verify your identity or you must certify in your request that you are the individual you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense. (4) Requests on behalf of another. If you make a request on behalf of a minor or legal incompetent as authorized under Sec. 401.40, you must verify your relationship to the minor or legal incompetent, in addition to verifying your own identity, by providing a copy of the minor's birth certificate, a court order, or other competent evidence of guardianship to SSA; except that you are not required to verify your relationship to the minor or legal incompetent when you are not required to verify your own identity or when evidence of your relationship to the minor or legal incompetent has been previously given to SSA. (5) Medical records--additional verification. You need to further verify your identity if you are requesting notification of or access to sensitive records such as medical records. Any information for further verification must parallel the information in the record to which notification or access is being sought. Such further verification may include such particulars as the date or place of birth, names of parents, name of employer or the specific times the individual received medical treatment. Sec. 401.50 Granting notification of or access to a record. (a) General. Subject to the provisions governing medical records in Sec. 401.55 and the provisions governing exempt systems in Sec. 401.85, upon receipt of your request for notification of or access to a record and verification of your identity, we will review your request and grant notification or access to a record, if you are the subject of the record. (b) Our delay in responding. If we determine that we will have to delay responding to your request because of the number of requests we are processing, a breakdown of equipment, shortage of personnel, storage of records in other locations, etc., we will so inform you and tell you when notification or access will be granted. Sec. 401.55 Special procedures for notification of or access to medical records. (a) General. In general, you have a right to notification of or access to your medical records, including psychological records, as well as to other records pertaining to you that we maintain. In this section, we set forth special procedures as permitted by the Privacy Act for notification of or access to medical records, including a special procedure for notification of or access to medical records of minors. (b) Medical records procedures.--(1) Notification of or access to medical records. (i) You may request notification of or access to a medical record pertaining to you. Unless you are a parent or guardian requesting notification of or access to a minor's medical record, you must make a request for a medical record in accordance with this section and the procedures in Secs. 401.45 through 401.50 of this part. (ii) When you request medical information about yourself, you must also name a representative in writing. The representative may be a physician, other health professional, or other responsible individual who would be willing to review the record and inform you of its contents at your representative's discretion. If you do not designate a representative, we may decline to release the requested information. In some cases, it may be possible to release medical information directly to you rather than to your representative. (2) Utilization of the designated representative. You will be granted direct access to your medical record if we can determine that direct access is not likely to have an adverse effect on you. If we believe that we are not qualified to determine, or if we do determine, that direct access to you is likely to have an adverse effect, the record will be sent to the designated representative. We will inform you in writing that the record has been sent. (c) Medical records of minors.--(1) Requests by minors; notification of or access to medical records to minors. A minor may request notification of or [[Page 4147]] access to a medical record pertaining to him or her in accordance with paragraph (b) of this section. (2) Requests on a minor's behalf; notification of or access to medical records to an individual on a minor's behalf. (i) To protect the privacy of a minor, we will not give to a parent or guardian direct notification of or access to a minor's record, even though the parent or guardian who requests such notification or access is authorized to act on a minor's behalf as provided in Sec. 401.75 of this part. (ii) A parent or guardian must make all requests for notification of or access to a minor's medical record in accordance with this paragraph and the procedures in Secs. 401.45 through 401.50 of this part. A parent or guardian must at the time he or she makes a request designate a family physician or other health professional (other than a family member) to whom the record, if any, will be sent. If the parent or guardian will not designate a representative, we will decline to release the requested information. (iii) Where a medical record on the minor exists, we will in all cases send it to the physician or health professional designated by the parent or guardian. If disclosure of the record would constitute an invasion of the minor's privacy, we will bring that fact to the attention of the physician or health professional to whom we send the record. We will ask the physician or health professional to consider the effect that disclosure of the record to the parent or guardian would have on the minor when the physician or health professional determines whether the minor's medical record should be made available to the parent or guardian. We will respond in substantially the following form to the parent or guardian making the request: We have completed processing your request for notification of or access to ________________________________'s (Name of minor) medical records. Please be informed that if any medical record was found pertaining to that individual, it has been sent to your designated physician or health professional. (iv) In each case where we send a minor's medical record to a physician or health professional, we will make reasonable efforts to inform the minor that we have given the record to the representative. (d) Requests on behalf of an incapacitated adult. If you are the legal guardian of an adult who has been declared legally incompetent, you may receive his or her records directly. Sec. 401.60 Access or notification of program records about two or more individuals. When information about two or more individuals is in one record filed under your social security number, you may receive the information about you and the fact of entitlement and the amount of benefits payable to other persons based on your record. You may receive information about yourself or others, which is filed under someone else's social security number, if that information affects your entitlement to social security benefits or the amount of those benefits. Sec. 401.65 How to correct your record. (a) How to request a correction. This section applies to all records kept by SSA (as described in Sec. 401.5) except for records of earnings. (20 CFR 422.125 describes how to request correction of your earnings record.) You may request that your record be corrected or amended if you believe that the record is not accurate, timely, complete, relevant, or necessary to the administration of a social security program. To amend or correct your record, you should write to the manager identified in the notice of systems of records which is published in the Federal Register (see Sec. 401.40(c) on how to locate this information). The staff at any social security office can help you prepare the request. You should submit any available evidence to support your request. Your request should indicate-- (1) The system of records from which the record is retrieved; (2) The particular record which you want to correct or amend; (3) Whether you want to add, delete or substitute information in the record; and (4) Your reasons for believing that your record should be corrected or amended. (b) What we will not change. You cannot use the correction process to alter, delete, or amend information which is part of a determination of fact or which is evidence received in the record of a claim in the administrative appeal process. Disagreements with these determinations are to be resolved through the SSA appeal process. (See subparts I and J of part 404, and subpart N of part 416, of this chapter.) For example, you cannot use the correction process to alter or delete a document showing a birth date used in deciding your social security claim. However, you may submit a statement on why you think certain information should be altered, deleted, or amended, and we will make this statement part of your file. (c) Acknowledgment of correction request. We will acknowledge receipt of a correction request within 10 working days, unless we can review and process the request and give an initial determination of denial or compliance before that time. (d) Notice of error. If the record is wrong, we will correct it promptly. If wrong information was disclosed from the record, we will tell all those of whom we are aware received that information that it was wrong and will give them the correct information. This will not be necessary if the change is not due to an error, e.g., a change of name or address. (e) Record found to be correct. If the record is correct, we will inform you in writing of the reason why we refuse to amend your record and we will also inform you of your right to seek a review of the refusal and the name and address of the official to whom you should send your request for review. (f) Record of another government agency. If you request us to correct or amend a record governed by the regulation of another government agency, e.g., Office of Personnel Management, Federal Bureau of Investigation, we will forward your request to such government agency for processing and we will inform you in writing of the referral. Sec. 401.70 Appeals of refusals to correct or amend records. (a) Which decisions are covered. This section describes how to appeal a decision made under the Privacy Act concerning your request for correction of a record or for access to your records, those of your minor child, or those of a person for whom you are the legal guardian. We generally handle a denial of your request for information about another person under the provisions of the FOIA (see part 402 of this chapter). This section applies only to written requests. (b) Appeal of refusal to amend or correct a record. (1) If we deny your request to correct a record, you may request a review of that decision. As discussed in Sec. 401.65(e), our letter denying your request will tell you to whom to write. (2) We will review your request within 30 working days from the date of receipt. However, for a good reason and with the approval of the Commissioner, or designee, this time limit may be extended up to an additional 30 days. In that case, we will notify you about the delay, the reason for it, and the date when the review is expected to be completed. If, after review, we determine that the record should be [[Page 4148]] corrected, the record will be corrected. If, after review, we also refuse to amend the record exactly as you requested, we will inform you-- (i) That your request has been refused and the reason; (ii) That this refusal is SSA's final decision; (iii) That you have a right to seek court review of this request to amend the record; and (iv) That you have a right to file a statement of disagreement with the decision. Your statement should include the reason you disagree. We will make your statement available to anyone to whom the record is subsequently disclosed, together with a statement of our reasons for refusing to amend the record. Also, we will provide a copy of your statement to individuals whom we are aware received the record previously. (c) Appeals after denial of access. If, under the Privacy Act, we deny your request for access to your own record, those of your minor child, or those of a person for whom you are the legal guardian, we will advise you in writing of the reason for that denial, the name and title or position of the person responsible for the decision, and your right to appeal that decision. You may appeal the denial decision to the Commissioner of Social Security, 6401 Security Boulevard, Baltimore, MD 21235, within 30 days after you receive the notice denying all or part of your request, or, if later, within 30 days after you receive materials sent to you in partial compliance with your request. If we refuse to release a medical record because you did not designate a representative (Sec. 401.55) to receive the material, that refusal is not a formal denial of access and, therefore, may not be appealed to the Commissioner. If you file an appeal, either the Commissioner or a designee will review your request and any supporting information submitted and then send you a notice explaining the decision on your appeal. We must make our decision within 20 working days after we receive your appeal. The Commissioner or a designee may extend this time limit up to 10 additional working days if one of the circumstances in 20 CFR 402.140 is met. We will notify you in writing of any extension, the reason for the extension, and the date by which we will decide your appeal. The notice of the decision on your appeal will explain your right to have the matter reviewed in a Federal district court if you disagree with all or part of our decision. Sec. 401.75 Rights of parents or legal guardians. For purposes of this part, a parent or guardian of any minor or the legal guardian of any individual who has been declared incompetent due to physical or mental incapacity or age by a court of competent jurisdiction is authorized to act on behalf of a minor or incompetent individual. Except as provided in Sec. 401.45, governing procedures for verifying an individual's identity, and Sec. 401.55(c) governing special procedures for notification of or access to a minor's medical records, if you are authorized to act on behalf of a minor or legal incompetent, you will be viewed as if you were the individual or subject individual. Sec. 401.80 Accounting for disclosures. (a) We will maintain an accounting of all disclosures of a record for five years or for the life of the record, whichever is longer; except that, we will not make accounting for: (1) Disclosures under paragraphs (a) and (b) of Sec. 401.110; and, (2) Disclosures of your record made with your written consent. (b) The accounting will include: (1) The date, nature, and purpose of each disclosure; and (2) The name and address of the person or entity to whom the disclosure is made. (c) You may request access to an accounting of disclosures of your record. You must request access to an accounting in accordance with the procedures in Sec. 401.40. You will be granted access to an accounting of the disclosures of your record in accordance with the procedures of this part which govern access to the related record. We may, at our discretion, grant access to an accounting of a disclosure of a record made under paragraph (g) of Sec. 401.110. Sec. 401.85 Exempt systems. (a) General policy. The Privacy Act permits certain types of specific systems of records to be exempt from some of its requirements. Our policy is to exercise authority to exempt systems of records only in compelling cases. (b) Specific systems of records exempted. (1) Those systems of records listed in paragraph (b)(2) of this section are exempt from the following provisions of the Act and this part: (i) 5 U.S.C. 552a(c)(3) and paragraph (c) of Sec. 401.80 of this part which require that you be granted access to an accounting of disclosures of your record. (ii) 5 U.S.C. 552a (d)(1) through (4) and (f) and Secs. 401.35 through 401.75 relating to notification of or access to records and correction or amendment of records. (iii) 5 U.S.C. 552a(e)(4) (G) and (H) which require that we include information about SSA procedures for notification, access, and correction or amendment of records in the notice for the systems of records. (iv) 5 U.S.C. 552a(e)(3) and Sec. 401.30 which require that if we ask you to provide a record to us, we must inform you of the authority for our asking you to provide the record (including whether providing the record is mandatory or voluntary, the principal purposes for maintaining the record, the routine uses for the record, and what effect your refusal to provide the record may have on you), and if you are not required by statute or Executive Order to provide the record, that you agree to provide the record. This exemption applies only to an investigatory record compiled by SSA for criminal law enforcement purposes in a system of records exempt under subsection (j)(2) of the Privacy Act to the extent that these requirements would prejudice the conduct of the investigation. (2) The following systems of records are exempt from those provisions of the Privacy Act and this part listed in paragraph (b)(1) of this section: (i) Pursuant to subsection (j)(2) of the Privacy Act, the Investigatory Material Compiled for Law Enforcement Purposes System, SSA. (ii) Pursuant to subsection (k)(2) of the Privacy Act: (A) The General Criminal Investigation Files, SSA; (B) The Criminal Investigations File, SSA; and, (C) The Program Integrity Case Files, SSA. (D) Civil and Administrative Investigative Files of the Inspector General, SSA/OIG. (E) Complaint Files and Log. SSA/OGC. (iii) Pursuant to subsection (k)(5) of the Privacy Act: (A) The Investigatory Material Compiled for Security and Suitability Purposes System, SSA; and, (B) The Suitability for Employment Records, SSA. (iv) Pursuant to subsection (k)(6) of the Privacy Act, the Personnel Research and Merit Promotion Test Records, SSA/DCHR/OPE. (c) Notification of or access to records in exempt systems of records. (1) Where a system of records is exempt as provided in paragraph (b) of this section, you may nonetheless request notification of or access to a record in that system. You should make requests for notification of or access to a record [[Page 4149]] in an exempt system of records in accordance with the procedures of Secs. 401.35 through 401.55. (2) We will grant you notification of or access to a record in an exempt system but only to the extent such notification or access would not reveal the identity of a source who furnished the record to us under an express promise, and prior to September 27, 1975, an implied promise, that his or her identity would be held in confidence, if: (i) The record is in a system of records which is exempt under subsection (k)(2) of the Privacy Act and you have been, as a result of the maintenance of the record, denied a right, privilege, or benefit to which you would otherwise be eligible; or, (ii) The record is in a system of records which is exempt under subsection (k)(5) of the Privacy Act. (3) If we do not grant you notification of or access to a record in a system of records exempt under subsections (k) (2) and (5) of the Privacy Act in accordance with this paragraph, we will inform you that the identity of a confidential source would be revealed if we granted you notification of or access to the record. (d) Discretionary actions by SSA. Unless disclosure of a record to the general public is otherwise prohibited by law, we may at our discretion grant notification of or access to a record in a system of records which is exempt under paragraph (b) of this section. Discretionary notification of or access to a record in accordance with this paragraph will not be a precedent for discretionary notification of or access to a similar or related record and will not obligate us to exercise discretion to grant notification of or access to any other record in a system of records which is exempt under paragraph (b) of this section. Sec. 401.90 Contractors. (a) All contracts which require a contractor to maintain, or on behalf of SSA to maintain, a system of records to accomplish an SSA function must contain a provision requiring the contractor to comply with the Privacy Act and this part. (b) A contractor and any employee of such contractor will be considered employees of SSA only for the purposes of the criminal penalties of the Privacy Act, 5 U.S.C. 552a(i), and the employee standards of conduct (see appendix A of this part) where the contract contains a provision requiring the contractor to comply with the Privacy Act and this part. (c) This section does not apply to systems of records maintained by a contractor as a result of his management discretion, e.g., the contractor's personnel records. Sec. 401.95 Fees. (a) Policy. Where applicable, we will charge fees for copying records in accordance with the schedule set forth in this section. We may only charge fees where you request that a copy be made of the record to which you are granted access. We will not charge a fee for searching a system of records, whether the search is manual, mechanical, or electronic. Where we must copy the record in order to provide access to the record (e.g., computer printout where no screen reading is available), we will provide the copy to you without cost. Where we make a medical record available to a representative designated by you or to a physician or health professional designated by a parent or guardian under Sec. 401.55 of this part, we will not charge a fee. (b) Fee schedule. Our Privacy Act fee schedule is as follows: (1) Copying of records susceptible to photocopying--$.10 per page. (2) Copying records not susceptible to photocopying (e.g., punch cards or magnetic tapes)--at actual cost to be determined on a case-by- case basis. (3) We will not charge if the total amount of copying does not exceed $25. (c) Other Fees. We also follow Secs. 402.155 through 402.165 of this chapter to determine the amount of fees, if any, we will charge for providing information under the FOIA and Privacy Act. Subpart C--Disclosure of Official Records and Information Sec. 401.100 Disclosure of records with the consent of the subject of the record. (a) Except as permitted by the Privacy Act and the regulations in this chapter, or if required by the FOIA, we will not disclose your record without your written consent. The consent must specify the individual, organizational unit or class of individuals or organizational units to whom the record may be disclosed, which record may be disclosed and, where applicable, during which time frame the record may be disclosed (e.g., during the school year, while the subject individual is out of the country, whenever the subject individual is receiving specific services). We will not honor a blanket consent to disclose all your records to unspecified individuals or organizational units. We will verify your identity and, where applicable (e.g., where you consent to disclosure of a record to a specific individual), the identity of the individual to whom the record is to be disclosed. (b) A parent or guardian of a minor is not authorized to give consent to a disclosure of the minor's medical record. See Sec. 401.55(c) for the procedures for disclosures of or access to the medical records of minors. Sec. 401.105 Disclosure of personal information without the consent of the subject of the record. (a) SSA maintains two categories of records which contain personal information: (1) Nonprogram records, primarily administrative and personnel records which contain information about SSA's activities as a government agency and employer, and (2) Program records which contain information about SSA's clients that it keeps to administer benefit programs under Federal law. (b) We apply different levels of confidentiality to disclosures of information in the categories in paragraphs (a) (1) and (2) of this section. For administrative and personnel records, we apply the Privacy Act restrictions on disclosure. For program records, we apply somewhat more strict confidentiality standards than those found in the Privacy Act. The reason for this difference in treatment is that our program records include information about a much greater number of persons than our administrative records, the information we must collect for program purposes is often very sensitive, and claimants are required by statute and regulation to provide us with the information in order to establish entitlement for benefits. Sec. 401.110 Disclosure of personal information in nonprogram records without the consent of the subject of the record. The disclosures listed in this section may be made from our nonprogram records, e.g., administrative and personnel records, without your consent. Such disclosures are those: (a) To officers and employees of SSA who have a need for the record in the performance of their duties. The SSA official who is responsible for the record may upon request of any officer or employee, or on his own initiative, determine what constitutes legitimate need. (b) Required to be disclosed under the Freedom of Information Act, 5 U.S.C. 552, and 20 CFR part 402. (c) For a routine use as defined in Sec. 401.25 of this part. Routine uses will be listed in any notice of a system of records. SSA publishes notices of systems of records, including all [[Page 4150]] pertinent routine uses, in the Federal Register. (d) To the Bureau of the Census for purposes of planning or carrying out a census or survey or related activity pursuant to the provisions of Title 13 U.S.C. (e) To a recipient who has provided us with advance written assurance that the record will be used solely as a statistical research or reporting record; Provided, that, the record is transferred in a form that does not identify the subject individual. (f) To the National Archives of the United States as a record which has sufficient historical or other value to warrant its continued preservation by the United States Government, or for evaluation by the Administrator of General Services or his designee to determine whether the record has such value. (g) To another government agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of such government agency or instrumentality has submitted a written request to us, specifying the record desired and the law enforcement activity for which the record is sought. (h) To an individual pursuant to a showing of compelling circumstances affecting the health or safety of any individual if a notice of the disclosure is transmitted to the last known address of the subject individual. (i) To either House of Congress, or to the extent of matter within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress or subcommittee of any such joint committee. (j) To the Comptroller General, or any of his authorized representatives, in the course of the performance of the duties of the General Accounting Office. (k) Pursuant to the order of a court of competent jurisdiction. Sec. 401.115 Disclosure of personal information in program records without the consent of the subject of the record. This section describes how various laws control the disclosure or confidentiality of personal information which we keep. We must consider these laws in the following order: (a) Some laws require us to disclose information (Sec. 401.120); some laws require us to withhold information (Sec. 401.125). These laws control whenever they apply. (b) If no law of this type applies in a given case, then we must look to FOIA principles. See Sec. 401.130. (c) When FOIA principles do not require disclosure, we may disclose information if both the Privacy Act and section 1106 of the Social Security Act permit the disclosure. Sec. 401.120 Disclosures required by law. We disclose information when a law specifically requires it. The Social Security Act requires us to disclose information for certain program purposes. These include disclosures to the SSA Office of Inspector General, the Federal Parent Locator Service, and to States pursuant to an arrangement regarding use of the Blood Donor Locator Service. Also, there are other laws which require that we furnish other agencies information which they need for their programs. These agencies include the Department of Veterans Affairs for its benefit programs, the Immigration and Naturalization Service to carry out its duties regarding aliens, the Railroad Retirement Board for its benefit programs, and to Federal, State, and local agencies administering Aid to Families with Dependent Children, Medicaid, unemployment compensation, food stamps, and other programs. Sec. 401.125 Disclosures prohibited by law. We do not disclose information when a law specifically prohibits it. The Internal Revenue Code generally prohibits us from disclosing tax return information which we receive to maintain individual earnings records. This includes, for example, amounts of wages and contributions from employers. Other laws restrict our disclosure of certain information about drug and alcohol abuse which we collect to determine eligibility for social security benefits. Sec. 401.130 Freedom of Information Act. The FOIA requires us to disclose any information in our records upon request from the public, unless one of several exemptions in the FOIA applies. When the FOIA requires disclosure (see part 402 of this chapter), the Privacy Act permits it. The public does not include Federal agencies, courts, or the Congress, but does include State agencies, individuals, corporations, and most other parties. The FOIA does not apply to requests that are not from the public (e.g., from a Federal agency). However, we apply FOIA principles to requests from these other sources for disclosure of program information. Sec. 401.135 Other laws. When the FOIA does not apply, we may not disclose any personal information unless both the Privacy Act and section 1106 of the Social Security Act permit the disclosure. Section 1106 of the Social Security Act requires that disclosures which may be made must be set out in statute or regulations; therefore, any disclosure permitted by this part is permitted by section 1106. Sec. 401.140 General principles. When no law specifically requiring or prohibiting disclosure applies to a question of whether to disclose information, we follow FOIA principles to resolve that question. We do this to insure uniform treatment in all situations. The FOIA principle which most often applies to SSA disclosure questions is whether the disclosure would result in a ``clearly unwarranted invasion of personal privacy.'' To decide whether a disclosure would be a clearly unwarranted invasion of personal privacy we consider-- (a) The sensitivity of the information (e.g., whether individuals would suffer harm or embarrassment as a result of the disclosure); (b) The public interest in the disclosure; (c) The rights and expectations of individuals to have their personal information kept confidential; (d) The public's interest in maintaining general standards of confidentiality of personal information; and (e) The existence of safeguards against unauthorized redisclosure or use. Sec. 401.145 Safeguards against unauthorized redisclosure or use. (a) The FOIA does not authorize us to impose any restrictions on how information is used after we disclose it under that law. In applying FOIA principles, we consider whether the information will be adequately safeguarded against improper use or redisclosure. We must consider all the ways in which the recipient might use the information and how likely the recipient is to redisclose the information to other parties. Thus, before we disclose personal information we may consider such factors as-- (1) Whether only those individuals who have a need to know the information will obtain it; (2) Whether appropriate measures to safeguard the information to avoid unwarranted use or misuse will be taken; and (3) Whether we would be permitted to conduct on-site inspections to see whether the safeguards are being met. (b) We feel that there is a strong public interest in sharing information with other agencies with programs having the same or similar purposes, so [[Page 4151]] we generally share information with those agencies. However, since there is usually little or no public interest in disclosing information for disputes between two private parties or for other private or commercial purposes, we generally do not share information for these purposes. Sec. 401.150 Compatible purposes. (a) General. The Privacy Act allows us to disclose information, without the consent of the individual, to any other party for routine uses. (b) Routine use. We publish notices of systems of records in the Federal Register which contain a list of all routine use disclosures. (c) Determining compatibility. We disclose information for routine uses where necessary to carry out SSA's programs. It is also our policy to disclose information for use in other programs which have the same purposes as SSA programs if the information concerns eligibility, benefit amounts, or other matters of benefit status in a social security program and is relevant to determining the same matters in the other program. For example, we disclose information to the Railroad Retirement Board for pension and unemployment compensation programs, to the Veterans Administration for its benefit program, to worker's compensation programs, to State general assistance programs, and to other income maintenance programs at all levels of government; we also disclose for health-maintenance programs like Medicare and Medicaid, and in appropriate cases, for epidemiological and similar research. Sec. 401.155 Law enforcement purposes. (a) General. The Privacy Act allows us to disclose information for law enforcement purposes under certain conditions. Much of the information in our files is especially sensitive or very personal. Furthermore, participation in social security programs is mandatory, so people cannot limit what information is given to us. Therefore, we generally disclose information for law enforcement purposes only in limited situations. Paragraphs (b) and (c) of this section discuss the disclosures we generally make for these purposes. (b) Serious crimes. SSA may disclose information for criminal law enforcement purposes where a violent crime such as murder or kidnapping has been committed and the individual about whom the information is being sought has been indicted or convicted of that crime. The Privacy Act allows us to disclose if the head of the law enforcement agency makes a written request giving enough information to show that these conditions are met, what information is needed, and why it is needed. (c) Criminal activity involving the social security program or another program with the same purposes. We disclose information when necessary to investigate or prosecute fraud or other criminal activity involving the social security program. We may also disclose information for investigation or prosecution of criminal activity in other income- maintenance or health-maintenance programs (e.g., other governmental pension programs, unemployment compensation, general assistance, Medicare or Medicaid) if the information concerns eligibility, benefit amounts, or other matters of benefit status in a social security program and is relevant to determining the same matters in the other program. Sec. 401.160 Health or safety. The Privacy Act allows us to disclose information in compelling circumstances where an individual's health or safety is affected. For example, if we learn that someone has been exposed to an excessive amount of radiation, we may notify that person and appropriate health officials. If we learn that someone has made a threat against someone else, we may notify that other person and law enforcement officials. When we make these disclosures, the Privacy Act requires us to send a notice of the disclosure to the last known address of the person whose record was disclosed. Sec. 401.165 Statistical and research activities. (a) General. Statistical and research activities often do not require information in a format that identifies specific individuals. Therefore, whenever possible, we release information for statistical or research purposes only in the form of aggregates or individual data that cannot be associated with a particular individual. The Privacy Act allows us to release records if there are safeguards that the record will be used solely as a statistical or research record and the individual cannot be identified from any information in the record. (b) Safeguards for disclosure with identifiers. The Privacy Act also allows us to disclose data for statistical and research purposes in a form allowing individual identification, pursuant to published routine use, when the purpose is compatible with the purpose for which the record was collected. We will disclose personally identifiable information for statistical and research purposes if-- (1) We determine that the requestor needs the information in an identifiable form for a statistical or research activity, will use the information only for that purpose, and will protect individuals from unreasonable and unwanted contacts; (2) The activity is designed to increase knowledge about present or alternative social security programs or other Federal or State income- maintenance or health-maintenance programs, or consists of epidemiological or similar research; and (3) The recipient will keep the information as a system of statistical records, will follow appropriate safeguards, and agrees to our on-site inspection of those safeguards so we can be sure the information is used or redisclosed only for statistical or research purposes. No redisclosure of the information may be made without SSA's approval. (c) Statistical record. A statistical record is a record in a system of records which is maintained only for statistical and research purposes, and which is not used to make any determination about an individual. We maintain and use statistical records only for statistical and research purposes. We may disclose a statistical record if the conditions in paragraph (b) of this section are met. (d) Compiling of records. Where a request for information for statistical and research purposes would require us to compile records, and doing that would be administratively burdensome to ongoing SSA operations, we may decline to furnish the information. Sec. 401.170 Congress. (a) We disclose information to either House of Congress. We also disclose information to any committee or subcommittee of either House, or to any joint committee of Congress or subcommittee of that committee, if the information is on a matter within the committee's or subcommittee's jurisdiction. (b) We disclose to any member of Congress the information needed to respond to constituents' requests for information about themselves (including requests from parents of minors, or legal guardians). However, these disclosures are subject to the restrictions in Secs. 401.35 through 401.60. Sec. 401.175 General Accounting Office. We disclose information to the General Accounting Office when that agency needs the information to carry out its duties. Sec. 401.180 Courts. (a) General. The Privacy Act allows us to disclose information when we receive [[Page 4152]] an order from a court of competent jurisdiction. However, much of our information is especially sensitive. Participation in social security programs is mandatory, and so people cannot limit what information is given to SSA. When information is used in a court proceeding, it usually becomes part of a public record, and its confidentiality cannot be protected. Therefore, we treat subpoenas or other court orders for information under the rules in paragraph (b) of this section. (b) Subpoena. We generally disclose information in response to a subpoena or other court order if-- (1) Another section of this part would specifically allow the release; or (2) The Commissioner of SSA is a party to the proceeding; or (3) The information is necessary for due process in a criminal proceeding. In other cases, we try to satisfy the needs of courts while preserving the confidentiality of information. Sec. 401.185 Other specific recipients. In addition to disclosures we make under the routine use provision, we also release information to-- (a) The Bureau of the Census for purposes of planning or carrying out a census, survey, or related activity; and (b) The National Archives of the United States if the record has sufficient historical or other value to warrant its continued preservation by the United States Government. We also disclose a record to the Administrator of General Services for a determination of whether the record has such a value. Sec. 401.190 Deceased persons. We do not consider the disclosure of information about a deceased person to be a clearly unwarranted invasion of that person's privacy. However, in disclosing information about a deceased person, we follow the principles in Sec. 401.115 to insure that the privacy rights of a living person are not violated. Sec. 401.195 Situations not specified in this part. If no other provision in this part specifically allows SSA to disclose information, the Commissioner or designee may disclose this information if not prohibited by Federal law. For example, the Commissioner or designee may disclose information necessary to respond to life threatening situations. Sec. 401.200 Blood donor locator service. (a) General. We will enter into arrangements with State agencies under which we will furnish to them at their request the last known personal mailing addresses (residence or post office box) of blood donors whose blood donations show that they are or may be infected with the human immunodeficiency virus which causes acquired immune deficiency syndrome. The State agency or other authorized person, as defined in paragraph (b) of this section, will then inform the donors that they may need medical care and treatment. The safeguards that must be used by authorized persons as a condition to receiving address information from the Blood Donor Locator Service are in paragraph (g) of this section, and the requirements for a request for address information are in paragraph (d) of this section. (b) Definitions. State means the 50 States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands, Guam, the Commonwealth of Northern Marianas, and the Trust Territory of the Pacific Islands. Authorized person means-- (1) Any agency of a State (or of a political subdivision of a State) which has duties or authority under State law relating to the public health or otherwise has the duty or authority under State law to regulate blood donations; and (2) Any entity engaged in the acceptance of blood donations which is licensed or registered by the Food and Drug Administration in connection with the acceptance of such blood donations, and which provides for-- (i) The confidentiality of any address information received pursuant to the rules in this part and section 1141 of the Social Security Act and related blood donor records; (ii) Blood donor notification procedures for individuals with respect to whom such information is requested and a finding has been made that they are or may be infected with the human immunodeficiency virus; and (iii) Counseling services for such individuals who have been found to have such virus. New counseling programs are not required, and an entity may use existing counseling programs or referrals to provide these services. Related blood donor records means any record, list, or compilation established in connection with a request for address information which indicates, directly or indirectly, the identity of any individual with respect to whom a request for address information has been made pursuant to the rules in this part. (c) Use of social security number for identification. A State or an authorized person in the State may require a blood donor to furnish his or her social security number when donating blood. The number may then be used by an authorized person to identify and locate a donor whose blood donation indicates that he or she is or may be infected with the human immunodeficiency virus. (d) Request for address of blood donor. An authorized person who has been unable to locate a blood donor at the address he or she may have given at the time of the blood donation may request assistance from the State agency which has arranged with us to participate in the Blood Donor Locator Service. The request to the Blood Donor Locator Service must-- (1) Be in writing; (2) Be from a participating State agency either on its own behalf as an authorized person or on behalf of another authorized person; (3) Indicate that the authorized person meets the confidentiality safeguards of paragraph (g) of this section; and (4) Include the donor's name and social security number, the addresses at which the authorized person attempted without success to contact the donor, the date of the blood donation if available, a statement that the donor has tested positive for the human immunodeficiency virus according to the latest Food and Drug Administration standards or that the history of the subsequent use of the donated blood or blood products indicates that the donor has or may have the human immunodeficiency virus, and the name and address of the requesting blood donation facility. (e) SSA response to request for address. After receiving a request that meets the requirements of paragraph (d) of this section, we will search our records for the donor's latest personal mailing address. If we do not find a current address, we will request that the Internal Revenue Service search its tax records and furnish us any personal mailing address information from its files, as required under section 6103(m)(6) of the Internal Revenue Code. After completing these searches, we will provide to the requesting State agency either the latest mailing address available for the donor or a response stating that we do not have this information. We will then destroy the records or delete all identifying donor information related to the request and maintain only the information that we will need to monitor the compliance of authorized persons with the confidentiality safeguards contained in paragraph (g) of this section. (f) SSA refusal to furnish address. If we determine that an authorized person has not met the requirements of paragraphs (d) and (g) of this section, we will not furnish address information to the State agency. In that case, we will notify the State agency of our [[Page 4153]] determination, explain the reasons for our determination, and explain that the State agency may request administrative review of our determination. The Commissioner of Social Security or a delegate of the Commissioner will conduct this review. The review will be based on the information of record and there will not be an opportunity for an oral hearing. A request for administrative review, which may be submitted only by a State agency, must be in writing. The State agency must send its request for administrative review to the Commissioner of Social Security, 6401 Security Boulevard, Baltimore, MD 21235, within 60 days after receiving our notice refusing to give the donor's address. The request for review must include supporting information or evidence that the requirements of the rules in this part have been met. If we do not furnish address information because an authorized person failed to comply with the confidentiality safeguards of paragraph (g) of this section, the State agency will have an opportunity to submit evidence that the authorized person is now in compliance. If we then determine, based on our review of the request for administrative review and the supporting evidence, that the authorized person meets the requirements of the rules in this part, we will respond to the address request as provided in paragraph (e) of this section. If we determine on administrative review that the requirements have not been met, we will notify the State agency in writing of our decision. We will make our determination within 30 days after receiving the request for administrative review, unless we notify the State agency within this 30-day time period that we will need additional time. Our determination on the request for administrative review will give the findings of fact, the reasons for the decision, and what actions the State agency should take to ensure that it or the blood donation facility is in compliance with the rules in this part. (g) Safeguards to ensure confidentiality of blood donor records. We will require assurance that authorized persons have established and continue to maintain adequate safeguards to protect the confidentiality of both address information received from the Blood Donor Locator Service and related blood donor records. The authorized person must, to the satisfaction of the Secretary-- (1) Establish and maintain a system for standardizing records which includes the reasons for requesting the addresses of blood donors, dates of the requests, and any disclosures of address information; (2) Store blood donors' addresses received from the Blood Donor Locator Service and all related blood donor records in a secure area or place that is physically safe from access by persons other than those whose duties and responsibilities require access; (3) Restrict access to these records to authorized employees and officials who need them to perform their official duties related to notifying blood donors who are or may be infected with the human immunodeficiency virus that they may need medical care and treatment; (4) Advise all personnel who will have access to the records of the confidential nature of the information, the safeguards required to protect the information, and the civil and criminal sanctions for unauthorized use or disclosure of the information; (5) Destroy the address information received from the Blood Donor Locator Service, as well as any records established in connection with the request which indicate directly or indirectly the identity of the individual, after notifying or attempting to notify the donor at the address obtained from the Blood Donor Locator Service; and (6) Upon request, report to us the procedures established and utilized to ensure the confidentiality of address information and related blood donor records. We reserve the right to make onsite inspections to ensure that these procedures are adequate and are being followed and to request such information as we may need to ensure that the safeguards required in this section are being met. (h) Unauthorized disclosure. Any official or employee of the Federal Government, a State, or a blood donation facility who discloses blood donor information, except as provided for in this section or under a provision of law, will be subject to the same criminal penalty as provided in section 7213(a) of the Internal Revenue Code of 1986 for the unauthorized disclosure of tax information. Appendix A to Part 401--Employee Standards of Conduct (a) General. All SSA employees are required to be aware of their responsibilities under the Privacy Act of 1974, 5 U.S.C. 552a. Regulations implementing the Privacy Act are set forth in this part. Instruction on the requirements of the Act and regulation shall be provided to all new employees of SSA. In addition, supervisors shall be responsible for assuring that employees who are working with systems of records or who undertake new duties which require the use of systems of records are informed of their responsibilities. Supervisors shall also be responsible for assuring that all employees who work with such systems of records are periodically reminded of the requirements of the Privacy Act and are advised of any new provisions or interpretations of the Act. (b) Penalties. (1) All employees must guard against improper disclosure of records which are governed by the Privacy Act. Because of the serious consequences of improper invasions of personal privacy, employees may be subject to disciplinary action and criminal prosecution for knowing and willful violations of the Privacy Act and regulation. In addition, employees may also be subject to disciplinary action for unknowing or unwillful violations, where the employee had notice of the provisions of the Privacy Act and regulations and failed to inform himself or herself sufficiently or to conduct himself or herself in accordance with the requirements to avoid violations. (2) SSA may be subjected to civil liability for the following actions undertaken by its employees: (a) Making a determination under the Privacy Act and Secs. 401.65 and 401.70 not to amend an individual's record in accordance with his or her request, or failing to make such review in conformity with those provisions; (b) Refusing to comply with an individual's request for notification of or access to a record pertaining to him or her; (c) Failing to maintain any record pertaining to any individual with such accuracy, relevance, timeliness, and completeness as is necessary to assure fairness in any determination relating to the qualifications, character, rights, or opportunities of, or benefits to the individual that may be made on the basis of such a record, and consequently makes a determination which is adverse to the individual; or (d) Failing to comply with any other provision of the Act or any rule promulgated thereunder, in such a way as to have an adverse effect on an individual. (3) An employee may be personally subject to criminal liability as set forth below and in 5 U.S.C. 552a (i): (a) Willful disclosure. Any officer or employee of SSA, who by virtue of his employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by the Privacy Act or by rules or regulations established thereunder, and who, knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and may be fined not more than $5,000. (b) Notice requirements. Any officer or employee of SSA who willfully maintains a system of records without meeting the notice requirements [of the Privacy Act] shall be guilty of a misdemeanor and may be fined not more than $5,000. (c) Rules governing employees not working with systems of records. Employees whose duties do not involve working with systems of records will not generally disclose to any [[Page 4154]] one, without specific authorization from their supervisors, records pertaining to employees or other individuals which by reason of their official duties are available to them. Notwithstanding the above, the following records concerning Federal employees are a matter of public record and no further authorization is necessary for disclosure: (1) Name and title of individual. (2) Grade classification or equivalent and annual rate of salary. (3) Position description. (4) Location of duty station, including room number and telephone number. In addition, employees shall disclose records which are listed in SSA's Freedom of Information Regulation as being available to the public. Requests for other records will be referred to the responsible SSA Freedom of Information Officer. This does not preclude employees from discussing matters which are known to them personally, and without resort to a record, to official investigators of Federal agencies for official purposes such as suitability checks, Equal Employment Opportunity investigations, adverse action proceedings, grievance proceedings, etc. (d) Rules governing employees whose duties require use or reference to systems of records. Employees whose official duties require that they refer to, maintain, service, or otherwise deal with systems of records (hereinafter referred to as ``Systems Employees'') are governed by the general provisions. In addition, extra precautions are required and systems employees are held to higher standards of conduct. (1) Systems Employees shall: (a) Be informed with respect to their responsibilities under the Privacy Act; (b) Be alert to possible misuses of the system and report to their supervisors any potential or actual use of the system which they believe is not in compliance with the Privacy Act and regulation; (c) Disclose records within SSA only to an employee who has a legitimate need to know the record in the course of his or her official duties; (d) Maintain records as accurately as practicable. (e) Consult with a supervisor prior to taking any action where they are in doubt whether such action is in conformance with the Act and regulation. (2) Systems employees shall not: (a) Disclose in any form records from a system of records except (1) with the consent or at the request of the subject individual; or (2) where its disclosure is permitted under Sec. 401.110. (b) Permit unauthorized individuals to be present in controlled areas. Any unauthorized individuals observed in controlled areas shall be reported to a supervisor or to the guard force. (c) Knowingly or willfully take action which might subject SSA to civil liability. (d) Make any arrangements for the design, development, or operation of any system of records without making reasonable effort to provide that the system can be maintained in accordance with the Act and regulation. (e) Contracting officers. In addition to any applicable provisions set forth above, those employees whose official duties involve entering into contracts on behalf of SSA shall also be governed by the following provisions: (1) Contracts for design, or development of systems and equipment. The contracting officer shall not enter into any contract for the design or development of a system of records, or for equipment to store, service or maintain a system of records unless the contracting officer has made reasonable effort to ensure that the product to be purchased is capable of being used without violation of the Privacy Act or the regulations in this part. He shall give special attention to provision of physical safeguards. (2) Contracts for the operation of systems of records. The Contracting Officer, in conjunction with other officials whom he feels appropriate, shall review all proposed contracts providing for the operation of systems of records prior to execution of the contracts to determine whether operation of the system of records is for the purpose of accomplishing a Department function. If it is determined that the operation of the system is to accomplish an SSA function, the contracting officer shall be responsible for including in the contract appropriate provisions to apply the provisions of the Privacy Act and regulation to the system, including prohibitions against improper release by the contractor, his employees, agents, or subcontractors. (3) Other service contracts. Contracting officers entering into general service contracts shall be responsible for determining the appropriateness of including provisions in the contract to prevent potential misuse (inadvertent or otherwise) by employees, agents, or subcontractors of the contractor. (f) Rules governing SSA officials responsible for managing systems of records. In addition to the requirements for Systems Employees, SSA officials responsible for managing systems of records as described in Sec. 401.40(c) (system managers) shall: (1) Respond to all requests for notification of or access, disclosure, or amendment of records in a timely fashion in accordance with the Privacy Act and regulation; (2) Make any amendment of records accurately and in a timely fashion; (3) Inform all persons whom the accounting records show have received copies of the record prior to the amendments of the correction; and (4) Associate any statement of disagreement with the disputed record, and (a) Transmit a copy of the statement to all persons whom the accounting records show have received a copy of the disputed record, and (b) Transmit that statement with any future disclosure. 2. Part 402 is added to read as follows: PART 402--AVAILABILITY OF INFORMATION AND RECORDS TO THE PUBLIC Sec. 402.5 Scope and purpose. 402.10 Policy. 402.15 Relationship between the FOIA and the Privacy Act of 1974. 402.20 Requests not handled under the FOIA. 402.25 Referral of requests outside of SSA. 402.30 Definitions. 402.35 Publication. 402.40 Publications for sale. 402.45 Availability of records. 402.50 Availability of administrative staff manuals. 402.55 Materials available at district offices and branch offices. 402.60 Materials in field offices of the Office of Hearings and Appeals. 402.65 Health care information. 402.70 Reasons for withholding some records. 402.75 Exemption one for withholding records: National defense and foreign policy. 402.80 Exemption two for withholding records: Internal personnel rules and practices. 402.85 Exemption three for withholding records: Records exempted by other statutes. 402.90 Exemption four for withholding records: Trade secrets and confidential commercial or financial information. 402.95 Exemption five for withholding records: Internal memoranda. 402.100 Exemption six for withholding records: Clearly unwarranted invasion of personal privacy. 402.105 Exemption seven for withholding records: Law enforcement. 402.110 Exemptions eight and nine for withholding records: Records on financial institutions; records on wells. 402.115 Deletion of identifying details. 402.120 Creation of records. 402.125 Who may release a record. 402.130 How to request a record. 402.135 Where to send a request. 402.140 How a request for a record is processed. 402.145 Responding to your request. 402.150 Release of records. 402.155 Fees to be charged--categories of requests. 402.160 Fees to be charged--general provisions. 402.165 Fee schedule. 402.170 Fees for providing records and related services for program purposes pursuant to section 1106 of the Social Security Act. 402.175 Fees for providing information and related services for non-program purposes. 402.180 Procedure on assessing and collecting fees for providing records. 402.185 Waiver or reduction of fees in the public interest. 402.190 Officials who may deny a request for records under FOIA. 402.195 How a request is denied. 402.200 How to appeal a decision denying all or part of a request. 402.205 U.S. District Court action. Authority: Secs. 205, 702(a)(5), and 1106 of the Social Security Act; (42 U.S.C. 405, 902(a)(5), and 1306); Section 413(b) of the Federal Mine Safety and Health Act of 1977 (30 U.S.C. 923b), 5 U.S.C. 552 and 552a; 8 U.S.C. 1360; 18 U.S.C. 1905; 26 U.S.C. 6103; 31 U.S.C.. 9701; E.O. 12600, 52 FR 23781, 3 CFR, 1987 Comp., p. 235. [[Page 4155]] Sec. 402.5 Scope and purpose. The rules in this part relate to the availability to the public, pursuant to the Freedom of Information Act (FOIA) 5 U.S.C. 552, of records of the Social Security Administration (SSA). They describe how to make a FOIA request; who can release records and who can decide not to release; how much time it should take to make a determination regarding release; what fees may be charged; what records are available for public inspection; why some records are not released; and your right to appeal and then go to court if we refuse to release records. The rules in this part do not revoke, modify, or supersede the regulations of SSA relating to disclosure of information in part 401 of this chapter. Sec. 402.10 Policy. As a general policy, SSA follows a balanced approach in administering FOIA. We not only recognize the right of public access to information in the possession of SSA, but also protect the integrity of internal processes. In addition, we recognize the legitimate interests of organizations or persons who have submitted records to SSA or who would otherwise be affected by release of records. For example, we have no discretion to release certain records, such as trade secrets and confidential commercial information, prohibited from release by law. This policy calls for the fullest responsible disclosure consistent with those requirements of administrative necessity and confidentiality which are recognized in the FOIA. Sec. 402.15 Relationship between the FOIA and the Privacy Act of 1974. (a) Coverage. The FOIA and the rules in this part apply to all SSA records. The Privacy Act, 5 U.S.C. 552a, applies to records that are about individuals, but only if the records are in a system of records. ``Individuals'' and ``system of records'' are defined in the Privacy Act and in 20 CFR 401.25. (b) Requesting your own records. If you are an individual and request records, then to the extent you are requesting your own records in a system of records, we will handle your request under the Privacy Act. If there is any record that we need not release to you under those provisions, we will also consider your request under the FOIA and this rule, and we will release the record to you if the FOIA requires it. (c) Requesting another individual's record. Whether or not you are an individual, if you request records that are about an individual (other than yourself) and that are in a system of records, we will handle your request under the FOIA and the rules in this part. However, if our disclosure in response to your request would be permitted by the Privacy Act's disclosure provision, (5 U.S.C. 552a(b)), for reasons other than the requirements of the FOIA, and if we decide to make the disclosure, then we will not handle your request under the FOIA and the rules in this part. For example, when we make routine use disclosures pursuant to requests, we do not handle them under the FOIA and the rules in this part. (``Routine use'' is defined in the Privacy Act and in 20 CFR 401.25.) If we handle your request under the FOIA and the rules in this part and the FOIA does not require releasing the record to you, then the Privacy Act may prohibit the release and remove our discretion to release. Sec. 402.20 Requests not handled under the FOIA. (a) We will not handle your request under the FOIA and the regulations in this part to the extent it asks for records that are currently available, either from SSA or from another part of the Federal Government, under a separate statute that provides specific activity for charging fees for those records. For example, we will not handle your request under the FOIA and the regulations in this part to the extent it asks for detailed earnings statements under the Social Security program. (b) We will not handle your request under the FOIA and the regulations in this part if you are seeking a record that is distributed by SSA as part of its regular program activity, for example, public information leaflets distributed by SSA. Sec. 402.25 Referral of requests outside of SSA. If you request records that were created by, or provided to us by, another Federal agency, and if that agency asserts control over the records, we may refer the records and your request to that agency. We may likewise refer requests for classified records to the agency that classified them. In these cases, the other agency will process and respond to your request, to the extent it concerns those records, under that agency's regulation, and you need not make a separate request to that agency. We will notify you when we refer your request to another agency. Sec. 402.30 Definitions. As used in this part, Agency means any executive department, military department, government corporation, government controlled corporation, or other establishment in the executive branch of the Federal Government, or any independent regulatory agency. A private organization is not an agency even if it is performing work under contract with the Government or is receiving Federal financial assistance. Grantee and contractor records are not subject to the FOIA unless they are in the possession or under the control of SSA or its agents. Solely for the purpose of disclosure under the FOIA, we consider records of individual beneficiaries located in the State Disability Determination Services (DDS) to be agency records. Commercial use means, when referring to a request, that the request is from or on behalf of one who seeks information for a use or purpose that furthers the commercial, trade, or profit interests of the requester or of a person on whose behalf the request is made. Whether a request is for a commercial use depends on the purpose of the request and the use to which the records will be put. The identity of the requester (individual, non-profit corporation, for-profit corporation) and the nature of the records, while in some cases indicative of that purpose or use, are not necessarily determinative. When a request is from a representative of the news media, a purpose or use supporting the requester's news dissemination function is not a commercial use. Duplication means the process of making a copy of a record and sending it to the requester, to the extent necessary to respond to the request. Such copies include paper copy, microfilm, audio-visual materials, and magnetic tapes, cards, and discs. Educational institution means a preschool, elementary or secondary school, institution of undergraduate or graduate higher education, or institution of professional or vocational education, which operates a program of scholarly research. Freedom of Information Act or FOIA means 5 U.S.C. 552. Freedom of Information Officer means an SSA official who has been delegated the authority to authorize disclosure of or withhold records and assess, waive, or reduce fees in response to FOIA requests. Non-commercial scientific institution means an institution that is not operated substantially for purposes of furthering its own or someone else's business, trade, or profit interests, and that is operated for purposes of conducting scientific research whose results are not intended to promote any particular product or industry. [[Page 4156]] Records means any handwritten, typed, or printed documents (such as memoranda, books, brochures, studies, writings, drafts, letters, transcripts, and minutes) and documentary material in other forms (such as punchcards; magnetic tapes, cards, or discs; paper tapes; audio or video recordings; maps; photographs; slides; microfilm; and motion pictures). It does not include objects or articles such as exhibits, models, equipment, and duplication machines or audiovisual processing materials. Nor does it include books, magazines, pamphlets, or other reference material in formally organized and officially designated SSA libraries, where such materials are available under the rules of the particular library. Representative of the news media means a person actively gathering information for an entity organized and operated to publish or broadcast news to the public. News media entities include television and radio broadcasters, publishers of periodicals who distribute their products to the general public or who make their products available for purchase or subscription by the general public, and entities that may disseminate news through other media (e.g., electronic dissemination of text). We will treat freelance journalists as representatives of a news media entity if they can show a likelihood of publication through such an entity. A publication contract is such a basis, and the requester's past publication record may show such a basis. Request means asking for records, whether or not you refer specifically to the FOIA. Requests from Federal agencies and court orders for documents are not included within this definition. Subpoenas are requests only to the extent provided by 45 CFR 2. Review means, when used in connection with processing records for a commercial use request, examining the records to determine what portions, if any, may be withheld, and any other processing that is necessary to prepare the records for release. It includes only the examining and processing that are done the first time we analyze whether a specific exemption applies to a particular record or portion of a record. It does not include examination done in the appeal stage with respect to an exemption that was applied at the initial request stage. However, if we initially withhold a record under one exemption, and on appeal we determine that that exemption does not apply, then examining the record in the appeal stage for the purpose of determining whether a different exemption applies is included in review. It does not include the process of researching or resolving general legal or policy issues regarding exemptions. Search means looking for records or portions of records responsive to a request. It includes reading and interpreting a request, and also page-by-page and line-by-line examination to identify responsive portions of a document. However, it does not include line-by-line examination where merely duplicating the entire page would be a less expensive and quicker way to comply with the request. Sec. 402.35 Publication. (a) Methods of publication. Materials we are required to publish pursuant to the provisions of 5 U.S.C. 552(a)(1) and (a)(2), we publish in one of the following ways: (1) By publication in the Federal Register of Social Security Administration regulations, and by their subsequent inclusion in the Code of Federal Regulations; (2) By publication in the Federal Register of appropriate general notices; (3) By other forms of publication, when incorporated by reference in the Federal Register with the approval of the Director of the Federal Register; and (4) By publication in the ``Social Security Rulings'' of indexes of precedential social security orders and opinions issued in the adjudication of claims, statements of policy and interpretations which have been adopted but have not been published in the Federal Register. The ``Social Security Rulings'' may be purchased through the Government Printing Office (See Sec. 402.40). (b) Publication of rulings. Although not required pursuant to 5 U.S.C. 552 (a)(1) and (a)(2), we publish the following rulings in the Federal Register as well as by other forms of publication: (1) We publish Social Security Rulings in the Federal Register under the authority of the Commissioner of Social Security. They are binding on all components of the Social Security Administration. These rulings represent precedent final opinions and orders and statements of policy and interpretations that we have adopted. (2) We publish Social Security Acquiescence Rulings in the Federal Register under the authority of the Commissioner of Social Security. They are binding on all components of the Social Security Administration, except with respect to claims subject to the relitigation procedures established in 20 CFR 404.984 (c) and (d), 410.610c (c) and (d), and 416.1484 (c) and (d). For a description of Social Security Acquiescence Rulings, see 20 CFR 404.984(b), 410.610c(b), and 416.1484(b) of this title. (c) Availability for inspection. To the extent practicable and to further assist the public, we make available for inspection at the address specified in Sec. 402.135 those materials which are published in the Federal Register pursuant to 5 U.S.C. 552(a)(1). Sec. 402.40 Publications for sale. The following publications containing information pertaining to the program, organization, functions, and procedures of the Social Security Administration may be purchased from the Superintendent of Documents, Government Printing Office, Washington, DC 20402: (a) Title 20, parts 400-499 of the Code of Federal Regulations. (b) Federal Register issues. (c) Compilation of the Social Security Laws. (d) Social Security Rulings. (e) Social Security Handbook. The information in the Handbook is not of precedent or interpretative force. (f) Social Security Bulletin. (g) Social Security Acquiescence Rulings. Sec. 402.45 Availability of records. (a) What records are available. 5 U.S.C. 552, also known as the FOIA, permits any person to see, and get a copy of, any Federal agency's records unless the material is exempt from mandatory disclosure as described in Sec. 402.70 of this part. (b) FOIA. Under the FOIA, we are also required to make available to the public the instructional manuals issued to our employees, general statements of policy, and other materials which are used in processing claims and which are not published in the Federal Register, and an index of these manuals and materials. (c) Record citation as precedent. We will not use or cite any record described in paragraph (b) of this section as a precedent for an action against a person unless we have indexed the record and published it or made it available, or unless the person has timely notice of the record. Sec. 402.50 Availability of administrative staff manuals. All administrative staff manuals of the Social Security Administration and instructions to staff personnel which contain policies, procedures, or interpretations that affect the public are available for inspection and copying. A complete listing of such materials is published in the Index of [[Page 4157]] Administrative Staff Manuals and Instructions. These manuals are generally not printed in a sufficient quantity to permit sale or other general distribution to the public. Selected material is maintained at district offices and field offices and may be inspected there. See Secs. 402.55 and 402.60 for a listing of this material. Sec. 402.55 Materials available at district offices and branch offices. (a) Materials available for inspection. The following are available or will be made available for inspection at the district offices and branch offices: (1) Compilation of the Social Security Laws. (2) Social Security Administration regulations under the retirement, survivors, disability, and supplemental security income programs, i.e., 20 CFR parts 401, 402, 404, 416, and 422; and the Social Security Administration's regulations under part B of title IV (Black Lung Benefits) of the Federal Coal Mine Health and Safety Act of 1969, 20 CFR part 410. (3) Social Security Rulings. (4) Social Security Handbook. (5) Social Security Acquiescence Rulings. (b) Materials available for inspection and copying. The following materials are available or will be made available for inspection and copying at the district offices and branch offices (fees may be applicable per Secs. 402.155 through 402.185): (1) SSA Program Operations Manual System. (2) SSA Organization Manual. (3) Handbook for State Social Security Administrators. (4) Indexes to the materials listed in paragraph (a) of this section and in this paragraph (b) and an index to the Hearings, Appeals and Litigation Law (HALLEX) manual. (5) Index of Administrative Staff Manuals and Instructions. Sec. 402.60 Materials in field offices of the Office of Hearings and Appeals. (a) Materials available for inspection. The following materials are available for inspection in the field offices of the Office of Hearings and Appeals: (1) Regulations of the Social Security Administration (see Sec. 402.55(a)(2)). (2) Title 5, United States Code. (3) Compilation of the Social Security Laws. (4) Social Security Rulings. (5) Social Security Handbook. (6) Social Security Acquiescence Rulings. (b) The Hearings, Appeals and Litigation Law (HALLEX) manual is available for inspection and copying in the field offices of the Office of Hearings and Appeals (fees may be applicable per Secs. 402.155 through 402.185). Sec. 402.65 Health care information. We have some information about health care programs under titles XVIII and XIX (Medicare and Medicaid) of the Social Security Act. We follow the rules in 42 CFR part 401 in determining whether to provide any portion of it to a requester. Sec. 402.70 Reasons for withholding some records. Section 552(b) of the Freedom of Information Act contains nine exemptions to the mandatory disclosure of records. We describe these exemptions in Secs. 402.75 through 402.110 of this part and explain how we apply them to disclosure determinations. (In some cases more than one exemption may apply to the same document.) Information obtained by the agency from any individual or organization, furnished in reliance on a provision for confidentiality authorized by applicable statute or regulation, will not be disclosed, to the extent it can be withheld under one of these exemptions. This section does not itself authorize the giving of any pledge of confidentiality by any officer or employee of the agency. Sec. 402.75 Exemption one for withholding records: National defense and foreign policy. We are not required to release records that, as provided by FOIA, are ``(a) specifically authorized under criteria established by an Executive Order to be kept secret in the interest of national defense or foreign policy and (b) are in fact properly classified pursuant to such Executive Order.'' Executive Order No. 12958 (1995) (3 CFR, 1987 Comp., p. 235) provides for such classification. When the release of certain records may adversely affect U.S. relations with foreign countries, we usually consult with officials of those countries or officials of the Department of State. Also, we may on occasion have in our possession records classified by some other agency. We may refer your request for such records to the agency that classified them and notify you that we have done so. Sec. 402.80 Exemption two for withholding records: Internal personnel rules and practices. We are not required to release records that are ``related solely to the internal personnel rules and practices of an agency.'' Under this exemption, we may withhold routine internal agency practices and procedures. For example, we may withhold guard schedules and rules governing parking facilities or lunch periods. Also under this exemption, we may withhold internal records whose release would help some persons circumvent the law or agency regulations. For example, we ordinarily do not disclose manuals that instruct our investigators or auditors how to investigate possible violations of law, to the extent that this release would help some persons circumvent the law. Sec. 402.85 Exemption three for withholding records: Records exempted by other statutes. We are not required to release records if another statute specifically allows or requires us to withhold them. We may use another statute to justify withholding only if it absolutely prohibits disclosure or if it sets forth criteria to guide our decision on releasing or identifies particular types of material to be withheld. We often use this exemption to withhold information regarding a worker's earnings which is tax return information under section 6103 of the Internal Revenue Code. Sec. 402.90 Exemption four for withholding records: Trade secrets and confidential commercial or financial information. We will withhold trade secrets and commercial or financial information that is obtained from a person and is privileged or confidential. (a) Trade secrets. A trade secret is a secret, commercially valuable plan, formula, process, or device that is used for the making, preparing, compounding, or processing of trade commodities and that can be said to be the end product of either innovation or substantial effort. There must be a direct relationship between the trade secret and the productive process. (b) Commercial or financial information. We will not disclose records whose information is ``commercial or financial,'' is obtained from a person, and is ``privileged or confidential.'' (1) Information is ``commercial or financial'' if it relates to businesses, commerce, trade, employment, profits, or finances (including personal finances). We interpret this category broadly. (2) Information is ``obtained from a person'' if SSA or another agency has obtained it from someone outside the Federal Government or from someone within the Government who has a commercial or financial interest in the information. ``Person'' includes an individual, partnership, corporation, association, state or foreign government, [[Page 4158]] or other organization. Information is not ``obtained from a person'' if it is generated by SSA or another Federal agency. However, information is ``obtained from a person'' if it is provided by someone, including but not limited to an agency employee, who retains a commercial or financial interest in the information. (3) Information is ``privileged'' if it would ordinarily be protected from disclosure in civil discovery by a recognized evidentiary privilege, such as the attorney-client privilege or the work product privilege. Information may be privileged for this purpose under a privilege belonging to a person outside the government, unless the providing of the information to the government rendered the information no longer protectable in civil discovery. (4) Information is ``confidential'' if it meets one of the following tests: (i) Disclosure may impair the government's ability to obtain necessary information in the future; (ii) Disclosure would substantially harm the competitive position of the person who submitted the information; (iii) Disclosure would impair other government interests, such as program effectiveness and compliance; or (iv) Disclosure would impair other private interests, such as an interest in controlling availability of intrinsically valuable records, which are sold in the market by their owner. (c) Analysis under tests in this section. The following questions may be relevant in analyzing whether a record meets one or more of the above tests: (1) Is the information of a type customarily held in strict confidence and not disclosed to the public by the person to whom it belongs? (2) What is the general custom or usage with respect to such information in the relevant occupation or business? (3) How many, and what types of, individuals have access to the information? (4) What kind and degree of financial injury can be expected if the information is disclosed? (d) Designation of certain confidential information. A person who submits records to the government may designate part or all of the information in such records as exempt from disclosure under Exemption 4 of the FOIA. The person may make this designation either at the time the records are submitted to the government or within a reasonable time thereafter. The designation must be in writing. Where a legend is required by a request for proposals or request for quotations, pursuant to 48 CFR 352.215-12, then that legend is necessary for this purpose. Any such designation will expire ten years after the records were submitted to the government. (e) Predisclosure notification. The procedures in this paragraph apply to records on which the submitter has designated information as provided in paragraph (d) of this section. They also apply to records that were submitted to the government where we have substantial reason to believe that information in the records could reasonably be considered exempt under Exemption 4. Certain exceptions to these procedures are stated in paragraph (f) of this section. (1) When we receive a request for such records, and we determine that we may be required to disclose them, we will make reasonable efforts to notify the submitter about these facts. The notice will include a copy of the request, and it will inform the submitter about the procedures and time limits for submission and consideration of objections to disclosure. If we must notify a large number of submitters, we may do this by posting or publishing a notice in a place where the submitters are reasonably likely to become aware of it. (2) The submitter has five working days from receipt of the notice to object to disclosure of any part of the records and to state all bases for its objections. (3) We will give consideration to all bases that have been timely stated by the submitter. If we decide to disclose the records, we will notify the submitter in writing. This notice will briefly explain why we did not sustain its objections. We will include with the notice a copy of the records about which the submitter objected, as we propose to disclose them. The notice will state that we intend to disclose the records five working days after the submitter receives the notice unless we are ordered by a United States District Court not to release them. (4) When a requester files suit under the FOIA to obtain records covered by this paragraph, we will promptly notify the submitter. (5) Whenever we send a notice to a submitter under paragraph (e)(1) of this section, we will notify the requester that we are giving the submitter a notice and an opportunity to object. Whenever we send a notice to a submitter under paragraph (e)(3) of this section, we will notify the requester of this fact. (f) Exceptions to predisclosure notification. The notice requirements in paragraph (e) of this section do not apply in the following situations: (1) We decided not to disclose the records; (2) The information has previously been published or made generally available; (3) Disclosure is required by a regulation, issued after notice and opportunity for public comment, that specifies narrow categories of records that are to be disclosed under the FOIA, but in this case a submitter may still designate records as described in paragraph (d) of this section, and in exceptional cases, we may, at our discretion, follow the notice procedures in paragraph (e) of this section; or (4) The designation appears to be obviously frivolous, but in this case we will still give the submitter the written notice required by paragraph (e)(3) of this section (although this notice need not explain our decision or include a copy of the records), and we will notify the requester as described in paragraph (e)(5) of this section. Sec. 402.95 Exemption five for withholding records: Internal memoranda. This exemption covers internal government communications and notes that fall within a generally recognized evidentiary privilege. Internal government communications include an agency's communications with an outside consultant or other outside person, with a court, or with Congress, when those communications are for a purpose similar to the purpose of privileged intra-agency communications. Some of the most- commonly applicable privileges are described in the following paragraphs: (a) Deliberative process privilege. This privilege protects predecisional deliberative communications. A communication is protected under this privilege if it was made before a final decision was reached on some question of policy and if it expressed recommendations or opinions on that question. The purpose of the privilege is to prevent injury to the quality of the agency decisionmaking process by encouraging open and frank internal policy discussions, by avoiding premature disclosure of policies not yet adopted, and by avoiding the public confusion that might result from disclosing reasons that were not in fact the ultimate grounds for an agency's decision. Purely factual material in a deliberative document is within this privilege only if it is inextricably intertwined with the deliberative portions so that it cannot reasonably be segregated, if it would reveal the nature of the deliberative portions, or if its disclosure would in some other way make possible an intrusion into the decisionmaking process. We will release purely factual material in a deliberative [[Page 4159]] document unless that material is otherwise exempt. The privilege continues to protect predecisional documents even after a decision is made. (b) Attorney work product privilege. This privilege protects documents prepared by or for an agency, or by or for its representative (typically, our attorneys) in anticipation of litigation or for trial. It includes documents prepared for purposes of administrative adjudications as well as court litigation. It includes documents prepared by program offices as well as by attorneys. It includes factual material in such documents as well as material revealing opinions and tactics. Finally, the privilege continues to protect the documents even after the litigation is closed. (c) Attorney-client communication privilege. This privilege protects confidential communications between a lawyer and an employee or agent of the Government where there is an attorney-client relationship between them (typically, where the lawyer is acting as attorney for the agency and the employee is communicating on behalf of the agency) and where the employee has communicated information to the attorney in confidence in order to obtain legal advice or assistance. Sec. 402.100 Exemption six for withholding records: Clearly unwarranted invasion of personal privacy. (a) Documents affected. We may withhold records about individuals if disclosure would constitute a clearly unwarranted invasion of their personal privacy. (b) Balancing test. In deciding whether to release records to you that contain personal or private information about someone else, we weigh the foreseeable harm of invading that person's privacy against the public benefit that would result from the release. If you were seeking information for a purely commercial venture, for example, we might not think that disclosure would primarily benefit the public and we would deny your request. On the other hand, we would be more inclined to release information if you were working on a research project that gave promise of providing valuable information to a wide audience. However, in our evaluation of requests for records we attempt to guard against the release of information that might involve a violation of personal privacy because of a requester being able to ``read between the lines'' or piece together items that would constitute information that normally would be exempt from mandatory disclosure under Exemption Six. (c) Examples. Some of the information that we frequently withhold under Exemption Six is: Home addresses, ages, and minority group status of our employees or former employees; social security numbers; medical information about individuals who have filed a claim for disability benefits; names and addresses of individual beneficiaries of our programs, or benefits such individuals receive; earnings records, claim files, and other personal information SSA maintains. Sec. 402.110 Exemption seven for withholding records: Law enforcement. We are not required to disclose information or records that the government has compiled for law enforcement purposes. The records may apply to actual or potential violations of either criminal or civil laws or regulations. We can withhold these records only to the extent that releasing them would cause harm in at least one of the following situations: (a) Enforcement proceedings. We may withhold information whose release could reasonably be expected to interfere with prospective or ongoing law enforcement proceedings. Investigations of fraud and mismanagement, employee misconduct, and civil rights violations may fall into this category. In certain cases--such as when a fraud investigation is likely--we may refuse to confirm or deny the existence of records that relate to the violations in order not to disclose that an investigation is in progress, or may be conducted. (b) Fair trial or impartial adjudication. We may withhold records whose release would deprive a person of a fair trial or an impartial adjudication because of prejudicial publicity. (c) Personal privacy. We are careful not to disclose information that could reasonably be expected to constitute an unwarranted invasion of personal privacy. When a name surfaces in an investigation, that person is likely to be vulnerable to innuendo, rumor, harassment, and retaliation. (d) Confidential sources and information. We may withhold records whose release could reasonably be expected to disclose the identity of a confidential source of information. A confidential source may be an individual; a state, local, or foreign government agency; or any private organization. The exemption applies whether the source provides information under an express promise of confidentiality or under circumstances from which such an assurance could be reasonably inferred. Also, where the record, or information in it, has been compiled by a law enforcement authority conducting a criminal investigation, or by an agency conducting a lawful national security investigation, the exemption also protects all information supplied by a confidential source. Also protected from mandatory disclosure is any information which, if disclosed, could reasonably be expected to jeopardize the system of confidentiality that assures a flow of information from sources to investigatory agencies. (e) Techniques and procedures. We may withhold records reflecting special techniques or procedures of investigation or prosecution, not otherwise generally known to the public. In some cases, it is not possible to describe even in general terms those techniques without disclosing the very material to be withheld. We may also withhold records whose release would disclose guidelines for law enforcement investigations or prosecutions if this disclosure could reasonably be expected to create a risk that someone could circumvent requirements of law or of regulation. (f) Life and physical safety. We may withhold records whose disclosure could reasonably be expected to endanger the life or physical safety of any individual. This protection extends to threats and harassment as well as to physical violence. Sec. 402.110 Exemptions eight and nine for withholding records: Records on financial institutions; records on wells. Exemption eight permits us to withhold records about regulation or supervision of financial institutions. Exemption nine permits the withholding of geological and geophysical information and data, including maps, concerning wells. Sec. 402.115 Deletion of identifying details. When SSA publishes or otherwise makes available an opinion or order, statement of policy, or other record which relates to a private party or parties, the name or names or other identifying details may be deleted. Sec. 402.120 Creation of records. We are not required to create new records merely to satisfy a request. For example, we are not required to program computers to provide data in a particular form or to compile selected items from records, provide statistical data, ratios, proportions, percentages, etc. If these data have already been compiled and are available, we will [[Page 4160]] supply the record when appropriate fees are paid, as provided in Secs. 402.160 and 402.165. This does not mean that we will never help you get information that does not already exist in our records. However, diverting staff and equipment from other responsibilities may not always be possible. Sec. 402.125 Who may release a record. Except as otherwise provided by regulation, only the Director, Office of Disclosure Policy, SSA, or her or his designee may determine whether to release any record in SSA's control and possession. This official is SSA's Freedom of Information Officer. Sections 402.40, 402.55, and 402.60 list some of the materials which we have determined may be released. Sec. 402.130 How to request a record. You may request a record in person, by telephone, or by mail. (However, see Secs. 402.180 through 402.195 for an explanation of your appeal rights.) Any request should reasonably describe the record you want. If you have detailed information which would assist us in identifying that record, please submit it with your request. You should mark the outside of any envelope used to submit your request as a ``Freedom of Information Request'', no matter how your request may be categorized for fee purposes. (Sections 402.145 through 402.175 explain our fees.) The staff at any Social Security office can help you prepare this request. Sec. 402.135 Where to send a request. You may send your request for a record to: The Director, Office of Disclosure Policy, Social Security Administration, 6401 Security Boulevard, Baltimore, Maryland 21235. Sec. 402.140 How a request for a record is processed. (a) Within 10 working days from the date a request is received by the appropriate official (see Sec. 402.135), we will make a determination as to whether the requested record will be provided. This 10-day period may be extended by written notice up to 10 additional working days when one or more of the following situations exist: (1) The office processing the request needs to locate and then obtain the record from another facility; (2) We need to locate, obtain, and appropriately examine a large number of records which are requested in a single request; or (3) The office processing the request needs to consult with another agency which has a substantial interest in the subject matter of the request. This consultation shall be conducted with all practicable speed. (b) If an extension is made, we will notify you, explain why the additional time is needed, and tell you the date by which we expect to make a decision on your request. Sec. 402.145 Responding to your request. (a) Retrieving records. We are required to furnish copies of records only when they are in our possession or we can retrieve them from storage. If we have stored the records you want in the National Archives or another storage center, we will retrieve and review them for possible disclosure. However, the Federal Government destroys many old records, so sometimes it is impossible to fill requests. Various laws, regulations, and manuals give the time periods for keeping records before they may be destroyed. For example, there is information about retention of records in the Records Disposal Act of 1944, 44 U.S.C. 3301 through 3314; the Federal Property Management Regulations, 41 CFR 101-1.104; and the General Records Schedules of the National Archives and Records Administration. (b) Furnishing records. The requirement is that we furnish copies only of records that we have or can retrieve. We are not compelled to create new records. For example, we are not required to write a new program so that a computer will print information in the format you prefer. However, if the requested information is maintained in computerized form, but we can, with minimal computer instructions, produce the information on paper, we will do this if it is the only way to respond to a request. Nor are we required to perform research for you. On the other hand, we may decide to conserve Government resources and at the same time supply the records you need by consolidating information from various records rather than copying them all. Moreover, we are required to furnish only one copy of a record and usually impose that limit. If information exists in different forms, we will provide the record in the form that best conserves government resources. For example, if it requires less time and expense to provide a computer record as a paper printout rather than in an electronic medium, we will provide the printout. Sec. 402.150 Release of records. (a) Records previously released. If we have released a record, or a part of a record, to others in the past, we will ordinarily release it to you also. However, we will not release it to you if a statute forbids this disclosure, and we will not necessarily release it to you if an exemption applies in your situation and did not apply, or applied differently, in the previous situations. (b) Unauthorized disclosure. The principle stated in paragraph (a) of this section does not apply if the previous release was unauthorized. (c) Poor copy. If we cannot make a legible copy of a record to be released, we do not attempt to reconstruct it. Instead, we furnish the best copy possible and note its poor quality in our reply. Sec. 402.155 Fees to be charged--categories of requests. Paragraphs (a) through (c) of this section state, for each category of request, the type of fees that we will generally charge. However, for each of these categories, the fees may be limited, waived, or reduced for the reasons given below or for other reasons. (a) Commercial use request. If your request is for a commercial use, we will charge you the costs of search, review, and duplication. (b) Educational and scientific institutions and news media. If you are an educational institution or a non-commercial scientific institution, operated primarily for scholarly or scientific research, or a representative of the news media, and your request is not for a commercial use, we will charge you only for the duplication of documents. Also, we will not charge you the copying costs for the first 100 pages of duplication. (c) Other requesters. If your request is not the kind described by paragraph (a) or (b) of this section, then we will charge you only for the search and the duplication. Also, we will not charge you for the first two hours of search time or for the copying costs of the first 100 pages of duplication. Sec. 402.160 Fees to be charged--general provisions. (a) We may charge search fees even if the records we find are exempt from disclosure, or even if we do not find any records at all. (b) If we are not charging you for the first two hours of search time, under Sec. 402.145(c), and those two hours are spent on a computer search, then the two free hours are the first two hours of the operator's own operation. If the operator spends less than two hours on the search, we will reduce the total search fees by the average hourly rate for the operator's time, multiplied by two. (c) If we are not charging you for the first 100 pages of duplication, under Sec. 402.145 (b) or (c), then those 100 pages [[Page 4161]] are the first 100 pages of photocopies of standard size pages, or the first 100 pages of computer printout. If we cannot use this method to calculate the fee reduction, then we will reduce your total duplication fee by the normal charge for photocopying a standard size page, multiplied by 100. (d) We will charge interest on unpaid bills beginning on the 31st day following the day the bill was sent. Sec. 402.165 Fee schedule. The following is our fee schedule for providing records and related services under the FOIA: (a) Manual searching for or reviewing of records. When the search or review is performed by employees at grade GS-1 through GS-8, we will charge an hourly rate based on the salary of a GS-5, step 7, employee; when done by a GS-9 through GS-14, an hourly rate based on the salary of a GS-12, step 4, employee; and when done by a GS-15 or above, an hourly rate based on the salary of a GS-15, step 7, employee. In each case, we will compute the hourly rate by taking the current hourly rate for the specified grade and step, adding 16% of that rate to cover benefits, and rounding to the nearest whole dollar. As of January 5, 1997, these rates were $14, $28, and $50 respectively. These rates are adjusted as Federal salaries change. When a search involves employees at more than one of these levels, we will charge the rate appropriate for each. (b) Computer searching and printing. We will charge the actual cost of operating the computer plus charges for the time spent by the operator, at the rates given in paragraph (a) of this section. (c) Photocopying standard size pages. We will charge $0.10 per page. The Freedom of Information (FOI) Officer may charge lower fees for particular documents where-- (1) The document has already been printed in large numbers; (2) The program office determines that using existing stock to answer this request, and any other anticipated FOI requests, will not interfere with program requirements; and (3) The FOI Officer determines that the lower fee is adequate to recover the prorated share of the original printing costs. (d) Photocopying odd-size documents. For photocopying documents such as punchcards or blueprints, or reproducing other records such as tapes, we will charge the actual costs of operating the machine, plus the actual cost of the materials used, plus charges for the time spent by the operator, at the rates given in paragraph (a) of this section. (e) Certifying that records are true copies. This service is not required by the FOIA. If we agree to provide it, we will charge $10 per certification. (f) Sending records by express mail, certified mail, or other special methods. This service is not required by the FOIA. If we agree to provide it, we will charge our actual costs. (g) Other special services. For performing any other special service that you request and we agree to, we will charge the actual costs of operating any machinery, plus actual cost of any materials used, plus charges for the time of our employees, at the rates given in paragraph (a) of this section. (h) Billing exceeds cost of service. Generally we will not charge you a fee when the cost of the service is less than the cost of sending you a bill. However, where an individual, organization, or governmental unit makes multiple separate requests, we will total the costs incurred and periodically bill the requester for the services rendered. (i) Fee for copies of printed materials. When extra copies of printed material are available, the charge is generally 1 cent per page. If the material may be purchased from the Superintendent of Documents, the charge is that set by the Superintendent. The Superintendent's address is in Sec. 402.40. (j) When not applicable. This fee schedule does not apply to requests for records of Social Security number holders, wage earners, employers, and claimants when the requests are governed by section 1106 of the Social Security Act and by Secs. Sections 402.170 and 402.175. Sec. 402.170 Fees for providing records and related services for program purposes pursuant to section 1106 of the Social Security Act. (a) Program purposes described. (1) We consider a request to be program related if the information must be disclosed under the Social Security Act. For example, section 205(c)(2)(A) of the Act (42 U.S.C. 405(c)(2)(A)) requires that we provide certain information upon request to a worker, her or his legal representative, her or his survivor, or the legal representative of the worker's estate. That information is the amounts of the worker's wages and self-employment income and the periods during which they were paid or derived, as shown by our records. (2) We also consider a request to be program related if the requester indicates the needed information will be used for a purpose which is directly related to the administration of a program under the Social Security Act. (i) The major criteria we consider in deciding whether a proposed use is so related are: (A) Is the information needed to pursue some benefit under the Act? (B) Is the information needed solely to verify the accuracy of information obtained in connection with a program administered under the Act? (C) Is the information needed in connection with an activity which has been authorized under the Act? (D) Is the information needed by an employer to carry out her or his taxpaying responsibilities under the Federal Insurance Contributions Act or section 218 of the Act? (ii) We will consider on a case by case basis those requests which do not meet these criteria but are claimed to be program related. (b) When we charge. If we determine the request for information is program related, we may or may not charge for the information. For example, as stated in paragraph (a) of this section, we generally will not charge you for information needed to assure the accuracy of our records on which your present or future Social Security benefits depend. In addition, we generally will not charge for furnishing information under section 205(c)(2)(A) of the Act. However, if we do charge for a program related request (for example, if more detailed information or special services are requested) we will use the fee schedule in Sec. 402.165 if information is being disclosed under the FOIA and the fee schedule in 20 CFR 401.95 if access to the information is being granted under the Privacy Act. (Exception: If the request is for purposes of administering employee benefits covered by the Employee Retirement Income Security Act of 1974 (ERISA), even if the request is covered by section 205(c)(2)(A) of the Act, we will charge under Sec. 402.175.) Sec. 402.175 Fees for providing information and related services for non-program purposes. (a) General. Section 1106(c) of the Social Security Act permits the Commissioner to require requesters of information to pay the full cost of supplying the information where the information is requested to comply with the ERISA, or ``* * * for any other purpose not directly related to the administration of the program or programs under * * *'' the Social Security Act. This may be done notwithstanding the fee provisions of the FOIA and the Privacy Act or any [[Page 4162]] other provision of law. As used in this section-- (1) Full cost includes the direct and indirect costs to SSA (including costs of duplication) of providing information and related services under section 1106(c) of the Act; and (2) Full cost of an employee's time includes fringe benefits and overhead costs such as rent and utilities. (b) Non-program related requests. We consider a request for information which does not meet or equal any of the criteria in Sec. 402.170 to be non-program related. (Whether a request for information about an individual is made by that individual or by someone else is not a factor.) In responding to these requests, or requests for ERISA purposes, we will charge the full cost of our services as described in paragraph (c) of this section. (c) Fee schedule. Our fee schedule for non-program related requests is: (1) Manual searching for records. Full cost of the employee's time. (2) Photocopying, or reproducing records such as magnetic tapes or punch cards. Full cost of the operator's time plus the full cost of the machine time and the materials used. (3) Use of electronic data processing equipment to obtain records. Our full cost for the service, including computer search time, computer runs and printouts, and the time of computer programmers and operators and other employees. (4) Certification or authentication of records. Full cost of certification or authentication. (5) Forwarding materials to destination. If you request special arrangements for forwarding the material, we will charge you the full cost of this service (e.g., you request express mail or a commercial delivery service). If no special forwarding arrangements are requested, we will charge you the full cost of the service, including the U.S. Postal Service cost. (6) Performing other special services. If we agree to provide any special services you request, we will charge you the full cost of the time of the employee who performs the service, plus the full cost of any machine time and materials that the employee uses. (7) Billing exceeds cost of service. Generally we will not charge you a fee when the cost of the service is less than the cost of sending you a bill. However, where an individual, organization, or governmental unit makes multiple separate requests, we will total the costs incurred and bill the requester for the services rendered. (d) Fee for copies of printed materials. When extra copies of printed material are available, the charge is generally 1 cent per page. If the material may be purchased from the Superintendent of Documents, the charge is that set by the Superintendent. The Superintendent's address is in Sec. 402.40. (e) Charging when requested record not found. We may charge you for search time, even though we fail to find the records. We may also charge you for search time if the records we locate are exempt from disclosure. Sec. 402.180 Procedure on assessing and collecting fees for providing records. (a) We will generally assume that when you send us a request, you agree to pay for the services needed to locate and send that record to you. You may specify in your request a limit on the amount you are willing to spend. If you do that or include with your request a payment that does not cover our fee, we will notify you if it appears that the fee will exceed that amount and ask whether you want us to continue to process your request. Also, before we start work on your request under Sec. 402.120, we will generally notify you of our exact or estimated charge for the information, unless it is clear that you have a reasonable idea of the cost. (b) If you have failed to pay previous bills in a timely fashion, or if our initial review of your request indicates that we will charge you fees exceeding $250, we will require you to pay your past due fees and/or the estimated fees, or a deposit, before we start searching for the records you want. If so, we will let you know promptly upon receiving your request. In such cases, administrative time limits (i.e., ten working days from receipt of initial requests and 20 working days from receipt of appeals from initial denials, plus permissible extensions of these time limits) will begin only after we come to an agreement with you over payment of fees, or decide that fee waiver or reduction is appropriate. (c) We will normally require you to pay all fees before we furnish the records to you. We may, at our discretion, send you a bill along with or following the furnishing of the records. For example, we may do this if you have a history of prompt payment. We may also, at our discretion, aggregate the charges for certain time periods in order to avoid sending numerous small bills to frequent requesters, or to businesses or agents representing requesters. For example, we might send a bill to such a requester once a month. Fees should be paid in accordance with the instructions furnished by the person who responds to your requests. (d) Payment of fees will be made by check or money order payable to ``Social Security Administration''. Sec. 402.185 Waiver or reduction of fees in the public interest. (a) Standard. We will waive or reduce the fees we would otherwise charge if disclosure of the information meets both tests which are explained in paragraphs (b) and (c) of this section: (1) It is in the public interest because it is likely to contribute significantly to public understanding of the operations or activities of the government; and (2) It is not primarily in the commercial interest of the requester. (b) Public interest. The disclosure passes the first test only if it furthers the specific public interest of being likely to contribute significantly to public understanding of government operations or activities, regardless of any other public interest it may further. In analyzing this question, we will consider the following factors: (1) How, if at all, do the records to be disclosed pertain to the operations or activities of the Federal Government? (2) Would disclosure of the records reveal any meaningful information about government operations or activities? Can one learn from these records anything about such operations that is not already public knowledge? (3) Will the disclosure advance the understanding of the general public as distinguished from a narrow segment of interested persons? Under this factor we may consider whether the requester is in a position to contribute to public understanding. For example, we may consider whether the requester has such knowledge or expertise as may be necessary to understand the information, and whether the requester's intended use of the information would be likely to disseminate the information among the public. An unsupported claim to be doing research for a book or article does not demonstrate that likelihood, while such a claim by a representative of the news media is better evidence. (4) Will the contribution to public understanding be a significant one? Will the public's understanding of the government's operations be substantially greater as a result of the disclosure? (c) Not primarily in the requester's commercial interest. If the disclosure passes the test of furthering the specific public interest described in paragraph (b) of this section, we will determine whether it also furthers the requester's commercial interest and, if so, whether this effect outweighs the advancement of that public interest. In applying this [[Page 4163]] second test, we will consider the following factors: (1) Would the disclosure further a commercial interest of the requester, or of someone on whose behalf the requester is acting? ``Commercial interests'' include interests relating to business, trade, and profit. Not only profit-making corporations have commercial interests--so do nonprofit corporations, individuals, unions, and other associations. The interest of a representative of the news media in using the information for news dissemination purposes will not be considered a commercial interest. (2) If disclosure would further a commercial interest of the requester, would that effect outweigh the advancement of the public interest defined in paragraph (b) of this section? Which effect is primary? (d) Deciding between waiver and reduction. If the disclosure passes both tests, we will normally waive fees. However, in some cases we may decide only to reduce the fees. For example, we may do this when disclosure of some but not all of the requested records passes the tests. (e) Procedure for requesting a waiver or reduction. You must make your request for a waiver or reduction at the same time you make your request for records. You should explain why you believe a waiver or reduction is proper under the analysis in paragraphs (a) through (d) of this section. Only FOI Officers may make the decision whether to waive, or reduce, the fees. If we do not completely grant your request for a waiver or reduction, the denial letter will designate a review official. You may appeal the denial to that official. In your appeal letter, you should discuss whatever reasons are given in our denial letter. The process prescribed in Sec. 402.190 of this part will also apply to these appeals. Sec. 402.190 Officials who may deny a request for records under FOIA. Only the Director, Office of Disclosure Policy, SSA, or her or his designee is authorized to deny a written request to obtain, inspect, or copy any social security record. Sec. 402.195 How a request is denied. (a) Oral requests. If we cannot comply with your oral request because the Director of the Office of Disclosure Policy (or designee) has not previously made a determination to release the record you want, we will tell you that fact. If you still wish to pursue your request, you must put your request in writing. (b) Written requests. If you make a written request and the information or record you requested will not be released, we will send you an official denial in writing. We will explain why the request was denied (for example, the reasons why the requested document is subject to one or more clearly described exemptions), will include the name and title or position of the person who made the decision, and what your appeal rights are. (c) Unproductive searches. We make a diligent search for records to satisfy your request. Nevertheless, we may not be able always to find the records you want using the information you provided, or they may not exist. If we advise you that we have been unable to find the records despite a diligent search, this does not constitute a denial of your request. Sec. 402.200 How to appeal a decision denying all or part of a request. (a) How to appeal. If all or part of your written request was denied, you may request that the Commissioner of Social Security, 6401 Security Boulevard, Baltimore, MD 21235 review that determination. Your request for review: (1) Must be in writing; (2) Must be mailed within 30 days after you received notification that all or part of your request was denied or, if later, 30 days after you received materials in partial compliance with your request; and (3) May include additional information or evidence to support your request. (b) How the review is made. After reviewing the prior decision and after considering anything else you have submitted, the Commissioner or his or her designee will affirm or revise all or part of the prior decision. The Commissioner (or a designee) will affirm a denial only after consulting with the appropriate SSA official(s), including legal counsel. The decision must be made within 20 working days after your appeal is received. The Commissioner or a designee may extend this time limit up to 10 additional working days if one of the situations in Sec. 402.140(a) exists, provided that, if a prior extension was used to process this request, the sum of the extensions may not exceed 10 working days. You will be notified in writing of any extension, the reason for the extension, and the date by which your appeal will be decided. (c) How you are notified of the Commissioner's decision. The Commissioner or a designee will send you a written notice of the decision explaining the basis of the decision (for example, the reasons why an exemption applies) which will include the name and title or position of the person who made the decision. The notice will tell you that if any part of your request remains unsatisfied, you have the right to seek court review. Sec. 402.205 U.S. District Court action. If the Commissioner or a designee, upon review, affirms the denial of your request for records, in whole or in part, you may ask a U.S. District Court to review that denial. See 5 U.S.C. 552(a)(4)(B). If we fail to act on your request for a record or for review of a denial of such a request within the time limits in Sec. 402.140(a) or in Sec. 402.190(b), you may ask a U.S. District Court to treat this as if the Commissioner had denied your request. PART 422--ORGANIZATION AND PROCEDURES Subpart E of Part 422--[Removed] 3. Under the authority of section 106(b) of Pub. L. 103-296, Social Security Independence and Program Improvements Act of 1994, subpart E of part 422, is removed and reserved. [FR Doc. 97-1271 Filed 1-28-97; 8:45 am] BILLING CODE 4190-29-P