[Federal Register Volume 80, Number 156 (Thursday, August 13, 2015)]
[Notices]
[Pages 48538-48544]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-19855]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary


Privacy Act of 1974; System of Records Notice

AGENCY: Department of Health and Human Services (HHS), Office of the 
Secretary (OS).

ACTION: Notice to establish a new system of records, to replace two 
existing systems.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 1974 
(5 U.S.C. 552a), HHS is proposing to establish a single, department-
wide system of records to cover all HHS payroll records, to be numbered 
09-90-1402 and titled ``HHS Payroll Records, HHS/OS.'' The new system 
will replace two existing systems of records covering payroll records 
for civilian and commissioned corps personnel (09-40-0006 ``Public 
Health Service (PHS) Commissioned Corps Payroll Records, HHS/PSC/HRS'' 
and 09-40-0010 ``Pay, Leave and Attendance Records, HHS/PSC/HRS''). The 
existing systems were last altered effective September 2012 (see Notice 
published August 15, 2012 at 77 FR 48984, amending System of Records 
Notices (SORNs) published December 11, 1998 at 63 FR 68596, to revise 
the routine use covering disclosures to contractors and to add a new 
routine use covering disclosures in the course of responding to a data 
security breach). The existing systems will be considered deleted upon 
the effective date of the proposed new system. The SORN for the new 
system includes updates or changes to the System Location, Routine 
Uses, System Manager, and Record Access Procedure sections, as more 
fully explained in the ``Supplementary Information'' section of this 
Notice.

DATES: Effective upon publication, with the exception of the routine 
uses. The routine uses for the new system will be effective 30 days 
after publication of this Notice, unless comments are received that 
warrant a revision to this Notice. Written comments on the routine uses 
should be submitted within 30 days. Until the routine uses for the new 
system are effective, the routine uses previously published for the 
existing systems will remain in effect.

ADDRESSES: The public should address written comments to: CAPT Eric 
Shih, Office of the Surgeon General (OSG), Division of Systems 
Integration (DSI), Tower Oaks Building, Plaza Level 100, 1101 Wootton 
Parkway, Rockville, Maryland 20852. Comments will be available for 
public viewing at the same location. To review comments in person, 
please contact the Office of the Surgeon General (OSG), Division of 
Systems Integration (DSI), Tower Oaks Building, Plaza Level 100, 1101 
Wootton Parkway, Rockville, Maryland 20852.

FOR FURTHER INFORMATION CONTACT: For information about civilian payroll 
records, contact: Charles Dietz, HHS/Customer Care Services, 8455 
Colesville Rd., Silver Spring, MD 20910, 301-504-3219.
    For information about commissioned corps payroll records, contact: 
CAPT Eric Shih, Office of the Surgeon General (OSG), Division of 
Systems Integration (DSI), Tower Oaks Building, Plaza Level 100, 1101 
Wootton Parkway, Rockville, Maryland 20852, 240-453-6085.

SUPPLEMENTARY INFORMATION:

I. Background on the New System of Records

    The proposed new system, 09-90-1402 ``HHS Payroll Records,'' will 
combine two payroll systems of records which, until December 11, 1998, 
were covered in a single system of records notice (SORN), under the 
former number 09-90-0017 and title ``Pay, Leave and Attendance 
Records.'' The two existing systems (09-40-0006 and 09-40-0010) 
replaced system number 09-90-0017 in 1998 (see 63 FR 68596 at 68612 and 
68615), following a 1995 reorganization that transferred payroll 
functions to the Program Support Center (PSC), an Operating Division 
that was created in 1995 to perform Human

[[Page 48539]]

Resource (HR) functions. In 2001, PSC became a component of the Office 
of the Assistant Secretary for Administration (ASA), which is a Staff 
Division within the Office of the Secretary (OS). In 2005, HHS 
transferred processing of civilian payroll to the Defense Finance and 
Accounting Service (DFAS). In 2012, HHS transferred processing of 
Commissioned Corps payroll to the U.S. Coast Guard. HHS has decided to 
cover all HHS payroll records in a single system of records again, by 
establishing this proposed new system and deleting the two existing, 
separate systems. Differences between the existing systems and the new 
system are as follows:
     Updates have been made to the System Location and System 
Manager sections.
     The Record Access Procedures section has been changed for 
civilian payroll records, to no longer allow telephone requests, to be 
consistent with access procedures for commissioned corps payroll 
records which state that telephone requests for access to records will 
not be honored because positive identification of the caller cannot be 
established with sufficient certainty.
     One new routine use has been added, authorizing 
disclosures to the U.S. Department of Homeland Security (DHS) for 
cybersecurity monitoring purposes.
     Revisions have been made to the descriptions of certain 
purposes and routine uses common to both civilian and commissioned 
corps payroll records, in order to consolidate them. For example:
    [cir] The congressional office routine use now includes the word 
``written'' and excludes the word ``verified'' (both words were in the 
routine use published in SORN 09-40-0006; neither word was in the 
routine use published in SORN 09-40-0010).
    [cir] Disclosures to tax authorities are now covered in three 
routine uses, consistent with the treatment in SORN 09-40-0006 (SORN 
09-40-0010 covered them in two routine uses).
     Routine uses authorizing disclosures in response to court 
orders (e.g., for divorce, alimony, child support, and personal debt 
collection actions) have been deleted as unnecessary, because the 
Privacy Act at 5 U.S.C. 552a(b)(11) authorizes disclosures ``pursuant 
to the order of a court of competent jurisdiction.''
     The following routine uses were previously published only 
for civilian payroll records, but now apply to both civilian and 
commissioned corps payroll records:
    [cir] ``To financial institutions, organizations and companies 
administering charitable contribution payments, labor union dues 
payments (applicable to civilian personnel only), and benefit plan 
payments and reimbursements (e.g., under savings plans, insurance 
plans, flexible spending account plans) to effect an individual's 
direct deposits, payroll deductions and other transactions, to 
administer the individual's plan accounts, loans and loan repayments, 
and to adjudicate any related claims.''
    [cir] ``To a federal, state or local agency maintaining civil, 
criminal or other relevant enforcement records or other pertinent 
records, such as current licenses, if necessary to obtain a record 
relevant to an agency decision concerning the hiring or retention of an 
employee, the issuance of a security clearance, the letting of a 
contract, or the issuance of a license, grant or other benefit.''
    [cir] ``To thrift and savings institutions to conduct analytical 
studies of benefits being paid under such programs, provided such 
disclosure is consistent with the purpose for which the information was 
originally collected.''
    [cir] ``To relevant agencies for purposes of conducting computer 
matching programs designed to reduce fraud, waste and abuse in federal, 
state and local public assistance programs and operations.''
     The following routine uses were previously published only 
for commissioned corps payroll records, but now apply to both civilian 
and commissioned corps payroll records:
    [cir] ``To disclose information about the entitlements and benefits 
of a beneficiary of a deceased employee, retiree or annuitant for the 
purpose of making disposition of the decedent's estate.''
    [cir] ``To the Office of Management and Budget (OMB) at any stage 
in the legislative coordination and clearance process in connection 
with private relief legislation as set forth in OMB Circular No. A-19, 
or for budgetary or management oversight purposes.''
     The following routine use has been reworded and moved from 
the list of routine uses and included as a ``Note'' at the end of the 
``Routine Uses'' section, because it describes a disclosure authorized 
by subsection (b)(7) of the Privacy Act (5 U.S.C. 552a(b)(7)) for which 
no routine use is needed:
    [cir] ``To a Federal agency in response to a written request from 
the agency head specifying the particular portion desired and the law 
enforcement activity for which the record is sought. The request for 
the record must be connected with the agency's auditing and 
investigative functions designed to reduce fraud, waste and abuse; it 
must be based on information which raises questions about an 
individual's eligibility for benefits or payments; and it must be made 
reasonably soon after the information is received.''
    Because some of the changes are significant, a report on the 
proposed new system has been sent to Congress and OMB in accordance 
with 5 U.S.C. 552a(r).

II. The Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the U.S. 
Government collects, maintains, and uses information about individuals 
in a system of records. A ``system of records'' is a group of any 
records under the control of a Federal agency from which information 
about an individual is retrieved by the individual's name or other 
personal identifier. The Privacy Act requires each agency to publish in 
the Federal Register a system of records notice (SORN) identifying and 
describing each system of records the agency maintains, including the 
purposes for which the agency uses information about individuals in the 
system, the routine uses for which the agency discloses such 
information outside the agency, and how individual record subjects can 
exercise their rights under the Privacy Act (e.g., to determine if the 
system contains information about them).
SYSTEM NUMBER:
    09-90-1402

SYSTEM NAME:
    HHS Payroll Records, HHS/OS

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATIONS:
    Civilian payroll records locations:
     Defense Finance and Accounting Service (DFAS) and records 
storage facility at Rock Island, IL. For more information contact HHS/
Customer Care Services, 8455 Colesville Rd., Silver Spring, MD 20910.
    Retirement records: Federal Retirement Records Center, Boyers, PA.
    Records are also maintained by timekeepers and payroll liaisons. 
Contact HHS/Customer Care Services for specific locations.
    Commissioned Corps payroll records locations:
     PHS/Office of the Assistant Secretary for Health (OASH)/
Office of the Surgeon General (OSG)/Division of

[[Page 48540]]

Commissioned Corps Personnel and Readiness (DCCPR)/Assignments and 
Career Management Branch (ACMB)/Compensation Team, Silver Spring, MD.
     U.S. Coast Guard COMDT, Washington, DC.
    Commissioned corps payroll records are kept at the addresses shown 
above when the person to whom the record pertains has an active 
relationship with the PHS commissioned corps personnel system. When an 
officer ceases the active relationship with the commissioned corps, the 
payroll records are combined with the Official Personnel Folder (OPF) 
covered in SORN 09-40-0001, ``PHS Commissioned Corps General Personnel 
Records, HHS/PSC/ESS'' and transferred to the appropriate facility as 
outlined in that SORN.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system collects and maintains records about HHS personnel 
(current and former civilian employees, and current and former PHS 
Commissioned Corps employees); current and former applicants for 
employment with HHS; and HHS employees' dependents, survivors, 
beneficiaries, and current and former spouses.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system includes the following categories of records containing 
personally identifiable information (PII). PII data elements include: 
name, email and telephone contact information, Social Security Number, 
date of birth, work and home addresses, pay plan and grade, dates and 
hours worked, dates, hours or amounts of leave accrued, used, awarded 
or donated, travel benefits and allowances and educational allowances 
(including educational allowances for dependents of commissioned corps 
personnel), certifications and licenses affecting pay, personnel 
orders, special positions (e.g., hazardous duty) affecting pay, bank 
account information, and amounts withheld and allotted for income tax, 
insurance, retirement, Thrift Saving Plan, flexible spending account, 
voluntary leave transfers, charitable contributions, garnishments, and 
other purposes.
    1. Documents related to pay, including forms used to process 
payroll deductions, leave, allotments, charitable contributions and 
garnishments; documentation of dependent status used to determine 
entitlement to or eligibility for benefits; debt collection documents; 
survivor benefit elections and pay records; worksheets, internal forms, 
internal memoranda and other documents which result in, or contribute, 
to a pay-related action.
    2. Special pay files, containing special pay contracts, personnel 
orders and supporting documentation concerning special pay; worksheets, 
internal forms, internal memoranda and other documents which result in, 
or contribute, to a pay-related action.
    3. Retirement pay files, containing personnel orders and supporting 
documentation concerning retirement pay; worksheets, internal forms, 
internal memoranda and other documents which result in, or contribute 
to, a pay-related action.
    4. Correspondence relating to the above.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. Chapter 55--Pay Administration and Chapter 63--Leave; the 
Public Health Service Act (42 U.S.C. 202-217, 218a, and other pertinent 
sections); the Social Security Act (42 U.S.C. 410(m)); portions of 
Title 10, U.S.C., related to the uniformed services; portions of Title 
37, U.S.C., related to pay and allowance for members of the uniformed 
services; portions of Title 38, U.S.C., related to benefits 
administered by the Department of Veterans Affairs; sections of 50 
U.S.C. App., related to the selective service obligations and the 
Soldiers' and Sailors' Civil Relief Act; Executive Order (EO) 9397, as 
amended, ``Numbering System for Federal Accounts Relating to Individual 
Persons''; and E.O. 11140, as amended, which delegates the authority to 
administer the PHS Commissioned Corps from the President to the 
Secretary, HHS.

PURPOSE(S) OF THE SYSTEM:
    HHS uses relevant information about individuals from this system on 
a need to know basis to:
     Determine the individual's eligibility for pay, 
allowances, entitlements, privileges, and benefits, and ensure that the 
individual receives proper pay and allowances, that proper deductions 
and authorized allowances are made from the individual's pay, and that 
the individual is credited and charged with the proper amount of sick 
and annual leave.
     Determine eligibility or entitlements of the individual's 
dependents and beneficiaries for benefits based on the individual's 
service records.
     Give legal force to personnel transactions and establish 
the individual's rights and obligations under the pertinent laws and 
regulations governing the applicable personnel system (civilian or 
commissioned corps).
     With the individual's consent, provide information to the 
HHS Voluntary Leave Transfer Program for Department-wide announcements.
     Produce management reports, summary descriptive 
statistics, and analytical studies in support of the functions for 
which the records are collected and maintained and for related 
personnel management functions compatible with the intent for which the 
record system was created.
     Provide information to HHS' Debt Management and Collection 
System to collect a delinquent debt owed to the federal government, but 
only to the extent necessary to document and collect the delinquent 
debt.
     Provide information to HHS components (the Office of Child 
Support Enforcement (OCSE) within the Administration for Children and 
Families) and HHS systems (the National Directory of New Hires (NDNH) 
and the Federal Parent Locator System (FPLS)), for use in locating 
individuals and identifying their income sources to establish 
paternity, to establish and modify orders of support and for 
enforcement actions in accordance with 42 U.S.C. 653.
     Provide information to OCSE to share with the Social 
Security Administration for purposes of verifying Social Security 
Numbers used in operating FPLS.
     Provide information to OCSE to release to the Department 
of the Treasury for purposes of administering 26 U.S.C. 32 (earned 
income tax credit), administering 26 U.S.C. 3507 (advance payment of 
earned income tax credit), and verifying a claim with respect to 
employment in a tax return.
     Upon the request of the individual, provide information to 
organizations and companies administering charitable contribution 
payments, labor organization dues payments, and benefit plan payments 
(e.g., savings plans, insurance plans, flexible spending account plans) 
to effect the individual's payments through payroll deductions, to 
administer the individual's accounts, loans and loan repayments, and to 
adjudicate any related claims.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Relevant information about an individual may be disclosed from this 
system of records to the following parties outside HHS, without the 
individual's prior, written consent, for the following routine uses:
    1. To federal agencies and Department contractors that have been 
engaged by

[[Page 48541]]

HHS to assist in accomplishment of an HHS function relating to the 
purposes of the system (i.e., providing payroll services) and that need 
to have access to the records in order to assist HHS. Any contractor 
will be required to comply with the requirements of the Privacy Act of 
1974 and maintain safeguards with respect to such records. These 
safeguards are explained in the ``Safeguards'' section.
    2. To authorized officials in federal agencies where commissioned 
officers are assigned, for purposes described in the ``Purpose(s) of 
the System'' section.
    3. To financial institutions, organizations and companies 
administering charitable contribution payments, labor organization dues 
payments (applicable to civilian personnel only), and benefit plan 
payments and reimbursements (e.g., under savings plans, insurance 
plans, flexible spending account plans) to effect an individual's 
direct deposits, payroll deductions, and other transactions, to 
administer the individual's plan accounts, loans and loan repayments, 
and to adjudicate any related claims.
    4. To the U.S. Department of the Treasury which performs federal 
payment and tax collection activities and needs information such as 
name, home address, Social Security Number, earned income amount, 
withholding status, and amount of taxes withheld, for purposes such as 
processing W-2 forms submitted to the Internal Revenue Service; issuing 
salary, retired pay and annuity checks or electronic payments; issuing 
U.S. savings bonds; recording income information; offsetting salary and 
other federal payments to collect delinquent federal debt owed by the 
individual; and collecting income taxes.
    5. To state and local government agencies having taxing authority, 
which need pertinent records relating to employees, retirees, and 
annuitants, such as name, home address, Social Security Number, earned 
income amount, and amount of taxes withheld, when these agencies have 
entered into tax withholding agreements with the Secretary of Treasury, 
but only to those state and local taxing authorities for which an 
employee, retiree, or annuitant is or was subject to tax, regardless of 
whether tax is or was withheld.
    6. To the Social Security Administration, which requires pertinent 
records relating to employees, retirees, and annuitants, including 
name, home address, Social Security Number, earned income amount, and 
amount of taxes withheld to administer the Social Security program.
    7. To respond to interrogatories in the prosecution of a divorce 
action or settlement for purposes stated in 10 U.S.C. 1408 (The Former 
Spouses Protection Act) pertaining to commissioned corps personnel.
    8. To disclose information about the entitlements and benefits of a 
beneficiary of a deceased employee, retiree or annuitant for the 
purpose of making disposition of the decedent's estate.
    9. To the U.S. Department of Justice (DOJ) or to a court or other 
tribunal when:
    a. The agency or any component thereof; or
    b. any employee of the agency in his or her official capacity, or
    c. any employee of the agency in his or her individual capacity 
where DOJ has agreed to represent the employee, or
    d. the United States Government,
    is a party to litigation or has an interest in such litigation and, 
by careful review, HHS determines that the records are both relevant 
and necessary to the litigation and that, therefore, the use of such 
records by the DOJ, court or other tribunal is deemed by HHS to be 
compatible with the purpose for which the agency collected the records.
    10. When a record on its face, or in conjunction with other 
records, indicates a violation or potential violation of law, whether 
civil, criminal or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule, or order 
issued pursuant thereto, disclosure may be made to the appropriate 
public authority, whether federal, foreign, state, local, tribal, or 
otherwise, responsible for enforcing, investigating or prosecuting the 
violation or charged with enforcing or implementing the statute, rule, 
regulation, or order issued pursuant thereto, if the information 
disclosed is relevant to the enforcement, regulatory, investigative or 
prosecutorial responsibility of the receiving entity.
    11. To a Member of Congress or to a Congressional staff member in 
response to a written inquiry of the Congressional office made at the 
written request of the constituent about whom the record is maintained. 
The Member of Congress does not have any greater authority to obtain 
records than the individual would have if requesting the records 
directly.
    12. To the Office of Management and Budget (OMB) at any stage in 
the legislative coordination and clearance process in connection with 
private relief legislation as set forth in OMB Circular No. A-19, or 
for budgetary or management oversight purposes.
    13. To a federal, foreign, state, local, tribal or other public 
authority of the fact that this system of records contains information 
relevant to the hiring or retention of an employee, the issuance or 
retention of a security clearance, the letting of a contract, or the 
issuance or retention of a license, grant or other benefit. The other 
agency or licensing organization may then make a request supported by 
the written consent of the individual for further information if it so 
chooses. HHS will not make an initial disclosure unless the information 
has been determined to be sufficiently reliable to support a referral 
to another office within the agency or to another federal agency for 
criminal, civil, administrative, personnel, or regulatory action.
    14. To thrift and savings institutions to conduct analytical 
studies of benefits being paid under such programs, provided such 
disclosure is consistent with the purpose for which the information was 
originally collected.
    15. To relevant agencies for the purpose of conducting computer 
matching programs designed to reduce fraud, waste and abuse in federal, 
state and local public assistance programs and operations.
    16. To the Equal Employment Opportunity Commission when requested 
in connection with investigations into alleged or possible 
discrimination practices in the federal sector, examination of federal 
affirmative employment programs, or other functions vested in the 
Commission.
    17. To the Office of Personnel Management, to the extent it 
requires information to carry out its role as the oversight agency 
responsible for promoting the effectiveness of civilian personnel 
management and ensuring compliance with civilian personnel laws and 
regulations, if the information is relevant and necessary for that 
purpose.
    18. To the Merit Systems Protection Board (including its Office of 
the Special Counsel) if relevant and necessary for its oversight 
responsibility, to protect the integrity of federal merit systems and 
the rights of federal civilian employees working in the systems.
    19. To the Federal Labor Relations Authority (including the General 
Counsel of the Authority and the Federal Service Impasses Panel) if 
relevant and necessary for its oversight of the federal service labor-
management relations program, pertaining to civilian employees.
    20. To a labor organization recognized under E.O. 11491 or 5 U.S.C. 
Chapter

[[Page 48542]]

71, when a contract between a component of the Department and the labor 
organization provides that the agency will disclose civilian personnel 
records when relevant and necessary to the labor organization's duties 
of exclusive representation concerning civilian personnel policies, 
practices, and matters affecting working conditions.
    21. To the Department of Labor to make a compensation determination 
in connection with a claim filed by a civilian employee for worker's 
compensation on account of a job-connected injury or disease.
    22. To state officers of unemployment compensation in connection 
with claims filed by former HHS civilian employees for unemployment 
compensation.
    23. To the U.S. Department of Homeland Security (DHS) if captured 
in an intrusion detection system used by HHS and DHS pursuant to a DHS 
cybersecurity program that monitors Internet traffic to and from 
federal government computer networks to prevent a variety of types of 
cybersecurity incidents.
    24. To appropriate federal agencies and Department contractors that 
have a need to know the information for the purpose of assisting the 
Department's efforts to respond to a suspected or confirmed breach of 
the security or confidentiality of information maintained in this 
system of records, when the information disclosed is relevant and 
necessary for that assistance.
    Information about an individual may also be disclosed to parties 
outside the agency without the individual's prior, written consent for 
any of the uses authorized directly in the Privacy Act at 5 U.S.C. 
552a(b)(2) and (b)(4)-(11). Note: The following requirements apply to a 
disclosure to another federal agency pursuant to 5 U.S.C. 552a(b)(7) 
(i.e., in response to a written request from the head of that agency 
for a civil or criminal law enforcement activity authorized by law, 
specifying the particular portion desired and the law enforcement 
activity for which the record is sought): The request must be connected 
with the agency's auditing and investigative functions designed to 
reduce fraud, waste and abuse; it must be based on information that 
raises questions about an individual's eligibility for benefits or 
payments; and it must be made reasonably soon after the information is 
received.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM--
Storage:
    Automated files are stored on secured electronic storage 
applications, disks, electronic medium and magnetic tapes. Non-
automated (hard-copy) files are kept in offices, and may be stored in 
shelves, safes, cabinets, bookcases or desks.

Retrievability:
    Civilian payroll records: Records are retrieved by pay period and 
name and/or Social Security Number and timekeeper number within each 
pay period.
    Commissioned corps payroll records: Records are retrieved by name, 
by PHS serial number, by Direct AccessEmplId and/or by Social Security 
Number.

Safeguards:
    Safeguards conform to the HHS Information Security and Privacy 
Program, http://www.hhs.gov/ocio/securityprivacy/index.html.
    1. Authorized Users
    Automated Records. Access to and use of automated records is 
limited to: (1) Authorized personnel within HHS who perform payroll and 
personnel office functions, and authorized personnel of any contractors 
or federal agencies assisting HHS with those functions; (2) authorized 
officials in offices where commissioned officers are assigned--at HHS 
and at other federal agencies--whose official duties require such 
access; and (3) authorized personnel in other federal agencies, such as 
the U.S. Treasury with respect to federal payment and tax collection 
activities, acting on behalf of HHS for payroll-related activities.
    Non-automated records. Access to and use of non-automated records 
is limited to HHS-employees whose official duties require such access 
or to parties outside HHS who need access to the information for 
purposes stated under routine uses. These individuals are permitted 
access to records only after they have satisfactorily identified 
themselves as having an official need to review the information and 
have provided satisfactory proof of their identities. Access is also 
granted to individuals who have permission to review the record when 
that permission has been obtained in writing and in advance from the 
individual to whom the record pertains. All individuals from outside 
the Department, to whom disclosure is made pursuant to a routine use, 
must complete Privacy Act nondisclosure oaths and must submit written 
requests for access to these records showing the name and employing 
office of the requester, the date on which the record is requested, and 
the purpose for reviewing the information in the records. This written 
request is then placed into the record.
    2. Physical safeguards
    Automated records. Terminals by which automated records are 
accessed are kept in offices secured with locks. Automated records on 
magnetic tape, disks and other computer equipment are kept in rooms 
designed to protect the physical integrity of the records media and 
equipment. These rooms are within inner offices to which access is 
permitted only with special clearance. The data is encrypted using 
NIST-approved encryption methods. Outer offices are secured with locks. 
During non-work hours, all cabinets, storage facilities, rooms and 
offices are locked and the premises are patrolled regularly by building 
security forces.
    Non-automated records. Non-automated records are kept in such a way 
as to prevent observation by unauthorized individuals while the records 
are actively in use by an authorized employee. When records are not in 
use, they are closed and secured in desk drawers with locks, filing 
cabinets with locks, or other security equipment, all of which are kept 
inside authorized office space which is locked whenever it is not in 
use. Keys to furniture and equipment are kept only by the individual 
who is assigned to that furniture or equipment and by security 
officers.
    3. Procedural safeguards
    Automated records. Automated records are secured by assigning 
individual access codes to authorized personnel, and by the use of 
passwords for specific records created by authorized personnel. Access 
codes and passwords are changed on a random schedule. In addition, 
programming for automated record allows authorized personnel to access 
only those records that are essential to their duties. Remote access to 
automated data from remote terminals is restricted to a limited number 
of HHS personnel, HHS contractor personnel, and personnel at other 
federal agencies engaged by HHS who perform payroll and personnel 
office functions; similar personnel at other federal agencies where 
commissioned officers are assigned; and personnel at federal agencies 
(such as U.S. Treasury) that act on behalf of HHS for payroll-related 
activities. No access is permitted to organizations that do not have 
automated personnel record-keeping systems that comply with Privacy Act 
requirements.

[[Page 48543]]

    Non-automated records. All files are secured when employees are 
absent from the premises and are further protected by locks on entry 
ways and by the building security force. Official records may not be 
removed; when records are needed at a remote location, copies of the 
records are provided. When copying records for authorized purposes, 
care is taken to ensure that any imperfect or extra copies are not left 
in the copier room where they can be read, but are destroyed or 
obliterated.
    4. Contractor Guidelines
    A contractor given records under routine use 1 must maintain the 
records in a secured area, allow only those individuals immediately 
involved in the processing of the records to have access to them, 
prevent any unauthorized persons from gaining access to the records, 
and return the records to the System Manager immediately upon 
completion of the work specified in the contract. Contractor compliance 
is assured though inclusion of Privacy Act requirements in contract 
clauses, and through monitoring by contract and project officers. 
Contractors who maintain records are instructed to make no disclosure 
of the records except as authorized by the System Manager and stated in 
the contract.

Retention And Disposal:
    Civilian payroll records: Records are retained and disposed of in 
accordance with General Records Schedule 2 (GRS 2), ``Payrolling and 
Pay Administration Records,'' which prescribes retention periods 
ranging from as short as a few months or years to as long as 56 years. 
When an employee is separated, leave records are incorporated into the 
Official Personnel File (OPF) maintained by the servicing personnel 
office (SPO), and payroll retirement information is transferred to the 
Federal Retirement Records Center in Boyers, Pennsylvania. The OPF is 
forwarded to the new employing agency by the SPO. These procedures are 
in accordance with U.S. Office of Personnel Management policies and 
procedures.
    Commissioned corps payroll records: When an officer is separated, 
records are incorporated into the OPF and transferred to a Federal 
Records Center in accordance with 09-40-0001, ``PHS Commissioned Corps 
General Personnel Records, HHS/OS'' procedures. When an officer retires 
from the commissioned corps, a retirement payment file is generated and 
maintained in Compensation. When the officer and/or annuitant dies, the 
file is retained in Compensation for 3 years, then is incorporated into 
the OPF and transferred to a Federal Records Center in accordance with 
09-40-0001, ``PHS Commissioned Corps General Personnel Records, HHS/
PSC/HRS'' procedures.
    Destruction methods: Records that are eligible for destruction are 
securely disposed of using destruction methods prescribed by NIST SP 
800-88.

SYSTEM MANAGER AND ADDRESS:
    System Manager for civilian payroll records: DFAS. For more 
information, contact HHS/Customer Care Services, 8455 Colesville Rd., 
Silver Spring, MD.
    System Manager for commissioned corps payroll records: Director, 
OASH/OSG/Division of Systems Integration, Plaza Level, Suite 100, Tower 
Building, 1101 Wootton Parkway, Rockville, MD 20852.

NOTIFICATION PROCEDURE:
    An individual who wishes to know if this system contains records 
about him or her should submit a written request to the applicable 
System Manager. The request should include the full name of the 
individual, appropriate personal identification, and the individual's 
current address.

RECORD ACCESS PROCEDURE:
    Procedure for accessing civilian payroll records:
    1. General procedures. A subject individual, or parent, or legal 
guardian of an incompetent individual, who appears at a specific 
location seeking access to or disclosure of records relating to him/her 
may initially contact his/her agency personnel office or payroll 
liaison for information about obtaining access to the records. Such 
individuals will be required to verify their identity to the 
satisfaction of the agency employee providing access. Refusal to 
provide sufficient proof of identity will result in denial of the 
request for access until such time as proof of identity can be 
obtained.
    2. Requests by mail. Written requests must be addressed to the 
System Manager or the appropriate payroll liaison. A comparison will be 
made of that signature and the signature maintained in a file prior to 
release of the material requested. Copies of the records to which 
access has been requested will be mailed to the individual.
    3. Requests by phone. Because positive identification of the caller 
cannot be established with sufficient certainty, telephone requests for 
access to records will not be honored.
    4. Accounting of disclosures. An individual who is the subject of 
the records in this system may also request an accounting of all 
disclosures outside the Department, if any, that have been made from 
the individual's records.
    Procedure for accessing commissioned corps payroll records:
    1. General procedures. An individual (and/or the individual's legal 
representative) seeking access to his/her records may initially contact 
the DCCPR Privacy Act Coordinator for information about obtaining 
access to the records. Each individual seeking access will be required 
to verify his/her identity to the satisfaction of the DCCPR Privacy Act 
Coordinator. Refusal to provide sufficient proof of identity will 
result in denial of the request for access until such time as proof of 
identity can be obtained. The System Manager has authority to release 
records to authorized officials within DCCPR, HHS and other 
organizations where commissioned officers are assigned.
    2. Requests in person. An individual who is the subject of a record 
and who appears in person seeking access shall provide his/her name and 
at least one piece of tangible identification (e.g., PHS Commissioned 
Corps Identification Card, driver's license or passport). 
Identification cards with current photograph are required. The records 
will be reviewed in the presence of an appropriate Compensation 
employee, who will answer questions and ensure that the individual 
neither removes nor inserts any material into the record without the 
knowledge of the Compensation employee. If the individual requests a 
copy of any records reviewed, the Compensation employee will provide 
them to the individual. The Compensation employee will record the name 
of the individual granted access, the date of access, and information 
about the verification of identity on a separate log sheet maintained 
in the office of the Privacy Act Coordinator, DCCPR.
    3. Requests by mail. Written requests must be addressed to the 
System Manager or the DCCPR Privacy Act Coordinator at the address 
shown as the System Location above. All written requests must be signed 
by the individual seeking access. A comparison will be made of that 
signature and the signature maintained on file prior to release of the 
material requested. Copies of the records to which access has been 
requested will be mailed to the individual. The original version of a 
record will not be released except in very unusual situations when only 
the original will satisfy the purpose of the request.
    4. When an individual to whom a record pertains is mentally 
incompetent or under other legal disability, information in the 
individual's records may be disclosed to any person who is legally 
responsible for the care of the

[[Page 48544]]

individual, to the extent necessary to assure payment of benefits to 
which the individual is entitled.
    5. Requests by phone. Because positive identification of the caller 
cannot be established with sufficient certainty, telephone requests for 
access to records will not be honored.
    6. Accounting of disclosures. An individual who is the subject of 
records maintained in this records system may also request an 
accounting of all disclosures outside the Department, if any, that have 
been made from that individual's records.

CONTESTING RECORD PROCEDURES:
    An individual seeking to contest the content of information about 
him or her in this system should contact the applicable System Manager 
at the address specified under ``System Manager'' above and reasonably 
identify the record, specify the information contested, state the 
corrective action sought, and provide the reasons for the correction, 
with supporting justification.

RECORD SOURCE CATEGORIES:
    Information is obtained from individual personnel members (civilian 
employees and Public Health Service officers) and applicants, their 
dependents and former spouses, governmental and private training 
facilities, health professional licensing and credentialing 
organizations (e.g., organizations that verify license and credential 
information), government officials and employees, and from records 
contained in or transferred from predecessor payroll systems.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:
    None.

    Dated: July 30, 2015.
John W. Gill,
Deputy Assistant Secretary, ASA.
[FR Doc. 2015-19855 Filed 8-12-15; 8:45 am]
BILLING CODE 4151-17-P