[Federal Register Volume 81, Number 136 (Friday, July 15, 2016)]
[Notices]
[Pages 46069-46072]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-16726]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID: DOD-2016-HA-0077]


Privacy Act of 1974; System of Records

AGENCY: Defense Health Agency, DoD.

ACTION: Notice to alter a system of records.

-----------------------------------------------------------------------

SUMMARY: The Defense Health Agency proposes to alter an existing system 
of records, EDHA 12, entitled ``Third Party Collection System.'' This 
system is used to provide the Military Services medical billing, 
collections, and reporting processes for users at multiple locations, 
and to serve as the single source of financial information for the 
accounting of uniform business office accounts receivable.

DATES: Comments will be accepted on or before August 15, 2016. This 
proposed action will be effective the date following the end of the 
comment period unless comments are received which result in a contrary 
determination.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
    * Federal Rulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments.
    * Mail: Department of Defense, Office of the Deputy Chief 
Management

[[Page 46070]]

Officer, Directorate of Oversight and Compliance, 4800 Mark Center 
Drive, Mailbox #24, Alexandria, VA 22350-1700. Instructions: All 
submissions received must include the agency name and docket number for 
this Federal Register document. The general policy for comments and 
other submissions from members of the public is to make these 
submissions available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any 
personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Linda S. Thomas, Chief, Defense 
Health Agency Privacy and Civil Liberties Office, 7700 Arlington 
Boulevard, Suite 5101, Falls Church, VA 22042-5101, or by phone at 
(703) 275-6363.

SUPPLEMENTARY INFORMATION: The Defense Health Agency notices for 
systems of records subject to the Privacy Act of 1974 (5 U.S.C. 552a), 
as amended, have been published in the Federal Register and are 
available from the address in FOR FURTHER INFORMATION CONTACT or at the 
Defense Privacy and Civil Liberties Division Web site at http://dpcld.defense.gov/.
    The proposed system report, as required by 5 U.S.C. 552a(r) of the 
Privacy Act of 1974, as amended, was submitted on June 23, 2016, to the 
House Committee on Oversight and Government Reform, the Senate 
Committee on Governmental Affairs, and the Office of Management and 
Budget (OMB) pursuant to paragraph 4 of Appendix I to OMB Circular No. 
A-130, ``Federal Agency Responsibilities for Maintaining Records About 
Individuals,'' revised November 28, 2000 (December 12, 2000 65 FR 
77677).

    Dated: July 11, 2016.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
EDHA 12

System name:
    Third Party Collection System (November 18, 2013, 78 FR 69076)
    Changes
* * * * *

System location:
    Delete entry and replace with ``Primary: General Dynamics 
Information Technology, Corporate Office Properties Trust (COPT) Data 
Center Solutions DC-6, 9651 Hornbaker Road, Manassas, VA 20109-3976.
    Alternate: General Dynamics Information Technology, 11400 Westmoor 
Circle, Westminster, CO 80021-2735.
    For a complete listing of all facility addresses write to the 
system manager.''
    Categories of individuals covered by the system:
    Delete entry and replace with ``Members of the Uniformed Services 
(including Reserve and National Guard personnel) and their dependents 
and retired military members and their dependents who receive or have 
received health services approved by DoD; contractors participating in 
military deployments or related operations who receive or have received 
medical or dental care at a military treatment facility (MTF); DoD 
civilian employees (to include non-appropriated fund employees), and 
other individuals who receive or have received medical or dental care 
at an MTF.''

Categories of records in the system:
    Delete entry and replace with ``Individual Data: Patient name, DoD 
Identification Number (DoD ID Number), Social Security Number (SSN) (or 
foreign identification), citizenship, whether treatment was outpatient 
or inpatient, outpatient visit date and time, date of birth, address, 
email address, home and cell phone telephone numbers, gender, marital 
status, emergency contact information, driver's license number, family 
member prefix, and relationship to policy holder; sponsor or insurance 
policy holder name, SSN or DoD ID Number, and date of birth; other 
covered family member name(s), SSN, and date of birth; and, if 
applicable, Medicare and Medicaid coverage data.
    Insurance Policy Information Data: Policy number or identification, 
card holder identification, group number, group name, enrollment plan/
code, policy effective date, policy category, policy end date, 
insurance company name, address, and telephone number, insurance type, 
policy holder, and whether policy holder is insured through their 
employer; pharmacy insurance company name, address, and phone number, 
and pharmacy policy number, BIN number, and patient identification 
number.
    Employer Information data: Employer name, address, and telephone 
number.
    Billing Information Data: Bill type (MTF, clinic, pharmacy, 
laboratory/radiology, or ambulance), name and location of MTF, whether 
treatment was outpatient or inpatient, outpatient visit date and time, 
inpatient admission and discharge dates and time, patient 
identification number, patient name, provider code/description, office 
visit code description, Medical Expense and Performance Reporting 
System code/description, diagnosis code/description, billing amount, 
user who created the bill, date bill was created, status of bill, and 
source of billing data.
    Accounting Information Data: Control number, transaction code, 
debit amount, credit amount, check number, batch posting number, 
balance, patient identification number, patient name, encounter date, 
comments, entry date, and follow-up date.
    Insurance Company Data: Tables for insurance company, policy, 
provider, fees, codes, rates, and procedure maintenance.''

Authority for the maintenance of the system:
    Delete entry and replace with ``10 U.S.C. 1079b, Procedures for 
charging fees for care provided to civilians; retention and use of fees 
collected; 10 U.S.C. 1095, Health care services incurred on behalf of 
covered beneficiaries: Collection from third-party payers; 42 U.S.C. 
Chapter 32, Third Party Liability For Hospital and Medical Care; 28 CFR 
part 43, Recovery of Costs of Hospital and Medical Care and Treatment 
Furnished by the United States; 32 CFR part 199, Civilian Health and 
Medical Program for the Uniformed Services (CHAMPUS); 32 CFR part 220, 
Collection from Third Party Payers of Reasonable Charges for Healthcare 
Services; DoD Instruction 6015.23, Foreign Military Personnel Care and 
Uniform Business Offices in Military Treatment Facilities (MTFs); and 
E.O. 9397 (SSN), as amended.''

Purpose(s):
    Delete entry and replace with ``To provide the Military Services 
medical billing, collections, and reporting processes for users at 
multiple locations, and to serve as the single source of financial 
information for the accounting of uniform business office accounts 
receivable.
    To assist the Defense Finance Accounting Service (DFAS) in 
collecting delinquent debts.''
    Routine uses of records maintained in the system, including 
categories of users and the purposes of such uses:
    Delete entry and replace with ``In addition to those disclosures 
generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, as 
amended, these records may specifically be disclosed outside the DoD as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    To interface with all commercial insurance carriers and parties 
against whom recovery has been sought by the DoD Military Health System 
(MHS), as well as all parties involved in support of the collection 
activities for health care approved by the DoD.

[[Page 46071]]

    To the Departments of Treasury, Veterans Affairs, and Homeland 
Security in order to obtain reimbursement to the DoD for medical 
services provided by the MHS to beneficiaries and workforce members of 
such Departments.
    To other persons or organizations, including other health insurers, 
Medicare, and Medicaid, who may be liable for payment for health care 
and medical services provided to an individual by the MHS.
    To data clearinghouses for the purpose of converting the medical 
and pharmacy claims to an industry-wide format then forwarding to 
insurance companies (and other payers) electronically for payment.
    Except as stipulated in NOTE 1 and NOTE 2 below, the DoD Blanket 
Routine Uses set forth at the beginning of the Defense Privacy and 
Civil Liberties Division compilation of systems of records notices may 
apply to this system. The complete list of DoD Blanket Routine Uses can 
be found online at: http://dpcld.defense.gov/Privacy/SORNsIndex/BlanketRoutineUses.aspx
    NOTE 1: This system of records contains individually identifiable 
health information. The DoD Health Information Privacy Regulation (DoD 
6025.18-R) or any successor DoD issuances implementing the Health 
Insurance Portability and Accountability Act of 1996 (HIPAA) and 45 CFR 
parts 160 and 164, Health and Human Services, General Administrative 
Requirements and Security & Privacy, respectively, applies to most such 
health information. DoD 6025.18-R or a successor issuance may place 
additional procedural requirements on the uses and disclosures of such 
information beyond those found in the Privacy Act of 1974, as amended, 
or mentioned in this system of records notice.
    NOTE 2: Records of identity, diagnosis, prognosis or treatment 
information of any patient maintained in connection with the 
performance of any program or activity relating to substance abuse 
education, prevention, training, treatment, rehabilitation, or 
research, which is conducted, regulated, or directly or indirectly 
assisted by a department or agency of the United States will be treated 
as confidential and disclosed only for the purposes and under the 
circumstances expressly authorized under 42 U.S.C. 290dd-2.''
    Policies and practices for storing, retrieving, accessing, 
retaining, and disposing of records in the system:

Storage:
    Delete entry and replace with ``Paper records and electronic 
storage media.''

Retrievability:
    Delete entry and replace with ``Patient name, SSN (or foreign 
identification) or DoD ID Number, insurance company name, date range, 
sponsor name, sponsor SSN or DoD ID Number, or patient identification 
number.''

Safeguards:
    Delete entry and replace with ``Physical access to the information 
technology (IT) system location is restricted by visitor escort, access 
rosters, and photo identification. Adequate locks are on doors and 
server components are secured in a locked computer room with limited 
access. Each end user device is protected within a locked storage 
container, room, or building outside of normal business hours. All 
visitors and other persons that require access to facilities that house 
servers and other network devices supporting the IT system that do not 
have authorization for access are escorted by appropriately screened/
cleared personnel at all times.
    Access to the IT system is role-based and a valid user account is 
required. The system is Public Key Infrastructure-enforced with two-
factor authentication and can be accessed by use of Common Access Card 
and personal identification number. Authorized personnel must have 
appropriate Information Assurance training, HIPAA training, and Privacy 
Act training.
    Paper records are protected by the security and policies in place 
at the locations where they are held. All locations are within or under 
contract with the MHS, and require personnel to undergo appropriate 
training.''

Retention and disposal:
    Delete entry and replace with ``Close out at end of the calendar 
year in which received. Destroy 10 year(s) after cut off.''

System manager(s) and address:
    Delete entry and replace with ``Program Manager, DHA Solutions 
Delivery Division, Clinical Support, Fort Sam Houston, San Antonio, TX 
78234-2639.''

Notification procedure:
    Delete entry and replace with ``Individuals seeking to determine 
whether information about themselves is contained in this system of 
records should address written inquiries to the Chief, Freedom of 
Information Act (FOIA) Service Center, Defense Health Agency Privacy 
and Civil Liberties Office, 7700 Arlington Boulevard, Suite 5101, Falls 
Church, VA 22042-5101.
    Requests should contain the name and number of this system of 
records notice, the individual's full name, current address, home or 
cell phone telephone number, SSN or DoD ID Number, and signature.
    In addition, the requester must provide a notarized statement or an 
unsworn declaration made in accordance with 28 U.S.C. 1746, in the 
following format:
    If executed outside the United States: `I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).'
    If executed within the United States, its territories, possessions, 
or commonwealths: `I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).'
    If requesting information about a minor or legally incompetent 
person, the request must be made by the custodial parent, legal 
guardian, or person with legal authority to make decisions on behalf of 
the individual. Written proof of that status may be required before the 
existence of any information will be confirmed.''

Record access procedures:
    Delete entry and replace with ``Individuals seeking access to 
records about themselves contained in this system of records should 
address written inquiries to the Chief, FOIA Service Center, Defense 
Health Agency Privacy and Civil Liberties Office, 7700 Arlington 
Boulevard, Suite 5101, Falls Church, VA 22042-5101.
    Requests should contain the name and number of this system of 
records notice, the individual's full name, current address, home or 
cell phone telephone number, SSN or DoD ID Number, and signature.
    In addition, the requester must provide a notarized statement or an 
unsworn declaration made in accordance with 28 U.S.C. 1746, in the 
following format:
    If executed outside the United States: `I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).'
    If executed within the United States, its territories, possessions, 
or commonwealths: `I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).'

[[Page 46072]]

    If requesting information about a minor or legally incompetent 
person, the request must be made by the custodial parent, legal 
guardian or person with legal authority to make decisions on behalf of 
the individual. Written proof of that status may be required before any 
records will be provided.''

Contesting record procedures:
    Delete entry and replace with ``The Office of the Secretary of 
Defense (OSD) rules for accessing records, for contesting contents and 
appealing initial agency determinations are published in OSD 
Administrative Instruction 81, 32 CFR part 311, or may be obtained from 
the system manager.''

Record source categories:
    Delete entry and replace with ``The Composite Health Care System 
(CHCS) and the individual.''
* * * * *
[FR Doc. 2016-16726 Filed 7-14-16; 8:45 am]
 BILLING CODE 5001-06-P