[Federal Register Volume 87, Number 146 (Monday, August 1, 2022)]
[Notices]
[Pages 46967-46970]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-16344]



[[Page 46967]]

-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Health Resources and Services Administration


Privacy Act of 1974; System of Records

AGENCY: Health Resources and Services Administration (HRSA), Department 
of Health and Human Services (HHS).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 1974 
as amended, HHS is publishing notice of modifications to system of 
records 09-15-0055, ``Organ Procurement and Transplantation Network 
(OPTN)/Scientific Registry of Transplant Recipients (SRTR) Data 
System,'' maintained by HRSA, Health Systems Bureau.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
applicable August 1, 2022, subject to a 30-day period in which to 
comment on the new routine uses, described below. Please submit any 
comments by August 31, 2022.''

ADDRESSES: The public should address written comments on the system of 
records to Christopher McLaughlin, email address [email protected].

FOR FURTHER INFORMATION CONTACT: General questions about the system of 
records may be submitted to Christopher McLaughlin, email 
[email protected], telephone (301) 443-7577. This is not a toll-free 
number.

SUPPLEMENTARY INFORMATION:

Explanation of Changes

    The revised system of records notice (SORN) for System No. 09-15-
0055 includes these substantive changes:
    1. Updates the System Location and System Manager sections to 
reflect the responsible HRSA Bureau's current name (``Healthcare'' 
Systems Bureau is now ``Health'' Systems Bureau) and to reflect a 
change in the contractor for the Scientific Registry of Transplant 
Recipients (SRTR).
    2. Updates the Authorities section, which previously cited 42 
U.S.C. 274 as authorizing maintenance of network information, 42 U.S.C. 
274a as authorizing maintenance of registry information, and 
implementing regulations at 42 CFR part 121, to now also indicate which 
specific subsections of 42 U.S.C. 274 are applicable and to add 42 
U.S.C. 273a, which authorizes maintenance of information needed to 
evaluate long-term effects associated with living donations.
    3. Revises the Purpose(s) section to expand the purpose description 
at (2) to include ``. . . OPTN bylaws and policies, including risks to 
the health of patients or to the public safety'' in place of ``. . . 
OPTN requirements'' and to add two new purpose descriptions at (6) and 
(7).
    4. Expands the Categories of Individuals section to include four 
new categories at 4 through 7, to remove ``deceased'' persons from whom 
organs have been obtained from category 1, and to include a note 
stating that all categories are limited to living individuals (because 
only records about living individuals are governed by the Privacy Act 
and pertinent to the SORN).
    5. Revises the Categories of Records section to include an 
introductory statement that the records consist of all information 
needed for organ matching and placement and follow-up; to clarify that 
donor registration information is collected about prospective donors 
whether or not they become donors; to add ``address'' and change 
``gender'' to ``sex at birth'' in the list of data elements; and to 
remove ``living'' and ``deceased'' from the descriptions.
    6. Updates the Record Source Categories section to include 
individuals' health care providers and CMS and other organizations as 
additional sources of information in the records.
    7. Adds three new routine uses and revises three existing routine 
uses authorizing disclosures to non-HHS parties:
    [cir] New routine use 2 will allow disclosure of records to the 
OPTN Board of Directors, Committees, and Review Boards, in the event 
they need access to identifiable information about an individual for 
their deliberations, to do the work required of them.
    [cir] Routine use 3 (formerly 2), which authorizes disclosures to 
transplant centers, histocompatibility laboratories, organ procurement 
organizations, and various other listed entities, has been revised to 
replace ``organ donors'' with ``living individuals who are potential 
deceased or potential living organ donors;'' to update the list of 
disclosure recipients to omit ``the Transplant Transmission Sentinel 
Network'' and shorten ``NCI contractors, State cancer registries and 
other State health agencies'' to ``State registries and State health 
agencies;'' and to remove redundant wording that repeats part of the 
definition of a routine use (i.e., ``provided that such disclosure is 
compatible with the purpose for which the records were collected'').
    [cir] Routine use 4 (formerly 3), which authorizes disclosures to 
the Department of Justice (DOJ) in the event of litigation against HHS 
or against an HHS employee or the United States affecting HHS, has been 
revised to add ``a court or other tribunal'' as disclosure recipients.
    [cir] New routine use 5 will allow disclosure of records to DOJ or 
to a court or other tribunal in the event of pending or potential 
litigation involving HHS or the United States as a plaintiff, 
intervenor, or amicus; the OPTN contractor or SRTR contractor as a 
defendant; or the OPTN.
    [cir] Routine use 6 (formerly 4), which authorizes disclosures to 
congressional offices to facilitate responses to constituent requests, 
has been revised to change ``verified inquiry'' to ``written inquiry.''
    [cir] New routine use 10 will allow disclosure of records to health 
care professionals providing clinical treatment to subject individuals, 
subject to a list of conditions.
    8. The Storage section continues to state that records are 
maintained electronically and in hard copy files, but now omits ``file 
folders'' (as redundant of ``hard copy files'') and omits ``magnetic 
tapes'' and ``disc packs'' (as obsolete forms of electronic storage 
media).
    9. The Retrieval section has been revised to omit ``date of 
birth,'' which, although used for retrieval, is not a personal 
identifier.
    10. The Retention section has been corrected to state that the 
records are currently unscheduled and retained indefinitely pending 
scheduling with the National Archives and Records Administration (NARA) 
(instead of stating that records are retained for no more than 25 years 
beyond the known death of the subject individual), and to remove 
shredding and degaussing descriptions, because secure destruction 
methods are addressed in the Safeguards section.
    11. Minor changes have been made to the Safeguards section, e.g., 
to change ``HRSA Project Officer'' to ``HRSA Contracting Officer's 
Representative,'' to change ``automated and nonautomated documents'' to 
``electronic and hard-copy files,'' to remove references to magnetic 
tape and disk packs, and to change ``records storage area'' to ``files 
storage area.''
    12. The Records Access Procedures section has been revised to omit 
references to provisions in the HHS Privacy Act regulations which are 
legally deficient. The provisions require a parent or legal guardian of 
a subject individual seeking access to medical records about the 
individual to designate a health professional to whom

[[Page 46968]]

HHS can release the requested records. The provisions fail to ensure 
that records released by HHS to the health professional will be fully 
disclosed by the health professional to the requesting parent or 
guardian, and they fail to ensure provision of administrative appeal 
rights to the requesting parent or guardian.

Diana Espinosa,
Deputy Administrator.
System Name and Number
    Organ Procurement and Transplantation Network (OPTN)/SRTR Data 
System, 09-15-0055.

Security Classification
    Unclassified.

System Location
    The address of the agency component responsible for the system of 
records is:
     HRSA Division of Transplantation, Health Systems Bureau, 
5600 Fishers Lane Rockville, Maryland 20857.
    Service provider addresses:
     OPTN Contractor: United Network for Organ Sharing (UNOS), 
700 N 4th Street, Richmond, VA 23219.
     SRTR Contractor: Chronic Disease Research Group of the 
Hennepin Healthcare Research Institute, 701 Park Avenue, Suite S4-100, 
Minneapolis, MN 55415.

System Manager(s)
    The system managers are as follows:
     For OPTN records: United Network for Organ Sharing (UNOS), 
email address [email protected], telephone (888) 894-6361.
     For SRTR records: Chronic Disease Research Group (CDRG), 
Hennepin Healthcare Research Institute, email address [email protected], 
telephone (877) 970-7787.
    Contact information for HRSA Division of Transplantation: Division 
of Transplantation, Health Systems Bureau, HRSA, email address 
[email protected], telephone (301) 443-7577.

Authority for Maintenance of the System
    42 U.S.C. 274 requires that the HHS Secretary, by contract, provide 
for the establishment and operation of an organ procurement and 
transplantation network, and 42 U.S.C. 274a requires that the 
Secretary, by grant or contract, develop and maintain a scientific 
registry of the recipients of organ transplants. 42 U.S.C. 
274(b)(2)(H), 274(b)(2)(I), and 42 CFR part 121 authorize OPTN's and 
SRTR's collection of the information included in this system of 
records. In addition, 42 U.S.C. 273a authorizes HHS to establish and 
maintain mechanisms to evaluate the long-term effects associated with 
living donations. Federal regulations at 42 CFR 121.11 also authorize 
the OPTN and SRTR to collect information concerning living organ donors 
and prospective living organ donors as the Secretary deems appropriate.

Purpose(s) of the System
    Records are used by the Department, the OPTN, the OPTN contractor, 
and the SRTR contractor to: (1) facilitate organ placement and match 
donor organs with recipients; (2) monitor compliance of member 
organizations with federal laws and regulations and with OPTN bylaws 
and policies, including risks to the health of patients or to the 
public safety; (3) review and report periodically to the public on the 
status of organ donation and transplantation in the United States; (4) 
provide data to researchers and government agencies to study the 
scientific and clinical status of organ donation and transplantation; 
(5) perform transplantation-related public health surveillance 
including possible transmission of donor disease; (6) provide data on 
individuals with records in the system to HHS' Centers for Medicare & 
Medicaid Services (CMS) and to contractors of CMS business associates, 
with appropriate limitations, data protections, and safeguards 
including execution of a written agreement attesting to the data 
recipient's understanding of, and willingness to abide by these 
provisions, for purposes including to monitor the individual's status 
in the OPTN system and to inform the individual's clinical care in 
order to assist in registering candidates on the waitlist and in 
facilitating organ placement and matching donor organs with recipients; 
and (7) provide data on individuals with records in the system to 
health care professionals providing clinical care to those individuals, 
for purposes including to monitor the individual's status in the OPTN 
system and to inform the individual's clinical care in order to assist 
in registering candidates on the waitlist and in facilitating organ 
placement and matching donor organs with recipients.

Categories of Individuals Covered by the System
    Records pertain to the following categories of individuals (note 
that all categories are limited to living individuals):
    1. Individuals from whom organs have been obtained for 
transplantation.
    2. Individuals who are candidates for receiving organ 
transplantation.
    3. Individuals who have been recipients of transplanted organs.
    4. Individuals who are potential deceased organ donors.
    5. Individuals who are potential living organ donors or individuals 
who intend to become living organ donors (even if the donation does not 
occur).
    6. Individuals who donate organs for transplantation.
    7. Individuals being evaluated for transplant receipt.

Categories of Records in the System
    The records consist of information about potential donors and 
transplant candidates required for organ matching and placement and 
follow-up. Categories of records include donor registration, transplant 
candidate registration, transplant recipient registration, 
histocompatibility, transplant recipient follow-up, donor follow-up, 
registration of prospective organ donors who did not become donors, 
forms, and other non-registry operational information. Data elements 
include: name, Social Security number, address, identifiers assigned by 
OPTN and SRTR contractors, hospital and hospital provider number, State 
and zip code of residence, citizenship, race/ethnicity, sex at birth, 
date and time of organ recovery, and transplantation, name of 
transplant center, histocompatibility information, donor medical 
information, recipient and donor medical information before and after 
transplantation, immunosuppressive medication, health care coverage, 
employment, and education level.

Record Source Categories
    Individuals' records are provided to the OPTN contractor and SRTR 
contractor by organ procurement organizations, histocompatibility 
laboratories, organ transplant centers, and health care providers which 
obtain the information directly from individuals or their 
representatives. Records may also be supplemented with information from 
other sources of data, such as CMS and other organizations.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses
    In addition to other disclosures authorized directly in the Privacy 
Act at 5 U.S.C. 552a(b)(1) and (2) and (b)(4) through (11), records 
about an individual may be disclosed from this system of records 
without the individual's prior written consent, to the following non-
HHS parties for the following purposes:
    1. HRSA may disclose records to Departmental contractors and/or 
their

[[Page 46969]]

subcontractors who have been engaged by the Department to assist in 
accomplishment of a Departmental function relating to the purposes for 
this system of records and who require access to the records in order 
to assist the Department.
    2. HRSA, independently and through its contractor(s), may disclose 
records regarding potential deceased organ donors (who are still 
living), living and potential living organ donors, organ transplant 
candidates, and organ transplant recipients, to members of the OPTN 
Board of Directors, OPTN Committees, and OPTN Review Boards. Such 
disclosures will be shared only on a need to know basis in order for 
members of the OPTN Board of Directors, Committees, and Review Boards 
to do the work required of them for the operation of the OPTN relating 
to the purposes of this system of records, including matching donor 
organs with recipients, monitoring compliance of member organizations 
with Federal laws and regulations and OPTN bylaws and policies and for 
risks to the health of patients or for the public safety and 
transplantation-related public health surveillance. Generally, such 
information is not shared in a patient-identified or identifiable 
manner.
    3. HRSA, independently and through its contractor(s), may disclose 
records regarding living individuals who are potential deceased or 
potential living donors, potential organ transplant candidates, and 
organ transplant recipients, to transplant centers, histocompatibility 
laboratories, organ procurement organizations, and other public health 
agencies such as Surveillance Epidemiology and End Results Program 
registries, State registries, and State health agencies, for purposes 
including: matching donor organs with recipients, monitoring compliance 
of member organizations with federal laws and regulations and OPTN 
requirements, reviewing and reporting periodically to the public on the 
status of organ donation and transplantation in the United States, and 
transplantation-related public health surveillance. These records 
consist of Social Security numbers, other patient identification 
information, and pertinent medical information.
    4. HRSA may disclose records to the Department of Justice (DOJ) or 
to a court or other tribunal in litigation involving, as a defendant, 
(a) the Department, any component of the Department, or any employee of 
the Department in his or her official capacity; (b) the United States 
where the Department determines that the claim, if successful, is 
likely to affect directly the operation of the Department or any of its 
components; or (c) any Department employee in his or her individual 
capacity where the DOJ has agreed to represent such employee, for 
example, in defending a claim against the Public Health Service in 
connection with such individual, for the purpose of enabling DOJ to 
present an effective defense.
    5. HRSA may disclose records to DOJ or to a court or other tribunal 
in the event of pending or potential litigation involving the 
Department or the United States as a plaintiff, intervenor, or amicus, 
or involving the contractor for the OPTN or the SRTR as a defendant in 
connection with its role as a contractor for the OPTN or the SRTR, or 
involving the OPTN.
    6. HRSA may disclose records to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of that individual.
    7. A record may be disclosed for a research purpose, when the 
Department, independently or through its contractor(s):
    a. has determined that the use or disclosure does not violate legal 
or policy limitations under which the record was provided, collected, 
or obtained;
    b. has determined that a bona fide research/analysis purpose 
exists;
    c. has required the data recipient to: (1) establish strict 
limitations concerning the receipt and use of patient-identified or 
center-identified data; (2) establish reasonable administrative, 
technical, and physical safeguards to protect the confidentiality of 
the data and to prevent the unauthorized use or disclosure of the 
record; (3) remove, destroy, or return the information that identifies 
the individual or center at the earliest time at which removal or 
destruction can be accomplished consistent with the purpose of the 
research project, unless the data recipient has presented adequate 
justification of a research or health nature for retaining such 
information; and (4) make no further use or disclosure of the record 
except as authorized by HRSA or its contractor(s) or when required by 
law;
    d. has determined that other applicable safeguards or protocols 
will be followed; and
    e. has secured a written statement attesting to the data 
recipient's understanding of, and willingness to abide by, these 
provisions.
    8. Records may be disclosed to appropriate agencies, entities, and 
persons when (1) HHS suspects or has confirmed that there has been a 
breach of the system of records, (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the federal government, or national security, and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS' efforts to respond to the 
suspected or confirmed breach or to prevent, minimize or remedy such 
harm.
    9. Records may be disclosed to another federal agency or federal 
entity, when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.
    10. A record may be disclosed to physicians or other health care 
professionals providing clinical treatment to such individuals, for 
clinical purposes, when the Department, independently or through its 
contractor(s):
    a. has determined that the use or disclosure does not violate legal 
or policy limitations under which the record was provided, collected, 
or obtained;
    b. has required the data recipient to: (1) establish strict 
limitations concerning the receipt and use of patient-identified or 
center-identified data; (2) establish reasonable administrative, 
technical, and physical safeguards to protect the confidentiality of 
the data and to prevent the unauthorized use or disclosure of the 
record; (3) remove, destroy, or return the information that identifies 
the individual or center at the earliest time at which removal or 
destruction can be accomplished consistent with the clinical purpose of 
the project, unless the data recipient has presented adequate 
justification of a research or health nature for retaining such 
information; (4) make no further use or disclosure of the record except 
as authorized by HRSA or its contractor(s) or when required by law; and 
(5) require any business associates of the data recipient to which the 
data recipient is authorized to disclose the record and does disclose 
the record, whether in original or derivative form, and to prohibit 
such a business associate from

[[Page 46970]]

making any further use or disclosure of the record except as authorized 
by HRSA or its contractor(s) or when required by law; and
    c. has secured a written statement from the data recipient 
attesting to the data recipient's understanding of, and willingness to 
abide by these provisions.

Policies and Practices for Storage of Records
    Records are maintained electronically and in hard-copy files.

Policies and Practices for Retrieval of Records
    Records in the system are retrieved by more than one type of 
personal identifier, including name and social security number.

Policies and Practices for Retention and Disposal of Records
    The records are currently unscheduled and retained indefinitely 
pending completion of a disposition schedule approved by the National 
Archives and Records Administration (NARA).

Administrative, Technical, and Physical Safeguards
    a. Authorized users: Access is limited to authorized HRSA and 
contract personnel responsible for administering the program. 
Authorized personnel include the System Manager and HRSA Contracting 
Officer's Representative, and the HRSA Automated Information System 
(AIS) Systems Security Officer; and the program managers/program 
specialists who have responsibilities for implementing the program. 
Both HRSA and its contractor(s) are required to maintain current lists 
of authorized users.
    b. Physical safeguards: Computer equipment, electronic files, and 
hard-copy files are stored in areas where fire and life safety codes 
are strictly enforced. All electronic and hard-copy files are protected 
on a 24-hour basis. Security guards perform random checks on the 
physical security of the files storage area. The OPTN and SRTR 
contractors are required to maintain off-site a complete copy of the 
system and all necessary files to run the computer organ donor-
recipient match and update software.
    c. Procedural safeguards: A password is required to access the 
terminal, and a data set name controls the release of data to only 
authorized users. All users of personal information in connection with 
the performance of their jobs protect information from public view and 
from unauthorized personnel entering an unsupervised office. All 
authorized users must sign a nondisclosure statement. Access to records 
is limited to those staff members trained in accordance with the 
Privacy Act and Automated Data Processing (ADP) security procedures. 
The contractors are required to assure that the confidentiality 
safeguards of these records will be employed and that it complies with 
all provisions of the Privacy Act. All individuals who have access to 
these records must have the appropriate ADP security clearances. 
Privacy Act and ADP system security requirements are included in the 
contracts. The HRSA Contracting Officer's Representatives and the 
System Manager(s) oversee compliance with these requirements. The HRSA 
authorized users make visits to the contractors' facilities to assure 
security and Privacy Act compliance. The contractors are required to 
adhere to a HRSA approved system security plan.

Record Access Procedures
    Individuals may request access to records about them in this system 
of records by submitting a written access request to the OPTN or SRTR 
contractor identified in the ``System Manager(s)'' section of this SORN 
at the email address provided in that section. The request must contain 
the individual's full name, address, date of birth, and signature; the 
name of the applicable transplant center; and a reasonable description 
of the records sought. To verify the requester's identity, the 
signature must be notarized or the request must include the requester's 
written certification that the requester is the individual who the 
requester claims to be and that the requester understands that the 
knowing and willful request for or acquisition of a record pertaining 
to an individual under false pretenses is a criminal offense subject to 
a fine of up to $5,000. The individual may also request an accounting 
of disclosures that have been made of the records, if any.
    A parent or guardian who requests access to records about a minor 
or an individual with diminished capacity must verify his or her 
relationship to the minor or incompetent individual as well as his/her 
own identity.

Contesting Record Procedures
    Individuals may seek to amend a record about them in this system of 
records by submitting a written amendment request to the OPTN 
contractor or SRTR contractor identified in the ``System Manager(s)'' 
section of this SORN at the email address provided in that section, 
with a copy to the HRSA Division of Transplantation at the email 
address indicated, containing the same information required for an 
access request. The request must include verification of the 
requester's identity in the same manner required for an access request 
and must reasonably identify the relevant record, specify the 
information being contested and the corrective action sought, and 
include reasons for requesting the correction, along with supporting 
documentation, to show how the record is inaccurate, incomplete, 
untimely, or irrelevant.

Notification Procedures
    Individuals who wish to know if this system of records contains a 
record about them must submit a written notification request to the 
OPTN or SRTR contractor identified in the ``System Manager(s)'' section 
of this SORN, at the email address provided in that section. The 
request must contain the same information required for an access 
request and must include verification of the requester's identity in 
the same manner required for an access request.

Exemptions Promulgated for the System
    None.

History
    74 FR 57184 (Nov. 4, 2009), 83 FR 6591 (Feb. 14, 2018).

[FR Doc. 2022-16344 Filed 7-29-22; 8:45 am]
BILLING CODE 4160-15-P