[Federal Register Volume 89, Number 97 (Friday, May 17, 2024)]
[Notices]
[Pages 43407-43411]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-10838]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Administration for Children and Families


Privacy Act of 1974; System of Records

AGENCY: Administration for Children and Families, Department of Health 
and Human Services.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department of Health and Human Services (HHS) is 
modifying an existing system of records maintained by the 
Administration for Children and Families (ACF), Office of Child Support 
Services (OCSS): System No. 09-80-0389, ``OCSE Data Center General 
Support System,'' being renamed ``OCSS Data Exchange Platform.''

DATES: This Notice is applicable May 17, 2024, subject to a 30-day 
period in which to comment on the new and revised routine uses, 
described below. Please submit any comments by June 17, 2024.

ADDRESSES: The public should address written comments by mail or email 
to: Anita Alford, Senior Official for Privacy, Administration for 
Children and Families, 330 C St. SW, Washington, DC 20201, or by email 
to [email protected].

FOR FURTHER INFORMATION CONTACT: General questions about these system 
of records should be submitted by mail or email to Venkata Kondapolu, 
Director, Division of Federal Systems, Office of Child Support 
Services, at 330 C St. SW--5th Floor, Washington, DC 20201, or 
[email protected], or by phone at 202-260-4712.

SUPPLEMENTARY INFORMATION:

I. Explanation of Changes to System of Records 09-80-0381

    In accordance with 5 U.S.C. 552a(e)(4) and (11), HHS is modifying 
an existing system of records maintained by ACF/OCSS: System No. 09-80-
0389, being renamed ``OCSS Data Exchange Platform.'' The system of 
records covers records supporting State and Tribal child support 
programs, and the program's external stakeholders, which are exchanged 
electronically using a secure data exchange platform (the OCSS Data 
Exchange Platform, or any successor system) provided by OCSS. The data 
exchange platform facilitates electronic exchanges of information about 
individual participants in child support cases, between State child 
support agencies and other external partners such as employers, health 
plan administrators, financial institutions, and central authorities in 
foreign treaty countries or foreign countries that are the subject of a 
declaration under 42 U.S.C. 659a. The child support agencies and other 
external partners use the data exchange platform to electronically 
submit information to and receive information from each other, through 
OCSS.
    The System of Records Notice (SORN) for system of records 09-80-
0389 has been modified as follows:
     The system of records name has been changed to ``OCSS Data 
Exchange Platform'' to reflect the name change of the ``Office of 
Support Enforcement'' to the ``Office of Child Support Services'' and 
to provide a more meaningful name for the system of records.
     The System Manager(s) section has been revised to change 
the office name to Office of Child Support Services.
     The Purpose(s) section has been revised to describe the 
system as a data exchange platform, rather than as a ``gateway 
system,'' and one purpose, at the end of the section, has been expanded 
to include the use of the data exchange platform by foreign authorities 
to transmit case information associated with child support 
disbursements transmitted from a foreign authority to the United States 
through the Central Authority Payment (CAP) service.
     The Categories of Records section has been revised to make 
these changes to Category (4):
    [cir] The phrase ``which includes'' has been changed to ``which may 
include.''
    [cir] Under (4)(c), ``agency's case number'' had been changed to 
``agency's case identifier.''

[[Page 43408]]

     The Record Source Categories section has been revised as 
follows:
    [cir] The description of State child support agencies transmitting 
payment information to the CAP program has been modified to 
``exchanging case-related information associated with child support 
disbursements transmitted to foreign authorities through the CAP 
service.''
    [cir] An additional category has been added: ``[F]oreign 
authorities exchanging case-related information associated with child 
support disbursements transmitted to State child support agencies 
through the CAP service.''
     The Routine Uses section has been updated as follows:
    [cir] The word ``enforcement'' has been removed from routine uses 
1, 2, 4, and 6.
    [cir] Routine use 11 has been revised to include disclosure of 
information involving residents of foreign treaty countries or foreign 
reciprocating countries to State child support programs for child 
support purposes.
     The Policies and Practices for Retention and Disposal of 
Records section has been revised to include General Records Schedule 
5.2, items 010 and 020 as the applicable disposition authority.

Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support 
Services, Administration for Children and Families, U.S. Department of 
Health and Human Services.

SYSTEM NAME AND NUMBER:
    OCSS Data Exchange Platform, 09-80-0389.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Child Support Services, Administration for Children and 
Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Director, Division of Federal Systems, Office of Child Support 
Services, Administration for Children and Families, Department of 
Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC 
20201, [email protected], 202-260-4712.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 652, 654, 654a, 654b, 659, 659a, 666, 669a.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system of records is to cover records supporting 
State and Tribal child support programs, and the programs' external 
stakeholders, which are exchanged electronically using a secure data 
exchange platform provided by OCSS. The platform facilitates electronic 
exchanges of information about individual participants in child support 
cases, between State child support agencies and other external partners 
such as employers, health plan administrators, financial institutions, 
and central authorities in foreign treaty countries or foreign 
countries that are the subject of a declaration under 42 U.S.C. 659a. 
The child support agencies and other external partners use the data 
exchange platform to electronically submit information to and receive 
information from each other, through OCSS.
    The platform supports, for example:
     The Electronic Income Withholding Order (e-IWO) program, 
which provides the means to electronically exchange income withholding 
order information between State child support agencies and employers.
     The Electronic National Medical Support Notice (e-NMSN) 
program, which allows State child support agencies, employers, and 
health plan administrators to electronically send and receive National 
Medical Support Notices used to enroll children in medical insurance 
plans pursuant to child support orders.
     The Federally Assisted State Transmitted (FAST) Levy 
program, which allows States and financial institutions to exchange 
information about levy actions through an electronic process.
     The Central Authority Payment (CAP) service, which allows 
States and foreign authorities to exchange details of child support 
disbursements transmitted between the United States and the authorized 
entity of the foreign treaty country or foreign country subject of a 
declaration under 42 U.S.C. 659a for distribution of the support 
payment by the foreign authority or the State child support agency in 
accordance with the terms of the order.
    Multiple child support program partners utilize the platform to 
electronically send and receive information:
    State child support agencies use the platform to transmit e-IWOs to 
employers and e-NMSNs to employers and health plan administrators. 
State child support agencies also use the platform to create levy 
actions for distribution to multiple financial institutions, and to 
transmit information about child support disbursements between U.S. 
States and foreign authorities through the CAP service.
    Employers use the platform to respond to State child support 
agencies regarding e-IWOs and to provide information about health 
insurance coverage provided by the employer. Employers and health plan 
administrators use the platform to respond to State child support 
agencies regarding e-NMSNs.
    Financial institutions use the platform to receive and respond to 
levy actions from multiple State child support agencies.
    U.S. States and foreign authorities use the platform to transmit 
case information associated with child support disbursements 
transmitted between the United States and a foreign authority through 
the CAP service.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records in the system of records are about custodial and 
noncustodial parents, legal guardians, and third-party caretakers who 
are participants in child support program cases and whose names and 
Social Security numbers (SSNs) are used to retrieve the records. 
Children's personal identifiers are not used to retrieve records in 
this system of records, so children are not subject individuals for 
purposes of this system of records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records exchanged in the platform include:
    1. Child support case information used to populate an e-IWO, which 
may include:
    a. Name of State, Tribe, territory, or private individual entity 
issuing an e-IWO;
    b. Order ID and Case ID;
    c. Remittance ID;
    d. Employer/income withholder name, address, Federal employer 
identification number (FEIN), telephone number, FAX number, email, or 
website;
    e. Employee/obligor's name, Social Security number (SSN), date of 
birth;
    f. Custodial parent's/obligee's name;
    g. Child(ren)'s name(s) and date(s) of birth;
    h. Income withholding amounts for current child support, past-due 
child support, current cash medical support, past-due cash medical 
support, current spousal support, past-due spousal support;
    i. Child support State disbursement unit or Tribal order payee name 
and address;
    j. Judge/issuing official's name, title, and signature; and
    k. Employee/obligor termination date, last known telephone number, 
last

[[Page 43409]]

known address, new employer/income withholder's name and address.
    2. Child support case information used to populate an e-NMSN, and 
medical insurance information included in e-NMSN responses from 
employers and health plan administrators, which may include:
    a. Custodial parent/obligee's name and mailing address;
    b. Substituted official/agency name and address (if custodial 
parent/obligee's address is left blank);
    c. Name, telephone number, and mailing address of representative of 
child(ren);
    d. Child(ren)'s name(s), gender, date of birth, and SSN;
    e. Employee's name, SSN, and mailing address;
    f. Plan administrator name, contact person, FAX number and 
telephone number;
    g. Employer and/or employer representative name, FEIN, and 
telephone number;
    h. Date of medical support termination, reason for termination, and 
child(ren) to be terminated from medical support;
    i. Medical insurance provider name, group number, policy number, 
address;
    j. Dental insurance provider name, group number, policy number, 
address;
    k. Vision insurance provider name, group number, policy number, 
address;
    l. Prescription drug insurance provider name, group number, policy 
number, address;
    m. Mental health insurance provider name, group number, policy 
number, address;
    n. Other insurance, specified by name, group number, policy number, 
address; and
    o. Plan administrator name, title, telephone number and address.
    3. Child support case information used to administer the FAST Levy 
program, which includes:
    a. Requesting State agency name, address, and State Federal 
Information Processing Standard (FIPS) code;
    b. Financial institution's name and FEIN;
    c. Obligor's name, SSN, and date of birth;
    d. Account number of account from which to withhold funds;
    e. Withholding amount; and
    f. Contact name, phone number, and email for point of contact in 
requesting State.
    4. Child support case information used to administer the CAP 
service, which may include:
    a. Obligor/non-custodial parent's name and SSN;
    b. Foreign authority name, FIPS locator code, and foreign 
authority's child support case identifier;
    c. U.S. State name and State child support agency's case 
identifier;
    d. Amount and date of payment;
    e. Medical support indicator; and
    f. Employment termination indicator.

RECORD SOURCE CATEGORIES:
    The sources of the information in the system of records include:
     State child support agencies initiating e-IWO, e-NMSN, and 
FAST Levy program transactions in domestic child support cases and 
exchanging case-related information associated with child support 
disbursements transmitted to foreign authorities through the CAP 
service.
     Employers or authorized third parties responding to e-IWOs 
and e-NMSNs.
     Health plan administrators responding to e-NMSNs.
     Financial institutions responding to FAST Levy requests.
     Foreign authorities exchanging case-related information 
associated with child support disbursements transmitted to State child 
support agencies through the CAP service.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to the disclosures authorized directly in the Privacy 
Act at 5 U.S.C. 552a(b)(1) and (b)(2) and (b)(4) through (b)(11), these 
routine uses specify circumstances under which the agency may disclose 
information from this system of records to a non-HHS officer or 
employee without the consent of the data subject. ACF will prohibit 
redisclosures, or may permit only certain redisclosures, as required or 
authorized by law. Each proposed disclosure or redisclosure of 
information permitted directly in the Privacy Act or under these 
routine uses will be evaluated to ensure that the disclosure or 
redisclosure is legally permissible.
    Any information defined as ``return'' or ``return information'' 
under 26 U.S.C. 6103 (Internal Revenue Code) is not disclosed unless 
authorized by a statute, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. Disclosure to Financial Institution to Collect Past-Due Support.
    Pursuant to 42 U.S.C. 652(l), information pertaining to an 
individual owing past-due child support may be disclosed to a financial 
institution doing business in two or more States to identify an 
individual who maintains an account at the institution for the purpose 
of collecting past-due support. Information pertaining to requests by 
the State child support agencies for the placement of a lien or levy of 
such accounts may also be disclosed.
    2. Disclosure of Financial Institution Information to State Child 
Support Agency for Assistance in Collecting Past-Due Support.
    Pursuant to 42 U.S.C. 652(l), the results of a comparison between 
information pertaining to an individual owing past-due child support 
and information provided by multistate financial institutions may be 
disclosed to a State child support agency for the purpose of assisting 
the State agency in collecting past-due support. Information pertaining 
to responses to requests by a State child support agency for the 
placement of a lien or levy of such accounts may also be disclosed.
    3. Disclosure to Employer to Enforce Child Support Obligations.
    Pursuant to 42 U.S.C. 666(b), information pertaining to an 
individual owing current or past-due child support may be disclosed to 
an employer for the purpose of collecting current or past-due support 
by way of an e-IWO.
    4. Disclosure of Employer Information to State Child Support Agency 
in Response to an e-IWO.
    Information pertaining to a response by an employer to an e-IWO 
issued by a State child support agency for the collection of child 
support may be disclosed to the State child support agency.
    5. Disclosure to Employer and Health Plan Administrator to Enforce 
Medical Support Obligations.
    Pursuant to 42 U.S.C. 666(a)(19), information pertaining to 
participants in a child support case may be disclosed to an employer or 
a health plan administrator for the purpose of enforcing medical 
support for a child by way of an e-NMSN.
    6. Disclosure of Employer and Health Plan Administrator Information 
to State Child Support Agency in Response to an e-NMSN.
    Information pertaining to a response by an employer or a health 
plan administrator to an e-NMSN issued by a State child support agency 
for the enforcement of medical support may be disclosed to the State 
child support agency.
    7. Disclosure to Department of Justice or in Proceedings.
    Records may be disclosed to the Department of Justice (DOJ) or to a 
court or other adjudicative body in litigation or other proceedings 
when HHS or any of its components, or any employee of HHS acting in the 
employee's official capacity, or any employee of HHS acting

[[Page 43410]]

in the employee's individual capacity where the DOJ or HHS has agreed 
to represent the employee, or the United States Government, is a party 
to the proceedings or has an interest in the proceedings and, by 
careful review, HHS determines that the records are both relevant and 
necessary to the proceedings.
    8. Disclosure to Congressional Office.
    Information may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of the individual.
    9. Disclosure to Contractor to Perform Duties.
    Records may be disclosed to a contractor performing or working on a 
contract for HHS and who has a need to have access to the information 
in the performance of its duties or activities for HHS in accordance 
with law and with the contract.
    10. Disclosure in the Event of a Security Breach.
    a. Information may be disclosed to appropriate agencies, entities, 
and persons when (1) HHS suspects or has confirmed that there has been 
a breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    b. Information may be disclosed to another Federal agency or 
Federal entity, when HHS determines that information from this system 
of records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    11. Disclosure to a Foreign Reciprocating Country, Foreign Treaty 
Country, and State Child Support Program for Child Support Purposes.
    Pursuant to 42 U.S.C. 652(n), 653(a)(2), 653(c)(5) and 659a(c)(2), 
child support case information involving residents of the United States 
and residents of foreign treaty countries or foreign countries that are 
the subject of a declaration under 42 U.S.C. 659a may be disclosed to 
the foreign authority and to State child support programs.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records are stored electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the parent's, guardian's or third-party 
caretaker's name or SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Because the platform is not a source system but facilitates access 
to records from other systems which are the official sources of the 
records, the records are retained and disposed of in accordance with 
General Records Schedule 5.2 Transitory and Intermediary Records, Items 
010 and 020 (DAA-GRS-2022-0009-0001 and DAA-GRS-2022-0009-0002), which 
provides these disposition periods:
     Item 010 Transitory records: Destroy when no longer needed 
for business use, or according to an agency predetermined time period 
or business rule.
     Item 020 Intermediary records: Destroy upon creation or 
update of the final record, or when no longer needed for business use, 
whichever is later.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The platform leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including Federal Risk and Authorization Management Program 
(FedRAMP) requirements. Specific administrative, technical, and 
physical controls are in place to ensure that the records collected, 
maintained, and transmitted using the platform are secure from 
unauthorized access. Access to the records within the system is 
restricted to authorized personnel who are advised of the 
confidentiality of the records and the civil and criminal penalties for 
misuse and who sign a nondisclosure oath to that effect. Agency 
personnel are provided privacy and security training before being 
granted access to the records and annually thereafter. Additional 
safeguards include protecting the facilities where records are stored 
or accessed with security guards, badges and cameras; limiting access 
to electronic databases to authorized users based on roles and either 
two-factor authentication or user ID and password (as appropriate); 
using a secured operating system protected by encryption, firewalls, 
and intrusion detection systems; reviewing security controls on a 
periodic basis; and using secure destruction methods prescribed in NIST 
SP 800-88 to dispose of eligible records. All safeguards conform to the 
HHS Information Security and Privacy Program, https://www.hhs.gov/ocio/securityprivacy/index.html.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written access request to the System Manager identified in the 
``System Manager'' section of this System of Records Notice (SORN). The 
request must reasonably describe the record sought and must include 
(for contact purposes and identity verification purposes) your full 
name, current address, telephone number and/or email address, date and 
place of birth, and signature, and (if needed by the agency) sufficient 
particulars contained in the records (such as, your SSN) to enable the 
System Manager to distinguish between records on subject individuals 
with the same name. In addition, to verify your identity, your 
signature must be notarized, or the request must include your written 
certification that you are the individual who you claim to be and that 
you understand that the knowing and willful request for or acquisition 
of a record pertaining to an individual under false pretenses is a 
criminal offense subject to a fine of up to $5,000. You may request 
that copies of the records be sent to you, or you may request an 
appointment to review the records in person (including with a person of 
your choosing, if you provide written authorization for agency 
personnel to discuss the records in that person's presence). You may 
also request an accounting of disclosures that have been made of 
records about you, if any.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to the System Manager 
identified in the ``System Manager'' section of this SORN. The request 
must contain the same information required for an access request and 
include verification of your identity in the same manner required for 
an access request. In addition, the request must reasonably identify 
the record and specify the information contested, the corrective action 
sought, and the reasons for requesting the correction; and should 
include supporting information to show how the

[[Page 43411]]

record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if the system of records contains a record about you, 
submit a written notification request to the System Manager identified 
in the ``System Manager'' section of this SORN. The request must 
identify this system of records, contain the same information required 
for an access request, and include verification of your identity in the 
same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    87 FR 69026 (Nov. 17, 2022).

[FR Doc. 2024-10838 Filed 5-16-24; 8:45 am]
BILLING CODE 4184-42-P