[Federal Register Volume 80, Number 28 (Wednesday, February 11, 2015)]
[Notices]
[Pages 7671-7673]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-02837]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF STATE
[Public Notice 9034]
Privacy Act; System of Records: Medical Records, State-24.
SUMMARY: Notice is hereby given that the Department of State proposes
to amend an existing system of records, Medical Records, State-24,
pursuant to the provisions of the Privacy Act of 1974, as amended (5
U.S.C. 552a), and Office of Management and Budget Circular No. A-130,
Appendix I.
DATES: This system of records will be effective March 23, 2015, unless
we receive comments that will result in a contrary determination.
ADDRESSES: Any persons interested in commenting on the amended system
of records may do so by writing to the Director; Office of Information
Programs and Services, A/GIS/IPS; Department of State, SA-2; 515 22nd
Street NW.; Washington, DC 20522-8100.
FOR FURTHER INFORMATION CONTACT: John Hackett, Acting Director; Office
of Information Programs and Services, A/GIS/IPS; Department of State,
SA-2; 515 22nd Street NW.; Washington, DC 20522-8100, or at
[email protected].
SUPPLEMENTARY INFORMATION: The Department of State proposes that the
current system will retain the name ``Medical Records'' (previously
published at 74 FR 24891). The information contained in these records
is used to administer the Department of State's medical program. These
records are utilized and reviewed by medical and administrative
personnel of the Office of Medical Services (MED) in providing health
care to the individuals eligible to participate in the medical program.
The system also serves to record and monitor the current status of the
professional credentials of Department of State Foreign Service, Civil
Service and Locally Employed Staff healthcare providers. The proposed
system will include modifications to the following sections: Categories
of individuals, Categories of records, Safeguards, Retrievability, and
administrative updates.
The Department's report was filed with the Office of Management and
Budget. The amended system description, ``Medical Records, State-24,''
will read as set forth below.
Joyce A. Barr,
Assistant Secretary for Administration, U.S. Department of State.
STATE-24
SYSTEM NAME:
Medical Records
SYSTEM LOCATION:
Department of State, Office of Medical Services, 2401 E Street NW.,
Washington, DC 20522 and all health units and other facilities of the
Office of Medical Services, domestic and overseas; U.S. Coast Guard
Operations Systems Center.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
U.S. Government employees and their family members, Locally
Employed Staff, and any other individuals eligible to participate in
the medical program of the U.S. Department of State as authorized by
either section 904 of the Foreign Service Act of 1980 (22 U.S.C. 4084)
or other applicable legal authority.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include full name; Social Security number;
date of birth; address; email address; phone number; State Global
Identifier (SGID); reports of medical examinations and related
documents; reports of treatments and other health services rendered to
individuals; narrative summaries of hospital treatments; personal
medical histories; reports of on-the-job injuries or illnesses; reports
on medical evacuation; and/or any other types of individually
identifiable health information generated or used in the course of
conducting health care operations. This system includes records that
contain protected health information, and does not include records
maintained by the Department of State and/or other employers in their
capacity as employers. This system also includes certain records
maintained as part of the Department's Employee Assistance Program
pursuant to 5 CFR part 792.
The system also includes providers' professional credentials. This
may include professional degrees, addresses, emails, and phone numbers
for direct-hire Foreign Service, Civil Service medical personnel, and
Locally Employed Staff. The system includes copies of professional
credentials, including licenses, and certifications (Professional,
Clinical, Drug
[[Page 7672]]
Enforcement Administration (DEA), clinical privileges information, and
National Provider Identifier (NPI)).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
22 U.S.C. 4084; Public Law 99-570 Sec. Sec. 7361-7362; and 5 CFR
part 792.
PURPOSE:
The information contained in these records is used to administer
the Department of State's medical program. These records are utilized
and reviewed by medical and administrative personnel of the Office of
Medical Services (MED) in providing health care to the individuals
eligible to participate in the medical program. The system also serves
to record and monitor the current status of the professional
credentials of Department of State Foreign Service, Civil Service and
Locally Employed Staff healthcare providers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
The Department of State periodically publishes in the Federal
Register its standard routine uses, which apply to all of its Privacy
Act systems of records. These notices appear in the form of a Prefatory
Statement. These standard routine uses apply to Medical Records, State-
24.
The following are additional routine uses of information from these
files, for which no authorization or opportunity to agree or object to
disclosure is required by the subject of the information:
A. To another health care provider, a group health plan, a health
insurance issuer, or a health maintenance organization for purposes of
carrying out treatment, payment, or health care operations;
B. To a parent, guardian or other person acting in loco parentis
with respect to the subject of the information;
C. To a health oversight agency or public health authority
authorized by law to investigate or otherwise oversee the relevant
conduct or conditions of the Department of State's medical program, or
for such oversight activities as audits; civil, administrative, or
criminal proceedings or actions; inspections; and licensure or
disciplinary action;
D. To a public health authority (domestic or foreign) that is
authorized by law to collect or receive protected health information
for the purpose of preventing or controlling disease, injury, or
disability, including, but not limited to, the reporting of disease,
injury, vital events such as birth or death, and the conduct of public
health surveillance, public health investigations, and public health
interventions;
E. To the U.S. Department of Health and Human Services (HHS), when
required by the Secretary of HHS;
F. To the United States Coast Guard (USCG) Health, Safety & Work-
Life (HSW), as necessary for maintenance of the Department of State's
Electronic Health Record system;
G. To a public health authority or other appropriate government
authority (domestic or foreign) authorized by law to receive reports of
child abuse or neglect;
H. To a person subject to the jurisdiction of the Food and Drug
Administration (FDA) with respect to an FDA-regulated product or
activity for which that person has responsibility, for the purpose of
activities related to the quality, safety, or effectiveness of such
FDA-regulated product or activity;
I. To a person who may have been exposed to a communicable disease
or may otherwise be at risk of contracting or spreading a disease or
condition, to the extent MED is authorized by law to notify such person
and as necessary in the conduct of a public health intervention or
investigation;
J. To a government authority (domestic or foreign), including a
social service or protective services agency, authorized by law to
receive reports of abuse, neglect or domestic violence (1) to the
extent such a disclosure is required by law; (2) where in the exercise
of professional judgment, the disclosure is necessary to prevent
serious harm to the individual or other potential victims; or (3)
where, if the subject of the information is incapacitated, a law
enforcement, or other public official authorized to receive the report,
represents that the information sought is not intended to be used
against the individual and that an immediate enforcement activity that
depends upon the disclosure would be adversely affected by waiting
until the individual is able to agree to the disclosure;
K. To the Department of Justice, as required by law, for the
purpose of submitting information to the National Instant Criminal
Background Check System;
L. In the course of any judicial or administrative proceeding in
response to an order of a court or administrative tribunal;
M. To a law enforcement official (1) as required by law or in
compliance with a court order or court-ordered warrant, a subpoena or
summons issued by a judicial officer, a grand jury subpoena, or an
administrative request, including an administrative subpoena or
summons; (2) in response to a request for the purposes of identifying
or locating a suspect, fugitive, material witness, or missing person;
in response to a request for such information about an individual who
is or is suspected to be a victim of a crime; (3) to provide notice of
the death of an individual if there is a belief that the death may have
resulted from criminal conduct; (4) where it is believed in good faith
that such information constitutes evidence of criminal conduct; or (5)
in response to an emergency, where it is believed such disclosure is
necessary to alert law enforcement to the commission and nature of a
crime, the location of such crime or of the victim(s) of such crime,
and the identity, description, and location of the perpetrator of such
crime;
N. As necessary in order to prevent or lessen a serious and
imminent threat to the health or safety of a person or the public or to
a person or persons reasonably able to prevent or lessen the threat,
including the target of the threat;
O. To authorized federal officials for the conduct of lawful
intelligence, counter-intelligence, and other national security
activities authorized by the National Security Act (50 U.S.C. 401, et
seq.) and other applicable authorities (e.g., Executive Order 12333);
P. To authorized federal officials for the provision of protective
services to the President or other persons authorized by 18 U.S.C. 3056
or to foreign heads of state or other persons authorized by 22 U.S.C.
2709(a)(3), or for the conduct of investigations authorized by 18
U.S.C. 871 and 879;
Q. To Department of State officials for the purposes of clearance
and suitability determinations, including (1) for a national security
clearance conducted pursuant to Executive Orders 10450 and 12698; (2)
for medical clearance determinations, consistent with the Foreign
Service Act, including sections 101(a)(4), 101(b)(5), 504, and 904;
R. To a medical transcription or translation service for MED's
purposes of carrying out treatment or health care operations;
S. To a correctional institution or a law enforcement official
having lawful custody of an individual, if the correctional institution
or law enforcement official represents that such information is
necessary for the provision of health care to such individual, the
health and safety of other individuals (including others at the
correctional institution), or the administration and maintenance of the
safety, security, and good order of the correctional institution;
[[Page 7673]]
T. To a coroner or medical examiner for the purpose of identifying
a deceased person, determining a cause of death, or other duties as
authorized by law;
U. To appropriate domestic or foreign government officials
(including but not limited to the U.S. Department of Labor), as
authorized by and to the extent necessary to comply with laws relating
to workers' compensation or other similar programs, established by law,
that provide benefits for work-related injuries or illnesses without
regard to fault.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored in hard copy and electronic form.
RETRIEVABILITY:
By individual name and/or date of birth; by patient identification
number and family unit number.
SAFEGUARDS:
All users are given cyber security awareness training which covers
the procedures for handling Sensitive but Unclassified information,
including personally identifiable information (PII). Annual refresher
training is mandatory. In addition, all Foreign Service and Civil
Service employees and those Locally Employed Staff who handle PII are
required to take the Foreign Service Institute distance learning
course, PA 459, instructing employees on privacy and security
requirements, including the rules of behavior for handling PII and the
potential consequences if it is handled improperly. Before being
granted access to medical records, a user must first be granted access
to the Department of State computer system.
Remote access to the Department of State network from non-
Department owned systems is authorized only to unclassified systems and
only through a Department approved access program. Remote access to the
network is configured with the Office of Management and Budget
Memorandum M-07-16 security requirements, which include but are not
limited to two-factor authentication and time out function.
All Department of State employees and contractors with authorized
access have undergone a thorough background security investigation.
Access to the Department of State, its annexes, and posts abroad is
controlled by security guards and admission is limited to those
individuals possessing a valid identification card or individuals under
proper escort. All paper records containing personal information are
maintained in secured file cabinets in restricted areas, access to
which is limited to authorized personnel only. Access to computerized
files is password-protected and under the direct supervision of the
system manager. The system manager has the capability of printing audit
trails of access from the computer media, thereby permitting regular
and ad hoc monitoring of computer usage. When it is determined that a
user no longer needs access, the user account is disabled.
RETENTION AND DISPOSAL:
Records are retired and destroyed in accordance with published
Department of State Records Disposition Schedules as approved by the
National Archives and Records Administration (NARA). More specific
information may be obtained by writing to the Director, Office of
Information Programs and Services, A/GIS/IPS, SA-2, Department of
State, 515 22nd Street NW., Washington, DC 20522-8100.
SYSTEM MANAGER(S) AND ADDRESS:
Executive Director, Office of Medical Services, Room L209,
Department of State, 2401 E Street NW., Washington, DC 20522.
NOTIFICATION PROCEDURES:
Individuals who have cause to believe that the Office of Medical
Services might have medical records pertaining to them and want to
request a copy of those medical records should write to Medical
Records, Office of Medical Services, U.S. Department of State, 2401 E
Street NW., Washington, DC 20522. Individuals who have cause to believe
that the Office of Medical Services might have credential records
pertaining to them and want to request a copy of those credential
records should write to Quality Improvement, Office of Medical
Services, U.S. Department of State, 2401 E Street NW., Washington, DC
20522. At a minimum, the individual requesting a copy of his or her
medical records or credential records must include the following: name,
date and place of birth, current mailing address and zip code,
signature, a brief description of the circumstances that may have
caused the creation of the records that are the subject of the request,
and the approximate date(s) of those records.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access to or amend medical records
pertaining to them should write to the Director, Office of Information
Programs and Services (address above). Individuals who wish to gain
access to or amend credential records pertaining to them should write
to the Director, Office of Information Programs and Services (address
above).
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest medical records pertaining to them
should write to Medical Records, Office of Medical Services (address
above). Individuals who wish to contest credential records pertaining
to them should write to Quality Improvement, Office of Medical Services
(address above).
RECORD SOURCE CATEGORIES:
Information contained in these records comes from the individual,
hospitals, clinics, private medical providers, employers, and medical
professionals employed by the Department of State.
SYSTEM EXEMPTED FROM CERTAIN PROVISIONS UNDER THE PRIVACY ACT:
None.
[FR Doc. 2015-02837 Filed 2-10-15; 8:45 am]
BILLING CODE 4710-36-P