[Federal Register Volume 77, Number 209 (Monday, October 29, 2012)]
[Pages 65564-65567]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-26517]



Indian Health Service

Privacy Act of 1974; System of Records

AGENCY: Department of Health and Human Services (HHS), Indian Health 
Service (IHS).

ACTION: Notice of New System of Records.


SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C. 552a(e), 
notice is hereby given that the Indian Health Service (IHS) is creating 
a new system of records entitled ``Personal Health Records (PHR) 
Administrative Records--IHS'' 09-17-0005. The new system will serve as 
an access system, providing IHS patients with web access to a portion 
of their personal medical information in the IHS Medical, Health, and 
Billing Records system, 09-17-0001.

DATES: Comments on the new system of records must be received no later 
than December 13, 2012. If no public comment is received during the 
period allowed for comment or unless otherwise published in the Federal 
Register by the IHS, the new system will become effective on the 
published date of December 13, 2012.

ADDRESSES: Written comments may be submitted through http://www.Regulations.gov; by mail or hand-delivery to the IHS Privacy Act 
Officer, IHS, Office of Management Services, Division of Regulatory 
Affairs, 801 Thompson Avenue, TMP Suite 450, Rockville, MD 20852; or by 
fax to (301) 443-9879.
    Comments received will be available for public inspection in the 
IHS Division of Regulatory Affairs, Room 450-26, between the hours of 
9:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). 
Please call (301) 443-1116 (this is not a toll-free number) for an 
appointment. Additionally, during the comment period, comments may be 
viewed online through the Federal Docket Management System (FDMS) at 

CDE, CDR U.S. Public Health Service, Indian Health Service Nashville 
Area Office, Office of Information Technology/Health Education, 711 
Stewards Ferry Pike, Nashville, TN 37214. Telephone number: (615) 669-
2747. Email: chris.lamer@ihs.gov.


I. Current and Future Functions of the Personal Health Records (PHR) 
Administrative Records--IHS System (IHS PHR)

    The Personal Health Records (PHR) Administrative Records--IHS 
system (hereafter referred to as ``IHS PHR'') is a new web-based access 
system that will provide IHS patients with Internet access to a portion 
of their personal medical information in another IHS Privacy Act 
system. In its current design, the IHS PHR will provide access to 
information that is a subset of the already defined Department of 
Health and Human Services, Indian Health Service, Office of Clinical 
and Preventive Services (HHS/IHS/OCPS) System of Records Notice (SORN) 
09-17-0001-IHS Medical, Health, and Billing Records system. The IHS PHR 
system will contain administrative records needed to manage patients' 
web access; initially, patients will be granted access to view and 
print portions of their official IHS electronic health record (EHR) via 
the Internet.
    As the IHS PHR develops and eventually provides more than just 
``view'' access to the current IHS Medical, Health and Billing Records 
system, this System of Records Notice will be updated and republished. 
Future IHS PHR functionality will include providing tools to the 
patients which they can use to: Improve their own health and increase 
their knowledge about health conditions; increase communication with 
their care providers (i.e., secure electronic messaging with their IHS 
health care providers); request on-line prescription refills and view 
upcoming appointments; and enter their own medical information in a 
``self-entered'' health information section through a secure and 
private health space.
    Initially, the IHS PHR will not provide user access to a patient's 
personal health information to anyone other than the patient himself or 
    The print functionality of the IHS PHR will allow patients to share 
all or part of the information in their account, once the patient 
prints it out, with personal representatives that they designate, such 
as family members, legal guardians, as well as IHS and non-IHS health 
care providers, which is consistent with existing IHS clinical 
    As the IHS PHR continues to be developed, it will have the ability 
to register and verify the identity of the patient's personal 
representative, in order to provide the representative with user access 
to the patient's records. In addition, future system enhancements will 
enable the IHS PHR to store the patient's self-entered information in a 
separate database, which will eventually have the capacity to be linked 

[[Page 65565]]

incorporated into the patient's official electronic health record upon 
the patient's request and/or the IHS's determination that it is 
appropriate to include in the official medical record.

II. Relationship of IHS PHR to the IHS Medical, Health and Billing 
Records System

    The IHS Medical, Health and Billing Records system is the 
authoritative source of patients' IHS medical records. Once patients 
print copies of their medical records using the IHS PHR system, the 
copies will no longer be maintained subject to or protected by the 
Privacy Act or the Health Insurance Portability and Accountability Act 
(HIPAA) Privacy Rule. Electronic copies of health information are not 
considered IHS authoritative records, nor are they considered part of 
the IHS Medical, Health and Billing Records system of records once they 
are printed by the patient from their IHS PHR account.
    The IHS operates a Health Information Exchange among IHS healthcare 
facilities. Patient health information needed by healthcare providers 
is exchanged on a need-to-know basis by directly accessing the official 
IHS medical record in the IHS Medical, Health and Billing Records 
system, not by using the IHS PHR system. If a non-IHS health care 
provider requires information from IHS medical records to treat an IHS 
patient, the non-IHS health care provider should contact the IHS 
facility where the IHS patient was last treated to obtain that 
information. The IHS will disclose pertinent patient medical 
information when transferring patients from an IHS emergency room and 
in other emergency situations for treatment and continuity of care 
purposes (see the SORN for the IHS Medical, Health and Billing Records 
system, 09-17-0001).

III. The Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the U.S. 
Government collects, maintains, and uses information about individuals 
in a system of records. A ``system of records'' is a group of any 
records under the control of a Federal agency from which information 
about an individual is retrieved by the individual's name or other 
personal identifier. The Privacy Act requires each agency to publish in 
the Federal Register a system of records notice (SORN) identifying and 
describing each system of records the agency maintains, including the 
purposes for which the agency uses information about individuals in the 
system, the routine uses for which the agency discloses such 
information outside the agency, and how individual record subjects can 
exercise their rights under the Privacy Act (e.g., to determine if the 
system contains information about them).

    Personal Health Records (PHR) Administrative Records-IHS.


    IHS local facilities and the IHS National Data Centers. Address 
locations for IHS facilities are listed in IHS Appendix 1 of the 
biennial publications of the IHS systems of records.

    The system will contain personally identifiable information (PII) 
about individuals using the IHS PHR system. Users include: (1) IHS 
patients who successfully register and/or opt-in for a IHS PHR account 
and whose identity has been verified; (2) IHS Information Technology 
(IT) staff and/or their approved contractors who may need to enter 
identifying, administrative information into the system to initiate, 
support and maintain electronic services for PHR participants; and (3) 
in the future, personal and other representatives of patients who have 
been granted or delegated access to a patient's IHS PHR account 
including, but not limited to, family members, friends, legal 
guardians, as well as non-IHS health care providers, IHS health care 
providers, and certain IHS administrative staff.

    The system will contain the following categories of administrative 
records and PII data elements pertaining to system users:
    1. Registration information, including the individual's full name; 
IHS PHR User Identifier (ID); date of birth; email address; telephone 
number(s); mother's maiden name; ZIP code; place and date of 
registration for IHS PHR; and
    2. System Usage Information, including date and type of 
transaction; web analytics information for the purpose of monitoring, 
researching and preparing reports on site usage; patient medical record 
number (MRN); and other administrative data needed to administer PHR 
roles and services.

    25 U.S.C. 1662.

    Registration information will be used to register and verify the 
identity of patient-users (and, in the future, their representatives), 
to assign and verify administrators of the PHR portal, to retrieve a 
patient's information to perform specific functions, to allow access to 
specific information and to provide other associated PHR electronic 
services in current and future applications of the PHR program. The 
registrar has the capacity to authenticate personal representatives or 
those who are authorized by the patient to create the account in lieu 
of the patient.
    System usage information may be used (in aggregate and/or 
anonymized form, whenever possible) to create administrative business 
reports for system operators and IHS managers who are responsible for 
ensuring that the PHR system is meeting performance expectations and is 
in compliance with applicable Federal laws and regulations. 
Administrative information may also be used for evaluation to support 
program improvement, including IHS approved research studies.

    Records in this system may contain information protected by 45 CFR 
Parts 160 and 164 (i.e., individually identifiable health information). 
Disclosure of this information must comply with the requirements of 
these regulations.
    1. Disclosure of information in this system of records may be made 
to contractors and other individuals, organizations, private or public 
agencies with whom the IHS has a contract or agreement, to perform such 
services as the IHS may deem practical for the purposes of 
administering the PHR program, or to perform other such services as IHS 
deems appropriate and practical for the purposes of administering IHS 
programs, policies, regulations, rules, executive orders, and statutes.
    The IHS must be able to give contractors whatever administrative 
information is necessary to fulfill their duties. In these situations, 
safeguards are provided in the contract prohibiting the contractor from 
using or disclosing the information for any purpose other than that 
described in the contract.
    2. The IHS may disclose information that is relevant to a suspected 
or reasonably imminent violation of the law whether civil, criminal, or 
regulatory in nature and whether arising by general or program statute 
or by regulation, rule, or order issued

[[Page 65566]]

pursuant thereto, to a Federal, State, local, or Tribal agency charged 
with the responsibility of investigating or prosecuting such violation, 
or charged with enforcing or implementing the statute, regulation, 
rule, or order. The IHS may also disclose the names and addresses of 
IHS patients to a Federal agency charged with the responsibility of 
investigating or prosecuting civil, criminal, or regulatory violations 
of law, or charged with enforcing or implementing the statute, 
regulation, or order issued pursuant thereto.
    The IHS must be able to comply with the requirements of agencies 
charged with enforcing the law and conducting investigations. The IHS 
must also be able to provide information to State or local agencies 
charged with protecting the public's health as set forth in State law.
    3. Disclosure may be made to the National Archives and Records 
Administration (NARA) and the General Services Administration (GSA) for 
it to perform its records management inspection responsibilities and 
its role as Archivist of the United States under authority of Title 44 
of the United States Code.
    In general, NARA is responsible for the physical maintenance and 
archiving of the Federal Government's records that are no longer 
actively used but which may be appropriate for preservation. The IHS 
must be able to turn records over to these agencies in order to 
determine the proper disposition of such records.
    4. Information may be disclosed to the United States Department of 
Justice or Assistant United States Attorneys in order to prosecute or 
defend litigation involving or pertaining to the United States, or in 
which the United States has an interest.
    5. IHS may disclose information from these records in litigations 
and/or proceedings related to an administrative claim when:
    a. IHS has determined that the use of such records is relevant and 
necessary to the litigation and/or proceedings related to an 
administrative claim and would help in the effective representation of 
the affected party listed in subsections (i) through (iv) below, and 
that such disclosure is compatible with the purpose for which the 
records were collected. Such disclosure may be made to the HHS/OGC, 
when any of the following is a party to litigation and/or proceedings 
related to an administrative claim or has an interest in the litigation 
and/or proceedings related to an administrative claim:
    (i) HHS or any component thereof; or
    (ii) Any HHS employee in his or her official capacity; or
    (iii) Any HHS employee in his or her individual capacity where the 
DOJ (or HHS, where it is authorized to do so) has agreed to represent 
the employee; or
    (iv) The United States or any agency thereof (other than HHS) where 
HHS/OGC has determined that the litigation and/or proceedings related 
to an administrative claim is likely to affect HHS or any of its 
    b. In the litigation and/or proceedings related to an 
administrative claim described in subsection (a) above, information 
from these records may be disclosed to a court or other tribunal, or to 
another party before such tribunal in response to an order of a court 
or administrative tribunal, provided that the covered entity discloses 
only the information expressly authorized by such order.
    6. Disclosure may be made to a Congressional office from this 
system of records in response to an inquiry from the Congressional 
office made at the request of the individual who is the subject of the 
records. For example, in special cases, an individual may request the 
help of a member of Congress to resolve an issue relating to a matter 
before the IHS. Consequently, the member of Congress may write the IHS, 
and the IHS must be able to give sufficient information to respond to 
the inquiry. If the issue involved the PHR, then the individual's PHR 
may need to be released to Congress, per that individual's request.
    7. Disclosure may be made to other Federal agencies to assist such 
agencies in preventing and detecting possible fraud or abuse by 
individuals in their operations and programs. This routine use permits 
disclosures by HHS to report a suspected incident of identity theft and 
provide information or documentation related to or in support of the 
reported incident.
    8. Information, including information about PHR use and user 
transactions accomplished via the Web site, may be provided to research 
investigators with IHS Institutional Review Board (IRB) and/or IHS 
Privacy Board approval. Disclosure of this information to research 
investigators will allow the IHS to evaluate the value of the PHR for 
purposes of system modification and improvement (i.e., to enhance, 
advance and promote both the function and the content of the PHR 
application), and for purposes of promoting patient self-management of 
health and improved health outcomes.
    9. Information may be disclosed to appropriate Federal agencies and 
Department contractors that have a need to know the information for the 
purpose of assisting HHS's efforts to respond to a suspected or 
confirmed breach of the security of confidentiality of information 
maintained in this system of records, if the information disclosed is 
relevant and necessary for that assistance.
    The IHS may disclose any information or records to appropriate 
agencies, entities, and persons when:
    a. It is suspected or confirmed that the integrity or 
confidentiality of information in the system of records has been 
    b. HHS has determined that as a result of the suspected or 
confirmed compromise, there is a risk of embarrassment or harm to the 
reputations of the record subjects, harm to economic or property 
interests, identity theft or fraud, or harm to the security, 
confidentiality, or integrity of this system or other systems or 
programs (whether maintained by HHS or another agency) that rely upon 
the compromised information; and
    c. The disclosure is to agencies, entities, or persons whom the IHS 
determines are reasonably necessary to assist or carry out HHS's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm. This routine use permits 
disclosures by HHS to respond to a suspected or confirmed data breach, 
including the conduct of any risk analysis or prevision of credit 
protection services.

    These administrative records are maintained on paper and electronic 
media, including hard drive disks, which are backed up to tape at 
regular intervals.

    Records may be retrieved by an individual's name, user ID, date of 
registration for IHS PHR electronic services, zip code, the IHS 
assigned MRN, date of birth and/or social security number, if provided.

    (Technical, Physical and Administrative):
    1. Access to and use of the IHS PHR is limited to those individuals 
whose roles or official duties require such access. The IHS has 
established security procedures for this system to ensure that access 
is appropriately limited. Information security officers and system data 
stewards review and authorize data

[[Page 65567]]

access requests. The IHS regulates data access with security software 
that authenticates IHS PHR users and requires individual unique codes 
and passwords. The IHS provides information security training to all 
staff and instructs staff on the responsibility each person has for 
safeguarding data confidentiality. The IHS regularly updates security 
standards and procedures that are applied to systems and individuals 
supporting this program.
    2. Physical access to computer rooms housing the PHR Administrative 
Records is restricted to authorized staff and protected by a variety of 
security devices. Unauthorized employees, contractors, and other staff 
are not allowed in computer rooms. The IHS uses contracted security 
personnel to provide physical security for the buildings housing 
computer systems and data centers.
    3. Data transmissions between operational systems and IHS PHR are 
protected by telecommunications software and hardware as prescribed by 
IHS standards and practices. This includes firewalls, encryption, and 
other security measures necessary to safeguard data as it travels 
across the IHS-Wide Area Network.
    4. Copies of back-up computer files are maintained at secure off-
site locations.

    Records are maintained and disposed of in accordance with the 
records disposition authority approved by the Archivist of the United 
States. Records from this system that are needed for audit purposes 
will be disposed of six (6) years after a user's account becomes 
inactive. Routine records will be disposed of when the agency 
determines they are no longer needed for administrative, legal, audit, 
or other operational purposes. These retention and disposal statements 
are pursuant to NARA General Records Schedules GRS 20, ``Electronic 
Records'', item 1c (found at Internet Web site address: http://www.archives.gov/records-mgmt/grs/grs20.html) and GRS 24, ``Information 
Technology Operations and Management Records'', item 6a, (found at 
Internet Web site address: http://www.archives.gov/records-mgmt/grs/grs24.html).

    Officials responsible for policies and procedures: Director, Office 
of Information Technology (OIT) and Director, Office of Clinical and 
Preventive Services (OCPS), IHS, 801 Thompson Avenue, Rockville, MD 
20852. Officials maintaining this system of records: The local IHS 
facility (address locations for IHS facilities are listed in IHS 
Appendix 1 of the IHS systems of records 09-17-0001 Medical, Health and 
Billings Records).

    Individuals who wish to determine whether a PHR is being maintained 
under their name in this system, or wish to access and determine the 
accuracy of the contents of such records, have several options:
    1. Submit a written request or apply in person to the IHS facility 
where the records are located. IHS facility location information can be 
found at http://www.IHS.GOV; or
    2. Submit a written request or apply in person to the local Privacy 
Act official at their facility or Area office. Inquiries should include 
the patient's full name, user ID, date of birth and return address.
    3. Individuals seeking to contest the accuracy of records in this 
system may also write or call their local IHS facility and/or submit to 
the local Privacy official the IHS 917 form (found at Internet Web 

    The sources of information for this system of records include the 
individuals covered by this notice and additional contributors, as 
listed below:
    1. All individuals who successfully register for a PHR account; and
    2. IHS staff and/or their contractors and subcontractors who may 
need to enter information into the system to initiate, support and 
maintain PHR electronic services for PHR users.


    Approved: Dated: October 22, 2012.
Yvette Roubideaux,
Director, Indian Health Service.
[FR Doc. 2012-26517 Filed 10-26-12; 8:45 am]