Skip to Content

Notice

Privacy Act of 1974; Annual Publication of Systems of Records

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Agency for Healthcare Research and Quality.

ACTION:

Annual publication of HHS Privacy Act System notices.

SUMMARY:

The Agency for Healthcare Research and Quality (AHRQ) has conducted a comprehensive review of all Privacy Act systems of records and is publishing a Table of Contents of active systems and a comprehensive publication of all its active systems consolidating minor changes in accordance with the Office of Management and Budget Circular No. A-130, Appendix I, Federal Agency Responsibilities for Maintaining Records About Individuals.

End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

AHRQ has completed the annual review of its systems notices and has determined that minor changes are needed. AHRQ has consolidated such minor changes to make a comprehensive publication of all its system notices. Published below are: (1) A Table of Contents which lists all active systems of records in AHRQ, and (2) a complete text of all notices consolidating minor changes which affect the public's right or need to know, such as changes in the system location of records, the designation and address of system managers, clarification of system name, records retention and disposal, and minor editorial changes.

Start Signature

Dated: March 22, 2004.

Carolyn M. Clancy,

Director.

End Signature

Table of Contents

09-35-0001 Agency Management Information System/Grants (AMIS/GRANTS and CONTRACTS), HHS/AHRQ/OM.

09-35-0002 Agency for Healthcare Research and Quality, Medical Expenditure Panel Survey (MEPS) and National Medical Expenditure Survey 2 (NMES 2), HHS/AHRQ/CCFS.

* * * * *

09-35-0001

SYSTEM NAME:

Agency Management Information System/Grants (AMIS/GRANTS and CONTRACTS), HHA/AHRQ/OPART. The “Agency Management Information System/Grants and Contracts (AMIS/GRANTS and CONTRACTS), HHS/AHRQ/OM” was previously named the “Agency for Healthcare Research and Quality, Grants Information and Tracking System with Contracts Component (GIAnT), HHS/AHRQ/OM”.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

Agency for Healthcare Research and Quality, Office of Performance, Accountability, Resources and Technology, 540 Gaither Road, Rockville, Maryland 20850.

Program Support Center, Office of Management, Division of Acquisition Management, Parklawn Building, Room 5C-10, 5600 Fishers Lane, Rockville, Maryland 20857.

For a list of contractors, please write to the system manager at the address listed below.

Inactive records will be stored at: Washington National Records Center, 4205 Suitland Road, Suitland, Maryland 20746-8001.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains the names of research training and career development grant applicants and principal investigators, research training grant program directors, and research fellowship recipients; peer and other special reviewers; grant and contract project directors and other key personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:

Research grant, research training grant, research career development, research fellowship, and contract files, including applications, proposals, award notices, and summary comments of peer reviewers.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

AHRQ grants and contract administration authorities in Title IX of the Public Health Service (PHS) Act (42 Start Printed Page 17667U.S.C. 299-299c-6); Sec. 1142 of the Social Security Act (42 U.S.C. 1320b-12) and Sec. 487 PHS Act (42 U.S.C. 288) (National Research Service Awards).

PURPOSE(S):

The information in this system is used to facilitate day-to-day grants and contracts management operations and for purposes of review, analysis, planning and policy formulation by AHRQ staff members and by other components of DHHS which conduct research. AHRQ also may refer these records to the appropriate office in the Department for the purpose of monitoring payback; if necessary, debt collection; and investigation of alleged scientific misconduct.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES:

1. Disclosure may be made to a congressional office from the records of an individual in response to an inquiry from the congressional office made at the request of the individual.

2. The Department may disclose information from this system of records to the Department of Justice, to a court or other tribunal, when (a) HHS, or any component thereof; or (b) any HHS employee in his or her official capacity; or (c) any HHS employee in his or her individual capacity where the Department of Justice (or HHS, 5 where it is authorized to do so) has agreed to represent the employee; or (d) the United States or any agency thereof where HHS determines that the litigation is likely to affect HHS or any of its components, is a party to litigation or has an interest in such litigation, and HHS determines that the use of such records by the Department of Justice, the court or other tribunal, is relevant and necessary to the litigation and would help in the effective representation of the governmental party, provided, however, that in each case, HHS determines that such disclosure is compatible with the purpose of which the records were collected.

3. AHRQ may disclose information about an individual grant or contract application or fellowship applicant to credit reporting agencies to obtain a credit report in order to determine his/her credit worthiness.

4. Limited disclosures, pursuant to 5 U.S.C. 552a(b)(12), may be made from this system to “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681ff.) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) after the procedural prerequisites of 31 U.S.C. 3711 have been followed. The purpose of such disclosures is to aid in the collection of outstanding debts owed to the Federal Government, i.e., providing an incentive for delinquent debtors to pay the Government.

5. Disclosure may be made to the National Technical Information Service (NTIS), U.S. Department of Commerce, to contribute to the Smithsonian Science Information Exchange, for dissemination of scientific and fiscal information on funded awards (abstracts and relevant administrative and financial data.)

6. Disclosure may be made to qualified experts, not within the definition of Department employees, for opinions, as a part of the grant application or contract proposal review process.

7. Disclosure may be made to an AHRQ grantee or contractor for the purposes of (a) carrying out research, or (b) providing services relating to grant review, or for carrying out quality assessment, program evaluation, and/or management reviews. They will be required by written agreement to maintain Privacy Act safeguards with respect to such records.

8. Disclosure may be made to a Federal Agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit of the requesting agency, to the extent that the record is relevant and necessary to the requesting agency's decision on the matter.

9. Where Federal agencies having power to subpoena other Federal agencies' records, such as the Internal Revenue Service or the Civil Rights Commission, issue a subpoena to the Department for records in this system of records, the Department will make such records available.

10. Disclosure may be made to the cognizant Audit Agency for auditing.

11. In the event that a system of records maintained by the Department indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by statute or by regulation, rule or order issued pursuant thereto, the relevant records in the system of records may be referred for purposes of litigation, as a routine use, to the appropriate agency, whether Federal (e.g., the Department of Justice), or State (e.g., the State's Attorney General's Office) charged with the responsibility of investigating or processing such violation or charged with enforcing or implementing the statute or rule, regulation or order issued pursuant thereto.

12. Disclosure may be made to the grant/contractor institution in connection with performance or administration under the terms and condition of the award, or in connection with problems that might arise in performance or administration if an award is made on a grant/contract proposal.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage:

Records are stored on hard disks with magnetic tape backup as well as in manual files (file folders).

Retrievability:

Electronic records are retrievable by key data fields such as investigator name, application, grant or contract number. Paper records are retrievable by name of principal investigator and/or grant/contract number.

Safeguards:

1. Authorized users: All AHRQ staff working with grants or contracts have access to the system. Level of access is determined by individual need-to-know and electronic records are controlled by password access. Levels of access will be determined and granted by the System Manager. Only staff members of the Grants Management and Contracts Management have regular access to their Division's paper grant and contract files. Limited access to official grant and contract files is granted to other AHRQ and DHHS staff with need-to-know about AHRQ research projects, only with authorization of the responsible System Manager.

2. Physical safeguards: File servers and database servers are maintained in areas secured by combination lock. Data is backed up from hard drive to magnetic tape daily. Paper records are secured in locked file cabinets. All file cabinets and computer equipment are maintained under general Agency and building security.

3. Procedural safeguards: Access to electronic records by non-AHRQ personnel is through the Systems Manager only. DHHS staff may inspect AHRQ grant and contract records on a need-to-know basis only, with the approval of the responsible System Manager. Visitors are not left unattended in the office containing the files. Grant and contract records are either transmitted in sealed envelopes are hand-carried.

4. Technical safeguards: Initial electronic access is through the AHRQ Start Printed Page 17668local area network which is controlled by password. Subsequent levels of security exist for access to the Agency Management Information System/Grants and Contracts (AMIS/GRANTS and CONTRACTS) system itself and, within the system, individual users are granted appropriate levels of access (read only, read/write) depending upon individual need. Levels of access are granted by the System Manager.

Retention and Disposal:

The complete paper applications and proposals of unfunded grants and contracts will be retired to the Federal Records Retention Center approximately one year after grant or contract closeout date and subsequently disposed of in accordance with the records retention schedule. Paper records of funded grant applications and contracts and their respective files are retained at AHRQ for one year beyond the termination date of the grant or until after the final report is received, whichever is sooner. They are then retired to the Federal Records Center and disposed of twelve years after final payment in accordance with the National Archives and Records Administration General Records Schedule. The pertinent records retention control schedule may be obtained by writing a System Manager at the following address:

System Manager(s) and Address:

For administrative information: AMIS/GRANTS and CONTRACTS Policy-Coordinating Official/Administrator, 301-427-1439—(Information Technology Help Desk).

For grants information: Grants Management Officer, 301-427-1447.

For contracts information: Contracts Management Officer, 301-427-1780.

All System Managers are located at the following address: Office of Performance, Accountability, Resources and Technology, 540 Gaither Road, Rockville, Maryland 20850.

Notification Procedure:

To determine if a record exists, write to the System Manager at the above address. The requester must also verify his or her identity by providing either a notarization of the request or a written certification that the requester is who he or she claims to be. The requester should specify name or number of grant/contract. The requester must also sign a statement indicating an understanding that the knowing and willful request for acquisition of information from a protected record pertaining to an individual under false pretenses is a criminal offense under the Act, punishable by a five thousand dollar fine.

record access procedures:

Same as notification procedures. Requester should also reasonably specify the record contents being sought. Positive identification of the requester as above is required. Subject individuals may also request an accounting of disclosures that have been made of their record, if any.

contesting record procedures:

Contact the official at the address specified under the System Manager subheading above and reasonably identify the record, specify the information being contested, and state the corrective action sought and reason(s) for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

record source categories:

Grant applications, contractor project directors, reports and correspondence from the research community, and statements from grant review committees; consumer reporting agencies; DHHS System of Records 09-25-0036, Extramural Awards: IMPAC (Grant/Contract/Cooperative Agreement Information), HHS/NIH/DRG.

system exempted from certain provisions of the act:

No. 09-35-0002.

* * * * *

system name:

Medical Expenditure Panel Survey (MEPS) and National Medical Expenditure Survey 2 (NMES 2), HHS/AHRQ/CFACT.

security classification:

None.

system location:

Center for Financing, Access, and Cost Trends, AHRQ, 540 Gaither Road, Rockville, MD 20850.

categories of individuals covered by the system:

(1) Individuals and members of households selected by probability sampling techniques to be representative of the civilian non-institutionalized population of the United States; health care providers, staff responding on behalf of health insurers and the employers of members of sampled households; (2) residents and next-of-kin of such residents of nursing and personal care homes, selected by probability sampling techniques to be representative of residents of such homes, and facilities and the staff responding on behalf of such facilities.

categories of records in the system:

Records containing information on: (1) The incidence of illness and accidental injuries, prevalence of diseases and impairments, the extent of disability, the use, expenditures and sources of payment for health care services, and other characteristics of individuals obtained in household interviews (demographic and socioeconomic characteristics such as age, marital status, education, occupation and family income) and the names, telephone numbers and addresses of the responding staffs of health care providers, health insurers, and employers; (2) the utilization of long-term care, nursing home care, care in personal care homes through data on residents (demographic and social characteristics, health status and charges and sources of payment for care); through data facility characteristics (general characteristics, certification, services offered and corresponding expenses), and through data on next-of-kin or representative of residents (demographic and social characteristics, health status, and expenditures for health care of residents); and (3) Medicare claims records of members of sampled households and of sampled residents of nursing and personal care homes.

authority for maintenance of the system:

Section 913 and 306 of the Public Health Service (PHS) Act (42 U.S.C. 299b-2 and 242k(b)). Sections 924(c) and 308(d) of the PHS Act (42 U.S.C. 299c-3(c) and 242m(d)) provide authority for protecting restrictions on identifiable information about individuals.

PURPOSE(S):

The data are used in aggregated form for statistical and health services research purposes respecting analysis and evaluation of health care costs, and the accessibility, planning, organization, distribution, technology, utilization quality, and financing of health services and systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

The Department has contracted with private firms for the purpose of collecting, analyzing, aggregating, or otherwise refining records in this system. Relevant records are collected by and/or disclosed to such contractors. The contractors are required to maintain Privacy Act safeguards with respect to such records.

Start Printed Page 17669POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

File folders, magnetic tapes, CD ROM and secure network servers.

RETRIEVABILITY:

Information can be retrieved by respondent name and address. However, this information is not stored in routinely used analytic files.

SAFEGUARDS:

AHRQ and its contractors implement personnel, physical, and procedural safeguards as follows:

1. Authorized Users: Access is limited to persons authorized and needing to use the records, including project directors, contract officers, interviewers, health care researchers and analysts, statisticians, statistical clerks and data entry staff on the staffs of AHRQ and the MEPS contractors.

2. Physical safeguards: The hard-copy records are stored in locked safes, locked files, and locked offices when not in use. Computer terminals used to process identifiable data are located in secured areas and are accessible only to authorized users. Automated back-up files are stored in locked, fire proof safes.

3. Procedural safeguards: All employees of AHRQ and contractor personnel with access to AHRQ records are required, as a condition of employment, to sign an affidavit, acknowledging AHRQ's confidentiality statute and penalty provision and binding themselves to nondisclosure of individually identifiable information. Periodic training sessions are conducted to reinforce the statutorily-based confidentiality restrictions. Actual identifiers are maintained in separate files linked only if there is specific need as authorized by the System Manager. Data stored in computers both at AHRQ and the contractor sites are accessed through the use of passwords/keywords unique to each user and changed at least every 45 days. An automated audit trail will be maintained. Contractors who maintain records in this system are instructed to make no further disclosure of the records other than those requested by AHRQ/CFACT. Privacy Act requirements and the restrictions of 42 U.S.C. 242m(d) are specifically included in contracts for survey, research and data processing activities related to this system. The DHHS project directors, contract officers and project officers oversee compliance with these confidentially and security requirements.

4. These safeguards are in accordance with chapter 45-13, “Safeguarding Records Contained in Systems of Records,” of the HHS General Administration Manual, supplementary chapter PHS hf. 45-13; Part 6, “ADP Systems Security,” of the HHS ADP Systems Manual, and the National Bureau of Standards Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).

RETENTION AND DISPOSAL:

Hard-copy records will be burned or shredded following verification that such data were correctly entered into a machine readable format.

SYSTEM MANAGER(S) AND ADDRESS:

Director, Division of Survey Operations, CFACT/AHRQ, 540 Gaither Road, Rockville, MD. 20850

Notification Procedure:

To determine if a record exists, write to the System Manager, giving your full name and address.

Record Access Procedures:

The system is exempt from the requirements of the Privacy Act; however, a subject individual may be granted access to his/her records at the System's Manager's discretion. Positive identification is required from anyone seeking such access.

Contesting Record Procedures:

If access has been granted and some information is being contested, contact the System Manager and reasonably identify the record, specify the contested information, and state the corrective action sought, with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

Record Source Categories:

Respondents in the survey samples including: members of households, physicians, hospitals, health insurers, employers, staff of nursing and personal care homes, the next-of-kin of residents of such homes and facilities, and Systems 09-70-0005, Medicare Bill File (Statistics), HHS/HCFA/BDMS.

Systems Exempted From Certain Provisions of the Act:

With respect to this system of records, exemption has been granted from the requirements contained in subsections 552a(c)(3), (d)(1) through (4) and (e)(4)(G) and (H), in accordance with the provisions of subsection 552a(k)(4) of the Privacy Act of 1974. This system has been exempted because it contains only records which are required by statute to be maintained and used solely as statistical records.

End Supplemental Information

[FR Doc. 04-7653 Filed 4-2-04; 8:45 am]

BILLING CODE 4160-90-M