Department of Health and Human Services.
Request for information.
To improve emergency preparedness, response and recovery efforts, HHS invites public comment on the availability or feasibility of private sector services through which individuals could voluntarily submit their personal information for storage so that they, their family members, or other designated individuals could access the information in an emergency. HHS invites all comments, suggestions, recommendations, and creative ideas on the establishment of voluntary nationwide services that can best offer this capability. This Request for Information (RFI) is intended to provide a synthesis of ideas for consideration, and it is not intended to be part of any procurement process.
Responses should be submitted to the Department of Health and Human Services on or before 5 p.m., EDT, July 24, 2006.
Electronic responses are preferred and should be addressed to Disaster_Storage_RFI@hhs.gov. Written responses will also be accepted. Please send to: Department of Health and Human Services, Room 434E, 200 Independence Avenue, SW., Washington, DC 20201, Attention: IMDA RFI Response.
A copy of this RFI is also available on the World Wide Web at http://www.hhs.gov/emergency/rfi/. Please follow the instructions for submitting responses.
Public Access: This RFI and all responses will be made available to the public in the HHS Public Reading Room, 200 Independence Avenue, SW., Washington, DC. Please call 202-690-7453 between 9 a.m. and 5 p.m. EDT to arrange access to the Public Reading Room. The RFI and all responses will also be made available on the World Wide Web at http://www.hhs.gov/emergency/rfi/. Any information you submit, including addresses, phone numbers, e-mail addresses, and personally identifiable information, will be made public. Do not send proprietary, commercial, financial, business confidential, trade secret, or personal information that should not be made public.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Dr. Helga Rippen, Secretary's Transformation Action Team for Preparedness, 202-690-7100.End Further Info End Preamble Start Supplemental Information
Hurricanes Katrina and Rita were two of the most devastating hurricanes ever recorded, affecting approximately 90,000 square miles and 1.5 million people. The hurricane and flooding caused the evacuation of the city of New Orleans, marking the first time a major American city has been completely evacuated. More than 700,000 households have received rental assistance from the Federal Emergency Management Agency, and more than 1.4 million families (over 4 million people) received emergency financial assistance from the American Red Cross. The hurricane did not discriminate among businesses, governments, and not-for-profit institutions: financial institutions, healthcare facilities, local courthouses, and academic institutions alike suffered devastating destruction. In many cases, significant personal and institutional records were lost.
In response to the loss and destruction of important documents experienced by the survivors of these hurricanes, the White House report, The Federal Response to Hurricane Katrina: Lessons Learned, recommended that the Federal government work with the private sector to encourage the development of a capacity to voluntarily store and retrieve personal information that would be useful in the event of a natural or manmade disaster, such as an earthquake, flood, pandemic influenza, or terrorist event. Specifically, the report recommended that the Federal government should:
encourage the private sector development of a capability for individuals to voluntarily submit their personal identifying information for virtual storage that citizens and their families could access during emergencies. The capability is best thought of as a 21st century version of a bank vault, with virtual safe deposit boxes for information. Disaster victims could access the virtually stored data to apply for Federal assistance, medical treatment, or insurance benefits. Because of the sensitivity of the personal data stored, strict privacy limitations and protections would be required.
Appendix A, Recommendation 66, at page 107. The White House report, The Federal Response to Hurricane Katrina: Lessons Learned, is available on the Start Printed Page 29643Web at http://www.whitehouse.gov/infocus/hurricane/.
This Request for Information is a first step in understanding the availability or feasibility of such services and how the Federal government might encourage citizens to voluntarily maintain critical information so that it can be accessed easily during an emergency. This Request for Information is not intended as a prelude to any procurement by the Federal government. Rather, it is intended to elicit suggestions from members of the public about capabilities that should be considered for maintaining personal information and to provide ideas for consideration as to how to encourage individuals and the private sector to take action in preparation for emergencies.
In particular, HHS seeks to understand the roles and responsibilities of individuals who provide and maintain this information, including the relationship between custodians and individuals who use their services. Respondents should differentiate between capabilities that already exist and those which are planned or desirable in the future.
A separate Request for Information will be published in the Federal Register seeking input about the availability or feasibility of electronic benefits services for disaster victims that would facilitate the provision of Federal, state, local, and non-governmental human assistance programs in an efficient manner.
HHS encourages all potentially interested parties—individuals, consumer groups, associations, governments, non-governmental organizations, and commercial entities—to respond. To facilitate review of the responses, please reference the question number in your response.
Questions for Response
1. Approach, Finance, Sustainability, and Roles
a. What models and options are currently available that provide or support the capability to provide ready access to critical documents during or following an emergency?
b. What models and options should be available, that are currently not available, to provide this service? Describe how this approach or model would work and illustrate with examples where useful.
c. How will such a service be made accessible to those it is intended to help?
d. How would accessibility for persons with special needs (e.g. persons with disabilities, persons who are not proficient in English) be ensured?
e. What ownership, management, governance, financing, and sustainability issues arise as a result of the recommended approach, and how should these issues be resolved?
f. How should the effort(s) be funded? Who should pay for the service and infrastructure?
2. Function, Capabilities, and Performance
a. What types of information do you view as relevant, necessary, or useful to access in an emergency (e.g., birth certificates, wills, medical information)? Of these types of information, which would be easy to deposit with the type of service contemplated in this Request for Information (RFI), which would be difficult, and why?
b. What is the best approach for storage and retrieval of this information?
c. What limits should there be on the availability of information via the service contemplated by this RFI, and how should those limits be implemented?
d. What are the necessary features, capabilities, and attributes of the service contemplated by this RFI?
e. How should this service support disaster survivors in providing documentation necessary to obtain Federal, local, and non-governmental disaster relief benefits?
f. What are the performance requirements of the service or the system that supports it?
g. What disclosures should be required and under what circumstances or conditions would such disclosures be made?
3. Rights, Rules, Responsibilities, and Enforcement
a. Whom do you view as the interested parties? How should interested parties interact? What are their roles and responsibilities?
b. What is an inappropriate disclosure? Who has liability for inappropriate or unlawful disclosures, or harms that come as a result of storage of personal data?
c. What enforcement mechanisms are appropriate to protect information, and who should be responsible for enforcement?
d. What rights should individuals who deposit their information have with respect to the custodian?
e. What rights should be assigned to custodians providing the service?
f. What data disclosure laws and policies should apply? Who will have access to the information, and under what circumstances?
g. What other types of rules should apply to the service?
h. What legal implications are there, if any, of storing electronic copies of important documents and making them available via such a service to those permitted to receive the information? If there are impediments, how should they be overcome? (For example, how will the contents of documents be authenticated?)
i. If residents of one State are permitted to store their documents in another State, how would protections travel across States?
4. Security and Standards
a. What administrative, technical, and physical security approaches should be considered?
b. What security standards mechanisms, if any, should be adopted by or imposed on the custodians?
c. How will access and authentication controls be implemented?
d. What technical, data, format, or performance standards should be considered?
e. How will the identity of the individual requesting information be verified?
5. Potential Federal Roles
a. What role, if any, should the Federal government play in encouraging the development of services whereby individuals can voluntarily deposit their personal identifying information for access during or following an emergency?
b. What role, if any, should the Federal government play in encouraging citizens to voluntarily collect and store their personal information for access during or following an emergency?
Please feel free to add any other comments, suggestions, or creative ideas to your response.Start Signature
Issued on May 17, 2006.
Deputy Assistant Secretary for Information Technology and Chief Information Officer.
[FR Doc. E6-7833 Filed 5-22-06; 8:45 am]
BILLING CODE 4150-37-P