This PDF is the current document as it appeared on Public Inspection on 02/10/2015 at 08:45 am.
Notice is hereby given that the Department of State proposes to amend an existing system of records, Medical Records, State-24, pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a), and Office of Management and Budget Circular No. A-130, Appendix I.
This system of records will be effective March 23, 2015, unless we receive comments that will result in a contrary determination.
Any persons interested in commenting on the amended system of records may do so by writing to the Director; Office of Information Programs and Services, A/GIS/IPS; Department of State, SA-2; 515 22nd Street NW.; Washington, DC 20522-8100.Start Further Info
FOR FURTHER INFORMATION CONTACT:
John Hackett, Acting Director; Office of Information Programs and Services, A/GIS/IPS; Department of State, SA-2; 515 22nd Street NW.; Washington, DC 20522-8100, or at Privacy@state.gov.End Further Info End Preamble Start Supplemental Information
The Department of State proposes that the current system will retain the name “Medical Records” (previously published at 74 FR 24891). The information contained in these records is used to administer the Department of State's medical program. These records are utilized and reviewed by medical and administrative personnel of the Office of Medical Services (MED) in providing health care to the individuals eligible to participate in the medical program. The system also serves to record and monitor the current status of the professional credentials of Department of State Foreign Service, Civil Service and Locally Employed Staff healthcare providers. The proposed system will include modifications to the following sections: Categories of individuals, Categories of records, Safeguards, Retrievability, and administrative updates.
The Department's report was filed with the Office of Management and Budget. The amended system description, “Medical Records, State-24,” will read as set forth below.Start Signature
Joyce A. Barr,
Assistant Secretary for Administration, U.S. Department of State.
Department of State, Office of Medical Services, 2401 E Street NW., Washington, DC 20522 and all health units and other facilities of the Office of Medical Services, domestic and overseas; U.S. Coast Guard Operations Systems Center.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
U.S. Government employees and their family members, Locally Employed Staff, and any other individuals eligible to participate in the medical program of the U.S. Department of State as authorized by either section 904 of the Foreign Service Act of 1980 (22 U.S.C. 4084) or other applicable legal authority.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include full name; Social Security number; date of birth; address; email address; phone number; State Global Identifier (SGID); reports of medical examinations and related documents; reports of treatments and other health services rendered to individuals; narrative summaries of hospital treatments; personal medical histories; reports of on-the-job injuries or illnesses; reports on medical evacuation; and/or any other types of individually identifiable health information generated or used in the course of conducting health care operations. This system includes records that contain protected health information, and does not include records maintained by the Department of State and/or other employers in their capacity as employers. This system also includes certain records maintained as part of the Department's Employee Assistance Program pursuant to 5 CFR part 792.
The system also includes providers' professional credentials. This may include professional degrees, addresses, emails, and phone numbers for direct-hire Foreign Service, Civil Service medical personnel, and Locally Employed Staff. The system includes copies of professional credentials, including licenses, and certifications (Professional, Clinical, Drug Start Printed Page 7672Enforcement Administration (DEA), clinical privileges information, and National Provider Identifier (NPI)).
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The information contained in these records is used to administer the Department of State's medical program. These records are utilized and reviewed by medical and administrative personnel of the Office of Medical Services (MED) in providing health care to the individuals eligible to participate in the medical program. The system also serves to record and monitor the current status of the professional credentials of Department of State Foreign Service, Civil Service and Locally Employed Staff healthcare providers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The Department of State periodically publishes in the Federal Register its standard routine uses, which apply to all of its Privacy Act systems of records. These notices appear in the form of a Prefatory Statement. These standard routine uses apply to Medical Records, State-24.
The following are additional routine uses of information from these files, for which no authorization or opportunity to agree or object to disclosure is required by the subject of the information:
A. To another health care provider, a group health plan, a health insurance issuer, or a health maintenance organization for purposes of carrying out treatment, payment, or health care operations;
B. To a parent, guardian or other person acting in loco parentis with respect to the subject of the information;
C. To a health oversight agency or public health authority authorized by law to investigate or otherwise oversee the relevant conduct or conditions of the Department of State's medical program, or for such oversight activities as audits; civil, administrative, or criminal proceedings or actions; inspections; and licensure or disciplinary action;
D. To a public health authority (domestic or foreign) that is authorized by law to collect or receive protected health information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions;
E. To the U.S. Department of Health and Human Services (HHS), when required by the Secretary of HHS;
F. To the United States Coast Guard (USCG) Health, Safety & Work-Life (HSW), as necessary for maintenance of the Department of State's Electronic Health Record system;
G. To a public health authority or other appropriate government authority (domestic or foreign) authorized by law to receive reports of child abuse or neglect;
H. To a person subject to the jurisdiction of the Food and Drug Administration (FDA) with respect to an FDA-regulated product or activity for which that person has responsibility, for the purpose of activities related to the quality, safety, or effectiveness of such FDA-regulated product or activity;
I. To a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition, to the extent MED is authorized by law to notify such person and as necessary in the conduct of a public health intervention or investigation;
J. To a government authority (domestic or foreign), including a social service or protective services agency, authorized by law to receive reports of abuse, neglect or domestic violence (1) to the extent such a disclosure is required by law; (2) where in the exercise of professional judgment, the disclosure is necessary to prevent serious harm to the individual or other potential victims; or (3) where, if the subject of the information is incapacitated, a law enforcement, or other public official authorized to receive the report, represents that the information sought is not intended to be used against the individual and that an immediate enforcement activity that depends upon the disclosure would be adversely affected by waiting until the individual is able to agree to the disclosure;
K. To the Department of Justice, as required by law, for the purpose of submitting information to the National Instant Criminal Background Check System;
L. In the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal;
M. To a law enforcement official (1) as required by law or in compliance with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, a grand jury subpoena, or an administrative request, including an administrative subpoena or summons; (2) in response to a request for the purposes of identifying or locating a suspect, fugitive, material witness, or missing person; in response to a request for such information about an individual who is or is suspected to be a victim of a crime; (3) to provide notice of the death of an individual if there is a belief that the death may have resulted from criminal conduct; (4) where it is believed in good faith that such information constitutes evidence of criminal conduct; or (5) in response to an emergency, where it is believed such disclosure is necessary to alert law enforcement to the commission and nature of a crime, the location of such crime or of the victim(s) of such crime, and the identity, description, and location of the perpetrator of such crime;
N. As necessary in order to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat;
O. To authorized federal officials for the conduct of lawful intelligence, counter-intelligence, and other national security activities authorized by the National Security Act (50 U.S.C. 401, et seq.) and other applicable authorities (e.g., Executive Order 12333);
P. To authorized federal officials for the provision of protective services to the President or other persons authorized by 18 U.S.C. 3056 or to foreign heads of state or other persons authorized by 22 U.S.C. 2709(a)(3), or for the conduct of investigations authorized by 18 U.S.C. 871 and 879;
Q. To Department of State officials for the purposes of clearance and suitability determinations, including (1) for a national security clearance conducted pursuant to Executive Orders 10450 and 12698; (2) for medical clearance determinations, consistent with the Foreign Service Act, including sections 101(a)(4), 101(b)(5), 504, and 904;
R. To a medical transcription or translation service for MED's purposes of carrying out treatment or health care operations;
S. To a correctional institution or a law enforcement official having lawful custody of an individual, if the correctional institution or law enforcement official represents that such information is necessary for the provision of health care to such individual, the health and safety of other individuals (including others at the correctional institution), or the administration and maintenance of the safety, security, and good order of the correctional institution;Start Printed Page 7673
T. To a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties as authorized by law;
U. To appropriate domestic or foreign government officials (including but not limited to the U.S. Department of Labor), as authorized by and to the extent necessary to comply with laws relating to workers' compensation or other similar programs, established by law, that provide benefits for work-related injuries or illnesses without regard to fault.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
Records are stored in hard copy and electronic form.
By individual name and/or date of birth; by patient identification number and family unit number.
All users are given cyber security awareness training which covers the procedures for handling Sensitive but Unclassified information, including personally identifiable information (PII). Annual refresher training is mandatory. In addition, all Foreign Service and Civil Service employees and those Locally Employed Staff who handle PII are required to take the Foreign Service Institute distance learning course, PA 459, instructing employees on privacy and security requirements, including the rules of behavior for handling PII and the potential consequences if it is handled improperly. Before being granted access to medical records, a user must first be granted access to the Department of State computer system.
Remote access to the Department of State network from non-Department owned systems is authorized only to unclassified systems and only through a Department approved access program. Remote access to the network is configured with the Office of Management and Budget Memorandum M-07-16 security requirements, which include but are not limited to two-factor authentication and time out function.
All Department of State employees and contractors with authorized access have undergone a thorough background security investigation. Access to the Department of State, its annexes, and posts abroad is controlled by security guards and admission is limited to those individuals possessing a valid identification card or individuals under proper escort. All paper records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel only. Access to computerized files is password-protected and under the direct supervision of the system manager. The system manager has the capability of printing audit trails of access from the computer media, thereby permitting regular and ad hoc monitoring of computer usage. When it is determined that a user no longer needs access, the user account is disabled.
RETENTION AND DISPOSAL:
Records are retired and destroyed in accordance with published Department of State Records Disposition Schedules as approved by the National Archives and Records Administration (NARA). More specific information may be obtained by writing to the Director, Office of Information Programs and Services, A/GIS/IPS, SA-2, Department of State, 515 22nd Street NW., Washington, DC 20522-8100.
SYSTEM MANAGER(S) AND ADDRESS:
Executive Director, Office of Medical Services, Room L209, Department of State, 2401 E Street NW., Washington, DC 20522.
Individuals who have cause to believe that the Office of Medical Services might have medical records pertaining to them and want to request a copy of those medical records should write to Medical Records, Office of Medical Services, U.S. Department of State, 2401 E Street NW., Washington, DC 20522. Individuals who have cause to believe that the Office of Medical Services might have credential records pertaining to them and want to request a copy of those credential records should write to Quality Improvement, Office of Medical Services, U.S. Department of State, 2401 E Street NW., Washington, DC 20522. At a minimum, the individual requesting a copy of his or her medical records or credential records must include the following: name, date and place of birth, current mailing address and zip code, signature, a brief description of the circumstances that may have caused the creation of the records that are the subject of the request, and the approximate date(s) of those records.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access to or amend medical records pertaining to them should write to the Director, Office of Information Programs and Services (address above). Individuals who wish to gain access to or amend credential records pertaining to them should write to the Director, Office of Information Programs and Services (address above).
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest medical records pertaining to them should write to Medical Records, Office of Medical Services (address above). Individuals who wish to contest credential records pertaining to them should write to Quality Improvement, Office of Medical Services (address above).
RECORD SOURCE CATEGORIES:
Information contained in these records comes from the individual, hospitals, clinics, private medical providers, employers, and medical professionals employed by the Department of State.
SYSTEM EXEMPTED FROM CERTAIN PROVISIONS UNDER THE PRIVACY ACT:
None.End Supplemental Information
[FR Doc. 2015-02837 Filed 2-10-15; 8:45 am]
BILLING CODE 4710-36-P