[Federal Register Volume 62, Number 19 (Wednesday, January 29, 1997)]
[Rules and Regulations]
[Pages 4142-4163]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-1271]
=======================================================================
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
20 CFR Parts 401, 402, and 422
RIN 0960-AE24
Privacy and Disclosure of Official Records and Information;
Availability of Information and Records to the Public
AGENCY: Social Security Administration.
ACTION: Final rules.
-----------------------------------------------------------------------
SUMMARY: The Social Security Administration (SSA) was formerly an
operating division of the Department of Health and Human Services
(HHS). Under that organizational structure, SSA followed the HHS
regulations on privacy (45 CFR part 5b) as supplemented by regulations
specific to SSA included in 20 CFR part 401, ``Disclosure of Official
Records and Information'' and the HHS regulations on freedom of
information (45 CFR part 5) as supplemented by specific rules on
availability of information to the public (20 CFR part 422, subpart E).
However, SSA became an independent agency on March 31, 1995.
Accordingly, we are promulgating our own regulations on privacy and on
availability of information by duplicating much of the HHS regulations
on privacy and on freedom of information and merging them with our
regulations on disclosure and availability of information. No
substantive changes are intended. This will result in a revised part
401 in 20 CFR and a new part 402 in 20 CFR which will include our rules
implementing the Privacy Act and our rules on disclosure. These new
rules will be independent of HHS regulations, and will enable us to
remove our availability regulations from 20 CFR part 422, subpart E.
EFFECTIVE DATE: These regulations are effective January 29, 1997.
FOR FURTHER INFORMATION CONTACT: Henry D. Lerner, Legal Assistant, 3-B-
1 Operations Building, 6401 Security Boulevard, Baltimore, MD 21235,
(410) 965-1762 for information about these rules. For information on
eligibility or claiming benefits, call our national toll-free number 1-
800-772-1213.
SUPPLEMENTARY INFORMATION: Public Law 103-296, the Social Security
Independence and Program Improvements Act of 1994, established SSA as
an independent agency apart from HHS. Section 106(b) of that Act
provides that all rules and regulations issued for functions which were
exercised by the Secretary of Health and Human Services and are now
vested in the Commissioner of Social Security continue in effect until
modified by the Commissioner.
Disclosure of Official Records and Information
HHS Regulations at 45 CFR part 5b contain rules that SSA follows in
administering the Privacy Act. 20 CFR part 401, ``Disclosure of
Official Records and Information,'' includes rules specific to SSA
which supplement these HHS regulations. Now that SSA is an independent
agency, we are publishing regulations which modify HHS regulations to
reflect only structural and procedural differences between the two
agencies. Thus the new regulations, which are a revised part 401 of 20
CFR, duplicate much of the existing 45 CFR part 5b and 20 CFR part 401.
In this revised part 401, we clarify existing rules in 20 CFR and
45 CFR by replacing the passive voice with the active and by relocating
and redesignating some text. Additionally, we have not carried over
text in 45 CFR part 5b which does not pertain to SSA.
We have not duplicated 45 CFR 5b.12(c) because it pertains to
contracts amended by July 1, 1976 and is therefore obsolete. We have
not included Appendix B to part 5b because it is obsolete. As required
by the Privacy Act, SSA currently publishes in the Federal Register
comprehensive routine use disclosures for each of the systems of
records it maintains.
Availability of Information and Records to the Public
Regulations at 45 CFR part 5 contain the rules that HHS follows in
handling requests for records under the Freedom of Information Act.
These regulations
[[Page 4143]]
are supplemented by HHS regulations specific to SSA at 20 CFR part 422,
subpart E on the availability of SSA records to the public. We have
other regulations, i.e., 20 CFR part 401, which provide rules we follow
in deciding whether we can disclose or provide access to personal
information in SSA's benefit records.
Now that SSA is an independent agency, we are publishing
regulations which modify HHS regulations to reflect only structural and
procedural differences between the two agencies. Thus the subject
regulations, which are a new part 402 of 20 CFR, duplicate much of the
existing 45 CFR part 5 and 20 CFR part 422, subpart E. Since these new
regulations adopt all the necessary provisions of subpart E, we are
removing that subpart.
In this new part 402, we clarify existing rules in 20 CFR and 45
CFR by replacing the passive voice with the active and by relocating
and redesignating some text. Additionally, we have not duplicated text
in 45 CFR part 5 which does not pertain to SSA, e.g., 45 CFR 5.3 on the
scope of the HHS Freedom of Information regulations.
In the new sections 402.35 and 402.50, we are updating the existing
20 CFR 422.406(a)(4) to indicate that the listing of administrative
staff manuals and instructions to staff that affect the public are no
longer published in the Social Security Rulings, but are published in
the Index of Administrative Staff Manuals and Instructions which is
available for inspection at social security offices.
In the new section 402.135, we are not including the current
section 422.428 reference to the HHS Regional Office Public Affairs
Directors because those individuals are no longer involved in the
processing of requests for SSA records.
The existing section 422.444 shows the Director, Office of Public
Inquiries as the official who may deny a request for records. Since
that official no longer has such responsibility, the new section
402.190 shows the Director, Office of Disclosure Policy as the
appropriate official.
Regulatory Procedures
As authorized by 5 U.S.C. 553(d)(3), we find good cause for
dispensing with the 30-day delay in the effective date of a substantive
rule. As explained above, these regulations do no more than merge
existing HHS and SSA regulations and create new rules by merging
existing HHS and SSA regulations without any substantive changes. Thus,
we find that it is in the public interest to make these regulations
effective upon publication.
Justification for Final Rules
When required, we follow the notice of proposed rulemaking and
public comment procedures specified in the Administrative Procedure Act
(APA), 5 U.S.C. 553. The APA provides exceptions to its notice and
comment procedures when an agency finds there is good cause for
dispensing with such procedures because they are impracticable,
unnecessary, or contrary to the public interest. We have determined
that, under 5 U.S.C. 553 (b)(B), good cause exists for dispensing with
the notice of proposed rulemaking and public comment procedures in this
case. We are duplicating, without substantive change, much of the
existing regulations on the Privacy Act, disclosure of official records
and information, the Freedom of Information Act and availability of
information, and are merging those materials into a revised part and a
new CFR part. Therefore, opportunity for prior comment is unnecessary
and we are issuing revised part 401 and a new part 402 to 20 CFR as
final rules.
Executive Order No. 12866
We have consulted with the Office of Management and Budget (OMB)
and determined that these rules do not meet the criteria for a
significant regulatory action under Executive Order 12866. Thus, they
were not subject to OMB review.
Regulatory Flexibility Act
The Regulatory Flexibility Act, 5 U.S.C. 601 et seq., requires the
preparation of a regulatory flexibility analysis for any rule which is
likely to have significant economic impact on a substantial number of
small entities. These regulations restate existing policies and
procedures on availability of information to the public and do not
contain any new policies or procedures which would impact the public.
Therefore, the undersigned hereby certifies that these regulations will
not have a significant economic impact on a substantial number of small
entities in accordance with 5 U.S.C. 605(b). Thus, a regulatory
flexibility analysis has not been prepared.
Paperwork Reduction Act
This final rule contains reporting requirements in part 401,
Secs. 401.40, 401.55, 401.65, and reporting/recordkeeping requirements
in Sec. 401.100. There are also reporting requirements in part 402,
Secs. 402.130 and 402.185. We have submitted these collection
requirements to OMB for its review under section 3507(d) of the
Paperwork Reduction Act of 1995.
(Catalog of Federal Domestic Assistance Program Nos. 96.001 Social
Security-Disability Insurance; 96.002 Social Security-Retirement
Insurance; 96.004 Social Security-Survivors Insurance; 96.006
Supplemental Security Income)
List of Subjects
20 CFR Part 401
Administrative practice and procedure, Archives and records,
Privacy Act.
20 CFR Part 402
Administrative practice and procedure, Archives and records,
Freedom of information.
20 CFR Part 422
Administrative practice and procedure, Freedom of information,
Privact Act.
Dated: January 7, 1997.
Shirley Chater,
Commissioner of Social Security.
For the reasons set out in the preamble, 20 CFR chapter III is
amended as follows:
1. Part 401 is revised to read as follows:
PART 401--PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND
INFORMATION
Subpart A--General
Sec.
401.5 Purpose.
401.10 Applicability.
401.15 Limitations on scope.
401.20 Scope.
401.25 Terms defined.
Subpart B--The Privacy Act
401.30 Privacy Act responsibilities.
401.35 Your right to request records.
401.40 How to get your own records.
401.45 Verifying your identity.
401.50 Granting notification of or access to a record.
401.55 Special procedures for notification of or access to medical
records.
401.60 Access or notification of program records about two or more
individuals.
401.65 How to correct your record.
401.70 Appeals of refusals to correct or amend records.
401.75 Rights of parents or legal guardians.
401.80 Accounting for disclosures.
401.85 Exempt systems.
401.90 Contractors.
401.95 Fees.
Subpart C--Disclosure of Official Records and Information
401.100 Disclosure of records with the consent of the subject of
the record.
401.105 Disclosure of personal information without the consent of
the subject of the record.
401.110 Disclosure of personal information in nonprogram records
without the consent of the subject of the record.
[[Page 4144]]
401.115 Disclosure of personal information in program records
without the consent of the subject of the record.
401.120 Disclosures required by law.
401.125 Disclosures prohibited by law.
401.130 Freedom of Information Act.
401.135 Other laws.
401.140 General principles.
401.145 Safeguards against unauthorized redisclosure or use.
401.150 Compatible purposes.
401.155 Law enforcement purposes.
401.160 Health or safety.
401.165 Statistical and research activities.
401.170 Congress.
401.175 General Accounting Office.
401.180 Courts.
401.185 Other specific recipients.
401.190 Deceased persons.
401.195 Situations not specified in this part.
401.200 Blood donor locator service.
Appendix A to Part 401--Employee Standards of Conduct
Authority: Secs. 205, 702(a)(5), 1106, and 1141 of the Social
Security Act (42 U.S.C. 405, 902(a)(5), 1306, and 1320b-11); 5
U.S.C. 552 and 552a; 8 U.S.C. 1360; 26 U.S.C. 6103; 30 U.S.C. 923.
Subpart A--General
Sec. 401.5 Purpose of the regulations.
(a) General. The purpose of this part is to describe the Social
Security Administration (SSA) policies and procedures for implementing
the requirements of the Privacy Act of 1974, 5 U.S.C. 552a and section
1106 of the Social Security Act concerning disclosure of information
about individuals, both with and without their consent. This part also
complies with other applicable statutes.
(b) Privacy. This part implements the Privacy Act by establishing
agency policies and procedures for the maintenance of records. This
part also establishes agency policies and procedures under which you
can ask us whether we maintain records about you or obtain access to
your records. Additionally, this part establishes policies and
procedures under which you may seek to have your record corrected or
amended if you believe that your record is not accurate, timely,
complete, or relevant.
(c) Disclosure. This part also sets out the general guidelines
which we follow in deciding whether to make disclosures. However, we
must examine the facts of each case separately to decide if we should
disclose the information or keep it confidential.
Sec. 401.10 Applicability.
(a) SSA. All SSA employees and components are governed by this
part. SSA employees governed by this part include all regular and
special government employees of SSA; experts and consultants whose
temporary (not in excess of 1 year) or intermittent services have been
procured by SSA by contract pursuant to 5 U.S.C. 3109; volunteers where
acceptance of their services are authorized by law; those individuals
performing gratuitous services as permitted under conditions prescribed
by the Office of Personnel Management; and, participants in work-study
or training programs.
(b) Other entities. This part also applies to advisory committees
and councils within the meaning of the Federal Advisory Committee Act
which provide advice to: Any official or component of SSA; or the
President and for which SSA has been delegated responsibility for
providing services.
Sec. 401.15 Limitations on scope.
The regulations in this part do not--
(a) Make available to an individual records which are not retrieved
by that individual's name or other personal identifier.
(b) Make available to the general public records which are
retrieved by an individual's name or other personal identifier or make
available to the general public records which would otherwise not be
available to the general public under the Freedom of Information Act, 5
U.S.C. 552, and part 402 of this title.
(c) Govern the maintenance or disclosure of, notification about or
access to, records in the possession of SSA which are subject to the
regulations of another agency, such as personnel records which are part
of a system of records administered by the Office of Personnel
Management.
(d) Apply to grantees, including State and local governments or
subdivisions thereof, administering federally funded programs.
(e) Make available records compiled by SSA in reasonable
anticipation of court litigation or formal administrative proceedings.
The availability of such records to the general public or to any
subject individual or party to such litigation or proceedings shall be
governed by applicable constitutional principles, rules of discovery,
and applicable regulations of the agency.
Sec. 401.20 Scope.
(a) Privacy. Sections 401.30 through 401.95, which set out SSA's
rules for implementing the Privacy Act, apply to all agency records
accessed by an individual's name or personal identifier subject to the
Privacy Act.
(b) Disclosure--(1) Program records. Regulations that apply to the
disclosure of information about an individual contained in SSA's
program records are set out in Secs. 401.100 through 401.103 and
401.115 through 401.195. These regulations also apply to the disclosure
of other Federal program information which SSA maintains. That
information includes:
(i) Health insurance records which SSA maintains for the Health
Care Financing Administration's (HCFA) programs under title XVIII of
the Social Security Act. We will disclose these records to HCFA. HCFA
may redisclose these records under the regulations applying to records
in HCFA's custody;
(ii) Black lung benefit records which SSA maintains for the
administration of the Federal Coal Mine Health and Safety Act;
(However, this information is not covered by section 1106 of the Social
Security Act.) and
(iii) Records kept by consultants. Information retained by a
medical, psychological or vocational professional concerning an
examination performed under contract in the social security program
shall not be disclosed except as permitted by this part.
(2) Nonprogram records. Section 401.110 sets out rules applicable
to the disclosure of nonprogram records, e.g., SSA's administrative and
personnel records.
Sec. 401.25 Terms defined.
Access means making a record available to a subject individual.
Act means the Social Security Act.
Agency means the Social Security Administration.
Commissioner means the Commissioner of Social Security.
Disclosure means making a record about an individual available to
or releasing it to another party.
FOIA means the Freedom of Information Act.
Individual when used in connection with the Privacy Act or for
disclosure of nonprogram records, means a living person who is a
citizen of the United States or an alien lawfully admitted for
permanent residence. It does not include persons such as sole
proprietorships, partnerships, or corporations. A business firm which
is identified by the name of one or more persons is not an individual.
When used in connection with the rules governing program information,
individual means a living natural person; this does not include
corporations, partnerships, and unincorporated business or professional
groups of two or more persons.
Information means information about an individual, and includes,
but is not limited to, vital statistics; race, sex, or other physical
characteristics; earnings information; professional fees paid to an
[[Page 4145]]
individual and other financial information; benefit data or other
claims information; the social security number, employer identification
number, or other individual identifier; address; phone number; medical
information, including psychological or psychiatric information or lay
information used in a medical determination; and information about
marital and family relationships and other personal relationships.
Maintain means to establish, collect, use, or disseminate when used
in connection with the term record; and, to have control over or
responsibility for a system of records when used in connection with the
term system of records.
Notification means communication to an individual whether he is a
subject individual. (Subject individual is defined further on in this
section.)
Program Information means personal information and records
collected and compiled by SSA in order to discharge its
responsibilities under titles I, II, IV part A, X, XI, XIV, XVI and
XVIII of the Act and parts B and C of the Federal Coal Mine Health and
Safety Act.
Record means any item, collection, or grouping of information about
an individual that is maintained by SSA including, but not limited to,
information such as an individual's education, financial transactions,
medical history, and criminal or employment history that contains the
individual's name, or an identifying number, symbol, or any other means
by which an individual can be identified. When used in this part,
record means only a record which is in a system of records.
Routine use means the disclosure of a record outside SSA, without
the consent of the subject individual, for a purpose which is
compatible with the purpose for which the record was collected. It
includes disclosures required to be made by statutes other than the
Freedom of Information Act, 5 U.S.C. 552. It does not include
disclosures which the Privacy Act otherwise permits without the consent
of the subject individual and without regard to whether they are
compatible with the purpose for which the information is collected,
such as disclosures to the Bureau of the Census, the General Accounting
Office, or to Congress.
Social Security Administration (SSA) means (1) that Federal agency
which has administrative responsibilities under titles, I, II, X, XI,
XIV, XVI, and XVIII of the Act; and (2) units of State governments
which make determinations under agreements made under sections 221 and
1633 of the Act.
Social Security program means any program or provision of law which
SSA is responsible for administering, including the Freedom of
Information Act and Privacy Act. This includes our responsibilities
under parts B and C of the Federal Coal Mine Health and Safety Act.
Statistical record means a record maintained for statistical
research or reporting purposes only and not maintained to make
determinations about a particular subject individual.
Subject individual means the person to whom a record pertains.
System of records means a group of records under our control from
which information about an individual is retrieved by the name of the
individual or by an identifying number, symbol, or other identifying
particular. Single records or groups of records which are not retrieved
by a personal identifier are not part of a system of records. Papers
maintained by individual Agency employees which are prepared,
maintained, or discarded at the discretion of the employee and which
are not subject to the Federal Records Act, 44 U.S.C. 2901, are not
part of a system of records; provided, that such personal papers are
not used by the employee or the Agency to determine any rights,
benefits, or privileges of individuals.
We and our mean the Social Security Administration.
Subpart B--The Privacy Act
Sec. 401.30 Privacy Act responsibilities.
(a) Policy. Our policy is to protect the privacy of individuals to
the fullest extent possible while nonetheless permitting the exchange
of records required to fulfill our administrative and program
responsibilities, and responsibilities for disclosing records which the
general public is entitled to have under the Freedom of Information
Act, 5 U.S.C. 552, and 20 CFR part 402.
(b) Maintenance of Records. We will maintain no record unless:
(1) It is relevant and necessary to accomplish an SSA function
which is required to be accomplished by statute or Executive Order;
(2) We obtain the information in the record, as much as it is
practicable, from the subject individual if we may use the record to
determine an individual's rights, benefits or privileges under Federal
programs;
(3) We inform the individual providing the record to us of the
authority for our asking him or her to provide the record (including
whether providing the record is mandatory or voluntary, the principal
purpose for maintaining the record, the routine uses for the record,
and what effect his or her refusal to provide the record may have on
him or her). Further, the individual agrees to provide the record, if
the individual is not required by statute or Executive Order to do so.
(c) First Amendment rights. We will keep no record which describes
how an individual exercises rights guaranteed by the First Amendment
unless we are expressly authorized:
(1) By statute,
(2) By the subject individual, or
(3) Unless pertinent to and within the scope of an authorized law
enforcement activity.
Sec. 401.35 Your right to request records.
The Privacy Act gives you the right to direct access to most
records about yourself that are in our systems of records. Exceptions
to this Privacy Act right include--
(a) Special procedures for access to certain medical records (see 5
U.S.C. 552a(f)(3) and Sec. 401.55);
(b) Unavailability of certain criminal law enforcement records (see
5 U.S.C. 552a(k), and Sec. 401.85); and
(c) Unavailability of records compiled in reasonable anticipation
of a court action or formal administrative proceeding.
Note to Sec. 401.35: The Freedom of Information Act (see 20 CFR
part 402) allows you to request information from SSA whether or not
it is in a system of records.
Sec. 401.40 How to get your own records.
(a) Your right to notification and access. Subject to the
provisions governing medical records in Sec. 401.55, you may ask for
notification of or access to any record about yourself that is in an
SSA system of records. If you are a minor, you may get information
about yourself under the same rules as for an adult. Under the Privacy
Act, if you are the parent or guardian of a minor, or the legal
guardian of someone who has been declared legally incompetent, and you
are acting on his or her behalf, you may ask for information about that
individual. You may be accompanied by another individual of your choice
when you request access to a record in person, provided that you
affirmatively authorize the presence of such other individual during
any discussion of a record to which you are requesting access.
(b) Identifying the records. At the time of your request, you must
specify which systems of records you wish to have searched and the
records to which you wish to have access. You may also request copies
of all or any such records. Also, we may ask you to
[[Page 4146]]
provide sufficient particulars to enable us to distinguish between
records on individuals with the same name. The necessary particulars
are set forth in the notices of systems of records which are published
in the Federal Register.
(c) Requesting notification or access. To request notification of
or access to a record, you may visit your local social security office
or write to the manager of the SSA system of records. The name and
address of the manager of the system is part of the notice of systems
of records. Every local social security office keeps a copy of the
Federal Register containing that notice. That office can also help you
get access to your record. You do not need to use any special form to
ask for a record about you in our files, but your request must give
enough identifying information about the record you want to enable us
to find your particular record. This identifying information should
include the system of records in which the record is located and the
name and social security number (or other identifier) under which the
record is filed. We do not honor requests for all records, all
information, or similar blanket requests. Before granting notification
of or access to a record, we may, if you are making your request in
person, require you to put your request in writing if you have not
already done so.
Sec. 401.45 Verifying your identity.
(a) When required. Unless you are making a request for notification
of or access to a record in person, and you are personally known to the
SSA representative, you must verify your identity in accordance with
paragraph (b) of this section if:
(1) You make a request for notification of a record and we
determine that the mere notice of the existence of the record would be
a clearly unwarranted invasion of privacy if disclosed to someone other
than the subject individual; or,
(2) You make a request for access to a record which is not required
to be disclosed to the general public under the Freedom of Information
Act, 5 U.S.C. 552, and part 402 of this chapter.
(b) Manner of verifying identity--(1) Request in person. If you
make a request to us in person, you must provide at least one piece of
tangible identification such as a driver's license, passport, alien or
voter registration card, or union card to verify your identity. If you
do not have identification papers to verify your identity, you must
certify in writing that you are the individual who you claim to be and
that you understand that the knowing and willful request for or
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense.
(2) Request by telephone. If you make a request by telephone, you
must verify your identity by providing identifying particulars which
parallel the record to which notification or access is being sought. If
we determine that the particulars provided by telephone are
insufficient, you will be required to submit your request in writing or
in person. We will not accept telephone requests where an individual is
requesting notification of or access to sensitive records such as
medical records.
(3) Requests not in person. Except as provided in paragraph (b)(2)
of this section, if you do not make a request in person, you must
submit a notarized request to SSA to verify your identity or you must
certify in your request that you are the individual you claim to be and
that you understand that the knowing and willful request for or
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense.
(4) Requests on behalf of another. If you make a request on behalf
of a minor or legal incompetent as authorized under Sec. 401.40, you
must verify your relationship to the minor or legal incompetent, in
addition to verifying your own identity, by providing a copy of the
minor's birth certificate, a court order, or other competent evidence
of guardianship to SSA; except that you are not required to verify your
relationship to the minor or legal incompetent when you are not
required to verify your own identity or when evidence of your
relationship to the minor or legal incompetent has been previously
given to SSA.
(5) Medical records--additional verification. You need to further
verify your identity if you are requesting notification of or access to
sensitive records such as medical records. Any information for further
verification must parallel the information in the record to which
notification or access is being sought. Such further verification may
include such particulars as the date or place of birth, names of
parents, name of employer or the specific times the individual received
medical treatment.
Sec. 401.50 Granting notification of or access to a record.
(a) General. Subject to the provisions governing medical records in
Sec. 401.55 and the provisions governing exempt systems in Sec. 401.85,
upon receipt of your request for notification of or access to a record
and verification of your identity, we will review your request and
grant notification or access to a record, if you are the subject of the
record.
(b) Our delay in responding. If we determine that we will have to
delay responding to your request because of the number of requests we
are processing, a breakdown of equipment, shortage of personnel,
storage of records in other locations, etc., we will so inform you and
tell you when notification or access will be granted.
Sec. 401.55 Special procedures for notification of or access to
medical records.
(a) General. In general, you have a right to notification of or
access to your medical records, including psychological records, as
well as to other records pertaining to you that we maintain. In this
section, we set forth special procedures as permitted by the Privacy
Act for notification of or access to medical records, including a
special procedure for notification of or access to medical records of
minors.
(b) Medical records procedures.--(1) Notification of or access to
medical records. (i) You may request notification of or access to a
medical record pertaining to you. Unless you are a parent or guardian
requesting notification of or access to a minor's medical record, you
must make a request for a medical record in accordance with this
section and the procedures in Secs. 401.45 through 401.50 of this part.
(ii) When you request medical information about yourself, you must
also name a representative in writing. The representative may be a
physician, other health professional, or other responsible individual
who would be willing to review the record and inform you of its
contents at your representative's discretion. If you do not designate a
representative, we may decline to release the requested information. In
some cases, it may be possible to release medical information directly
to you rather than to your representative.
(2) Utilization of the designated representative. You will be
granted direct access to your medical record if we can determine that
direct access is not likely to have an adverse effect on you. If we
believe that we are not qualified to determine, or if we do determine,
that direct access to you is likely to have an adverse effect, the
record will be sent to the designated representative. We will inform
you in writing that the record has been sent.
(c) Medical records of minors.--(1) Requests by minors;
notification of or access to medical records to minors. A minor may
request notification of or
[[Page 4147]]
access to a medical record pertaining to him or her in accordance with
paragraph (b) of this section.
(2) Requests on a minor's behalf; notification of or access to
medical records to an individual on a minor's behalf. (i) To protect
the privacy of a minor, we will not give to a parent or guardian direct
notification of or access to a minor's record, even though the parent
or guardian who requests such notification or access is authorized to
act on a minor's behalf as provided in Sec. 401.75 of this part.
(ii) A parent or guardian must make all requests for notification
of or access to a minor's medical record in accordance with this
paragraph and the procedures in Secs. 401.45 through 401.50 of this
part. A parent or guardian must at the time he or she makes a request
designate a family physician or other health professional (other than a
family member) to whom the record, if any, will be sent. If the parent
or guardian will not designate a representative, we will decline to
release the requested information.
(iii) Where a medical record on the minor exists, we will in all
cases send it to the physician or health professional designated by the
parent or guardian. If disclosure of the record would constitute an
invasion of the minor's privacy, we will bring that fact to the
attention of the physician or health professional to whom we send the
record. We will ask the physician or health professional to consider
the effect that disclosure of the record to the parent or guardian
would have on the minor when the physician or health professional
determines whether the minor's medical record should be made available
to the parent or guardian. We will respond in substantially the
following form to the parent or guardian making the request:
We have completed processing your request for notification of or
access to
________________________________'s
(Name of minor)
medical records. Please be informed that if any medical record was
found pertaining to that individual, it has been sent to your
designated physician or health professional.
(iv) In each case where we send a minor's medical record to a
physician or health professional, we will make reasonable efforts to
inform the minor that we have given the record to the representative.
(d) Requests on behalf of an incapacitated adult. If you are the
legal guardian of an adult who has been declared legally incompetent,
you may receive his or her records directly.
Sec. 401.60 Access or notification of program records about two or
more individuals.
When information about two or more individuals is in one record
filed under your social security number, you may receive the
information about you and the fact of entitlement and the amount of
benefits payable to other persons based on your record. You may receive
information about yourself or others, which is filed under someone
else's social security number, if that information affects your
entitlement to social security benefits or the amount of those
benefits.
Sec. 401.65 How to correct your record.
(a) How to request a correction. This section applies to all
records kept by SSA (as described in Sec. 401.5) except for records of
earnings. (20 CFR 422.125 describes how to request correction of your
earnings record.) You may request that your record be corrected or
amended if you believe that the record is not accurate, timely,
complete, relevant, or necessary to the administration of a social
security program. To amend or correct your record, you should write to
the manager identified in the notice of systems of records which is
published in the Federal Register (see Sec. 401.40(c) on how to locate
this information). The staff at any social security office can help you
prepare the request. You should submit any available evidence to
support your request. Your request should indicate--
(1) The system of records from which the record is retrieved;
(2) The particular record which you want to correct or amend;
(3) Whether you want to add, delete or substitute information in
the record; and
(4) Your reasons for believing that your record should be corrected
or amended.
(b) What we will not change. You cannot use the correction process
to alter, delete, or amend information which is part of a determination
of fact or which is evidence received in the record of a claim in the
administrative appeal process. Disagreements with these determinations
are to be resolved through the SSA appeal process. (See subparts I and
J of part 404, and subpart N of part 416, of this chapter.) For
example, you cannot use the correction process to alter or delete a
document showing a birth date used in deciding your social security
claim. However, you may submit a statement on why you think certain
information should be altered, deleted, or amended, and we will make
this statement part of your file.
(c) Acknowledgment of correction request. We will acknowledge
receipt of a correction request within 10 working days, unless we can
review and process the request and give an initial determination of
denial or compliance before that time.
(d) Notice of error. If the record is wrong, we will correct it
promptly. If wrong information was disclosed from the record, we will
tell all those of whom we are aware received that information that it
was wrong and will give them the correct information. This will not be
necessary if the change is not due to an error, e.g., a change of name
or address.
(e) Record found to be correct. If the record is correct, we will
inform you in writing of the reason why we refuse to amend your record
and we will also inform you of your right to seek a review of the
refusal and the name and address of the official to whom you should
send your request for review.
(f) Record of another government agency. If you request us to
correct or amend a record governed by the regulation of another
government agency, e.g., Office of Personnel Management, Federal Bureau
of Investigation, we will forward your request to such government
agency for processing and we will inform you in writing of the
referral.
Sec. 401.70 Appeals of refusals to correct or amend records.
(a) Which decisions are covered. This section describes how to
appeal a decision made under the Privacy Act concerning your request
for correction of a record or for access to your records, those of your
minor child, or those of a person for whom you are the legal guardian.
We generally handle a denial of your request for information about
another person under the provisions of the FOIA (see part 402 of this
chapter). This section applies only to written requests.
(b) Appeal of refusal to amend or correct a record. (1) If we deny
your request to correct a record, you may request a review of that
decision. As discussed in Sec. 401.65(e), our letter denying your
request will tell you to whom to write.
(2) We will review your request within 30 working days from the
date of receipt. However, for a good reason and with the approval of
the Commissioner, or designee, this time limit may be extended up to an
additional 30 days. In that case, we will notify you about the delay,
the reason for it, and the date when the review is expected to be
completed. If, after review, we determine that the record should be
[[Page 4148]]
corrected, the record will be corrected. If, after review, we also
refuse to amend the record exactly as you requested, we will inform
you--
(i) That your request has been refused and the reason;
(ii) That this refusal is SSA's final decision;
(iii) That you have a right to seek court review of this request to
amend the record; and
(iv) That you have a right to file a statement of disagreement with
the decision. Your statement should include the reason you disagree. We
will make your statement available to anyone to whom the record is
subsequently disclosed, together with a statement of our reasons for
refusing to amend the record. Also, we will provide a copy of your
statement to individuals whom we are aware received the record
previously.
(c) Appeals after denial of access. If, under the Privacy Act, we
deny your request for access to your own record, those of your minor
child, or those of a person for whom you are the legal guardian, we
will advise you in writing of the reason for that denial, the name and
title or position of the person responsible for the decision, and your
right to appeal that decision. You may appeal the denial decision to
the Commissioner of Social Security, 6401 Security Boulevard,
Baltimore, MD 21235, within 30 days after you receive the notice
denying all or part of your request, or, if later, within 30 days after
you receive materials sent to you in partial compliance with your
request. If we refuse to release a medical record because you did not
designate a representative (Sec. 401.55) to receive the material, that
refusal is not a formal denial of access and, therefore, may not be
appealed to the Commissioner. If you file an appeal, either the
Commissioner or a designee will review your request and any supporting
information submitted and then send you a notice explaining the
decision on your appeal. We must make our decision within 20 working
days after we receive your appeal. The Commissioner or a designee may
extend this time limit up to 10 additional working days if one of the
circumstances in 20 CFR 402.140 is met. We will notify you in writing
of any extension, the reason for the extension, and the date by which
we will decide your appeal. The notice of the decision on your appeal
will explain your right to have the matter reviewed in a Federal
district court if you disagree with all or part of our decision.
Sec. 401.75 Rights of parents or legal guardians.
For purposes of this part, a parent or guardian of any minor or the
legal guardian of any individual who has been declared incompetent due
to physical or mental incapacity or age by a court of competent
jurisdiction is authorized to act on behalf of a minor or incompetent
individual. Except as provided in Sec. 401.45, governing procedures for
verifying an individual's identity, and Sec. 401.55(c) governing
special procedures for notification of or access to a minor's medical
records, if you are authorized to act on behalf of a minor or legal
incompetent, you will be viewed as if you were the individual or
subject individual.
Sec. 401.80 Accounting for disclosures.
(a) We will maintain an accounting of all disclosures of a record
for five years or for the life of the record, whichever is longer;
except that, we will not make accounting for:
(1) Disclosures under paragraphs (a) and (b) of Sec. 401.110; and,
(2) Disclosures of your record made with your written consent.
(b) The accounting will include:
(1) The date, nature, and purpose of each disclosure; and
(2) The name and address of the person or entity to whom the
disclosure is made.
(c) You may request access to an accounting of disclosures of your
record. You must request access to an accounting in accordance with the
procedures in Sec. 401.40. You will be granted access to an accounting
of the disclosures of your record in accordance with the procedures of
this part which govern access to the related record. We may, at our
discretion, grant access to an accounting of a disclosure of a record
made under paragraph (g) of Sec. 401.110.
Sec. 401.85 Exempt systems.
(a) General policy. The Privacy Act permits certain types of
specific systems of records to be exempt from some of its requirements.
Our policy is to exercise authority to exempt systems of records only
in compelling cases.
(b) Specific systems of records exempted. (1) Those systems of
records listed in paragraph (b)(2) of this section are exempt from the
following provisions of the Act and this part:
(i) 5 U.S.C. 552a(c)(3) and paragraph (c) of Sec. 401.80 of this
part which require that you be granted access to an accounting of
disclosures of your record.
(ii) 5 U.S.C. 552a (d)(1) through (4) and (f) and Secs. 401.35
through 401.75 relating to notification of or access to records and
correction or amendment of records.
(iii) 5 U.S.C. 552a(e)(4) (G) and (H) which require that we include
information about SSA procedures for notification, access, and
correction or amendment of records in the notice for the systems of
records.
(iv) 5 U.S.C. 552a(e)(3) and Sec. 401.30 which require that if we
ask you to provide a record to us, we must inform you of the authority
for our asking you to provide the record (including whether providing
the record is mandatory or voluntary, the principal purposes for
maintaining the record, the routine uses for the record, and what
effect your refusal to provide the record may have on you), and if you
are not required by statute or Executive Order to provide the record,
that you agree to provide the record. This exemption applies only to an
investigatory record compiled by SSA for criminal law enforcement
purposes in a system of records exempt under subsection (j)(2) of the
Privacy Act to the extent that these requirements would prejudice the
conduct of the investigation.
(2) The following systems of records are exempt from those
provisions of the Privacy Act and this part listed in paragraph (b)(1)
of this section:
(i) Pursuant to subsection (j)(2) of the Privacy Act, the
Investigatory Material Compiled for Law Enforcement Purposes System,
SSA.
(ii) Pursuant to subsection (k)(2) of the Privacy Act:
(A) The General Criminal Investigation Files, SSA;
(B) The Criminal Investigations File, SSA; and,
(C) The Program Integrity Case Files, SSA.
(D) Civil and Administrative Investigative Files of the Inspector
General, SSA/OIG.
(E) Complaint Files and Log. SSA/OGC.
(iii) Pursuant to subsection (k)(5) of the Privacy Act:
(A) The Investigatory Material Compiled for Security and
Suitability Purposes System, SSA; and,
(B) The Suitability for Employment Records, SSA.
(iv) Pursuant to subsection (k)(6) of the Privacy Act, the
Personnel Research and Merit Promotion Test Records, SSA/DCHR/OPE.
(c) Notification of or access to records in exempt systems of
records. (1) Where a system of records is exempt as provided in
paragraph (b) of this section, you may nonetheless request notification
of or access to a record in that system. You should make requests for
notification of or access to a record
[[Page 4149]]
in an exempt system of records in accordance with the procedures of
Secs. 401.35 through 401.55.
(2) We will grant you notification of or access to a record in an
exempt system but only to the extent such notification or access would
not reveal the identity of a source who furnished the record to us
under an express promise, and prior to September 27, 1975, an implied
promise, that his or her identity would be held in confidence, if:
(i) The record is in a system of records which is exempt under
subsection (k)(2) of the Privacy Act and you have been, as a result of
the maintenance of the record, denied a right, privilege, or benefit to
which you would otherwise be eligible; or,
(ii) The record is in a system of records which is exempt under
subsection (k)(5) of the Privacy Act.
(3) If we do not grant you notification of or access to a record in
a system of records exempt under subsections (k) (2) and (5) of the
Privacy Act in accordance with this paragraph, we will inform you that
the identity of a confidential source would be revealed if we granted
you notification of or access to the record.
(d) Discretionary actions by SSA. Unless disclosure of a record to
the general public is otherwise prohibited by law, we may at our
discretion grant notification of or access to a record in a system of
records which is exempt under paragraph (b) of this section.
Discretionary notification of or access to a record in accordance with
this paragraph will not be a precedent for discretionary notification
of or access to a similar or related record and will not obligate us to
exercise discretion to grant notification of or access to any other
record in a system of records which is exempt under paragraph (b) of
this section.
Sec. 401.90 Contractors.
(a) All contracts which require a contractor to maintain, or on
behalf of SSA to maintain, a system of records to accomplish an SSA
function must contain a provision requiring the contractor to comply
with the Privacy Act and this part.
(b) A contractor and any employee of such contractor will be
considered employees of SSA only for the purposes of the criminal
penalties of the Privacy Act, 5 U.S.C. 552a(i), and the employee
standards of conduct (see appendix A of this part) where the contract
contains a provision requiring the contractor to comply with the
Privacy Act and this part.
(c) This section does not apply to systems of records maintained by
a contractor as a result of his management discretion, e.g., the
contractor's personnel records.
Sec. 401.95 Fees.
(a) Policy. Where applicable, we will charge fees for copying
records in accordance with the schedule set forth in this section. We
may only charge fees where you request that a copy be made of the
record to which you are granted access. We will not charge a fee for
searching a system of records, whether the search is manual,
mechanical, or electronic. Where we must copy the record in order to
provide access to the record (e.g., computer printout where no screen
reading is available), we will provide the copy to you without cost.
Where we make a medical record available to a representative designated
by you or to a physician or health professional designated by a parent
or guardian under Sec. 401.55 of this part, we will not charge a fee.
(b) Fee schedule. Our Privacy Act fee schedule is as follows:
(1) Copying of records susceptible to photocopying--$.10 per page.
(2) Copying records not susceptible to photocopying (e.g., punch
cards or magnetic tapes)--at actual cost to be determined on a case-by-
case basis.
(3) We will not charge if the total amount of copying does not
exceed $25.
(c) Other Fees. We also follow Secs. 402.155 through 402.165 of
this chapter to determine the amount of fees, if any, we will charge
for providing information under the FOIA and Privacy Act.
Subpart C--Disclosure of Official Records and Information
Sec. 401.100 Disclosure of records with the consent of the subject of
the record.
(a) Except as permitted by the Privacy Act and the regulations in
this chapter, or if required by the FOIA, we will not disclose your
record without your written consent. The consent must specify the
individual, organizational unit or class of individuals or
organizational units to whom the record may be disclosed, which record
may be disclosed and, where applicable, during which time frame the
record may be disclosed (e.g., during the school year, while the
subject individual is out of the country, whenever the subject
individual is receiving specific services). We will not honor a blanket
consent to disclose all your records to unspecified individuals or
organizational units. We will verify your identity and, where
applicable (e.g., where you consent to disclosure of a record to a
specific individual), the identity of the individual to whom the record
is to be disclosed.
(b) A parent or guardian of a minor is not authorized to give
consent to a disclosure of the minor's medical record. See
Sec. 401.55(c) for the procedures for disclosures of or access to the
medical records of minors.
Sec. 401.105 Disclosure of personal information without the consent of
the subject of the record.
(a) SSA maintains two categories of records which contain personal
information:
(1) Nonprogram records, primarily administrative and personnel
records which contain information about SSA's activities as a
government agency and employer, and
(2) Program records which contain information about SSA's clients
that it keeps to administer benefit programs under Federal law.
(b) We apply different levels of confidentiality to disclosures of
information in the categories in paragraphs (a) (1) and (2) of this
section. For administrative and personnel records, we apply the Privacy
Act restrictions on disclosure. For program records, we apply somewhat
more strict confidentiality standards than those found in the Privacy
Act. The reason for this difference in treatment is that our program
records include information about a much greater number of persons than
our administrative records, the information we must collect for program
purposes is often very sensitive, and claimants are required by statute
and regulation to provide us with the information in order to establish
entitlement for benefits.
Sec. 401.110 Disclosure of personal information in nonprogram records
without the consent of the subject of the record.
The disclosures listed in this section may be made from our
nonprogram records, e.g., administrative and personnel records, without
your consent. Such disclosures are those:
(a) To officers and employees of SSA who have a need for the record
in the performance of their duties. The SSA official who is responsible
for the record may upon request of any officer or employee, or on his
own initiative, determine what constitutes legitimate need.
(b) Required to be disclosed under the Freedom of Information Act,
5 U.S.C. 552, and 20 CFR part 402.
(c) For a routine use as defined in Sec. 401.25 of this part.
Routine uses will be listed in any notice of a system of records. SSA
publishes notices of systems of records, including all
[[Page 4150]]
pertinent routine uses, in the Federal Register.
(d) To the Bureau of the Census for purposes of planning or
carrying out a census or survey or related activity pursuant to the
provisions of Title 13 U.S.C.
(e) To a recipient who has provided us with advance written
assurance that the record will be used solely as a statistical research
or reporting record; Provided, that, the record is transferred in a
form that does not identify the subject individual.
(f) To the National Archives of the United States as a record which
has sufficient historical or other value to warrant its continued
preservation by the United States Government, or for evaluation by the
Administrator of General Services or his designee to determine whether
the record has such value.
(g) To another government agency or to an instrumentality of any
governmental jurisdiction within or under the control of the United
States for a civil or criminal law enforcement activity if the activity
is authorized by law, and if the head of such government agency or
instrumentality has submitted a written request to us, specifying the
record desired and the law enforcement activity for which the record is
sought.
(h) To an individual pursuant to a showing of compelling
circumstances affecting the health or safety of any individual if a
notice of the disclosure is transmitted to the last known address of
the subject individual.
(i) To either House of Congress, or to the extent of matter within
its jurisdiction, any committee or subcommittee thereof, any joint
committee of Congress or subcommittee of any such joint committee.
(j) To the Comptroller General, or any of his authorized
representatives, in the course of the performance of the duties of the
General Accounting Office.
(k) Pursuant to the order of a court of competent jurisdiction.
Sec. 401.115 Disclosure of personal information in program records
without the consent of the subject of the record.
This section describes how various laws control the disclosure or
confidentiality of personal information which we keep. We must consider
these laws in the following order:
(a) Some laws require us to disclose information (Sec. 401.120);
some laws require us to withhold information (Sec. 401.125). These laws
control whenever they apply.
(b) If no law of this type applies in a given case, then we must
look to FOIA principles. See Sec. 401.130.
(c) When FOIA principles do not require disclosure, we may disclose
information if both the Privacy Act and section 1106 of the Social
Security Act permit the disclosure.
Sec. 401.120 Disclosures required by law.
We disclose information when a law specifically requires it. The
Social Security Act requires us to disclose information for certain
program purposes. These include disclosures to the SSA Office of
Inspector General, the Federal Parent Locator Service, and to States
pursuant to an arrangement regarding use of the Blood Donor Locator
Service. Also, there are other laws which require that we furnish other
agencies information which they need for their programs. These agencies
include the Department of Veterans Affairs for its benefit programs,
the Immigration and Naturalization Service to carry out its duties
regarding aliens, the Railroad Retirement Board for its benefit
programs, and to Federal, State, and local agencies administering Aid
to Families with Dependent Children, Medicaid, unemployment
compensation, food stamps, and other programs.
Sec. 401.125 Disclosures prohibited by law.
We do not disclose information when a law specifically prohibits
it. The Internal Revenue Code generally prohibits us from disclosing
tax return information which we receive to maintain individual earnings
records. This includes, for example, amounts of wages and contributions
from employers. Other laws restrict our disclosure of certain
information about drug and alcohol abuse which we collect to determine
eligibility for social security benefits.
Sec. 401.130 Freedom of Information Act.
The FOIA requires us to disclose any information in our records
upon request from the public, unless one of several exemptions in the
FOIA applies. When the FOIA requires disclosure (see part 402 of this
chapter), the Privacy Act permits it. The public does not include
Federal agencies, courts, or the Congress, but does include State
agencies, individuals, corporations, and most other parties. The FOIA
does not apply to requests that are not from the public (e.g., from a
Federal agency). However, we apply FOIA principles to requests from
these other sources for disclosure of program information.
Sec. 401.135 Other laws.
When the FOIA does not apply, we may not disclose any personal
information unless both the Privacy Act and section 1106 of the Social
Security Act permit the disclosure. Section 1106 of the Social Security
Act requires that disclosures which may be made must be set out in
statute or regulations; therefore, any disclosure permitted by this
part is permitted by section 1106.
Sec. 401.140 General principles.
When no law specifically requiring or prohibiting disclosure
applies to a question of whether to disclose information, we follow
FOIA principles to resolve that question. We do this to insure uniform
treatment in all situations. The FOIA principle which most often
applies to SSA disclosure questions is whether the disclosure would
result in a ``clearly unwarranted invasion of personal privacy.'' To
decide whether a disclosure would be a clearly unwarranted invasion of
personal privacy we consider--
(a) The sensitivity of the information (e.g., whether individuals
would suffer harm or embarrassment as a result of the disclosure);
(b) The public interest in the disclosure;
(c) The rights and expectations of individuals to have their
personal information kept confidential;
(d) The public's interest in maintaining general standards of
confidentiality of personal information; and
(e) The existence of safeguards against unauthorized redisclosure
or use.
Sec. 401.145 Safeguards against unauthorized redisclosure or use.
(a) The FOIA does not authorize us to impose any restrictions on
how information is used after we disclose it under that law. In
applying FOIA principles, we consider whether the information will be
adequately safeguarded against improper use or redisclosure. We must
consider all the ways in which the recipient might use the information
and how likely the recipient is to redisclose the information to other
parties. Thus, before we disclose personal information we may consider
such factors as--
(1) Whether only those individuals who have a need to know the
information will obtain it;
(2) Whether appropriate measures to safeguard the information to
avoid unwarranted use or misuse will be taken; and
(3) Whether we would be permitted to conduct on-site inspections to
see whether the safeguards are being met.
(b) We feel that there is a strong public interest in sharing
information with other agencies with programs having the same or
similar purposes, so
[[Page 4151]]
we generally share information with those agencies. However, since
there is usually little or no public interest in disclosing information
for disputes between two private parties or for other private or
commercial purposes, we generally do not share information for these
purposes.
Sec. 401.150 Compatible purposes.
(a) General. The Privacy Act allows us to disclose information,
without the consent of the individual, to any other party for routine
uses.
(b) Routine use. We publish notices of systems of records in the
Federal Register which contain a list of all routine use disclosures.
(c) Determining compatibility. We disclose information for routine
uses where necessary to carry out SSA's programs. It is also our policy
to disclose information for use in other programs which have the same
purposes as SSA programs if the information concerns eligibility,
benefit amounts, or other matters of benefit status in a social
security program and is relevant to determining the same matters in the
other program. For example, we disclose information to the Railroad
Retirement Board for pension and unemployment compensation programs, to
the Veterans Administration for its benefit program, to worker's
compensation programs, to State general assistance programs, and to
other income maintenance programs at all levels of government; we also
disclose for health-maintenance programs like Medicare and Medicaid,
and in appropriate cases, for epidemiological and similar research.
Sec. 401.155 Law enforcement purposes.
(a) General. The Privacy Act allows us to disclose information for
law enforcement purposes under certain conditions. Much of the
information in our files is especially sensitive or very personal.
Furthermore, participation in social security programs is mandatory, so
people cannot limit what information is given to us. Therefore, we
generally disclose information for law enforcement purposes only in
limited situations. Paragraphs (b) and (c) of this section discuss the
disclosures we generally make for these purposes.
(b) Serious crimes. SSA may disclose information for criminal law
enforcement purposes where a violent crime such as murder or kidnapping
has been committed and the individual about whom the information is
being sought has been indicted or convicted of that crime. The Privacy
Act allows us to disclose if the head of the law enforcement agency
makes a written request giving enough information to show that these
conditions are met, what information is needed, and why it is needed.
(c) Criminal activity involving the social security program or
another program with the same purposes. We disclose information when
necessary to investigate or prosecute fraud or other criminal activity
involving the social security program. We may also disclose information
for investigation or prosecution of criminal activity in other income-
maintenance or health-maintenance programs (e.g., other governmental
pension programs, unemployment compensation, general assistance,
Medicare or Medicaid) if the information concerns eligibility, benefit
amounts, or other matters of benefit status in a social security
program and is relevant to determining the same matters in the other
program.
Sec. 401.160 Health or safety.
The Privacy Act allows us to disclose information in compelling
circumstances where an individual's health or safety is affected. For
example, if we learn that someone has been exposed to an excessive
amount of radiation, we may notify that person and appropriate health
officials. If we learn that someone has made a threat against someone
else, we may notify that other person and law enforcement officials.
When we make these disclosures, the Privacy Act requires us to send a
notice of the disclosure to the last known address of the person whose
record was disclosed.
Sec. 401.165 Statistical and research activities.
(a) General. Statistical and research activities often do not
require information in a format that identifies specific individuals.
Therefore, whenever possible, we release information for statistical or
research purposes only in the form of aggregates or individual data
that cannot be associated with a particular individual. The Privacy Act
allows us to release records if there are safeguards that the record
will be used solely as a statistical or research record and the
individual cannot be identified from any information in the record.
(b) Safeguards for disclosure with identifiers. The Privacy Act
also allows us to disclose data for statistical and research purposes
in a form allowing individual identification, pursuant to published
routine use, when the purpose is compatible with the purpose for which
the record was collected. We will disclose personally identifiable
information for statistical and research purposes if--
(1) We determine that the requestor needs the information in an
identifiable form for a statistical or research activity, will use the
information only for that purpose, and will protect individuals from
unreasonable and unwanted contacts;
(2) The activity is designed to increase knowledge about present or
alternative social security programs or other Federal or State income-
maintenance or health-maintenance programs, or consists of
epidemiological or similar research; and
(3) The recipient will keep the information as a system of
statistical records, will follow appropriate safeguards, and agrees to
our on-site inspection of those safeguards so we can be sure the
information is used or redisclosed only for statistical or research
purposes. No redisclosure of the information may be made without SSA's
approval.
(c) Statistical record. A statistical record is a record in a
system of records which is maintained only for statistical and research
purposes, and which is not used to make any determination about an
individual. We maintain and use statistical records only for
statistical and research purposes. We may disclose a statistical record
if the conditions in paragraph (b) of this section are met.
(d) Compiling of records. Where a request for information for
statistical and research purposes would require us to compile records,
and doing that would be administratively burdensome to ongoing SSA
operations, we may decline to furnish the information.
Sec. 401.170 Congress.
(a) We disclose information to either House of Congress. We also
disclose information to any committee or subcommittee of either House,
or to any joint committee of Congress or subcommittee of that
committee, if the information is on a matter within the committee's or
subcommittee's jurisdiction.
(b) We disclose to any member of Congress the information needed to
respond to constituents' requests for information about themselves
(including requests from parents of minors, or legal guardians).
However, these disclosures are subject to the restrictions in
Secs. 401.35 through 401.60.
Sec. 401.175 General Accounting Office.
We disclose information to the General Accounting Office when that
agency needs the information to carry out its duties.
Sec. 401.180 Courts.
(a) General. The Privacy Act allows us to disclose information when
we receive
[[Page 4152]]
an order from a court of competent jurisdiction. However, much of our
information is especially sensitive. Participation in social security
programs is mandatory, and so people cannot limit what information is
given to SSA. When information is used in a court proceeding, it
usually becomes part of a public record, and its confidentiality cannot
be protected. Therefore, we treat subpoenas or other court orders for
information under the rules in paragraph (b) of this section.
(b) Subpoena. We generally disclose information in response to a
subpoena or other court order if--
(1) Another section of this part would specifically allow the
release; or
(2) The Commissioner of SSA is a party to the proceeding; or
(3) The information is necessary for due process in a criminal
proceeding. In other cases, we try to satisfy the needs of courts while
preserving the confidentiality of information.
Sec. 401.185 Other specific recipients.
In addition to disclosures we make under the routine use provision,
we also release information to--
(a) The Bureau of the Census for purposes of planning or carrying
out a census, survey, or related activity; and
(b) The National Archives of the United States if the record has
sufficient historical or other value to warrant its continued
preservation by the United States Government. We also disclose a record
to the Administrator of General Services for a determination of whether
the record has such a value.
Sec. 401.190 Deceased persons.
We do not consider the disclosure of information about a deceased
person to be a clearly unwarranted invasion of that person's privacy.
However, in disclosing information about a deceased person, we follow
the principles in Sec. 401.115 to insure that the privacy rights of a
living person are not violated.
Sec. 401.195 Situations not specified in this part.
If no other provision in this part specifically allows SSA to
disclose information, the Commissioner or designee may disclose this
information if not prohibited by Federal law. For example, the
Commissioner or designee may disclose information necessary to respond
to life threatening situations.
Sec. 401.200 Blood donor locator service.
(a) General. We will enter into arrangements with State agencies
under which we will furnish to them at their request the last known
personal mailing addresses (residence or post office box) of blood
donors whose blood donations show that they are or may be infected with
the human immunodeficiency virus which causes acquired immune
deficiency syndrome. The State agency or other authorized person, as
defined in paragraph (b) of this section, will then inform the donors
that they may need medical care and treatment. The safeguards that must
be used by authorized persons as a condition to receiving address
information from the Blood Donor Locator Service are in paragraph (g)
of this section, and the requirements for a request for address
information are in paragraph (d) of this section.
(b) Definitions. State means the 50 States, the District of
Columbia, the Commonwealth of Puerto Rico, the Virgin Islands, Guam,
the Commonwealth of Northern Marianas, and the Trust Territory of the
Pacific Islands.
Authorized person means--
(1) Any agency of a State (or of a political subdivision of a
State) which has duties or authority under State law relating to the
public health or otherwise has the duty or authority under State law to
regulate blood donations; and
(2) Any entity engaged in the acceptance of blood donations which
is licensed or registered by the Food and Drug Administration in
connection with the acceptance of such blood donations, and which
provides for--
(i) The confidentiality of any address information received
pursuant to the rules in this part and section 1141 of the Social
Security Act and related blood donor records;
(ii) Blood donor notification procedures for individuals with
respect to whom such information is requested and a finding has been
made that they are or may be infected with the human immunodeficiency
virus; and
(iii) Counseling services for such individuals who have been found
to have such virus. New counseling programs are not required, and an
entity may use existing counseling programs or referrals to provide
these services.
Related blood donor records means any record, list, or compilation
established in connection with a request for address information which
indicates, directly or indirectly, the identity of any individual with
respect to whom a request for address information has been made
pursuant to the rules in this part.
(c) Use of social security number for identification. A State or an
authorized person in the State may require a blood donor to furnish his
or her social security number when donating blood. The number may then
be used by an authorized person to identify and locate a donor whose
blood donation indicates that he or she is or may be infected with the
human immunodeficiency virus.
(d) Request for address of blood donor. An authorized person who
has been unable to locate a blood donor at the address he or she may
have given at the time of the blood donation may request assistance
from the State agency which has arranged with us to participate in the
Blood Donor Locator Service. The request to the Blood Donor Locator
Service must--
(1) Be in writing;
(2) Be from a participating State agency either on its own behalf
as an authorized person or on behalf of another authorized person;
(3) Indicate that the authorized person meets the confidentiality
safeguards of paragraph (g) of this section; and
(4) Include the donor's name and social security number, the
addresses at which the authorized person attempted without success to
contact the donor, the date of the blood donation if available, a
statement that the donor has tested positive for the human
immunodeficiency virus according to the latest Food and Drug
Administration standards or that the history of the subsequent use of
the donated blood or blood products indicates that the donor has or may
have the human immunodeficiency virus, and the name and address of the
requesting blood donation facility.
(e) SSA response to request for address. After receiving a request
that meets the requirements of paragraph (d) of this section, we will
search our records for the donor's latest personal mailing address. If
we do not find a current address, we will request that the Internal
Revenue Service search its tax records and furnish us any personal
mailing address information from its files, as required under section
6103(m)(6) of the Internal Revenue Code. After completing these
searches, we will provide to the requesting State agency either the
latest mailing address available for the donor or a response stating
that we do not have this information. We will then destroy the records
or delete all identifying donor information related to the request and
maintain only the information that we will need to monitor the
compliance of authorized persons with the confidentiality safeguards
contained in paragraph (g) of this section.
(f) SSA refusal to furnish address. If we determine that an
authorized person has not met the requirements of paragraphs (d) and
(g) of this section, we will not furnish address information to the
State agency. In that case, we will notify the State agency of our
[[Page 4153]]
determination, explain the reasons for our determination, and explain
that the State agency may request administrative review of our
determination. The Commissioner of Social Security or a delegate of the
Commissioner will conduct this review. The review will be based on the
information of record and there will not be an opportunity for an oral
hearing. A request for administrative review, which may be submitted
only by a State agency, must be in writing. The State agency must send
its request for administrative review to the Commissioner of Social
Security, 6401 Security Boulevard, Baltimore, MD 21235, within 60 days
after receiving our notice refusing to give the donor's address. The
request for review must include supporting information or evidence that
the requirements of the rules in this part have been met. If we do not
furnish address information because an authorized person failed to
comply with the confidentiality safeguards of paragraph (g) of this
section, the State agency will have an opportunity to submit evidence
that the authorized person is now in compliance. If we then determine,
based on our review of the request for administrative review and the
supporting evidence, that the authorized person meets the requirements
of the rules in this part, we will respond to the address request as
provided in paragraph (e) of this section. If we determine on
administrative review that the requirements have not been met, we will
notify the State agency in writing of our decision. We will make our
determination within 30 days after receiving the request for
administrative review, unless we notify the State agency within this
30-day time period that we will need additional time. Our determination
on the request for administrative review will give the findings of
fact, the reasons for the decision, and what actions the State agency
should take to ensure that it or the blood donation facility is in
compliance with the rules in this part.
(g) Safeguards to ensure confidentiality of blood donor records. We
will require assurance that authorized persons have established and
continue to maintain adequate safeguards to protect the confidentiality
of both address information received from the Blood Donor Locator
Service and related blood donor records. The authorized person must, to
the satisfaction of the Secretary--
(1) Establish and maintain a system for standardizing records which
includes the reasons for requesting the addresses of blood donors,
dates of the requests, and any disclosures of address information;
(2) Store blood donors' addresses received from the Blood Donor
Locator Service and all related blood donor records in a secure area or
place that is physically safe from access by persons other than those
whose duties and responsibilities require access;
(3) Restrict access to these records to authorized employees and
officials who need them to perform their official duties related to
notifying blood donors who are or may be infected with the human
immunodeficiency virus that they may need medical care and treatment;
(4) Advise all personnel who will have access to the records of the
confidential nature of the information, the safeguards required to
protect the information, and the civil and criminal sanctions for
unauthorized use or disclosure of the information;
(5) Destroy the address information received from the Blood Donor
Locator Service, as well as any records established in connection with
the request which indicate directly or indirectly the identity of the
individual, after notifying or attempting to notify the donor at the
address obtained from the Blood Donor Locator Service; and
(6) Upon request, report to us the procedures established and
utilized to ensure the confidentiality of address information and
related blood donor records. We reserve the right to make onsite
inspections to ensure that these procedures are adequate and are being
followed and to request such information as we may need to ensure that
the safeguards required in this section are being met.
(h) Unauthorized disclosure. Any official or employee of the
Federal Government, a State, or a blood donation facility who discloses
blood donor information, except as provided for in this section or
under a provision of law, will be subject to the same criminal penalty
as provided in section 7213(a) of the Internal Revenue Code of 1986 for
the unauthorized disclosure of tax information.
Appendix A to Part 401--Employee Standards of Conduct
(a) General. All SSA employees are required to be aware of their
responsibilities under the Privacy Act of 1974, 5 U.S.C. 552a.
Regulations implementing the Privacy Act are set forth in this part.
Instruction on the requirements of the Act and regulation shall be
provided to all new employees of SSA. In addition, supervisors shall
be responsible for assuring that employees who are working with
systems of records or who undertake new duties which require the use
of systems of records are informed of their responsibilities.
Supervisors shall also be responsible for assuring that all
employees who work with such systems of records are periodically
reminded of the requirements of the Privacy Act and are advised of
any new provisions or interpretations of the Act.
(b) Penalties. (1) All employees must guard against improper
disclosure of records which are governed by the Privacy Act. Because
of the serious consequences of improper invasions of personal
privacy, employees may be subject to disciplinary action and
criminal prosecution for knowing and willful violations of the
Privacy Act and regulation. In addition, employees may also be
subject to disciplinary action for unknowing or unwillful
violations, where the employee had notice of the provisions of the
Privacy Act and regulations and failed to inform himself or herself
sufficiently or to conduct himself or herself in accordance with the
requirements to avoid violations.
(2) SSA may be subjected to civil liability for the following
actions undertaken by its employees:
(a) Making a determination under the Privacy Act and
Secs. 401.65 and 401.70 not to amend an individual's record in
accordance with his or her request, or failing to make such review
in conformity with those provisions;
(b) Refusing to comply with an individual's request for
notification of or access to a record pertaining to him or her;
(c) Failing to maintain any record pertaining to any individual
with such accuracy, relevance, timeliness, and completeness as is
necessary to assure fairness in any determination relating to the
qualifications, character, rights, or opportunities of, or benefits
to the individual that may be made on the basis of such a record,
and consequently makes a determination which is adverse to the
individual; or
(d) Failing to comply with any other provision of the Act or any
rule promulgated thereunder, in such a way as to have an adverse
effect on an individual.
(3) An employee may be personally subject to criminal liability
as set forth below and in 5 U.S.C. 552a (i):
(a) Willful disclosure. Any officer or employee of SSA, who by
virtue of his employment or official position, has possession of, or
access to, agency records which contain individually identifiable
information the disclosure of which is prohibited by the Privacy Act
or by rules or regulations established thereunder, and who, knowing
that disclosure of the specific material is so prohibited, willfully
discloses the material in any manner to any person or agency not
entitled to receive it, shall be guilty of a misdemeanor and may be
fined not more than $5,000.
(b) Notice requirements. Any officer or employee of SSA who
willfully maintains a system of records without meeting the notice
requirements [of the Privacy Act] shall be guilty of a misdemeanor
and may be fined not more than $5,000.
(c) Rules governing employees not working with systems of
records. Employees whose duties do not involve working with systems
of records will not generally disclose to any
[[Page 4154]]
one, without specific authorization from their supervisors, records
pertaining to employees or other individuals which by reason of
their official duties are available to them. Notwithstanding the
above, the following records concerning Federal employees are a
matter of public record and no further authorization is necessary
for disclosure:
(1) Name and title of individual.
(2) Grade classification or equivalent and annual rate of
salary.
(3) Position description.
(4) Location of duty station, including room number and
telephone number.
In addition, employees shall disclose records which are listed
in SSA's Freedom of Information Regulation as being available to the
public. Requests for other records will be referred to the
responsible SSA Freedom of Information Officer. This does not
preclude employees from discussing matters which are known to them
personally, and without resort to a record, to official
investigators of Federal agencies for official purposes such as
suitability checks, Equal Employment Opportunity investigations,
adverse action proceedings, grievance proceedings, etc.
(d) Rules governing employees whose duties require use or
reference to systems of records. Employees whose official duties
require that they refer to, maintain, service, or otherwise deal
with systems of records (hereinafter referred to as ``Systems
Employees'') are governed by the general provisions. In addition,
extra precautions are required and systems employees are held to
higher standards of conduct.
(1) Systems Employees shall:
(a) Be informed with respect to their responsibilities under the
Privacy Act;
(b) Be alert to possible misuses of the system and report to
their supervisors any potential or actual use of the system which
they believe is not in compliance with the Privacy Act and
regulation;
(c) Disclose records within SSA only to an employee who has a
legitimate need to know the record in the course of his or her
official duties;
(d) Maintain records as accurately as practicable.
(e) Consult with a supervisor prior to taking any action where
they are in doubt whether such action is in conformance with the Act
and regulation.
(2) Systems employees shall not:
(a) Disclose in any form records from a system of records except
(1) with the consent or at the request of the subject individual; or
(2) where its disclosure is permitted under Sec. 401.110.
(b) Permit unauthorized individuals to be present in controlled
areas. Any unauthorized individuals observed in controlled areas
shall be reported to a supervisor or to the guard force.
(c) Knowingly or willfully take action which might subject SSA
to civil liability.
(d) Make any arrangements for the design, development, or
operation of any system of records without making reasonable effort
to provide that the system can be maintained in accordance with the
Act and regulation.
(e) Contracting officers. In addition to any applicable
provisions set forth above, those employees whose official duties
involve entering into contracts on behalf of SSA shall also be
governed by the following provisions:
(1) Contracts for design, or development of systems and
equipment. The contracting officer shall not enter into any contract
for the design or development of a system of records, or for
equipment to store, service or maintain a system of records unless
the contracting officer has made reasonable effort to ensure that
the product to be purchased is capable of being used without
violation of the Privacy Act or the regulations in this part. He
shall give special attention to provision of physical safeguards.
(2) Contracts for the operation of systems of records. The
Contracting Officer, in conjunction with other officials whom he
feels appropriate, shall review all proposed contracts providing for
the operation of systems of records prior to execution of the
contracts to determine whether operation of the system of records is
for the purpose of accomplishing a Department function. If it is
determined that the operation of the system is to accomplish an SSA
function, the contracting officer shall be responsible for including
in the contract appropriate provisions to apply the provisions of
the Privacy Act and regulation to the system, including prohibitions
against improper release by the contractor, his employees, agents,
or subcontractors.
(3) Other service contracts. Contracting officers entering into
general service contracts shall be responsible for determining the
appropriateness of including provisions in the contract to prevent
potential misuse (inadvertent or otherwise) by employees, agents, or
subcontractors of the contractor.
(f) Rules governing SSA officials responsible for managing
systems of records. In addition to the requirements for Systems
Employees, SSA officials responsible for managing systems of records
as described in Sec. 401.40(c) (system managers) shall:
(1) Respond to all requests for notification of or access,
disclosure, or amendment of records in a timely fashion in
accordance with the Privacy Act and regulation;
(2) Make any amendment of records accurately and in a timely
fashion;
(3) Inform all persons whom the accounting records show have
received copies of the record prior to the amendments of the
correction; and
(4) Associate any statement of disagreement with the disputed
record, and
(a) Transmit a copy of the statement to all persons whom the
accounting records show have received a copy of the disputed record,
and
(b) Transmit that statement with any future disclosure.
2. Part 402 is added to read as follows:
PART 402--AVAILABILITY OF INFORMATION AND RECORDS TO THE PUBLIC
Sec.
402.5 Scope and purpose.
402.10 Policy.
402.15 Relationship between the FOIA and the Privacy Act of 1974.
402.20 Requests not handled under the FOIA.
402.25 Referral of requests outside of SSA.
402.30 Definitions.
402.35 Publication.
402.40 Publications for sale.
402.45 Availability of records.
402.50 Availability of administrative staff manuals.
402.55 Materials available at district offices and branch offices.
402.60 Materials in field offices of the Office of Hearings and
Appeals.
402.65 Health care information.
402.70 Reasons for withholding some records.
402.75 Exemption one for withholding records: National defense and
foreign policy.
402.80 Exemption two for withholding records: Internal personnel
rules and practices.
402.85 Exemption three for withholding records: Records exempted by
other statutes.
402.90 Exemption four for withholding records: Trade secrets and
confidential commercial or financial information.
402.95 Exemption five for withholding records: Internal memoranda.
402.100 Exemption six for withholding records: Clearly unwarranted
invasion of personal privacy.
402.105 Exemption seven for withholding records: Law enforcement.
402.110 Exemptions eight and nine for withholding records: Records
on financial institutions; records on wells.
402.115 Deletion of identifying details.
402.120 Creation of records.
402.125 Who may release a record.
402.130 How to request a record.
402.135 Where to send a request.
402.140 How a request for a record is processed.
402.145 Responding to your request.
402.150 Release of records.
402.155 Fees to be charged--categories of requests.
402.160 Fees to be charged--general provisions.
402.165 Fee schedule.
402.170 Fees for providing records and related services for program
purposes pursuant to section 1106 of the Social Security Act.
402.175 Fees for providing information and related services for
non-program purposes.
402.180 Procedure on assessing and collecting fees for providing
records.
402.185 Waiver or reduction of fees in the public interest.
402.190 Officials who may deny a request for records under FOIA.
402.195 How a request is denied.
402.200 How to appeal a decision denying all or part of a request.
402.205 U.S. District Court action.
Authority: Secs. 205, 702(a)(5), and 1106 of the Social Security
Act; (42 U.S.C. 405, 902(a)(5), and 1306); Section 413(b) of the
Federal Mine Safety and Health Act of 1977 (30 U.S.C. 923b), 5
U.S.C. 552 and 552a; 8 U.S.C. 1360; 18 U.S.C. 1905; 26 U.S.C. 6103;
31 U.S.C.. 9701; E.O. 12600, 52 FR 23781, 3 CFR, 1987 Comp., p. 235.
[[Page 4155]]
Sec. 402.5 Scope and purpose.
The rules in this part relate to the availability to the public,
pursuant to the Freedom of Information Act (FOIA) 5 U.S.C. 552, of
records of the Social Security Administration (SSA). They describe how
to make a FOIA request; who can release records and who can decide not
to release; how much time it should take to make a determination
regarding release; what fees may be charged; what records are available
for public inspection; why some records are not released; and your
right to appeal and then go to court if we refuse to release records.
The rules in this part do not revoke, modify, or supersede the
regulations of SSA relating to disclosure of information in part 401 of
this chapter.
Sec. 402.10 Policy.
As a general policy, SSA follows a balanced approach in
administering FOIA. We not only recognize the right of public access to
information in the possession of SSA, but also protect the integrity of
internal processes. In addition, we recognize the legitimate interests
of organizations or persons who have submitted records to SSA or who
would otherwise be affected by release of records. For example, we have
no discretion to release certain records, such as trade secrets and
confidential commercial information, prohibited from release by law.
This policy calls for the fullest responsible disclosure consistent
with those requirements of administrative necessity and confidentiality
which are recognized in the FOIA.
Sec. 402.15 Relationship between the FOIA and the Privacy Act of 1974.
(a) Coverage. The FOIA and the rules in this part apply to all SSA
records. The Privacy Act, 5 U.S.C. 552a, applies to records that are
about individuals, but only if the records are in a system of records.
``Individuals'' and ``system of records'' are defined in the Privacy
Act and in 20 CFR 401.25.
(b) Requesting your own records. If you are an individual and
request records, then to the extent you are requesting your own records
in a system of records, we will handle your request under the Privacy
Act. If there is any record that we need not release to you under those
provisions, we will also consider your request under the FOIA and this
rule, and we will release the record to you if the FOIA requires it.
(c) Requesting another individual's record. Whether or not you are
an individual, if you request records that are about an individual
(other than yourself) and that are in a system of records, we will
handle your request under the FOIA and the rules in this part. However,
if our disclosure in response to your request would be permitted by the
Privacy Act's disclosure provision, (5 U.S.C. 552a(b)), for reasons
other than the requirements of the FOIA, and if we decide to make the
disclosure, then we will not handle your request under the FOIA and the
rules in this part. For example, when we make routine use disclosures
pursuant to requests, we do not handle them under the FOIA and the
rules in this part. (``Routine use'' is defined in the Privacy Act and
in 20 CFR 401.25.) If we handle your request under the FOIA and the
rules in this part and the FOIA does not require releasing the record
to you, then the Privacy Act may prohibit the release and remove our
discretion to release.
Sec. 402.20 Requests not handled under the FOIA.
(a) We will not handle your request under the FOIA and the
regulations in this part to the extent it asks for records that are
currently available, either from SSA or from another part of the
Federal Government, under a separate statute that provides specific
activity for charging fees for those records. For example, we will not
handle your request under the FOIA and the regulations in this part to
the extent it asks for detailed earnings statements under the Social
Security program.
(b) We will not handle your request under the FOIA and the
regulations in this part if you are seeking a record that is
distributed by SSA as part of its regular program activity, for
example, public information leaflets distributed by SSA.
Sec. 402.25 Referral of requests outside of SSA.
If you request records that were created by, or provided to us by,
another Federal agency, and if that agency asserts control over the
records, we may refer the records and your request to that agency. We
may likewise refer requests for classified records to the agency that
classified them. In these cases, the other agency will process and
respond to your request, to the extent it concerns those records, under
that agency's regulation, and you need not make a separate request to
that agency. We will notify you when we refer your request to another
agency.
Sec. 402.30 Definitions.
As used in this part,
Agency means any executive department, military department,
government corporation, government controlled corporation, or other
establishment in the executive branch of the Federal Government, or any
independent regulatory agency. A private organization is not an agency
even if it is performing work under contract with the Government or is
receiving Federal financial assistance. Grantee and contractor records
are not subject to the FOIA unless they are in the possession or under
the control of SSA or its agents. Solely for the purpose of disclosure
under the FOIA, we consider records of individual beneficiaries located
in the State Disability Determination Services (DDS) to be agency
records.
Commercial use means, when referring to a request, that the request
is from or on behalf of one who seeks information for a use or purpose
that furthers the commercial, trade, or profit interests of the
requester or of a person on whose behalf the request is made. Whether a
request is for a commercial use depends on the purpose of the request
and the use to which the records will be put. The identity of the
requester (individual, non-profit corporation, for-profit corporation)
and the nature of the records, while in some cases indicative of that
purpose or use, are not necessarily determinative. When a request is
from a representative of the news media, a purpose or use supporting
the requester's news dissemination function is not a commercial use.
Duplication means the process of making a copy of a record and
sending it to the requester, to the extent necessary to respond to the
request. Such copies include paper copy, microfilm, audio-visual
materials, and magnetic tapes, cards, and discs.
Educational institution means a preschool, elementary or secondary
school, institution of undergraduate or graduate higher education, or
institution of professional or vocational education, which operates a
program of scholarly research.
Freedom of Information Act or FOIA means 5 U.S.C. 552.
Freedom of Information Officer means an SSA official who has been
delegated the authority to authorize disclosure of or withhold records
and assess, waive, or reduce fees in response to FOIA requests.
Non-commercial scientific institution means an institution that is
not operated substantially for purposes of furthering its own or
someone else's business, trade, or profit interests, and that is
operated for purposes of conducting scientific research whose results
are not intended to promote any particular product or industry.
[[Page 4156]]
Records means any handwritten, typed, or printed documents (such as
memoranda, books, brochures, studies, writings, drafts, letters,
transcripts, and minutes) and documentary material in other forms (such
as punchcards; magnetic tapes, cards, or discs; paper tapes; audio or
video recordings; maps; photographs; slides; microfilm; and motion
pictures). It does not include objects or articles such as exhibits,
models, equipment, and duplication machines or audiovisual processing
materials. Nor does it include books, magazines, pamphlets, or other
reference material in formally organized and officially designated SSA
libraries, where such materials are available under the rules of the
particular library.
Representative of the news media means a person actively gathering
information for an entity organized and operated to publish or
broadcast news to the public. News media entities include television
and radio broadcasters, publishers of periodicals who distribute their
products to the general public or who make their products available for
purchase or subscription by the general public, and entities that may
disseminate news through other media (e.g., electronic dissemination of
text). We will treat freelance journalists as representatives of a news
media entity if they can show a likelihood of publication through such
an entity. A publication contract is such a basis, and the requester's
past publication record may show such a basis.
Request means asking for records, whether or not you refer
specifically to the FOIA. Requests from Federal agencies and court
orders for documents are not included within this definition. Subpoenas
are requests only to the extent provided by 45 CFR 2.
Review means, when used in connection with processing records for a
commercial use request, examining the records to determine what
portions, if any, may be withheld, and any other processing that is
necessary to prepare the records for release. It includes only the
examining and processing that are done the first time we analyze
whether a specific exemption applies to a particular record or portion
of a record. It does not include examination done in the appeal stage
with respect to an exemption that was applied at the initial request
stage. However, if we initially withhold a record under one exemption,
and on appeal we determine that that exemption does not apply, then
examining the record in the appeal stage for the purpose of determining
whether a different exemption applies is included in review. It does
not include the process of researching or resolving general legal or
policy issues regarding exemptions.
Search means looking for records or portions of records responsive
to a request. It includes reading and interpreting a request, and also
page-by-page and line-by-line examination to identify responsive
portions of a document. However, it does not include line-by-line
examination where merely duplicating the entire page would be a less
expensive and quicker way to comply with the request.
Sec. 402.35 Publication.
(a) Methods of publication. Materials we are required to publish
pursuant to the provisions of 5 U.S.C. 552(a)(1) and (a)(2), we publish
in one of the following ways:
(1) By publication in the Federal Register of Social Security
Administration regulations, and by their subsequent inclusion in the
Code of Federal Regulations;
(2) By publication in the Federal Register of appropriate general
notices;
(3) By other forms of publication, when incorporated by reference
in the Federal Register with the approval of the Director of the
Federal Register; and
(4) By publication in the ``Social Security Rulings'' of indexes of
precedential social security orders and opinions issued in the
adjudication of claims, statements of policy and interpretations which
have been adopted but have not been published in the Federal Register.
The ``Social Security Rulings'' may be purchased through the Government
Printing Office (See Sec. 402.40).
(b) Publication of rulings. Although not required pursuant to 5
U.S.C. 552 (a)(1) and (a)(2), we publish the following rulings in the
Federal Register as well as by other forms of publication:
(1) We publish Social Security Rulings in the Federal Register
under the authority of the Commissioner of Social Security. They are
binding on all components of the Social Security Administration. These
rulings represent precedent final opinions and orders and statements of
policy and interpretations that we have adopted.
(2) We publish Social Security Acquiescence Rulings in the Federal
Register under the authority of the Commissioner of Social Security.
They are binding on all components of the Social Security
Administration, except with respect to claims subject to the
relitigation procedures established in 20 CFR 404.984 (c) and (d),
410.610c (c) and (d), and 416.1484 (c) and (d). For a description of
Social Security Acquiescence Rulings, see 20 CFR 404.984(b),
410.610c(b), and 416.1484(b) of this title.
(c) Availability for inspection. To the extent practicable and to
further assist the public, we make available for inspection at the
address specified in Sec. 402.135 those materials which are published
in the Federal Register pursuant to 5 U.S.C. 552(a)(1).
Sec. 402.40 Publications for sale.
The following publications containing information pertaining to the
program, organization, functions, and procedures of the Social Security
Administration may be purchased from the Superintendent of Documents,
Government Printing Office, Washington, DC 20402:
(a) Title 20, parts 400-499 of the Code of Federal Regulations.
(b) Federal Register issues.
(c) Compilation of the Social Security Laws.
(d) Social Security Rulings.
(e) Social Security Handbook. The information in the
Handbook is not of precedent or interpretative force.
(f) Social Security Bulletin.
(g) Social Security Acquiescence Rulings.
Sec. 402.45 Availability of records.
(a) What records are available. 5 U.S.C. 552, also known as the
FOIA, permits any person to see, and get a copy of, any Federal
agency's records unless the material is exempt from mandatory
disclosure as described in Sec. 402.70 of this part.
(b) FOIA. Under the FOIA, we are also required to make available to
the public the instructional manuals issued to our employees, general
statements of policy, and other materials which are used in processing
claims and which are not published in the Federal Register, and an
index of these manuals and materials.
(c) Record citation as precedent. We will not use or cite any
record described in paragraph (b) of this section as a precedent for an
action against a person unless we have indexed the record and published
it or made it available, or unless the person has timely notice of the
record.
Sec. 402.50 Availability of administrative staff manuals.
All administrative staff manuals of the Social Security
Administration and instructions to staff personnel which contain
policies, procedures, or interpretations that affect the public are
available for inspection and copying. A complete listing of such
materials is published in the Index of
[[Page 4157]]
Administrative Staff Manuals and Instructions. These manuals are
generally not printed in a sufficient quantity to permit sale or other
general distribution to the public. Selected material is maintained at
district offices and field offices and may be inspected there. See
Secs. 402.55 and 402.60 for a listing of this material.
Sec. 402.55 Materials available at district offices and branch
offices.
(a) Materials available for inspection. The following are available
or will be made available for inspection at the district offices and
branch offices:
(1) Compilation of the Social Security Laws.
(2) Social Security Administration regulations under the
retirement, survivors, disability, and supplemental security income
programs, i.e., 20 CFR parts 401, 402, 404, 416, and 422; and the
Social Security Administration's regulations under part B of title IV
(Black Lung Benefits) of the Federal Coal Mine Health and Safety Act of
1969, 20 CFR part 410.
(3) Social Security Rulings.
(4) Social Security Handbook.
(5) Social Security Acquiescence Rulings.
(b) Materials available for inspection and copying. The following
materials are available or will be made available for inspection and
copying at the district offices and branch offices (fees may be
applicable per Secs. 402.155 through 402.185):
(1) SSA Program Operations Manual System.
(2) SSA Organization Manual.
(3) Handbook for State Social Security Administrators.
(4) Indexes to the materials listed in paragraph (a) of this
section and in this paragraph (b) and an index to the Hearings, Appeals
and Litigation Law (HALLEX) manual.
(5) Index of Administrative Staff Manuals and Instructions.
Sec. 402.60 Materials in field offices of the Office of Hearings and
Appeals.
(a) Materials available for inspection. The following materials are
available for inspection in the field offices of the Office of Hearings
and Appeals:
(1) Regulations of the Social Security Administration (see
Sec. 402.55(a)(2)).
(2) Title 5, United States Code.
(3) Compilation of the Social Security Laws.
(4) Social Security Rulings.
(5) Social Security Handbook.
(6) Social Security Acquiescence Rulings.
(b) The Hearings, Appeals and Litigation Law (HALLEX) manual is
available for inspection and copying in the field offices of the Office
of Hearings and Appeals (fees may be applicable per Secs. 402.155
through 402.185).
Sec. 402.65 Health care information.
We have some information about health care programs under titles
XVIII and XIX (Medicare and Medicaid) of the Social Security Act. We
follow the rules in 42 CFR part 401 in determining whether to provide
any portion of it to a requester.
Sec. 402.70 Reasons for withholding some records.
Section 552(b) of the Freedom of Information Act contains nine
exemptions to the mandatory disclosure of records. We describe these
exemptions in Secs. 402.75 through 402.110 of this part and explain how
we apply them to disclosure determinations. (In some cases more than
one exemption may apply to the same document.) Information obtained by
the agency from any individual or organization, furnished in reliance
on a provision for confidentiality authorized by applicable statute or
regulation, will not be disclosed, to the extent it can be withheld
under one of these exemptions. This section does not itself authorize
the giving of any pledge of confidentiality by any officer or employee
of the agency.
Sec. 402.75 Exemption one for withholding records: National defense
and foreign policy.
We are not required to release records that, as provided by FOIA,
are ``(a) specifically authorized under criteria established by an
Executive Order to be kept secret in the interest of national defense
or foreign policy and (b) are in fact properly classified pursuant to
such Executive Order.'' Executive Order No. 12958 (1995) (3 CFR, 1987
Comp., p. 235) provides for such classification. When the release of
certain records may adversely affect U.S. relations with foreign
countries, we usually consult with officials of those countries or
officials of the Department of State. Also, we may on occasion have in
our possession records classified by some other agency. We may refer
your request for such records to the agency that classified them and
notify you that we have done so.
Sec. 402.80 Exemption two for withholding records: Internal personnel
rules and practices.
We are not required to release records that are ``related solely to
the internal personnel rules and practices of an agency.'' Under this
exemption, we may withhold routine internal agency practices and
procedures. For example, we may withhold guard schedules and rules
governing parking facilities or lunch periods. Also under this
exemption, we may withhold internal records whose release would help
some persons circumvent the law or agency regulations. For example, we
ordinarily do not disclose manuals that instruct our investigators or
auditors how to investigate possible violations of law, to the extent
that this release would help some persons circumvent the law.
Sec. 402.85 Exemption three for withholding records: Records exempted
by other statutes.
We are not required to release records if another statute
specifically allows or requires us to withhold them. We may use another
statute to justify withholding only if it absolutely prohibits
disclosure or if it sets forth criteria to guide our decision on
releasing or identifies particular types of material to be withheld. We
often use this exemption to withhold information regarding a worker's
earnings which is tax return information under section 6103 of the
Internal Revenue Code.
Sec. 402.90 Exemption four for withholding records: Trade secrets and
confidential commercial or financial information.
We will withhold trade secrets and commercial or financial
information that is obtained from a person and is privileged or
confidential.
(a) Trade secrets. A trade secret is a secret, commercially
valuable plan, formula, process, or device that is used for the making,
preparing, compounding, or processing of trade commodities and that can
be said to be the end product of either innovation or substantial
effort. There must be a direct relationship between the trade secret
and the productive process.
(b) Commercial or financial information. We will not disclose
records whose information is ``commercial or financial,'' is obtained
from a person, and is ``privileged or confidential.''
(1) Information is ``commercial or financial'' if it relates to
businesses, commerce, trade, employment, profits, or finances
(including personal finances). We interpret this category broadly.
(2) Information is ``obtained from a person'' if SSA or another
agency has obtained it from someone outside the Federal Government or
from someone within the Government who has a commercial or financial
interest in the information. ``Person'' includes an individual,
partnership, corporation, association, state or foreign government,
[[Page 4158]]
or other organization. Information is not ``obtained from a person'' if
it is generated by SSA or another Federal agency. However, information
is ``obtained from a person'' if it is provided by someone, including
but not limited to an agency employee, who retains a commercial or
financial interest in the information.
(3) Information is ``privileged'' if it would ordinarily be
protected from disclosure in civil discovery by a recognized
evidentiary privilege, such as the attorney-client privilege or the
work product privilege. Information may be privileged for this purpose
under a privilege belonging to a person outside the government, unless
the providing of the information to the government rendered the
information no longer protectable in civil discovery.
(4) Information is ``confidential'' if it meets one of the
following tests:
(i) Disclosure may impair the government's ability to obtain
necessary information in the future;
(ii) Disclosure would substantially harm the competitive position
of the person who submitted the information;
(iii) Disclosure would impair other government interests, such as
program effectiveness and compliance; or
(iv) Disclosure would impair other private interests, such as an
interest in controlling availability of intrinsically valuable records,
which are sold in the market by their owner.
(c) Analysis under tests in this section. The following questions
may be relevant in analyzing whether a record meets one or more of the
above tests:
(1) Is the information of a type customarily held in strict
confidence and not disclosed to the public by the person to whom it
belongs?
(2) What is the general custom or usage with respect to such
information in the relevant occupation or business?
(3) How many, and what types of, individuals have access to the
information?
(4) What kind and degree of financial injury can be expected if the
information is disclosed?
(d) Designation of certain confidential information. A person who
submits records to the government may designate part or all of the
information in such records as exempt from disclosure under Exemption 4
of the FOIA. The person may make this designation either at the time
the records are submitted to the government or within a reasonable time
thereafter. The designation must be in writing. Where a legend is
required by a request for proposals or request for quotations, pursuant
to 48 CFR 352.215-12, then that legend is necessary for this purpose.
Any such designation will expire ten years after the records were
submitted to the government.
(e) Predisclosure notification. The procedures in this paragraph
apply to records on which the submitter has designated information as
provided in paragraph (d) of this section. They also apply to records
that were submitted to the government where we have substantial reason
to believe that information in the records could reasonably be
considered exempt under Exemption 4. Certain exceptions to these
procedures are stated in paragraph (f) of this section.
(1) When we receive a request for such records, and we determine
that we may be required to disclose them, we will make reasonable
efforts to notify the submitter about these facts. The notice will
include a copy of the request, and it will inform the submitter about
the procedures and time limits for submission and consideration of
objections to disclosure. If we must notify a large number of
submitters, we may do this by posting or publishing a notice in a place
where the submitters are reasonably likely to become aware of it.
(2) The submitter has five working days from receipt of the notice
to object to disclosure of any part of the records and to state all
bases for its objections.
(3) We will give consideration to all bases that have been timely
stated by the submitter. If we decide to disclose the records, we will
notify the submitter in writing. This notice will briefly explain why
we did not sustain its objections. We will include with the notice a
copy of the records about which the submitter objected, as we propose
to disclose them. The notice will state that we intend to disclose the
records five working days after the submitter receives the notice
unless we are ordered by a United States District Court not to release
them.
(4) When a requester files suit under the FOIA to obtain records
covered by this paragraph, we will promptly notify the submitter.
(5) Whenever we send a notice to a submitter under paragraph (e)(1)
of this section, we will notify the requester that we are giving the
submitter a notice and an opportunity to object. Whenever we send a
notice to a submitter under paragraph (e)(3) of this section, we will
notify the requester of this fact.
(f) Exceptions to predisclosure notification. The notice
requirements in paragraph (e) of this section do not apply in the
following situations:
(1) We decided not to disclose the records;
(2) The information has previously been published or made generally
available;
(3) Disclosure is required by a regulation, issued after notice and
opportunity for public comment, that specifies narrow categories of
records that are to be disclosed under the FOIA, but in this case a
submitter may still designate records as described in paragraph (d) of
this section, and in exceptional cases, we may, at our discretion,
follow the notice procedures in paragraph (e) of this section; or
(4) The designation appears to be obviously frivolous, but in this
case we will still give the submitter the written notice required by
paragraph (e)(3) of this section (although this notice need not explain
our decision or include a copy of the records), and we will notify the
requester as described in paragraph (e)(5) of this section.
Sec. 402.95 Exemption five for withholding records: Internal
memoranda.
This exemption covers internal government communications and notes
that fall within a generally recognized evidentiary privilege. Internal
government communications include an agency's communications with an
outside consultant or other outside person, with a court, or with
Congress, when those communications are for a purpose similar to the
purpose of privileged intra-agency communications. Some of the most-
commonly applicable privileges are described in the following
paragraphs:
(a) Deliberative process privilege. This privilege protects
predecisional deliberative communications. A communication is protected
under this privilege if it was made before a final decision was reached
on some question of policy and if it expressed recommendations or
opinions on that question. The purpose of the privilege is to prevent
injury to the quality of the agency decisionmaking process by
encouraging open and frank internal policy discussions, by avoiding
premature disclosure of policies not yet adopted, and by avoiding the
public confusion that might result from disclosing reasons that were
not in fact the ultimate grounds for an agency's decision. Purely
factual material in a deliberative document is within this privilege
only if it is inextricably intertwined with the deliberative portions
so that it cannot reasonably be segregated, if it would reveal the
nature of the deliberative portions, or if its disclosure would in some
other way make possible an intrusion into the decisionmaking process.
We will release purely factual material in a deliberative
[[Page 4159]]
document unless that material is otherwise exempt. The privilege
continues to protect predecisional documents even after a decision is
made.
(b) Attorney work product privilege. This privilege protects
documents prepared by or for an agency, or by or for its representative
(typically, our attorneys) in anticipation of litigation or for trial.
It includes documents prepared for purposes of administrative
adjudications as well as court litigation. It includes documents
prepared by program offices as well as by attorneys. It includes
factual material in such documents as well as material revealing
opinions and tactics. Finally, the privilege continues to protect the
documents even after the litigation is closed.
(c) Attorney-client communication privilege. This privilege
protects confidential communications between a lawyer and an employee
or agent of the Government where there is an attorney-client
relationship between them (typically, where the lawyer is acting as
attorney for the agency and the employee is communicating on behalf of
the agency) and where the employee has communicated information to the
attorney in confidence in order to obtain legal advice or assistance.
Sec. 402.100 Exemption six for withholding records: Clearly
unwarranted invasion of personal privacy.
(a) Documents affected. We may withhold records about individuals
if disclosure would constitute a clearly unwarranted invasion of their
personal privacy.
(b) Balancing test. In deciding whether to release records to you
that contain personal or private information about someone else, we
weigh the foreseeable harm of invading that person's privacy against
the public benefit that would result from the release. If you were
seeking information for a purely commercial venture, for example, we
might not think that disclosure would primarily benefit the public and
we would deny your request. On the other hand, we would be more
inclined to release information if you were working on a research
project that gave promise of providing valuable information to a wide
audience. However, in our evaluation of requests for records we attempt
to guard against the release of information that might involve a
violation of personal privacy because of a requester being able to
``read between the lines'' or piece together items that would
constitute information that normally would be exempt from mandatory
disclosure under Exemption Six.
(c) Examples. Some of the information that we frequently withhold
under Exemption Six is: Home addresses, ages, and minority group status
of our employees or former employees; social security numbers; medical
information about individuals who have filed a claim for disability
benefits; names and addresses of individual beneficiaries of our
programs, or benefits such individuals receive; earnings records, claim
files, and other personal information SSA maintains.
Sec. 402.110 Exemption seven for withholding records: Law enforcement.
We are not required to disclose information or records that the
government has compiled for law enforcement purposes. The records may
apply to actual or potential violations of either criminal or civil
laws or regulations. We can withhold these records only to the extent
that releasing them would cause harm in at least one of the following
situations:
(a) Enforcement proceedings. We may withhold information whose
release could reasonably be expected to interfere with prospective or
ongoing law enforcement proceedings. Investigations of fraud and
mismanagement, employee misconduct, and civil rights violations may
fall into this category. In certain cases--such as when a fraud
investigation is likely--we may refuse to confirm or deny the existence
of records that relate to the violations in order not to disclose that
an investigation is in progress, or may be conducted.
(b) Fair trial or impartial adjudication. We may withhold records
whose release would deprive a person of a fair trial or an impartial
adjudication because of prejudicial publicity.
(c) Personal privacy. We are careful not to disclose information
that could reasonably be expected to constitute an unwarranted invasion
of personal privacy. When a name surfaces in an investigation, that
person is likely to be vulnerable to innuendo, rumor, harassment, and
retaliation.
(d) Confidential sources and information. We may withhold records
whose release could reasonably be expected to disclose the identity of
a confidential source of information. A confidential source may be an
individual; a state, local, or foreign government agency; or any
private organization. The exemption applies whether the source provides
information under an express promise of confidentiality or under
circumstances from which such an assurance could be reasonably
inferred. Also, where the record, or information in it, has been
compiled by a law enforcement authority conducting a criminal
investigation, or by an agency conducting a lawful national security
investigation, the exemption also protects all information supplied by
a confidential source. Also protected from mandatory disclosure is any
information which, if disclosed, could reasonably be expected to
jeopardize the system of confidentiality that assures a flow of
information from sources to investigatory agencies.
(e) Techniques and procedures. We may withhold records reflecting
special techniques or procedures of investigation or prosecution, not
otherwise generally known to the public. In some cases, it is not
possible to describe even in general terms those techniques without
disclosing the very material to be withheld. We may also withhold
records whose release would disclose guidelines for law enforcement
investigations or prosecutions if this disclosure could reasonably be
expected to create a risk that someone could circumvent requirements of
law or of regulation.
(f) Life and physical safety. We may withhold records whose
disclosure could reasonably be expected to endanger the life or
physical safety of any individual. This protection extends to threats
and harassment as well as to physical violence.
Sec. 402.110 Exemptions eight and nine for withholding records:
Records on financial institutions; records on wells.
Exemption eight permits us to withhold records about regulation or
supervision of financial institutions. Exemption nine permits the
withholding of geological and geophysical information and data,
including maps, concerning wells.
Sec. 402.115 Deletion of identifying details.
When SSA publishes or otherwise makes available an opinion or
order, statement of policy, or other record which relates to a private
party or parties, the name or names or other identifying details may be
deleted.
Sec. 402.120 Creation of records.
We are not required to create new records merely to satisfy a
request. For example, we are not required to program computers to
provide data in a particular form or to compile selected items from
records, provide statistical data, ratios, proportions, percentages,
etc. If these data have already been compiled and are available, we
will
[[Page 4160]]
supply the record when appropriate fees are paid, as provided in
Secs. 402.160 and 402.165. This does not mean that we will never help
you get information that does not already exist in our records.
However, diverting staff and equipment from other responsibilities may
not always be possible.
Sec. 402.125 Who may release a record.
Except as otherwise provided by regulation, only the Director,
Office of Disclosure Policy, SSA, or her or his designee may determine
whether to release any record in SSA's control and possession. This
official is SSA's Freedom of Information Officer. Sections 402.40,
402.55, and 402.60 list some of the materials which we have determined
may be released.
Sec. 402.130 How to request a record.
You may request a record in person, by telephone, or by mail.
(However, see Secs. 402.180 through 402.195 for an explanation of your
appeal rights.) Any request should reasonably describe the record you
want. If you have detailed information which would assist us in
identifying that record, please submit it with your request. You should
mark the outside of any envelope used to submit your request as a
``Freedom of Information Request'', no matter how your request may be
categorized for fee purposes. (Sections 402.145 through 402.175 explain
our fees.) The staff at any Social Security office can help you prepare
this request.
Sec. 402.135 Where to send a request.
You may send your request for a record to: The Director, Office of
Disclosure Policy, Social Security Administration, 6401 Security
Boulevard, Baltimore, Maryland 21235.
Sec. 402.140 How a request for a record is processed.
(a) Within 10 working days from the date a request is received by
the appropriate official (see Sec. 402.135), we will make a
determination as to whether the requested record will be provided. This
10-day period may be extended by written notice up to 10 additional
working days when one or more of the following situations exist:
(1) The office processing the request needs to locate and then
obtain the record from another facility;
(2) We need to locate, obtain, and appropriately examine a large
number of records which are requested in a single request; or
(3) The office processing the request needs to consult with another
agency which has a substantial interest in the subject matter of the
request. This consultation shall be conducted with all practicable
speed.
(b) If an extension is made, we will notify you, explain why the
additional time is needed, and tell you the date by which we expect to
make a decision on your request.
Sec. 402.145 Responding to your request.
(a) Retrieving records. We are required to furnish copies of
records only when they are in our possession or we can retrieve them
from storage. If we have stored the records you want in the National
Archives or another storage center, we will retrieve and review them
for possible disclosure. However, the Federal Government destroys many
old records, so sometimes it is impossible to fill requests. Various
laws, regulations, and manuals give the time periods for keeping
records before they may be destroyed. For example, there is information
about retention of records in the Records Disposal Act of 1944, 44
U.S.C. 3301 through 3314; the Federal Property Management Regulations,
41 CFR 101-1.104; and the General Records Schedules of the National
Archives and Records Administration.
(b) Furnishing records. The requirement is that we furnish copies
only of records that we have or can retrieve. We are not compelled to
create new records. For example, we are not required to write a new
program so that a computer will print information in the format you
prefer. However, if the requested information is maintained in
computerized form, but we can, with minimal computer instructions,
produce the information on paper, we will do this if it is the only way
to respond to a request. Nor are we required to perform research for
you. On the other hand, we may decide to conserve Government resources
and at the same time supply the records you need by consolidating
information from various records rather than copying them all.
Moreover, we are required to furnish only one copy of a record and
usually impose that limit. If information exists in different forms, we
will provide the record in the form that best conserves government
resources. For example, if it requires less time and expense to provide
a computer record as a paper printout rather than in an electronic
medium, we will provide the printout.
Sec. 402.150 Release of records.
(a) Records previously released. If we have released a record, or a
part of a record, to others in the past, we will ordinarily release it
to you also. However, we will not release it to you if a statute
forbids this disclosure, and we will not necessarily release it to you
if an exemption applies in your situation and did not apply, or applied
differently, in the previous situations.
(b) Unauthorized disclosure. The principle stated in paragraph (a)
of this section does not apply if the previous release was
unauthorized.
(c) Poor copy. If we cannot make a legible copy of a record to be
released, we do not attempt to reconstruct it. Instead, we furnish the
best copy possible and note its poor quality in our reply.
Sec. 402.155 Fees to be charged--categories of requests.
Paragraphs (a) through (c) of this section state, for each category
of request, the type of fees that we will generally charge. However,
for each of these categories, the fees may be limited, waived, or
reduced for the reasons given below or for other reasons.
(a) Commercial use request. If your request is for a commercial
use, we will charge you the costs of search, review, and duplication.
(b) Educational and scientific institutions and news media. If you
are an educational institution or a non-commercial scientific
institution, operated primarily for scholarly or scientific research,
or a representative of the news media, and your request is not for a
commercial use, we will charge you only for the duplication of
documents. Also, we will not charge you the copying costs for the first
100 pages of duplication.
(c) Other requesters. If your request is not the kind described by
paragraph (a) or (b) of this section, then we will charge you only for
the search and the duplication. Also, we will not charge you for the
first two hours of search time or for the copying costs of the first
100 pages of duplication.
Sec. 402.160 Fees to be charged--general provisions.
(a) We may charge search fees even if the records we find are
exempt from disclosure, or even if we do not find any records at all.
(b) If we are not charging you for the first two hours of search
time, under Sec. 402.145(c), and those two hours are spent on a
computer search, then the two free hours are the first two hours of the
operator's own operation. If the operator spends less than two hours on
the search, we will reduce the total search fees by the average hourly
rate for the operator's time, multiplied by two.
(c) If we are not charging you for the first 100 pages of
duplication, under Sec. 402.145 (b) or (c), then those 100 pages
[[Page 4161]]
are the first 100 pages of photocopies of standard size pages, or the
first 100 pages of computer printout. If we cannot use this method to
calculate the fee reduction, then we will reduce your total duplication
fee by the normal charge for photocopying a standard size page,
multiplied by 100.
(d) We will charge interest on unpaid bills beginning on the 31st
day following the day the bill was sent.
Sec. 402.165 Fee schedule.
The following is our fee schedule for providing records and related
services under the FOIA:
(a) Manual searching for or reviewing of records. When the search
or review is performed by employees at grade GS-1 through GS-8, we will
charge an hourly rate based on the salary of a GS-5, step 7, employee;
when done by a GS-9 through GS-14, an hourly rate based on the salary
of a GS-12, step 4, employee; and when done by a GS-15 or above, an
hourly rate based on the salary of a GS-15, step 7, employee. In each
case, we will compute the hourly rate by taking the current hourly rate
for the specified grade and step, adding 16% of that rate to cover
benefits, and rounding to the nearest whole dollar. As of January 5,
1997, these rates were $14, $28, and $50 respectively. These rates are
adjusted as Federal salaries change. When a search involves employees
at more than one of these levels, we will charge the rate appropriate
for each.
(b) Computer searching and printing. We will charge the actual cost
of operating the computer plus charges for the time spent by the
operator, at the rates given in paragraph (a) of this section.
(c) Photocopying standard size pages. We will charge $0.10 per
page. The Freedom of Information (FOI) Officer may charge lower fees
for particular documents where--
(1) The document has already been printed in large numbers;
(2) The program office determines that using existing stock to
answer this request, and any other anticipated FOI requests, will not
interfere with program requirements; and
(3) The FOI Officer determines that the lower fee is adequate to
recover the prorated share of the original printing costs.
(d) Photocopying odd-size documents. For photocopying documents
such as punchcards or blueprints, or reproducing other records such as
tapes, we will charge the actual costs of operating the machine, plus
the actual cost of the materials used, plus charges for the time spent
by the operator, at the rates given in paragraph (a) of this section.
(e) Certifying that records are true copies. This service is not
required by the FOIA. If we agree to provide it, we will charge $10 per
certification.
(f) Sending records by express mail, certified mail, or other
special methods. This service is not required by the FOIA. If we agree
to provide it, we will charge our actual costs.
(g) Other special services. For performing any other special
service that you request and we agree to, we will charge the actual
costs of operating any machinery, plus actual cost of any materials
used, plus charges for the time of our employees, at the rates given in
paragraph (a) of this section.
(h) Billing exceeds cost of service. Generally we will not charge
you a fee when the cost of the service is less than the cost of sending
you a bill. However, where an individual, organization, or governmental
unit makes multiple separate requests, we will total the costs incurred
and periodically bill the requester for the services rendered.
(i) Fee for copies of printed materials. When extra copies of
printed material are available, the charge is generally 1 cent per
page. If the material may be purchased from the Superintendent of
Documents, the charge is that set by the Superintendent. The
Superintendent's address is in Sec. 402.40.
(j) When not applicable. This fee schedule does not apply to
requests for records of Social Security number holders, wage earners,
employers, and claimants when the requests are governed by section 1106
of the Social Security Act and by Secs. Sections 402.170 and 402.175.
Sec. 402.170 Fees for providing records and related services for
program purposes pursuant to section 1106 of the Social Security Act.
(a) Program purposes described. (1) We consider a request to be
program related if the information must be disclosed under the Social
Security Act. For example, section 205(c)(2)(A) of the Act (42 U.S.C.
405(c)(2)(A)) requires that we provide certain information upon request
to a worker, her or his legal representative, her or his survivor, or
the legal representative of the worker's estate. That information is
the amounts of the worker's wages and self-employment income and the
periods during which they were paid or derived, as shown by our
records.
(2) We also consider a request to be program related if the
requester indicates the needed information will be used for a purpose
which is directly related to the administration of a program under the
Social Security Act.
(i) The major criteria we consider in deciding whether a proposed
use is so related are:
(A) Is the information needed to pursue some benefit under the Act?
(B) Is the information needed solely to verify the accuracy of
information obtained in connection with a program administered under
the Act?
(C) Is the information needed in connection with an activity which
has been authorized under the Act?
(D) Is the information needed by an employer to carry out her or
his taxpaying responsibilities under the Federal Insurance
Contributions Act or section 218 of the Act?
(ii) We will consider on a case by case basis those requests which
do not meet these criteria but are claimed to be program related.
(b) When we charge. If we determine the request for information is
program related, we may or may not charge for the information. For
example, as stated in paragraph (a) of this section, we generally will
not charge you for information needed to assure the accuracy of our
records on which your present or future Social Security benefits
depend. In addition, we generally will not charge for furnishing
information under section 205(c)(2)(A) of the Act. However, if we do
charge for a program related request (for example, if more detailed
information or special services are requested) we will use the fee
schedule in Sec. 402.165 if information is being disclosed under the
FOIA and the fee schedule in 20 CFR 401.95 if access to the information
is being granted under the Privacy Act. (Exception: If the request is
for purposes of administering employee benefits covered by the Employee
Retirement Income Security Act of 1974 (ERISA), even if the request is
covered by section 205(c)(2)(A) of the Act, we will charge under
Sec. 402.175.)
Sec. 402.175 Fees for providing information and related services for
non-program purposes.
(a) General. Section 1106(c) of the Social Security Act permits the
Commissioner to require requesters of information to pay the full cost
of supplying the information where the information is requested to
comply with the ERISA, or ``* * * for any other purpose not directly
related to the administration of the program or programs under * * *''
the Social Security Act. This may be done notwithstanding the fee
provisions of the FOIA and the Privacy Act or any
[[Page 4162]]
other provision of law. As used in this section--
(1) Full cost includes the direct and indirect costs to SSA
(including costs of duplication) of providing information and related
services under section 1106(c) of the Act; and
(2) Full cost of an employee's time includes fringe benefits and
overhead costs such as rent and utilities.
(b) Non-program related requests. We consider a request for
information which does not meet or equal any of the criteria in
Sec. 402.170 to be non-program related. (Whether a request for
information about an individual is made by that individual or by
someone else is not a factor.) In responding to these requests, or
requests for ERISA purposes, we will charge the full cost of our
services as described in paragraph (c) of this section.
(c) Fee schedule. Our fee schedule for non-program related requests
is:
(1) Manual searching for records. Full cost of the employee's time.
(2) Photocopying, or reproducing records such as magnetic tapes or
punch cards. Full cost of the operator's time plus the full cost of the
machine time and the materials used.
(3) Use of electronic data processing equipment to obtain records.
Our full cost for the service, including computer search time, computer
runs and printouts, and the time of computer programmers and operators
and other employees.
(4) Certification or authentication of records. Full cost of
certification or authentication.
(5) Forwarding materials to destination. If you request special
arrangements for forwarding the material, we will charge you the full
cost of this service (e.g., you request express mail or a commercial
delivery service). If no special forwarding arrangements are requested,
we will charge you the full cost of the service, including the U.S.
Postal Service cost.
(6) Performing other special services. If we agree to provide any
special services you request, we will charge you the full cost of the
time of the employee who performs the service, plus the full cost of
any machine time and materials that the employee uses.
(7) Billing exceeds cost of service. Generally we will not charge
you a fee when the cost of the service is less than the cost of sending
you a bill. However, where an individual, organization, or governmental
unit makes multiple separate requests, we will total the costs incurred
and bill the requester for the services rendered.
(d) Fee for copies of printed materials. When extra copies of
printed material are available, the charge is generally 1 cent per
page. If the material may be purchased from the Superintendent of
Documents, the charge is that set by the Superintendent. The
Superintendent's address is in Sec. 402.40.
(e) Charging when requested record not found. We may charge you for
search time, even though we fail to find the records. We may also
charge you for search time if the records we locate are exempt from
disclosure.
Sec. 402.180 Procedure on assessing and collecting fees for providing
records.
(a) We will generally assume that when you send us a request, you
agree to pay for the services needed to locate and send that record to
you. You may specify in your request a limit on the amount you are
willing to spend. If you do that or include with your request a payment
that does not cover our fee, we will notify you if it appears that the
fee will exceed that amount and ask whether you want us to continue to
process your request. Also, before we start work on your request under
Sec. 402.120, we will generally notify you of our exact or estimated
charge for the information, unless it is clear that you have a
reasonable idea of the cost.
(b) If you have failed to pay previous bills in a timely fashion,
or if our initial review of your request indicates that we will charge
you fees exceeding $250, we will require you to pay your past due fees
and/or the estimated fees, or a deposit, before we start searching for
the records you want. If so, we will let you know promptly upon
receiving your request. In such cases, administrative time limits
(i.e., ten working days from receipt of initial requests and 20 working
days from receipt of appeals from initial denials, plus permissible
extensions of these time limits) will begin only after we come to an
agreement with you over payment of fees, or decide that fee waiver or
reduction is appropriate.
(c) We will normally require you to pay all fees before we furnish
the records to you. We may, at our discretion, send you a bill along
with or following the furnishing of the records. For example, we may do
this if you have a history of prompt payment. We may also, at our
discretion, aggregate the charges for certain time periods in order to
avoid sending numerous small bills to frequent requesters, or to
businesses or agents representing requesters. For example, we might
send a bill to such a requester once a month. Fees should be paid in
accordance with the instructions furnished by the person who responds
to your requests.
(d) Payment of fees will be made by check or money order payable to
``Social Security Administration''.
Sec. 402.185 Waiver or reduction of fees in the public interest.
(a) Standard. We will waive or reduce the fees we would otherwise
charge if disclosure of the information meets both tests which are
explained in paragraphs (b) and (c) of this section:
(1) It is in the public interest because it is likely to contribute
significantly to public understanding of the operations or activities
of the government; and
(2) It is not primarily in the commercial interest of the
requester.
(b) Public interest. The disclosure passes the first test only if
it furthers the specific public interest of being likely to contribute
significantly to public understanding of government operations or
activities, regardless of any other public interest it may further. In
analyzing this question, we will consider the following factors:
(1) How, if at all, do the records to be disclosed pertain to the
operations or activities of the Federal Government?
(2) Would disclosure of the records reveal any meaningful
information about government operations or activities? Can one learn
from these records anything about such operations that is not already
public knowledge?
(3) Will the disclosure advance the understanding of the general
public as distinguished from a narrow segment of interested persons?
Under this factor we may consider whether the requester is in a
position to contribute to public understanding. For example, we may
consider whether the requester has such knowledge or expertise as may
be necessary to understand the information, and whether the requester's
intended use of the information would be likely to disseminate the
information among the public. An unsupported claim to be doing research
for a book or article does not demonstrate that likelihood, while such
a claim by a representative of the news media is better evidence.
(4) Will the contribution to public understanding be a significant
one? Will the public's understanding of the government's operations be
substantially greater as a result of the disclosure?
(c) Not primarily in the requester's commercial interest. If the
disclosure passes the test of furthering the specific public interest
described in paragraph (b) of this section, we will determine whether
it also furthers the requester's commercial interest and, if so,
whether this effect outweighs the advancement of that public interest.
In applying this
[[Page 4163]]
second test, we will consider the following factors:
(1) Would the disclosure further a commercial interest of the
requester, or of someone on whose behalf the requester is acting?
``Commercial interests'' include interests relating to business, trade,
and profit. Not only profit-making corporations have commercial
interests--so do nonprofit corporations, individuals, unions, and other
associations. The interest of a representative of the news media in
using the information for news dissemination purposes will not be
considered a commercial interest.
(2) If disclosure would further a commercial interest of the
requester, would that effect outweigh the advancement of the public
interest defined in paragraph (b) of this section? Which effect is
primary?
(d) Deciding between waiver and reduction. If the disclosure passes
both tests, we will normally waive fees. However, in some cases we may
decide only to reduce the fees. For example, we may do this when
disclosure of some but not all of the requested records passes the
tests.
(e) Procedure for requesting a waiver or reduction. You must make
your request for a waiver or reduction at the same time you make your
request for records. You should explain why you believe a waiver or
reduction is proper under the analysis in paragraphs (a) through (d) of
this section. Only FOI Officers may make the decision whether to waive,
or reduce, the fees. If we do not completely grant your request for a
waiver or reduction, the denial letter will designate a review
official. You may appeal the denial to that official. In your appeal
letter, you should discuss whatever reasons are given in our denial
letter. The process prescribed in Sec. 402.190 of this part will also
apply to these appeals.
Sec. 402.190 Officials who may deny a request for records under FOIA.
Only the Director, Office of Disclosure Policy, SSA, or her or his
designee is authorized to deny a written request to obtain, inspect, or
copy any social security record.
Sec. 402.195 How a request is denied.
(a) Oral requests. If we cannot comply with your oral request
because the Director of the Office of Disclosure Policy (or designee)
has not previously made a determination to release the record you want,
we will tell you that fact. If you still wish to pursue your request,
you must put your request in writing.
(b) Written requests. If you make a written request and the
information or record you requested will not be released, we will send
you an official denial in writing. We will explain why the request was
denied (for example, the reasons why the requested document is subject
to one or more clearly described exemptions), will include the name and
title or position of the person who made the decision, and what your
appeal rights are.
(c) Unproductive searches. We make a diligent search for records to
satisfy your request. Nevertheless, we may not be able always to find
the records you want using the information you provided, or they may
not exist. If we advise you that we have been unable to find the
records despite a diligent search, this does not constitute a denial of
your request.
Sec. 402.200 How to appeal a decision denying all or part of a
request.
(a) How to appeal. If all or part of your written request was
denied, you may request that the Commissioner of Social Security, 6401
Security Boulevard, Baltimore, MD 21235 review that determination. Your
request for review:
(1) Must be in writing;
(2) Must be mailed within 30 days after you received notification
that all or part of your request was denied or, if later, 30 days after
you received materials in partial compliance with your request; and
(3) May include additional information or evidence to support your
request.
(b) How the review is made. After reviewing the prior decision and
after considering anything else you have submitted, the Commissioner or
his or her designee will affirm or revise all or part of the prior
decision. The Commissioner (or a designee) will affirm a denial only
after consulting with the appropriate SSA official(s), including legal
counsel. The decision must be made within 20 working days after your
appeal is received. The Commissioner or a designee may extend this time
limit up to 10 additional working days if one of the situations in
Sec. 402.140(a) exists, provided that, if a prior extension was used to
process this request, the sum of the extensions may not exceed 10
working days. You will be notified in writing of any extension, the
reason for the extension, and the date by which your appeal will be
decided.
(c) How you are notified of the Commissioner's decision. The
Commissioner or a designee will send you a written notice of the
decision explaining the basis of the decision (for example, the reasons
why an exemption applies) which will include the name and title or
position of the person who made the decision. The notice will tell you
that if any part of your request remains unsatisfied, you have the
right to seek court review.
Sec. 402.205 U.S. District Court action.
If the Commissioner or a designee, upon review, affirms the denial
of your request for records, in whole or in part, you may ask a U.S.
District Court to review that denial. See 5 U.S.C. 552(a)(4)(B). If we
fail to act on your request for a record or for review of a denial of
such a request within the time limits in Sec. 402.140(a) or in
Sec. 402.190(b), you may ask a U.S. District Court to treat this as if
the Commissioner had denied your request.
PART 422--ORGANIZATION AND PROCEDURES
Subpart E of Part 422--[Removed]
3. Under the authority of section 106(b) of Pub. L. 103-296, Social
Security Independence and Program Improvements Act of 1994, subpart E
of part 422, is removed and reserved.
[FR Doc. 97-1271 Filed 1-28-97; 8:45 am]
BILLING CODE 4190-29-P
