[Federal Register Volume 59, Number 207 (Thursday, October 27, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-26626]
[[Page Unknown]]
[Federal Register: October 27, 1994]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
National Institutes of Health; Privacy Act of 1974; New System of
Records
AGENCY: Public Health Service, DHHS.
ACTION: Notification of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act, the
Public Health Service (PHS) is publishing a notice of a new system of
records, 09-25-0169, ``Medical Staff Credentials Files, HHS/NIH/CC.''
We are also proposing routine uses for this new system.
DATES: PHS invites interested parties to submit comments on the
proposed internal and routine uses on or before November 28, 1994. PHS
has sent a report of a New System to the Congress and to the Office of
Management and Budget (OMB) on October 14, 1994. This system of records
will be effective 40 days from the date of publication unless PHS
receives comments on the routine uses which would result in a contrary
determination.
ADDRESSES: Please submit comments to: NIH Privacy Act Officer, Building
31, Room 3B03, 9000 Rockville Pike, Bethesda, MD 20892, 301-496-2832.
Comments received will be available for inspection at this same
address from 9 a.m. to 3 p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT: Chief, Medical Record Department,
Warren G. Magnuson Clinical Center, National Institutes of Health,
Building 10, Room 1N208, 9000 Rockville Pike, Bethesda, Maryland 20892,
301-496-2292.
The numbers listed above are not toll free.
SUPPLEMENTARY INFORMATION: The National Institutes of Health (NIH)
proposes to establish a new system of records: 09-25-0169, ``Medical
Staff Credentials Files, HHS/NIH/CC.'' This system of records will be
used by NIH staff to: (1) Maintain information used in the
credentialing and privileging of active medical staff members at the
Warren G. Magnuson Clinical Center; (2) document patient care
privileges for active members of the medical staff; (3) provide
information about active and non-active members of the medical staff to
authorized individuals; and (4) report to the National Practitioner
Data Bank as required by the provisions of Title IV of Public Law 99-
660, as amended.
The system will comprise records that contain medical staff names,
date of birth, home address and telephone number, office address and
telephone number, citizenship, visa information, appointment date,
hospital-wide computer access privileges, Institute/Center/Division
designation, branch/lab, type of medical staff membership, privilege
delineation, professional degree(s) including school of attendance and
graduation dates, foreign medical examinations, specialty board
certifications, licensing information (including state of licensure and
license number), record or disciplinary actions, documentation of
training, and admitting privileges.
The amount of information recorded on each individual will be only
that which is necessary to accomplish the purposes of the system.
Records are established from forms and documentation submitted by
individual medical staff members to the Medical Record Department.
The records in this system will be maintained in a secure manner
compatible with their content and use. NIH and Contractor staff will be
required to adhere to the provisions of the Privacy Act and the HHS
Privacy Act regulations. The System Manager will control access to the
data. Only authorized users whose official duties require the use of
such information will have regular access to the records in this
system. Authorized users are HHS employees and Contractor staff
responsible for implementing the medical staff credentials data system.
Records will be stored on paper forms in file folders and on
computer disk. Manual and computerized records will be maintained in
accordance with the standards of Chapter 45-13 of the HHS General
Administration Manual, ``Safeguarding Records Contained in Systems of
Records,'' supplementary Chapter PHS hf: 45-13, the Department's
Automated Information System Security Program Handbook, and the
National Institute of Standards and Technology Federal Information
Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Data stored in computers is accessed through a network system by
use of a password known only to authorized users. Rooms where records
are stored are locked when not in use. During regular business hours,
rooms are unlocked by entry is controlled by on-site personnel.
The routine uses proposed for this system are compatible with the
stated purposes of the system. The first routine use permitting
disclosure to a congressional office is proposed to allow subject
individuals to obtain assistance from their representatives in
Congress, should they so desire. Such disclosure would be made only
pursuant to a request of the individual. The second routine use of this
system allows disclosure to the Department of Justice to defend the
Federal Government, the Department, or employees of the Department in
the event of litigation. The third routine use allows referral to the
appropriate agency in the event that a system of records maintained by
this agency to carry out its functions indicates a violation or
potential violation of law. The fourth routine use allows disclosure of
records to contractors for the purpose of processing or refining
records in the system. The fifth routine use permits disclosure to
representatives of the Joint Commission on Accreditation of Healthcare
Organizations for the purpose of conducting quality assurance reviews
and inspections of the Warren G. Magnuson Clinical Center credentialing
policies and procedures. The sixth routine use permits disclosure to
State medical boards for purposes of professional quality assurance
activities. The seventh routine use allows disclosure to health care
facilities for the purpose of verifying that an individual to whom they
intend to grant medical staff or patient care privileges has or
previously held such privileges at the Warren G. Magnuson Clincial
Center.
The following notice is written in the present, rather than future
tense, in order to avoid the unnecessary expenditure of public funds to
republish the notice after the system has become effective.
Dated: October 18, 1994.
Ellen Wormser,
Director, Office of Organization and Management Systems.
09-25-0169
Medical Staff-Credentials Files, HHS/NIH/CC.
None.
Medical Record Department, Warren G. Magnuson Clinical Center,
National Institutes of Health, Building 10, Room 1N208, 9000 Rockville
Pike, Bethesda, Maryland 20892.
Write to the System Manager at the address below for a list of
Contractor locations, including the address of any Federal Records
Center where records from this system may be stored.
Individuals who have been approved as members of the medical staff
at the Warren G. Magnuson Clinical Center.
Medical staff names, date of birth, home address and telephone
number, office address and telephone number, citizenship, visa
information, appointment date, hospital-wide computer access
privileges, Institute/Center/Division designation, branch/lab, type of
medical staff membership, privilege delineation, professional degree(s)
including school of attendance and graduation dates, foreign medical
examinations, specialty board certifications, licensing information
(including state of licensure and license number), record of
disciplinary actions, documentation of training, and admitting
privileges.
Authority for collecting the requested information is contained in
section 301 (42 U.S.C. 241) of the Public Health Service Act, as
amended, outlining the authority of the Secretary to, within the Public
Health Service (PHS), promote the coordination of various research and
associated activities, including for purposes of study, admitting and
treating individuals at PHS facilities. Section 402(b) of the Public
Health Service Act (42 U.S.C. 282(b)), as amended, outlining the
authority of the Director of the National Institutes of Health (NIH)
with respect to the admission and treatment of individuals at NIH
facilities for purposes of study.
These records are used to: (1) Maintain information used in the
credentialing and privileging of active medical staff members at the
Warren G. Magnuson Clinical Center; (2) document patient care
privileges for active members of the medical staff; (3) provide
information about active and non-active members of the medical staff to
authorized individuals; and (4) report to the National Practitioner
Data Bank as required by the provisions of Title IV of Pub. L. 99-660,
as amended.
1. Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice,
or to a court or other tribunal, when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official capacity; or
(c) any HHS employee in his or her individual capacity where the
Department of Justice (or HHS, where it is authorized to do so) has
agreed to represent the employee; or (d) the United States or any
agency thereof where HHS determines that the litigation is likely to
affect HHS or any of its components, is a party to litigation, and HHS
determines that the use of such records by the Department of Justice,
court or other tribunal is relevant and necessary to the litigation and
would help in the effective representation of the governmental party,
provided, however, that in each case HHS determines that such
disclosure is compatible with the purpose for which the records were
collected.
3. In the event that a system of records maintained by this agency
to carry out its functions indicates a violation or potential violation
of law, whether civil, criminal, or regulatory in nature, and whether
arising by general statute or particular program statute, or by
regulation, rule or order issued pursuant thereto, the relevant records
in the system of records may be referred to the appropriate agency,
whether Federal, State, or local, charged with enforcing or
implementing the statute or rule, regulation or order issued pursuant
thereto.
4. NIH may disclosure records to Department contractors and
subcontractors for the purpose of collecting, compiling, aggregating,
analyzing, or refining records in the system. Contractors maintain, and
are also required to ensure that subcontractors maintain, Privacy Act
safeguards with respect to such records.
5. NIH may disclose information to representatives of the Joint
Commission on Accreditation of Healthcare Organizations for the purpose
of conducting quality assurance reviews and inspections of the Warren
G. Magnuson Clinical Center credentialing policies and procedures.
6. NIH disclose information from this system of records to State
medical boards for purposes of professional quality assurance
activities.
7. NIH may disclose information from this system of records to
health care facilities for the purpose of verifying that an individual
to whom they intend to grant medical staff or patient care privileges
has or previously held such privileges at the Warren G. Magnuson
Clinical Center.
Records are stored on paper forms in file folders and on computer
disks.
Records are retrieved by name, date of birth, type of medical staff
membership, Institute/Center/Division and licensing status.
1. Authorized users: Data on the computer network system is
accessed by a password known only to authorized users who are NIH
employees and Contractor staff responsible for implementing the medical
staff credentials data system. Access to information is thus limited to
those with a need to know.
2. Physical safeguards: Rooms where records are stored are locked
when not in use. During regular business hours rooms are unlocked but
entry is controlled by on-site personnel.
3. Procedural and technical safeguards: Access to files is strictly
controlled by the system manager. Names and other identifying
particulars are deleted when data from original records are encoded for
analysis. Data stored in computers is accessed through a network system
by use of a password known only to authorized users. All authorized
users of personal information in connection with the performance of
their jobs (see Authorized Users, above) protect information from
public view and from unauthorized personnel entering an unsupervised
office. These practices are in compliance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding Records
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13,
and the Department's Automated Information System Security Program
Handbook, and the National Institute of Standards and Technology
Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub.
31).
Records are retained and disposed of under the authority of the NIH
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix
1--``Keeping and Destroying Records'' (HHS Records Management Manual,
Appendix B-361), item 2300-293-4, ``Medical Staffs' Credential Files,''
which allows inactive records to be transferred to the Federal Records
Center at five year intervals and to be destroyed after thirty years.
Refer to the NIH Manual Chapter for specific disposition instructions.
Chief, Medical Record Department, Warren G. Magnuson Clinical
Center, National Institutes of Health, Building 10, Room 1N208, 9000
Rockville Pike, Bethesda, Maryland 20892.
To determine if a record exists, write to the System Manager at the
above address. The requester must provide tangible proof of identity
(e.g., driver's license). If no identification papers are available,
the requester must verify his or her identity by providing either a
notarization of the request or a written certification that the
requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Act, subject to a five thousand dollar fine.
Write to the System Manager specified above to attain access to
records and provide the same information as that required under the
Notification Procedures. Requesters should also reasonably specify the
record contents being requested. Individuals may also request an
accounting of disclosure of their records, if any.
Contact the System Manager specified above and reasonably identify
the record, specify the information to be contested, the corrective
action sought, and your reasons for requesting the correction, along
with supporting information to show how the record is inaccurate,
incomplete, untimely or irrelevant. The right to contest records is
limited to information which is incomplete, irrelevant, incorrect, or
untimely (obsolete).
Subject individual.
None.
[FR Doc. 94-26626 Filed 10-26-94; 8:45 am]
BILLING CODE 4140-01-M