AGENCY:

Indian Health Service, Department of Health and Human Services.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is modifying a system of records maintained by the Indian Health Service (IHS), System No. 09–17–0003, Indian Health Service Medical Staff Credentials and Privileges Records. The system of records covers records about individuals who request credentialing and privileging to serve as IHS medical or health care professionals.

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is applicable upon publication, subject to a 30-day period in which to comment on the new and revised routine uses, described below. Please submit any comments by June 22, 2023.

ADDRESSES:

The public should address written comments by mail or email to: Heather H. McClane, Senior Official for Privacy, Indian Health Service, 5600 Fishers Lane—MAIL STOP: 09E70, Rockville, MD 20857, or Heather.Mcclane@ihs.gov.

FOR FURTHER INFORMATION CONTACT:

General questions about this system of records should be submitted by mail or email to CAPT Jana Towne, Acting Director, Office of Quality, 5600 Fishers Lane—MAIL STOP: 08N70A, Rockville, MD 20857, or Jana.Towne@ihs.gov; telephone (301) 273–4152.

SUPPLEMENTARY INFORMATION:

The following modifications have been made to the System of Records Notice (SORN) for System No. 09–17–0003, Indian Health Service Medical Staff Credentials and Privileges Records:

• The System Name no longer includes “HHS/IHS/OCPS,” because the agency component responsible for the system of records is now identified in the System Location section.
• The Security Classification has been changed from “None” to “Unclassified” because the information in the system of records is not classified.
• The System Location section now provides the name and address of the agency component responsible for the system of records, instead describing physical records locations.
• The System Manager(s) section has been amended to include address and contact information for the official serving as the “overall” System Manager and for the Area and Clinical Directors serving as the System Managers for purposes of receiving Privacy Act requests. A lengthy list of IHS Service Unit addresses which was included in an Appendix to the SORN (and which did not include email addresses or telephone numbers) has been removed.
• The Authority section no longer cites the Indian Self Determination and Education and Assistance Act (25 U.S.C. 450), because Tribal Health Programs credential and privilege their own providers using separate records; and no longer cites the Federal Records Act and the Privacy Act, because those are not sufficiently specific authorities for the maintenance of the records in this system of records.
• In the Purpose(s) section, which contains four purpose descriptions:

(1) The first purpose description has been revised to change “medical staff members” to “medical and health care professionals” and to insert “having their identity confirmed”, as well as inserted the terms “where required” and “education.”

(2) The second purpose description now includes “sexual misconduct” and “medical malpractice” as examples of information indicative of an individual's professional competence, character, and ethical qualifications.

(3) The third purpose description has been revised to remove references to the Health Care Quality Improvement Act of 1986 and the Health Insurance Portability and Accountability Act of 1996; to replace the citation to the Public Law governing the National Practitioner Data Bank (NPDB) with the U.S. Code cite; and to change “information concerning current or former IHS medical staff members whose professional health care activity failed to conform to generally-accepted standards of professional medical practice” to “information on certain adverse events and medical malpractice payments concerning current or former IHS medical staff members so that IHS and other health care entities may make informed decisions regarding hiring and privileging of those medical staff members.”

• The Categories of Individuals section has been revised to describe the category of individuals as applicants who request credentialing and privileging to serve as IHS medical or health care professionals (instead of as prospective, current, and former IHS medical staff members). In addition, the term “IHS medical or health care professionals” used in the revised category description is now explained as including two sub-types: (1) licensed practitioners; and (2) licensed staff members who neither maintain clinical privileges nor are governed by the medical staff bylaws but whose position requires a license to perform duties that need to be verified and tracked (instead of four sub-types: Provisional, Active, Temporary, and Courtesy or Associate).

• The Categories of Records section has been revised to describe the records as “IHS medical staff membership and privilege applications and associated forms, as well as additional information to track credentials” followed by an updated list of types of information included. Two information types have been changed ( i.e., “performance awards” has been changed to “performance status,” and “adverse or disciplinary actions” has been changed to “adverse or disciplinary actions regarding professional competence and personal characteristics”); “evaluations and approvals completed by IHS medical staff reviewers” has been removed; and these information types have been added: addresses, date of birth, National Provider Identifier number, health and immunization status, peer references, training, Medical Quality Assurance Records protected by 25 U.S.C. 1675, and records protected by 42 CFR part 2, Confidentiality of Substance Use Disorder Patient Records.

• The Record Source Categories section has been revised to include an additional source, i.e., “other sources of professional information.”

• In the Routine Uses section, an introduction and one new routine use have been added and six routine uses have been revised, as follows:

(1) The introduction states: “In addition to the disclosures authorized directly in the Privacy Act at 5 U.S.C. 552a(b)(1) and (b)(2) and (b)(4) through (b)(11), these routine uses specify circumstances under which the agency may disclose information from this system of records to a non-HHS officer or employee without the consent of the subject individual.”

(2) In routine use 1, which authorizes disclosures to organizations conducting studies of IHS health care delivery, “The Joint Commission on the Accreditation of Healthcare Organizations” is now followed by the abbreviation “(The Joint Commission).”

(3) Routine use 2, which authorizes disclosures to entities that maintain license and registration issuance, retention, and revocation records, has been revised to add “Social Security number” and “personal characteristics that fail to conform to social norms Start Printed Page 33152 concerning lawful behaviors” as items of information authorized to be disclosed; to add “direct contract” as a type of medical staff member about whom information is authorized to be disclosed; and to refer to “the NPDB” instead of to “the NPDB–HIPDB established under title IV of Public Law 99–660 and section 221(a) of Public Law 104–191.”

(4) In routine use 3 (which authorizes disclosures of an applicant's biographic data to verify with third parties that the applicant's claimed background and employment data and credentials are valid), “potential applicant” has been changed to “applicant”; “IHS medical staff and/or privileges applications” has been changed to “IHS medical staff membership and privileges applications”; “personal characteristics” has been added to the description of qualifications evaluated; “State or local government health profession licensing board” has been changed to “Federal, State, or local government health profession licensing or certification board”; “health related professional organization” has been changed to “health care oversight or professional monitoring organization or program,” and the examples of same now include “The Joint Commission” and now refer to “the National Practitioner Data Bank” instead of to “the NPDB–HIPDB established under Title IV of Public Law 99–660 and section 221(a) of Public Law 104–191”; and “all claimed background” has been changed to “a clinician's claimed background.”

(5) In routine use 4 (which authorizes disclosures to enable government agencies and private sector organizations to which the subject individual applies for clinical privileges, membership, or licensure to document information about the individual's professional performance while employed by the IHS), the words “enabling them” have been added to clarify that the disclosures aid the recipients' (not IHS's) documentation; “Federal agencies” has been changed to “Federal agencies or organizations” in the description of disclosure recipients; the Office of Personnel Management has been removed as an example of a Federal agency recipient; and “character” has been added as a type of performance information that may be disclosed for the recipient's documentation purposes.

(6) Routine use 5, which authorizes disclosures in litigation and similar proceedings, has been reorganized and reworded. A requirement that the disclosures be “compatible with the purpose for which the records were collected” has been removed as redundant, because it repeats part of the definition of a routine use.

(7) Routine use 7 is new; it authorizes medical quality assurance records about the subject of a quality assurance action to be disclosed for any purposes authorized by 25 U.S.C. 1675(d) and (e)(2) to the recipients described in 25 U.S.C. 1675(d)(1) and (e)(2).

(8) Routine use 8 (formerly numbered as 7), which currently authorizes disclosures of relevant records from this system of records to the appropriate enforcement agency when a “system of records” maintained by IHS indicates a violation or potential violation of law, has been revised to authorize disclosures of relevant records from this system of records to the appropriate enforcement agency when “a record in this system of records, on its face, or in conjunction with other records” indicates a violation or potential violation of law.

• The Storage section, which currently states that records are stored in “file folders and computer-based or electronic files,” has been revised to add that the file folders are “stored at the IHS facilities or the Federal Record Center” and the computer-based or electronic records are “located at the IHS Albuquerque Data Center in Albuquerque, NM.”
• The Retrieval section has been revised to change “numbers necessary to establish the identity of an individual whose record is maintained in the system of records” to “numbers necessary to ensure that the records retrieved are about the intended individual.”
• The Retention and Disposal section contains the description of the retention periods previously included at the end of the Safeguards section, and now cites the applicable National Archives and Records Administration (NARA)-approved disposition schedule.

• The Safeguards section has been revised to mention applicable laws, rules, and policies at the start, instead of in a numbered paragraph near the end; to remove a numbered paragraph addressing retention and disposal practices; to describe additional authorized users ( i.e., Credentialist; and IHS Chief Medical Officer and Quality Assurance Risk Management Committee members and their designees); to update the physical safeguards description to include paper records; to add a paragraph describing technical safeguards; and to update the administrative safeguards description to include a statement that security controls are reviewed and assessed on an ongoing basis and a description of the training and rules of behavior requirements that users must meet prior to being granted system access and periodically thereafter.

• The sections describing procedures for making Privacy Act requests have been reorganized to outline the required contents of any Privacy Act request in the Access Request Procedures section, to incorporate those requirements by reference in the Contesting Record and Notification procedures sections, and to include additional requirements specific to amendment requests in the Contesting Record procedures section. The required contents for any Privacy Act request include these new items: telephone number and/or email address, and date and place of birth. The procedures now explain how to verify identity, instead of merely requiring identity to be verified in accordance with the HHS Privacy Act regulations. Instead of indicating that an individual may make a request in person, unannounced, the procedures now state that an individual may request an appointment to review the records in person. A note has been added at the end of the Access Request Procedures section about access limitations in 25 U.S.C. 1675 that apply to any records that are Medical Quality Assurance records.

Because some of these changes are significant, a report on the modified system of records was sent to the Office of Management and Budget (OMB) and the Congressional committees that oversee privacy, in accordance with 5 U.S.C. 552a(r).

SYSTEM NAME AND NUMBER:

Indian Health Service Medical Staff Credentials and Privileges Records, 09–17–0003.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The address of the agency component responsible for the system of records is: Office of Chief Medical Officer (CMO), Indian Health Service, 5600 Fishers Lane—MAIL STOP: 08E37A, Rockville, MD 20857.

SYSTEM MANAGER(S):

The System Manager for the overall system of records (also known as the Policy Coordinating Official) is: Director, Office of CMO, IHS, 5600 Fishers Lane—MAIL STOP: 08E37A, Rockville, MD 20857, loretta.christensen@ihs.gov, (732) 740–6702. Start Printed Page 33153

The Area Director, together with the Clinical Director of the IHS Service Unit where the individual applied for credentialing and privileging, is the System Manager who the individual must contact to make a Privacy Act request. Requests must be addressed to “Area and Clinical Directors” at the applicable Area Office address listed below:

• Alaska Area: Alaska Area Native Health Service, 4141 Ambassador Drive—Suite 300, Anchorage, AK 99508–5928, (907) 729–3686.

• Albuquerque Area: Albuquerque Area Office, Indian Health Service, 4101 Indian School Rd. NE—Suite 225, Albuquerque, NM 87110–3988, (505) 256–6800.

• Bemidji Area: Bemidji Area Office, Indian Health Service, Bemidji Technology Park, 2225 Cooperative Ct. NW, Bemidji, MN 56601, (218) 444–0452.

• Billings Area: Billings Area Office, Indian Health Service, 2900 4th Avenue North, Billings, MT 59101 (or Billings Area Office, P.O. Box 36600, Billings, MT 59107), (406) 247–7106.

• California Area: Indian Health Service, California Area Office, John E. Moss Federal Building, 650 Capitol Mall—Suite 7–100, Sacramento, CA 95814, (916) 930–3927.

• Great Plains Area: Great Plains Area Indian Health Service, 115 4th Avenue SW—Room 309, Aberdeen, SD 57401, (605) 226–7581.

• Nashville Area: Nashville Area Indian Health Service, 711 Stewarts Ferry Pike, Nashville, TN, 37214, (615) 467–1500.

• Navajo Area: Navajo Area Indian Health Service (NAIHS), 272 Hwy 264, Window Rock, AZ 86515–9020 (or Navajo Area Indian Health Service (NAIHS), P.O. Box 9020, Window Rock, AZ 86515), (928) 871–5812, (928) 871–5813, or (928) 871–5801.

• Oklahoma City Area: Oklahoma City Area Indian Health Service, 701 Market Drive, Oklahoma City, OK 73114, (405) 951–3820.

• Phoenix Area: Phoenix Area Office, Indian Health Service, Two Renaissance Square, 40 N. Central Avenue—Suite 504, Phoenix, AZ 85004, (602) 364–5039.

• Portland Area: Portland Area Indian Health Service, 1414 NW Northrup Street—Suite 800, Portland, OR 97209, (503) 414–5555.

• Tucson Area: Tucson Area Indian Health Service, 7900 South J Stock Road, Tucson, AZ 85746, (520) 295–2405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Snyder Act (25 U.S.C. 13); Indian Health Care Improvement Act, as amended (25 U.S.C. 1601 et seq.); and Transfer Act of 1954 (42 U.S.C. 2001 through 2004).

PURPOSE(S) OF THE SYSTEM:

The records in this system of records are used for these purposes:

1. To ensure that IHS medical and health care professionals are qualified, their identity confirmed, are competent, and capable of delivering quality health services consistent with those of the medical community at large and that, where required, they are granted privileges commensurate with their education, training, and competence and with the ability of the facility to provide adequate support, equipment, services, and staff.

2. To inform health care practitioner(s) and staff of health care facilities, State or county health professional societies, or licensing boards to whom the subject individual may apply for clinical privileges, membership, or licensure, of the subject individual's professional competence, character, and ethical qualifications. This may include information regarding drug or alcohol abuse or dependency, sexual misconduct, or medical malpractice.

3. To provide adverse health care practice information to the National Practitioner Data Bank (NPDB) established under 42 U.S.C. 11101 through 11152. The purpose of such a release is to provide information on certain adverse events and medical malpractice payments concerning current or former IHS medical staff members so that the IHS and other health care entities may make informed decisions regarding hiring and privileging of those medical staff members.

4. To provide health care practice information concerning current or former members of the IHS medical staff with Commissioned Corps status to the Division of Commissioned Personnel, U.S. Public Health Service, so that an informed decision may be made concerning the promotion, retention, or reassignment of the subject individual.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The records are about applicants who request credentialing and privileging to serve as IHS medical or health care professionals, including both initial and renewing applicants and regardless of whether the application is successful.

IHS medical or health care professionals include:

1. Licensed Practitioners (LPs). This refers to a fully licensed, registered, or certified individual permitted by law to independently provide patient care services within the scope of his or her license, registration, or certification, and in accordance with individually granted clinical privileges when the individual is a credentialed member of the IHS medical staff.

2. Licensed staff members. This refers to licensed staff who neither maintain clinical privileges nor are governed by the medical staff bylaws, but whose position requires a license to perform duties that need to be verified and tracked.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records are IHS medical staff membership and privilege applications and associated forms, as well as additional information to track credentials, which include the applicant's name, Social Security number, addresses, other identifying number(s) e.g., date of birth, National Provider Identifier number, and self-attestations about and documents evidencing the following, as applicable: applicant's employment history; health and immunization status; liability insurance coverage; peer references; credentialing history (if the applicant is a licensed health professional); personal, educational, and demographic background information; professional performance summary information; continuing education, training, performance status; adverse or disciplinary actions regarding professional competence and personal characteristics; Medical Quality Assurance Records protected by 25 U.S.C. 1675; and records protected by 42 CFR part 2, Confidentiality of Substance Use Disorder Patient Records.

RECORD SOURCE CATEGORIES:

The information in the records is provided directly by the subject individual or by IHS health care personnel or other sources of professional information, including: references supplied by the subject individual; professional societies or associations; specialty boards; colleges and universities attended by the subject individual; former employers; health facilities or health providers with which the subject individual has been associated; liability insurance carriers; organizations providing cardiopulmonary resuscitation (CPR) training to the subject individual; State and local health and health care licensing or certifying organizations; and organizations that serve as repositories of information on health care professionals. Start Printed Page 33154

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to the disclosures authorized directly in the Privacy Act at 5 U.S.C. 552a(b)(1), (b)(2), and (b)(4) through (b)(11), these routine uses specify circumstances under which the agency may disclose information from this system of records to a non-HHS officer or employee without the consent of the subject individual.

1. Records may be disclosed to organizations authorized to conduct evaluation studies concerning the delivery of health care services by the IHS ( e.g., The Joint Commission on the Accreditation of Healthcare Organizations (The Joint Commission)).

2. The IHS may disclose records consisting of name, Social Security number, employment history, and any professional qualification information concerning medical staff membership and privileges, professional competence, clinical judgment, and personal character to a State or local government health professional licensing board, to the Federation of State Medical Boards, to the NPDB, and/or to a similar entity which has the authority to maintain records concerning the issuance, retention, or revocation of licenses or registrations necessary to practice a health professional occupation or specialty. The purpose of this disclosure is to inform medical profession licensing boards and appropriate entities about the health care practices of a current, terminated, resigned, or retired IHS or direct contract medical staff members whose professional health care activity significantly failed to conform to generally accepted standards of professional medical practice or personal characteristics that fail to conform to social norms concerning lawful behaviors. This will be done within the guidelines for notice, hearing, and review as delineated in the medical staff bylaws for the IHS facility and/or within other HHS or IHS regulations or policies.

3. The IHS may disclose biographic data and information supplied by an applicant to (a) references listed on the IHS medical staff membership and/or privileges applications and associated forms for the purpose of evaluating the applicant's professional qualifications, personal characteristics, experience, and suitability, (b) a Federal, State, or local government health profession licensing or certification board, or (c) a health care oversight or professional monitoring organization or program ( e.g., the Federation of State Medical Boards, The Joint Commission, or the National Practitioner Data Bank) for the purpose of verifying that a clinician's claimed background and employment data are valid and all claimed credentials are current and in good standing.

4. Records may be disclosed to other Federal agencies or organizations, to State and local governmental agencies, and to organizations in the private sector to which the subject individual applies for clinical privileges, membership, or licensure for the purpose of enabling them to document the qualifications, character, and competency of the individual to provide health services in his/her health profession based on his/her professional performance while employed by the IHS.

5. HHS may disclose records to the Department of Justice (DOJ), or to a court or other tribunal, when any of the following is a party to litigation or similar proceedings or has an interest in such proceedings: (1) HHS, or any component thereof; (2) any HHS employee in his/her official capacity; (3) any HHS employee in his/her individual capacity when the DOJ (or HHS, where it is authorized to do so) has agreed to represent the employee; or (4) the United States or any agency thereof, where HHS determines that the litigation is likely to affect HHS or any of its components. In order to disclose information in these circumstances, HHS must determine that the use of the records by the DOJ, court, or other tribunal is relevant and necessary to the proceedings and would help in the effective representation of the governmental party.

6. Records may be disclosed to a congressional office from the record of an individual in response to a verified inquiry from the congressional office made at the written request of that individual.

7. Medical quality assurance records about the subject of a quality assurance action may be disclosed for any purposes authorized by 25 U.S.C. 1675(d) and (e)(2), to the recipients described in 25 U.S.C. 1675(d)(1) and (e)(2).

8. In the event that a record in this system of records, on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, the relevant records in this system of records may be referred to the appropriate agency, whether Federal, State, local, Tribal, or foreign, charged with enforcing or implementing the statute or rule, regulation, or order issued pursuant thereto.

9. Records may be disclosed to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

10. Records may be disclosed to another Federal agency or Federal entity, when HHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The records are stored in two ways: records stored in file folders are stored at the IHS facilities or the Federal Record Center, and computer-based or electronic records are located at the IHS Albuquerque Data Center in Albuquerque, NM.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The records are indexed and retrieved by name, Social Security number, and any other identifying numbers necessary to ensure that the records retrieved are about the intended individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

In accordance with NARA-approved schedule DAA–0513–2018–0002, items 1.1 and 1.2, records about successful applicants are maintained by the IHS for 10 years after the individual's termination of employment or association with IHS, and records about unsuccessful applicants are retained for 3 years after the individual's non-selection or rejection. After these periods of retention expire, paper records are destroyed by shredding or Start Printed Page 33155 burning and electronic records are destroyed by deleting and purging.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The records are protected from unauthorized access by the following safeguards. All safeguards conform to applicable laws, rules, and policies, including the HHS Information Security and Privacy Program, https://www.hhs.gov/​ocio/​securityprivacy/​, the E-Government Act of 2002, as amended (44 U.S.C. ch. 35), pertinent National Institutes of Standards and Technology (NIST) publications, and OMB Circular A–130, Managing Information as a Strategic Resource.

• Authorized Users: Access to the records is limited to authorized personnel for use in the performance of their official duties. Authorized personnel include: Credentialist (Medical Staff Professionals), Physician Recruitment and other Health Professions Branch Staff and Area Governing Board Members at IHS Area Offices, and Service Unit Directors, Clinical Directors, and members of the Credentials and Privilege Committee of each IHS Service Unit. The IHS CMO and the Quality Assurance Risk Management Committee members or their designees are authorized users for purposes of review under the protection of 25 U.S.C. 1675. At each location where records in this system of records are maintained, a list of personnel or categories of personnel having an official need-to-know has been developed and is maintained.

• Physical Safeguards: Paper records are kept in locked metal filing cabinets or in locked desk drawers in secured rooms at all times when not in use during working hours and at all times during non-working hours. Record storage areas, including file cabinets and desks, are not left unattended or unlocked during office hours, including lunch hours. When copying records for authorized purposes, care is taken to ensure that any imperfect pages are not left in the reproduction room where they can be read but are destroyed or obliterated.

• Technical Safeguards: Technical security measures are in place on all devices used on the IHS network. Any attempts by unauthorized individuals to gain access are automatically logged and immediately reviewed. The individuals permitted to access these records will be limited to employees and contractors with responsibility for conducting regulatory oversight who have security clearances at the T3 level (Non-Critical Sensitive positions requiring Secret clearance) or T4 level (Non-Sensitive High Risk-Public Trust).

Protection for electronic records include programmed verification of valid user personal identification verification (PIV) code and password prior to logging on to the system; mandatory password changes; limited log-ins; virus protection; encryption; firewalls and intrusion detection systems; and user rights/file attribute restrictions. The password protection imposes username and password log-in requirements to prevent unauthorized access. Each username is assigned limited access rights to files and directories at varying levels to control file sharing and ensure a separation of duties. There are routine daily backup procedures, and backup files are securely stored off-site.

Administrative Safeguards: Security controls are reviewed and assessed on an ongoing basis. All IHS system users are required to complete role-based training, IHS rules of behavior agreements, and records management and information system security and privacy awareness training courses before being granted access and annually thereafter. Only persons who have an official need-to-know are entrusted with records from this system of records, and they are instructed to safeguard the confidentiality of these records on an ongoing basis and to destroy (if authorized for destruction) or return any copies entrusted to them when the need to know has expired. Proper charge-out procedures are followed for the removal of paper records from the area in which they are maintained. Before an employee who will control disclosure of records can work with the records ( i.e., employees who report to the system manager) the system manager or designee ensures that the employee has received training in the safeguards applicable to the records and is aware of the actions to take to restrict disclosure. The Identity Access Management supervisors are responsible for submitting appropriate access requests for IHS system users on their team and for reviewing their team members' access.

RECORD ACCESS PROCEDURES:

To request access to records about you in this system of records, submit a written access request addressed to “Area and Clinical Directors” at the applicable Area Office address listed in the “System Manager(s)” section of this SORN. The request must:

• Reasonably describe the records sought;
• Include the name of the IHS Service Unit where you applied for credentialing and privileging and either the date when the application was submitted (if the application was unsuccessful) or the dates and locations where you served;
• Include if you are a current or former IHS medical or health care professional, a direct contractor or a licensed staff member; and
• Include (for contact purposes and identity verification purposes) your full name, current address, telephone number and/or email address, date and place of birth, signature, evidence of other names used (if seeking records retrieved by a name other than your current name), and, if needed by the agency, sufficient particulars contained in the records (such as, your Social Security number or other identifying numbers) to enable the agency to locate the records and distinguish between records on subject individuals with the same name.

In addition, to verify your identity, your signature on the request must be notarized or the request must include, above your signature, your written certification that you are the individual who you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000. We may request additional identification when we hold records for different persons with the same name or where an apparent discrepancy exists between information contained in the record and that provided by the individual requesting access to the record.

In your written request, you may request that copies of the records be sent to you or you may request an appointment to review the records in person (including with a person of your choosing, if you provide written authorization for agency personnel to discuss the records in that person's presence), at a specific IHS location ( e.g., where you currently work or formerly worked). If you make an appointment to review the records in person, you must bring to the appointment at least one piece of tangible photo identification, such as a driver's license or passport, that is current and not expired. You may also request an accounting of disclosures that have been made of records about you, if any. Requests by telephone will not be accepted.

To the extent the records are Medical Quality Assurance records protected by 25 U.S.C. 1675, the records may be disclosed only in accordance with the exceptions in 25 U.S.C. 1675(d), because the Privacy Act right of access Start Printed Page 33156 provisions are superseded by the confidentiality provisions protecting Medical Quality Assurance Records. Accordingly, Medical Quality Assurance Records will only be released pursuant to the Privacy Act when the Agency has decided to release the records in accordance with 25 U.S.C. 1675(d).

CONTESTING RECORD PROCEDURES:

To request correction of a record about you in this system of records, submit a written amendment request addressed to “Area and Clinical Directors” at the applicable Area Office address listed in the “System Manager(s)” section of this SORN. The request must contain the same information required for an access request and include verification of your identity in the same manner required for an access request. In addition, the request must reasonably identify the record and specify the information contested, the corrective action sought, and the reasons for requesting the correction; and should include supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:

To find out if the system of records contains a record about you, submit a written notification request addressed to “Area and Clinical Directors” at the applicable Area Office address listed in the “System Manager(s)” section of this SORN. The request must identify this system of records, contain the same information required for an access request, and include verification of your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

74 FR 46436 (Sept. 9, 2009); 74 FR 50981 (Oct. 2, 2009); 83 FR 6591 (Feb. 14, 2018).