AGENCY:

Department of Defense (DoD).

ACTION:

Notice to add a system of records.

SUMMARY:

The Office of the Secretary of Defense proposes to add a system of records to its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES:

This proposed action would be effective without further notice on September 27, 2010, unless comments are received which result in a contrary determination.

ADDRESSES:

You may submit comments, identified by docket number and title, by any of the following methods:

* Federal Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

* Mail: Federal Docket Management System Office, Room 3C843 Pentagon, 1160 Defense Pentagon, Washington, DC 20301-1160.

Instructions: All submissions received must include the agency name and docket number for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT:

Ms. Cindy Allard at (703) 588-6830.

SUPPLEMENTARY INFORMATION:

The Office of the Secretary of Defense notices for systems of records subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the Chief, OSD/JS Privacy Office, Freedom of Information Directorate, Washington Headquarters Services, 1155 Defense Pentagon, Washington DC 20301-1155.

The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on August 16, 2010, to the House Committee on Oversight and Government Reform, the Senate Committee on Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, “Federal Agency Responsibilities for Maintaining Records About Individuals,” dated February 8, 1996 (February 20, 1996; 61 FR 6427).

DHA 19

SYSTEM NAME:

Defense Occupational & Environmental Health Readiness System—Industrial Hygiene (DOEHRS-IH).

System Location:

Defense Information Systems Agency, Defense Enterprise Computing Center—Detachment, Kelly Air Force Base, 450 Duncan Drive, San Antonio, Texas 78241-5940.

Categories of Individuals Covered by the System:

Active duty members, Reserve members, National Guard members, DoD employees, foreign affiliates, DoD OCONUS hires, and Foreign Nationals who work in areas which require longitudinal data related to occupational health.

Categories of Records in the System:

Environmental monitoring data, military theater environmental monitoring data, personal protective equipment usage data, observation of work practices data, and employee health hazard educational data.

Records include the name, Social Security Number (SSN), date of birth, gender, address, telephone number, and Department of Defense (DoD) Electronic Data Interchange Personal Identifier (EDIPI) of individuals.

Authority for Maintenance of the System:

10 U.S.C Chapter 55, Medical and Dental Care; 29 CFR 1910.1020, Access to Employee Exposure and Medical Records; 45 CFR Parts 160 and 164, Health Insurance Portability and Accountability Act, Privacy and Security Rules; DoDI 6055.1, Sec. 4.1, DoD Safety and Occupational Health Program; DoDI 6055.5, Industrial Hygiene and Occupational Health, reissued May 6, 1996; and E.O. 9397 (SSN), as amended.

Purpose(s):

For longitudinal exposure recordkeeping and reporting to support the risk management process and occupational illness evaluation during all phases of military operations.

Routine uses of Records Maintained, Including Categories of Users and the Purposes of Such Uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, these records may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

The DoD “Blanket Routine Uses” statement set forth at the beginning of the Office of the Secretary of Defense compilation of systems of records notices apply to this system, except as identified below:

Note 1:

This system of records contains individually identifiable health information. The DoD Health Information Privacy Regulation (DoD 6025.18-R) issued pursuant to the Health Insurance Portability and Accountability Act of 1996, applies to such health information. DoD 6025.18-R may place additional procedural requirements on the uses and disclosures of such information beyond those found in the Privacy Act of 1974 or mentioned in this system of records notice.

Note 2:

Personal identity, diagnosis, prognosis of any patient maintained in connection with the performance of any program or activity relating to substance abuse education, prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States, except as per 42 U.S.C. 290dd-2, treated as confidential and disclosed only for the purposes and under the circumstances expressly authorized under 42 U.S.C. 290dd-2.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:

Storage:

Paper records and electronic storage media.

Retrievability:

By individual Social Security Number (SSN) and/or name.

Safeguards:

Physical access to system location restricted by cipher locks, visitor escort, access rosters, and photo identification. Adequate locks on doors and server components secured in a locked computer room with limited access. Each system end user device protected within a locked storage container, room, or building outside of normal business hours. All visitors and other persons that require access to facilities that house servers and other network devices supporting the system that do not have authorization for access escorted by appropriately screened/cleared personnel at all times.

The system provides two-factor authentication. The environment is Common Access Card enforced. Passwords must be renewed every sixty (60) days. Authorized personnel must have appropriate Information Assurance training, Health Insurance Portability and Accountability Act training, and Privacy Act of 1974 training.

Retention and Disposal:

Review each file at the end of the calendar year and cut off inactive materials; retire in the current files area for ten (10) years and retire to Washington National Records Center; destroy forty (40) years after cut-off.

System Manager(s) and Address:

Program Manager, Defense Health Services Systems, 5201 Leesburg Pike, Start Printed Page 52515Suite 900, Falls Church, Virginia 22041-3208.

Notification Procedure:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the TRICARE Management Activity, Department of Defense, Attn: TMA Privacy Officer, 5111 Leesburg Pike, Suite 810, Falls Church, Virginia, 22041-3206.

Requests must contain the individual's full name, Social Security Number (SSN), current address and telephone number.

Record Access Procedures:

Individuals seeking access to information about themselves contained in this system of records should address written requests to the TRICARE Management Activity, Attn: Freedom of Information Act Requester Service Center, 16401 Centretech Parkway, Aurora, Colorado 80011-9066.

Requests should contain the individual's full name, Social Security Number (SSN), and date of birth.

Contesting Record Procedures:

OSD Administrative Instruction 81; 32 CFR Part 311, contains the published rules for records access, contests to content, and appeals to initial agency determinations. The system manager is also a resource for requests for this publication.

Record Source Categories:

Selected electronic data elements extracted from the Defense Enrollment Eligibility Reporting System.

Exemptions Claimed:

None.