Privacy Act of 1974; System of Records
Notice of a modified system of records.
Citation: "88 FR 29171"
Document Number: "Public Notice: 12065"
Page Number: "29171"
"Notices"
Agency: "
SUMMARY: The information of the
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this modified system of records will be effective upon publication, except for the routine uses (u), (v), and (w) that are subject to a 30-day period during which interested persons may submit comments to the Department. Please submit any comments by
ADDRESSES: Questions can be submitted by mail, email, or by calling
FOR FURTHER INFORMATION CONTACT:
SUPPLEMENTARY INFORMATION: The purpose of this modification is twofold: (1) to consolidate two existing records systems (State-71--Post Capabilities Database and State-24--Medical Records) into a single modified State-24, to accurately reflect the scope of Department medical records; and (2) to reflect the expansion of Medical Records to FedRAMP-authorized Cloud environments. The proposed merged System of Records will include substantive modifications to the following sections: Routine Uses, Categories of Records, Storage, Retrievability, and Record Access Procedures. In addition, the Department is taking this opportunity to make minor administrative updates to the notice in the Security Classification and
SYSTEM NAME AND NUMBER:
Medical Records, State-24.
SECURITY CLASSIFICATION:
Sensitive but unclassified.
SYSTEM MANAGER(S):
Director for Medical Informatics,
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Foreign Service Act of 1980, Sec. 904 (22 U.S.C. 4084); and 5 CFR part 792 (
PURPOSE(S) OF THE SYSTEM:
The records maintained in the systems include Personally Identifiable Information (PII) and Protected Health Information (PHI) and are used to enable MED's practitioners to provide the best medical care possible to a globally dispersed patient population. Records include patients' medical history/records, which are used to provide medical care, adjudicate medical clearances, and support medical evacuations. Additionally, the system describes the medical capabilities available at each Post to support employees under Chief of Mission authority. Moreover, the system also serves to provide medical clearances of applicants to the
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Applicants to the
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records include full name;
This system also includes certain records maintained as part of the Department's
RECORD SOURCE CATEGORIES:
Information contained in these records comes from applicants, patients, hospitals, clinics, laboratories, private medical providers, employers, and medical professionals employed by the
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
Medical Records may be disclosed:
A. To another health care provider, a group health plan, a health insurance issuer, or a health maintenance organization for purposes of carrying out treatment, payment, or health care operations;
B. To a parent, guardian or other person acting in loco parentis with respect to the subject of the information;
C. To a health oversight agency or public health authority authorized by law to investigate or otherwise oversee the relevant conduct or conditions of the
D. To a public health authority (domestic or foreign) that is authorized by law to collect or receive protected health information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions;
E. To the
F. To a public health authority or other appropriate government authority (domestic or foreign) authorized by law to receive reports of child abuse or neglect;
G. To a person subject to the jurisdiction of the
H. To a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition, to the extent MED is authorized by law to notify such person and as necessary in the conduct of a public health intervention or investigation;
I. To a government authority (domestic or foreign), including a social service or protective services agency, authorized by law to receive reports of abuse, neglect or domestic violence (1) to the extent such a disclosure is required by law; (2) where in the exercise of professional judgment, the disclosure is necessary to prevent serious harm to the individual or other potential victims; or (3) where, if the subject of the information is incapacitated, a law enforcement, or other public official authorized to receive the report, represents that the information sought is not intended to be used against the individual and that an immediate enforcement activity that depends upon the disclosure would be adversely affected by waiting until the individual is able to agree to the disclosure;
J. To the
K. In the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal;
L. To a law enforcement official (1) as required by law or in compliance with a court order or court-ordered warrant, a subpoena or summons issued by a judicial officer, a grand jury subpoena, or an administrative request, including an administrative subpoena or summons; (2) in response to a request for the purposes of identifying or locating a suspect, fugitive, material witness, or missing person; in response to a request for such information about an individual who is or is suspected to be a victim of a crime; (3) to provide notice of the death of an individual if there is a belief that the death may have resulted from criminal conduct; (4) where it is believed in good faith that such information constitutes evidence of criminal conduct; or (5) in response to an emergency, where it is believed such disclosure is necessary to alert law enforcement to the commission and nature of a crime, the location of such crime or of the victim(s) of such crime, and the identity, description, and location of the perpetrator of such crime;
M. As necessary in order to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat;
N. To authorized federal officials for the conduct of lawful intelligence, counter-intelligence, and other national security activities authorized by the National Security Act (50 U.S.C.
O. To authorized federal officials for the provision of protective services to the President or other persons authorized by 18 U.S.C. 3056 or to foreign heads of state or other persons authorized by 22 U.S.C. 2709(a)(3), or for the conduct of investigations authorized by 18 U.S.C. 871 and 879;
P. To
Q. To a medical transcription or translation service for MED's purposes of carrying out treatment or health care operations;
R. To a correctional institution or a law enforcement official having lawful custody of an individual, if the correctional institution or law enforcement official represents that such information is necessary for the provision of health care to such individual, the health and safety of other individuals (including others at the correctional institution), or the administration and maintenance of the safety, security, and good order of the correctional institution;
S. To a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties as authorized by law;
T. To appropriate domestic or foreign government officials (including but not limited to the
U. To appropriate agencies, entities, and persons when (1) the
V. To another Federal agency or Federal entity, when the
W. To private sector entities when required as part of
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored electronically. A description of standard
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Patient records are retrievable by individual name and/or date of birth, or patient identification number. MED practitioner records are retrieval by name or Post. Post capability records are retrievable by Post name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retired and destroyed in accordance with published
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All
The safeguards in the following paragraphs apply only to records that are maintained in government-certified cloud systems. All cloud systems that provide IT services and process
Information that conforms with Department-specific definitions for Federal Information Security Modernization Act (FISMA) low, moderate, or high categorization are permissible for cloud usage and must specifically be authorized by the Department's Cloud Program Management Office and the
All data stored in cloud environments categorized above a low FISMA impact risk level must be encrypted at rest and in-transit using a federally-approved encryption mechanism. The encryption keys shall be generated, maintained, and controlled in a Department data center by the Department key management authority. Deviations from these encryption requirements must be approved in writing by the
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access to or amend records pertaining to themselves should write to
Further, patients can access their medical records through the patient portal,
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest record procedures should write to
NOTIFICATION PROCEDURES:
Individuals who have cause to believe that the
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Post Capability Database (State-71)--previously published at 74 FR 65586; Medical Records (State-24)--previously published at 74 FR 24891.
Deputy Assistant Secretary, Global Information Services (A/GIS),
[FR Doc. 2023-09596 Filed 5-4-23;
BILLING CODE 4710-36-P
LEMONADE, INC. – 10-Q – Management's Discussion and Analysis of Financial Condition and Results of Operations.
DONEGAL GROUP INC – 10-Q – Management's Discussion and Analysis of Financial Condition and Results of Operations.
Advisor News
- How smart investments prepare clients for inflation
- Amid slew of corporate tax ideas, Newsom chose one likely to hit people’s premiums
- The biggest risk to your clients’ financial plans isn’t market volatility
- Initiative looks at how caregiving impacts workplace benefits
- Will rising retirement needs spark an annuity boom?
More Advisor NewsAnnuity News
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- Fortitude Re Completes $500 Million FABN Issuance
- Reframing retirement income for greater certainty
- Jackson Introduces Dow Jones Industrial Average Index Option, Flexible Premiums, Six-Year Rate Guarantee in Latest Registered Index-Linked Annuity Launch
- Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
More Annuity NewsHealth/Employee Benefits News
- A Brooklyn Health Clinic Offers a Safety Net For New Yorkers That May Lose Insurance
- Politicians, consumers blast health insurers’ requests for double-digit rate hikes. What to know.
- Final rules for Medicaid work requirements are out. Here's what you need to know.
- Final rules for Medicaid work requirements are out. Here's what you need to know.
- Hyde-Smith blasts health care delays
More Health/Employee Benefits NewsLife Insurance News
- AM Best Affirms Issue Credit Ratings of Weston2038 LLC’s Credit-Linked Notes
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- Greg Lindberg moves to halt $1.65B restitution order, claims he ‘overpaid’
- Fidelity Investments® to Expand Target Date Lineup With Launch of Guaranteed Income Solution
- KBRA Releases Research – Private Credit: Much Ado About Nothing – Perspectives on Columbia Business School Paper About Private Ratings
More Life Insurance News