Effective Date: January 11, 2006
(71 F.R. 1854)
SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY THE PRIVACY ACT OF 1974
SYSTEM NUMBER: 60-0237
System name:
Employees' Medical Records, Social Security Administration, Deputy Commissioner for Human Resources, Office of Personnel, Center for Employee Services.
Security classification:
None.
System Location:
These records are maintained on current Social Security Administration (SSA) employees receiving health services at the SSA Health Units at the following addresses:
Social Security Administration
Headquarters
Social Security Administration
Northeastern
1
Social Security Administration
Social Security Administration
Social Security Administration
Southeastern
3001
Social Security Administration
Other SSA employees receive health services through Interagency Agreements with the Public Health Service.
Addresses of Interagency Agreement Health Units
HEADQUARTERS
Social Security Administration
Social Security Administration
Social Security Administration
FIELD ADDRESSES
In the
Health Unit
Thomas
P. O'Neill
Health Unit
In the
Health Unit
26 Federal Plaza
In the
William J. Green, Jr. Federal Building
Health Unit
Federal
Employee and
National Underground Storage
27S-221, Health Unit
Boyers, PA 16020-0221
Housing and Urban Development Building
Health Unit
In the
Health Unit
In the
Health Unit
Health Unit
In the
Health Unit
In the
Health Unit
Health Unit
500 Lead, SW.
In the
Health Unit
In the
Health Unit, Room 443
50 United
In the
Health Unit
Bank
of
Health Unit
Categories of individuals covered by the system:
Individuals who have received health services from any of the SSA Health Units.
Categories of records in the system:
This system consists of a variety of records relating to an individual's utilization of services provided by SSA Health Units. Examples of information which may be included in this system are, history of non-work related injuries, illness or complaint presented to
Health Unit staff, immunization records, medication administered by Health Unit staff, referrals to other health care providers.
Authority for maintenance of the system:
5 U.S.C. 7901; OMB Circular No. A-72.
Purpose(s):
These records document utilization of health services provided by SSA Health Units.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
Disclosure may be made for routine uses as indicated below:
1. To the appropriate Federal, State, or local agency responsible for investigation of an accident, disease, medical condition, or injury as required by pertinent legal authority.
2. To the Office of Worker's Compensation Programs in connection with a claim for benefits filed by an employee.
3. To a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
4. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal, when:
(a) The Social Security Administration (SSA), or any component thereof; or
(b) Any SSA employee in his/her official capacity; or
(c) Any SSA employee in his/her individual capacity where DOJ (or SSA, where it is authorized to do so) has agreed to represent the employee; or
(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other
tribunal, or another party before the tribunal, is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.
5. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for the Social Security Administration (SSA), as authorized by law, and they need access to personally identifiable information in SSA records in order to perform their assigned Agency functions.
6. To the General Services Administration and the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies.
7. To the Secretary of Health and Human Services or to any State, the Commissioner shall disclose any record or information requested in writing by the Secretary for the purpose of administering any program administered by the Secretary, if records or information of such type were so disclosed under applicable rules, regulations and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994.
8. We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Storage:
These records are maintained as hard copy records.
Retrievability:
Records are retrievable by name, date of birth, or Social Security Number (SSN) of the individual to whom they pertain.
Safeguards:
During the employment of the individual, medical records are maintained in files separate from the Official Personnel Folder and are located in lockable metal cabinets and/or in secured rooms with access limited to those whose official duties require access. Access http://www.socialsecurity.gov/foia/bluebook/app_g.htm for additional information relating to SSA data security measures.
Retention and disposal:
Records are maintained up to six years from the date of the last entry. The records are shredded and appropriately disposed of approximately three months after separation.
System manager(s) and address(es):
Social Security Administration
SSA Medical Director
Office of Human Resources
Center for Employee Services
Notification procedures:
An individual can determine if this system contains a record about him/her by writing to the system manager(s) at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license or some other means of identification. If an individual does not have any identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.
If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels information in the record to which notification is being requested. If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth, along with one other piece of information, such as other's maiden name) and ask for his/her consent in providing information to the requesting individual.
If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)).
Record access procedures:
An individual requesting access to records should submit his/her request in writing to the system manager or designated custodian of the records. An individual requesting access via mail or telephone also must furnish an address. Any individual requesting access must also follow the Office of Personnel Management's Privacy Act regulations
regarding verification of identity and access to records (5 CFR part 297). These procedures are in accordance with SSA Regulations (20 CFR 401.40(c) and 401.55(b)).
Note: At the Headquarter's SSA Health Units, the individual will be asked to complete Form SSA-3465, Consent for Release of Personal Information. In other SSA Health Units the SSA-3465 or equivalent will be required.
Contesting record procedures:
Same as Notification procedures. Also, requesters should reasonably identify the record, specify the information they are contesting and the corrective action sought, and the reasons for the correction, with supporting justification showing how the record is incomplete, untimely, inaccurate or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)).
Record source categories:
Information in this system of records is obtained from, the individual to whom the information pertains, laboratory reports and test results, SSA Health Unit medical officer, physicians, nurses and other medical technicians who have examined, tested, or treated the individual, the individual's personal physician and other Federal employee health units.
Systems exempted from certain provisions of the Privacy Act:
None.