Employees' Medical Records

Effective Date: January 11, 2006

(71 F.R. 1854)

SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY THE PRIVACY ACT OF 1974

SYSTEM NUMBER: 60-0237

System name:

Employees' Medical Records, Social Security Administration, Deputy Commissioner for Human Resources, Office of Personnel, Center for Employee Services.

Security classification:

None.

System Location:

These records are maintained on current Social Security Administration (SSA) employees receiving health services at the SSA Health Units at the following addresses:

Social Security Administration

Headquarters

6401 Security Boulevard

Baltimore, Maryland 21235

Social Security Administration

Northeastern Program Service Center

1 Jamaica Center Plaza

155-10 Jamaica Avenue, Jamaica

New York 11432-3830

Social Security Administration

Mid-Atlantic Program Service Center

300 Spring Garden Street

Philadelphia, Pennsylvania 19123

Social Security Administration

Wilkes-Barre Data Operations Center

1150 East Mountain Drive

Wilkes-Barre, Pennsylvania 18702-7997

Social Security Administration

Southeastern Program Service Center

3001 Twelfth Avenue, North

Birmingham, Alabama 35285

Social Security Administration

Western Program Service Center

Frank Hagel Federal Building

1221 Nevin Avenue

Richmond, California 94802

Other SSA employees receive health services through Interagency Agreements with the Public Health Service.

Addresses of Interagency Agreement Health Units

HEADQUARTERS

Social Security Administration

Metro West Building, Suite 200

South Building

300 North Greene Street

Baltimore, Maryland 21203

Social Security Administration

National Computer Center Building, Room G-09

6301 Security Boulevard

Baltimore, Maryland 21235

Social Security Administration

Security West Building, Room 1-R-15

1500 Woodlawn Drive

Baltimore, Maryland 21241

WOC Building, Suite 1209

1718 Woodlawn Drive

Baltimore, Maryland 21207

FIELD ADDRESSES

In the Boston Region ( Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont):

John F. Kennedy Building

Government Center

Health Unit

Boston, MA 02203

Thomas P. O'Neill Federal Building

Health Unit

10 Causeway Street

Boston, MA 02222

In the New York Region ( New Jersey, New York, Puerto Rico, Virgin Islands)

Jacob Javitz Federal Building

Health Unit

26 Federal Plaza

New York, N.Y. 10278

In the Philadelphia Region ( Delaware, District of Columbia, Maryland, Pennsylvania, Virginia, West Virginia):

William J. Green, Jr. Federal Building

Health Unit

600 Arch Street

Philadelphia, PA 19106-1611

Federal Employee and Service Center

National Underground Storage

27S-221, Health Unit

Boyers, PA 16020-0221

Housing and Urban Development Building

Health Unit

451 7th Street, SW.

Washington, DC 20410-0001

In the Atlanta Region ( Alabama, North Carolina, South Carolina, Florida, Georgia , Kentucky, Mississippi, Tennessee):

Sam Nunn Federal Building

Health Unit

61 Forsyth Street, SW.

Atlanta, GA 30303

In the Chicago Region ( Illinois, Indiana, Michigan, Minnesota, Ohio, Wisconsin):

John C. Kluczynski Federal Building

Health Unit

230 S. Dearborn Street

Chicago, IL 60604

Harold Washington Social Security Center

Health Unit

600 West Madison Street

Chicago, IL 60661

In the Kansas City Region ( Iowa, Kansas, Missouri, Nebraska):

Richard Bolling Federal Building

Health Unit

601 E. 12th Street

Kansas City, MO 64106

In the Dallas Region ( Arkansas, Louisiana, New Mexico, Oklahoma, Texas):

Health Unit

1301 Young Street

Dallas, TX 75202

Albuquerque Teleservice Center

Health Unit

500 Lead, SW.

Albuquerque, NM 87102

In the Denver Region ( Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming):

Federal Building and U.S. Courthouse

Health Unit

1961 Stout Street

Denver, CO 80294

In the San Francisco Region ( American Samoa, Arizona, California, Guam, Hawaii, Nevada, Northern Marianna Islands):

Federal Building

Health Unit, Room 443

50 United Nations Plaza

San Francisco, CA 94102

In the Seattle Region ( Alaska, Idaho, Oregon, Washington):

Auburn Teleservice Center

Health Unit

2801 C Street, SW.

Auburn, WA 98001-7401

Bank of America Tower

Health Unit

701 5th Avenue

Seattle, WA 98104-7075

Categories of individuals covered by the system:

Individuals who have received health services from any of the SSA Health Units.

Categories of records in the system:

This system consists of a variety of records relating to an individual's utilization of services provided by SSA Health Units. Examples of information which may be included in this system are, history of non-work related injuries, illness or complaint presented to

Health Unit staff, immunization records, medication administered by Health Unit staff, referrals to other health care providers.

Authority for maintenance of the system:

5 U.S.C. 7901; OMB Circular No. A-72.

Purpose(s):

These records document utilization of health services provided by SSA Health Units.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Disclosure may be made for routine uses as indicated below:

1. To the appropriate Federal, State, or local agency responsible for investigation of an accident, disease, medical condition, or injury as required by pertinent legal authority.

2. To the Office of Worker's Compensation Programs in connection with a claim for benefits filed by an employee.

3. To a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.

4. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal, when:

(a) The Social Security Administration (SSA), or any component thereof; or

(b) Any SSA employee in his/her official capacity; or

(c) Any SSA employee in his/her individual capacity where DOJ (or SSA, where it is authorized to do so) has agreed to represent the employee; or

(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other

tribunal, or another party before the tribunal, is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

5. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for the Social Security Administration (SSA), as authorized by law, and they need access to personally identifiable information in SSA records in order to perform their assigned Agency functions.

6. To the General Services Administration and the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies.

7. To the Secretary of Health and Human Services or to any State, the Commissioner shall disclose any record or information requested in writing by the Secretary for the purpose of administering any program administered by the Secretary, if records or information of such type were so disclosed under applicable rules, regulations and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994.

8. We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

These records are maintained as hard copy records.

Retrievability:

Records are retrievable by name, date of birth, or Social Security Number (SSN) of the individual to whom they pertain.

Safeguards:

During the employment of the individual, medical records are maintained in files separate from the Official Personnel Folder and are located in lockable metal cabinets and/or in secured rooms with access limited to those whose official duties require access. Access http://www.socialsecurity.gov/foia/bluebook/app_g.htm for additional information relating to SSA data security measures.

Retention and disposal:

Records are maintained up to six years from the date of the last entry. The records are shredded and appropriately disposed of approximately three months after separation.

System manager(s) and address(es):

Social Security Administration

SSA Medical Director

Office of Human Resources

Center for Employee Services

6401 Security Boulevard

Baltimore, Maryland 21235

Notification procedures:

An individual can determine if this system contains a record about him/her by writing to the system manager(s) at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license or some other means of identification. If an individual does not have any identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels information in the record to which notification is being requested. If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth, along with one other piece of information, such as other's maiden name) and ask for his/her consent in providing information to the requesting individual.

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)).

Record access procedures:

An individual requesting access to records should submit his/her request in writing to the system manager or designated custodian of the records. An individual requesting access via mail or telephone also must furnish an address. Any individual requesting access must also follow the Office of Personnel Management's Privacy Act regulations

regarding verification of identity and access to records (5 CFR part 297). These procedures are in accordance with SSA Regulations (20 CFR 401.40(c) and 401.55(b)).

Note: At the Headquarter's SSA Health Units, the individual will be asked to complete Form SSA-3465, Consent for Release of Personal Information. In other SSA Health Units the SSA-3465 or equivalent will be required.

Contesting record procedures:

Same as Notification procedures. Also, requesters should reasonably identify the record, specify the information they are contesting and the corrective action sought, and the reasons for the correction, with supporting justification showing how the record is incomplete, untimely, inaccurate or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)).

Record source categories:

Information in this system of records is obtained from, the individual to whom the information pertains, laboratory reports and test results, SSA Health Unit medical officer, physicians, nurses and other medical technicians who have examined, tested, or treated the individual, the individual's personal physician and other Federal employee health units.

Systems exempted from certain provisions of the Privacy Act:

None.