Privacy Act System Notice 09-20-0167

This page contains several links to PDF files which may require a browser plug-in to view correctly. If you do not have the most recent version of Adobe Acrobat Reader, or are having difficulty viewing the PDF, download the plug-in here.

System name: Health Care Statistics. HHS/CDC/NCHS.

Security classification: None.

System location: National Center for Health Statistics, Coordinating Center for Health Information and Service (CCHIS), Prince George’s Metro IV Bldg., Rm. 1140, Centers for Disease Control and Prevention, 3311 Toledo Road, Hyattsville, MD 20782.

Categories of individuals covered by the system: Recipients of medical care included in statistical surveys and reports of the National Center for Health Statistics (NCHS), including but not limited to: (1) staff and residents of nursing homes, home health agencies and hospices selected by random sampling techniques to be representative of nursing homes in the U.S.; (2) physicians, hospital emergency and out-patient departments providing medical care and patients visiting such physicians; and (3) patient medical records from selected short-stay hospitals and ambulatory surgery centers.

Categories of records in the system: Records containing information on: (1) the utilization of long-term care, home health, hospice, and nursing home care through data on clients and residents (demographic and social characteristics, health status and charges paid for care) and the facility (general characteristics certification, services offered and expense); (2) the demographic characteristics, medical and other problems of persons visiting physicians, hospital emergency and out-patient departments and the diagnoses, treatment, and disposition decisions made during such visits as obtained from physicians during randomly assigned survey periods; and (3) the demographic characteristics, administrative information (admission and discharge dates, discharge status, and medical record number), and medical information (diagnoses and surgical procedures) abstracted from the face sheet of short-stay hospital, in-patient and ambulatory surgery medical records.

In many cases, these records do not contain individual identifiers when they come under control of the National Center for Health Statistics; they carry only sequence numbers which only the originating agency would be able to translate into a personal identifier--and even then, not in all cases. Names of residents and staff of nursing homes and patients of physicians are listed on separated forms for sampling purposes only and are not included in the final statistical records.

Authority for maintenance of the system: Public Health Service Act, Section 306(b) (42 U.S.C. 242k).

Purpose(s): The data are used for statistical purposes only, as specified by NCHS authorizing statute.  Uses within the Department include the preparation of aggregated data in the form of statistical tables for publication, analysis, and interpretation, to meet the legislative mandates of 42 U.S.C. 242k, i.e., collection of statistics on the utilization of health services, including the utilization of: (1) long-term care services, home health and hospice services and nursing home facilities to determine levels of illness and disability, effects on the serviced population, and the costs of care; (2) ambulatory health services by specialties and types of practice of the physicians providing such services; and (3) short-stay hospitals and ambulatory surgery centers to determine characteristics of patients, length of stay, diagnosis and surgical operations, and utilization patterns of care in hospitals of different size and ownership.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses: The Department occasionally contracts with a private firm for the purpose of collecting, analyzing, aggregating, or otherwise refining records in this system. Relevant records are disclosed to such a contractor. The contractor is required to maintain Privacy Act safeguards and to strictly follow Section 308(d) of the Public Health Service Act.

NCHS may disclose selected identifiable information to authorized recipients such as the Social Security Administration for statistical analysis purposes only, consistent with the requirements of Section 308(d) of the Public Health Service Act and the Privacy Act.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage: Paper files, computer tapes/disks, and CD-ROMS.

Retrievability: Data are retrieved by individual identifier only in the editing stage of data processing and only for the purpose of correcting errors in the recording of information. Original survey records are reviewed for accuracy and edited, and then data (without personal identifiers such as name or Social Security number) are transferred to computer tape.

Safeguards: Measures to prevent unauthorized disclosures are implemented as appropriate for the particular records maintained. NCHS and its contractors implement personnel, physical and procedural safeguards as follows:

1. Authorized Users: Persons authorized and needing to use the records, including Project Directors, contract officers, interviewers, analysts, statisticians, statistical clerks, and data entry personnel on the staffs of the Center and the contractors.

2. Physical Safeguards: Hard copy records are stored in locked files or offices when not in use. Building security in Hyattsville, MD includes the use of identification badges by employees and a cardkey system used to enter NCHS occupied space. In the Research Triangle Park, North Carolina facility access is controlled by a security guard, a cardkey system, and the use of identification badges by employees.

3. Procedural Safeguards: All employees of NCHS and contractor personnel with access to NCHS records are required, as a condition of employment, to sign an affidavit binding them to nondisclosure of individually identifiable information and to view an NCHS video tape addressing confidentiality and systems security. Periodic correspondence is sent to staff to reinforce confidentiality regulations, guidelines, and procedures.  

Protection for computerized records both on the mainframe and the National Center Local Area Network (LAN) includes programmed verification of valid user identification code and password prior to logging on to the system, mandatory password changes, limited log-ins, virus protection, and user rights/file attribute restrictions. Password protection imposes user name and password log-in requirements to prevent unauthorized access. Each user name is assigned limited access rights to files and directories at varying levels to control file sharing. There are routine daily backup procedures and secure off-site storage is available for backup tapes. Additional safeguards may be built into the program by the system analyst as warranted by the sensitivity of the data.

Contractors who maintain records in the system are instructed to make no further disclosure of the records. Privacy Act and Section 308(d) of the Public Health Service Act requirements are specifically included in contracts for survey and research activities related to this system. The HHS Project Directors, contract officers, and project officers oversee compliance with these requirements.

4. Implementation Guidelines: The safeguards outlined above are in accordance with the HHS Information Security Program Policy and FIPS Pub 200, “Minimum Security Requirements for Federal Information and Information Systems.” Data maintained on CDC’s Mainframe and the National Center LAN are in compliance with OMB Circular A-130, Appendix III. Security is provided for information collection, processing, transmission, storage, and dissemination in general support systems and major applications.

Retention and disposal: Records are retained and disposed of in accordance with the CDC Records Control Schedule for NCHS records.  The original records are retained in office files of NCHS or NCHS contractors for two years. The original records are then sent to the Federal Records Center where they are stored for five years.

System manager(s) and address: Director, National Center for Health Statistics, CCHIS, Prince George’s Metro IV Bldg., Rm. 1140, MS P08, Centers for Disease Control and Prevention, 3311 Toledo Road, Hyattsville, MD 20782.

Notification procedure: To determine if a record exists, write to the system manager at the above address.

Record access procedures: Access to record systems which have been granted an exemption from the Privacy Act access requirement may be made at the discretion of the system manager. Positive identification is required from anyone seeking access. Appeal of access refusal may be made to the Director, FOI/Privacy Act Divisions, Office of Public Affairs, Office of the Secretary, HHS.  An individual may also request an accounting of disclosures of his or her record, if any.

Contesting record procedures: If access has been granted, contact the system manager and reasonably identify the record, specify the information being contested, and state the corrective active sought, with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

Record source categories: Hospitals, physicians, clinics, nursing homes, home health agencies, hospices, ambulatory surgery centers, and other providers of health care.

Systems exempted from certain provisions of the act: With respect to this system of records, exemption has been granted from the requirements contained in subsections 552a(c)(3), (d)(1) through (4), and (e)(4)(G) and (H) in accordance with the provisions of subsection 552a(k)(4) of the Privacy Act of 1974. The reason that the system has been exempted is that this system contains only records required by statute to be maintained and used solely as statistical records. The exemption was published in the Federal Register. October 8, 1975, page 47413.

[Federal Register: September 25, 1984 (Volume 49, Number 187)] [Notices] [Page 37697-37698] (PDF - 775 Kb)