Daily Rules, Proposed Rules, and Notices of the Federal Government


Indian Health Service

Privacy Act of 1974; System of Records

AGENCY: Department of Health and Human Services (HHS), Indian Health Service (IHS).
ACTION: Notice of New System of Records.
SUMMARY: As required by the Privacy Act of 1974, 5 U.S.C.552a(e), notice is hereby given that the Indian Health Service (IHS) is creating a new system of records entitled "Personal Health Records (PHR) Administrative Records--IHS" 09-17-0005. The new system will serve as an access system, providing IHS patients with web access to a portion of their personal medical information in the IHS Medical, Health, and Billing Records system, 09-17-0001.
DATES: Comments on the new system of records must be received no later than December 13, 2012. If no public comment is received during the period allowed for comment or unless otherwise published in theFederal Registerby the IHS, the new system will become effective on the published date of December 13, 2012.
ADDRESSES: Written comments may be submitted through;by mail or hand-delivery to the IHS Privacy Act Officer, IHS, Office of Management Services, Division of Regulatory Affairs, 801 Thompson Avenue, TMP Suite 450, Rockville, MD 20852; or by fax to (301) 443-9879.

Comments received will be available for public inspection in the IHS Division of Regulatory Affairs, Room 450-26, between the hours of 9:00 a.m. and 4:30 p.m., Monday through Friday (except holidays). Please call (301) 443-1116 (this is not a toll-free number) for an appointment. Additionally, during the comment period, comments may be viewed online through the Federal Docket Management System (FDMS) at

FOR FURTHER INFORMATION CONTACT: Christopher Lamer, PharmD, BCPS, MHS, CDE, CDR U.S. Public Health Service, Indian Health Service Nashville Area Office, Office of Information Technology/Health Education, 711 Stewards Ferry Pike, Nashville, TN 37214. Telephone number: (615) 669-2747.

I. Current and Future Functions of the Personal Health Records (PHR) Administrative Records—IHS System (IHS PHR)

The Personal Health Records (PHR) Administrative Records—IHS system (hereafter referred to as “IHS PHR”) is a new web-based access system that will provide IHS patients with Internet access to a portion of their personal medical information in another IHS Privacy Act system. In its current design, the IHS PHR will provide access to information that is a subset of the already defined Department of Health and Human Services, Indian Health Service, Office of Clinical and Preventive Services (HHS/IHS/OCPS) System of Records Notice (SORN) 09-17-0001-IHS Medical, Health, and Billing Records system. The IHS PHR system will contain administrative records needed to manage patients' web access; initially, patients will be granted access to view and print portions of their official IHS electronic health record (EHR) via the Internet.

As the IHS PHR develops and eventually provides more than just “view” access to the current IHS Medical, Health and Billing Records system, this System of Records Notice will be updated and republished. Future IHS PHR functionality will include providing tools to the patients which they can use to: Improve their own health and increase their knowledge about health conditions; increase communication with their care providers (i.e., secure electronic messaging with their IHS health care providers); request on-line prescription refills and view upcoming appointments; and enter their own medical information in a “self-entered” health information section through a secure and private health space.

Initially, the IHS PHR will not provide user access to a patient's personal health information to anyone other than the patient himself or herself.

The print functionality of the IHS PHR will allow patients to share all or part of the information in their account, once the patient prints it out, with personal representatives that they designate, such as family members, legal guardians, as well as IHS and non-IHS health care providers, which is consistent with existing IHS clinical practices.

As the IHS PHR continues to be developed, it will have the ability to register and verify the identity of the patient's personal representative, in order to provide the representative with user access to the patient's records. In addition, future system enhancements will enable the IHS PHR to store the patient's self-entered information in a separate database, which will eventually have the capacity to be linked orincorporated into the patient's official electronic health record upon the patient's request and/or the IHS's determination that it is appropriate to include in the official medical record.

II. Relationship of IHS PHR to the IHS Medical, Health and Billing Records System

The IHS Medical, Health and Billing Records system is the authoritative source of patients' IHS medical records. Once patients print copies of their medical records using the IHS PHR system, the copies will no longer be maintained subject to or protected by the Privacy Act or the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Electronic copies of health information are not considered IHS authoritative records, nor are they considered part of the IHS Medical, Health and Billing Records system of records once they are printed by the patient from their IHS PHR account.

The IHS operates a Health Information Exchange among IHS healthcare facilities. Patient health information needed by healthcare providers is exchanged on a need-to-know basis by directly accessing the official IHS medical record in the IHS Medical, Health and Billing Records system, not by using the IHS PHR system. If a non-IHS health care provider requires information from IHS medical records to treat an IHS patient, the non-IHS health care provider should contact the IHS facility where the IHS patient was last treated to obtain that information. The IHS will disclose pertinent patient medical information when transferring patients from an IHS emergency room and in other emergency situations for treatment and continuity of care purposes (see the SORN for the IHS Medical, Health and Billing Records system, 09-17-0001).

III. The Privacy Act

The Privacy Act (5 U.S.C. 552a) governs the means by which the U.S. Government collects, maintains, and uses information about individuals in a system of records. A “system of records” is a group of any records under the control of a Federal agency from which information about an individual is retrieved by the individual's name or other personal identifier. The Privacy Act requires each agency to publish in theFederal Registera system of records notice (SORN) identifying and describing each system of records the agency maintains, including the purposes for which the agency uses information about individuals in the system, the routine uses for which the agency discloses such information outside the agency, and how individual record subjects can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them).

09-17-0005 SYSTEM NAME:

Personal Health Records (PHR) Administrative Records-IHS.




IHS local facilities and the IHS National Data Centers. Address locations for IHS facilities are listed in IHS Appendix 1 of the biennial publications of the IHS systems of records.


The system will contain personally identifiable information (PII) about individuals using the IHS PHR system. Users include: (1) IHS patients who successfully register and/or opt-in for a IHS PHR account and whose identity has been verified; (2) IHS Information Technology (IT) staff and/or their approved contractors who may need to enter identifying, administrative information into the system to initiate, support and maintain electronic services for PHR participants; and (3) in the future, personal and other representatives of patients who have been granted or delegated access to a patient's IHS PHR account including, but not limited to, family members, friends, legal guardians, as well as non-IHS health care providers, IHS health care providers, and certain IHS administrative staff.


The system will contain the following categories of administrative records and PII data elements pertaining to system users:

1. Registration information, including the individual's full name; IHS PHR User Identifier (ID); date of birth; email address; telephone number(s); mother's maiden name; ZIP code; place and date of registration for IHS PHR; and

2. System Usage Information, including date and type of transaction; web analytics information for the purpose of monitoring, researching and preparing reports on site usage; patient medical record number (MRN); and other administrative data needed to administer PHR roles and services.


25 U.S.C. 1662.


Registration information will be used to register and verify the identity of patient-users (and, in the future, their representatives), to assign and verify administrators of the PHR portal, to retrieve a patient's information to perform specific functions, to allow access to specific information and to provide other associated PHR electronic services in current and future applications of the PHR program. The registrar has the capacity to authenticate personal representatives or those who are authorized by the patient to create the account in lieu of the patient.

System usage information may be used (in aggregate and/or anonymized form, whenever possible) to create administrative business reports for system operators and IHS managers who are responsible for ensuring that the PHR system is meeting performance expectations and is in compliance with applicable Federal laws and regulations. Administrative information may also be used for evaluation to support program improvement, including IHS approved research studies.


Records in this system may contain information protected by 45 CFR Parts 160 and 164 (i.e., individually identifiable health information). Disclosure of this information must comply with the requirements of these regulations.

1. Disclosure of information in this system of records may be made to contractors and other individuals, organizations, private or public agencies with whom the IHS has a contract or agreement, to perform such services as the IHS may deem practical for the purposes of administering the PHR program, or to perform other such services as IHS deems appropriate and practical for the purposes of administering IHS programs, policies, regulations, rules, executive orders, and statutes.

The IHS must be able to give contractors whatever administrative information is necessary to fulfill their duties. In these situations, safeguards are provided in the contract prohibiting the contractor from using or disclosing the information for any purpose other than that described in the contract.

2. The IHS may disclose information that is relevant to a suspected or reasonably imminent violation of the law whether civil, criminal, or regulatory in nature and whether arising by general or program statute or by regulation, rule, or order issued

pursuant thereto, to a Federal, State, local, or Tribal agency charged with the responsibility of investigating or prosecuting such violation, or charged with enforcing or implementing the statute, regulation, rule, or order. The IHS may also disclose the names and addresses of IHS patients to a Federal agency charged with the responsibility of investigating or prosecuting civil, criminal, or regulatory violations of law, or charged with enforcing or implementing the statute, regulation, or order issued pursuant thereto.

The IHS must be able to comply with the requirements of agencies charged with enforcing the law and conducting investigations. The IHS must also be able to provide information to State or local agencies charged with protecting the public's health as set forth in State law.

3. Disclosure may be made to the National Archives and Records Administration (NARA) and the General Services Administration (GSA) for it to perform its records management inspection responsibilities and its role as Archivist of the United States under authority of Title 44 of the United States Code.

In general, NARA is responsible for the physical maintenance and archiving of the Federal Government's records that are no longer actively used but which may be appropriate for preservation. The IHS must be able to turn records over to these agencies in order to determine the proper disposition of such records.

4. Information may be disclosed to the United States Department of Justice or Assistant United States Attorneys in order to prosecute or defend litigation involving or pertaining to the United States, or in which the United States has an interest.

5. IHS may disclose information from these records in litigations and/or proceedings related to an administrative claim when:

a. IHS has determined that the use of such records is relevant and necessary to the litigation and/or proceedings related to an administrative claim and would help in the effective representation of the affected party listed in subsections (i) through (iv) below, and that such disclosure is compatible with the purpose for which the records were collected. Such disclosure may be made to the HHS/OGC, when any of the following is a party to litigation and/or proceedings related to an administrative claim or has an interest in the litigation and/or proceedings related to an administrative claim:

(i) HHS or any component thereof; or

(ii) Any HHS employee in his or her official capacity; or

(iii) Any HHS employee in his or her individual capacity where the DOJ (or HHS, where it is authorized to do so) has agreed to represent the employee; or

(iv) The United States or any agency thereof (other than HHS) where HHS/OGC has determined that the litigation and/or proceedings related to an administrative claim is likely to affect HHS or any of its components.

b. In the litigation and/or proceedings related to an administrative claim described in subsection (a) above, information from these records may be disclosed to a court or other tribunal, or to another party before such tribunal in response to an order of a court or administrative tribunal, provided that the covered entity discloses only the information expressly authorized by such order.

6. Disclosure may be made to a Congressional office fromthis system of records in response to an inquiry from the Congressional office made at the request of the individual who is the subject of the records.For example, in special cases, an individual may request the help of a member of Congress to resolve an issue relating to a matter before the IHS. Consequently, the member of Congress may write the IHS, and the IHS must be able to give sufficient information to respond to the inquiry. If the issue involved the PHR, then the individual's PHR may need to be released to Congress, per that individual's request.

7. Disclosure may be made to other Federal agencies to assist such agencies in preventing and detecting possible fraud or abuse by individuals in their operations and programs. This routine use permits disclosures by HHS to report a suspected incident of identity theft and provide information or documentation related to or in support of the reported incident.

8. Information, including information about PHR use and user transactions accomplished via the Web site, may be provided to research investigators with IHS Institutional Review Board (IRB) and/or IHS Privacy Board approval. Disclosure of this information to research investigators will allow the IHS to evaluate the value of the PHR for purposes of system modification and improvement (i.e., to enhance, advance and promote both the function and the content of the PHR application), and for purposes of promoting patient self-management of health and improved health outcomes.

9. Information may be disclosed to appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting HHS's efforts to respond to a suspected or confirmed breach of the security of confidentiality of information maintained in this system of records, if the information disclosed is relevant and necessary for that assistance.

The IHS may disclose any information or records to appropriate agencies, entities, and persons when:

a. It is suspected or confirmed that the integrity or confidentiality of information in the system of records has been compromised;

b. HHS has determined that as a result of the suspected or confirmed compromise, there is a risk of embarrassment or harm to the reputations of the record subjects, harm to economic or property interests, identity theft or fraud, or harm to the security, confidentiality, or integrity of this system or other systems or programs (whether maintained by HHS or another agency) that rely upon the compromised information; and

c. The disclosure is to agencies, entities, or persons whom the IHS determines are reasonably necessary to assist or carry out HHS's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. This routine use permits disclosures by HHS to respond to a suspected or confirmed data breach, including the conduct of any risk analysis or prevision of credit protection services.


These administrative records are maintained on paper and electronic media, including hard drive disks, which are backed up to tape at regular intervals.


Records may be retrieved by an individual's name, user ID, date of registration for IHS PHR electronic services, zip code, the IHS assigned MRN, date of birth and/or social security number, if provided.


(Technical, Physical and Administrative):

1. Access to and use of the IHS PHR is limited to those individuals whose roles or official duties require such access. The IHS has established security procedures for this system to ensure that access is appropriately limited. Information security officers and system data stewards review and authorize dataaccess requests. The IHS regulates data access with security software that authenticates IHS PHR users and requires individual unique codes and passwords. The IHS provides information security training to all staff and instructs staff on the responsibility each person has for safeguarding data confidentiality. The IHS regularly updates security standards and procedures that are applied to systems and individuals supporting this program.

2. Physical access to computer rooms housing the PHR Administrative Records is restricted to authorized staff and protected by a variety of security devices. Unauthorized employees, contractors, and other staff are not allowed in computer rooms. The IHS uses contracted security personnel to provide physical security for the buildings housing computer systems and data centers.

3. Data transmissions between operational systems and IHS PHR are protected by telecommunications software and hardware as prescribed by IHS standards and practices. This includes firewalls, encryption, and other security measures necessary to safeguard data as it travels across the IHS-Wide Area Network.

4. Copies of back-up computer files are maintained at secure off-site locations.


Records are maintained and disposed of in accordance with the records disposition authority approved by the Archivist of the United States. Records from this system that are needed for audit purposes will be disposed of six (6) years after a user's account becomes inactive. Routine records will be disposed of when the agency determines they are no longer needed for administrative, legal, audit, or other operational purposes. These retention and disposal statements are pursuant to NARA General Records Schedules GRS 20, “Electronic Records”, item 1c (found at Internet Web site address: and GRS 24, “Information Technology Operations and Management Records”, item 6a, (found at Internet Web site address:


Officials responsible for policies and procedures: Director, Office of Information Technology (OIT) and Director, Office of Clinical and Preventive Services (OCPS), IHS, 801 Thompson Avenue, Rockville, MD 20852. Officials maintaining this system of records: The local IHS facility (address locations for IHS facilities are listed in IHS Appendix 1 of the IHS systems of records 09-17-0001 Medical, Health and Billings Records).


Individuals who wish to determine whether a PHR is being maintained under their name in this system, or wish to access and determine the accuracy of the contents of such records, have several options:

1. Submit a written request or apply in person to the IHS facility where the records are located. IHS facility location information can be found athttp://www.IHS.GOV;or

2. Submit a written request or apply in person to the local Privacy Act official at their facility or Area office. Inquiries should include the patient's full name, user ID, date of birth and return address.

3. Individuals seeking to contest the accuracy of records in this system may also write or call their local IHS facility and/or submit to the local Privacy official the IHS 917 form (found at Internet Web address—


The sources of information for this system of records include the individuals covered by this notice and additional contributors, as listed below:

1. All individuals who successfully register for a PHR account; and

2. IHS staff and/or their contractors and subcontractors who may need to enter information into the system to initiate, support and maintain PHR electronic services for PHR users.



Approved: Dated: October 22, 2012. Yvette Roubideaux, Director, Indian Health Service.