Daily Rules, Proposed Rules, and Notices of the Federal Government
Submit written submissions in the following ways:
The UFS is a billing and collections system that maintains information about the individuals, organizations, and companies required to pay user fees. Information maintained in the UFS includes:
• Contact person's name, phone number, fax number, and email address;
• Federal Employer Identification Number (FEIN) for entity remitters;
• Taxpayer Identification Number (TIN) for individual remitters, which is encrypted with only the last four characters visible (in some circumstances individual remitters may use a Social Security Number as the TIN);
• Company name or the Organization name; and
• Data Universal Numbering System (DUNS) number and business address.
The UFS also stores application details as the fee remitter (submitter) creates coversheets to pay user fees. These details include, but are not limited to, the type of application, waiver and exemption status, and Small Business Decision (SBD) Number. When a submitter generates a coversheet the UFS will only print the last four characters of the FEIN/TIN along with the organization name and address.
Additionally, the UFS stores billing details, adjustments to invoices, and payment receipt information including date, mode, and amount of payment.
The Privacy Act allows FDA to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such compatible use of data is known as a “routine use.” The routine uses in this system meet the compatibility requirement of the Privacy Act.
A number of the routine uses listed in the System of Records Notice below are common to systems across the government. These include routine uses allowing disclosure to Federal Agencies as necessary in order to respond to a confirmed or suspected breach of system security or confidentiality (routine use number 1); to the Department of Justice (DOJ) to obtain DOJ advice on producing user fee records in response to a FOIA request (routine use 2); to DOJ when DOJ represents the Agency in litigation (routine use 7); in response to a subpoena issued by a duly empowered Federal Agency (routine use 3); to a court or tribunal when the records are relevant and necessary to a proceeding involving the Agency or an employee (routine use 8); to contractors and others who perform services for the Agency related to the UFS (routine use 9); to the National Archives and Records Administration (NARA) and General Services Administration as needed in the course of records management inspections (routine use 10); and to the Department of Homeland Security (DHS) in circumstances where system records are captured in an intrusion detection program and made accessible to DHS (routine use 11).
Additional routine uses specific to the UFS allow disclosure to entities as permitted under the Debt Collection Improvement Act (routine use 4); to banks in order to process payment made by credit card (routine use 5); and to Dun and Bradstreet to validate submitter contact information (routine use 6).
FDA User Fee System, HHS/FDA.
This system is located at FDA's Data Center in Ashburn, VA.
This system contains records about individuals and companies that are required to submit user fee payments to the FDA. This includes organizations registered in the UFS, those billed through the system, as well as those submitting applications for review or otherwise assessed fees under the User Fee Program.
Privacy Act notification, access, and amendment rights relative to the UFS are available only to individuals who are the subject of records in this system. User fee record subjects are individuals required to pay a user fee, including individual FOIA requestors and individuals who are sole proprietors of an entity required to pay a user fee. Although records in the system may contain personally identifiable information (PII) related to other individuals, only the specified fee submitters are considered subjects of records in this system.
1. The UFS maintains information about individuals, companies and organizations that pay user fees. This includes: (a) For an entity remitter, a FEIN, and for an individual remitter, a TIN; (b) company or organization name and address; (c) DUNS number; and (d) contact person's name, phone number, Fax number, and email address.
2. The UFS also stores application information collected when the fee remitter (submitter) creates coversheets in order to pay user fees. This information includes the type of application, waiver and exemption status, and SBD number.
3. The UFS stores fee processing information including: Billing details; adjustments to invoices including credit and debit memos; and receipt information including date, mode, and amount of payment.
21 U.S.C. 371, 379, 379e, 379h, 379h-1, 379j, 379j-12, 379j-21, 379j-31, 387s, and 393(d)(2); 42 U.S.C. 263b(r)(1); 5 U.S.C. 301, 552; and 44 U.S.C. 3101.
FDA personnel and any contractors assisting them will use information in the system, on a need-to-know basis, for the following purposes:
1. To assess and collect user fees.
2. To provide an electronic payment and receipt mechanism that is integrated with the U.S. Department of Treasury's
3. To provide Web-based capabilities including transactional inquiries and information on payment status.
4. To facilitate debt collection activities in accordance with the Debt Collection Improvement Act of 1996 and the HHS regulations for claims collections (45 CFR Part 30).
Permitted disclosures include those made in accordance with routine uses that are listed in the notice of the system of records. 5 U.S.C. 552a(b)(3). The Privacy Act defines “routine use” as “with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected.” See also FDA's Privacy Act regulations, defining “routine use” as “use outside the Department of Health and Human Services that is compatible with the purpose for which the records were collected and described in the [System of Records] notice * * *” 21 CFR 21.20(b)(5).
Records in this system that contain information about record subjects and nonsubjects (such as FDA employees who operate the system) may be disclosed to recipients outside HHS in accordance with the following routine uses:
1. Records may be disclosed to appropriate Federal Agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records.
2. In the event HHS deems it desirable or necessary, in determining whether particular records are required to be disclosed under the FOIA, disclosure may be made to the DOJ for the purpose of obtaining its advice.
3. Where Federal Agencies having the power to subpoena other Federal Agencies' records, such as the Internal Revenue Service, issue a subpoena to HHS for records in this system of records, HHS will make such records available, provided however, that in each case, HHS determines that such disclosure is compatible with the purpose for which the records were collected.
4. A record from this system may be disclosed to entities as provided for in the Debt Collection Improvement Act of 1996 (Pub. L. 104-134).
5. A record may be disclosed to banks enrolled in the Treasury Credit Card Network to collect a payment or debt when the person has given his/her credit card number for this purpose.
6. UFS submitter data (name, address, DUNS number) may be provided to Dun and Bradstreet for validation for the purpose of maintaining database integrity.
7. Disclosure may be made to the Department of Justice (DOJ) when: (a) The Agency or any component thereof; (b) any employee of the Agency in his or her official capacity; (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (d) the U.S. Government is a party to litigation or has an interest in such litigation, and by careful review, the Agency determines that the records are both relevant and necessary to the litigation and the use of such records by the DOJ is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
8. Disclosure may be made to a court or other tribunal, when: (a) The Agency or any component thereof; (b) any employee of the Agency in his or her official capacity; (c) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (d) the U.S. Government is a party to the proceeding or has an interest in such proceeding, and by careful review, the Agency determines that the records are both relevant and necessary to the proceeding and the use of such records is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
9. Disclosure may be made to contractors and other individuals who perform services for the Agency related to this system of records, and who need access to the records in order to perform such services. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
10. Disclosure may be made to NARA and/or the General Services Administration for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
11. Records may become accessible to U.S. Department of Homeland Security (DHS) cyber security personnel, if captured in an intrusion detection system used by HHS/FDA and DHS pursuant to the DHS Einstein 2 program. Under Einstein 2, DHS uses intrusion detection systems to monitor Internet traffic to and from Federal computer networks to prevent malicious computer code from reaching the networks. According to DHS' Privacy Impact Assessment for Einstein 2 (available on the DHS Cybersecurity privacy Web site,
Records may be maintained in hard copy files and on computer disks, hard drives, file servers, and other types of data storage devices.
Records may be retrieved by computer search using name, address, contact information, system identifiable numbers (party/organization, submitter numbers), DUNS Number, and payment information (for refunds).
UFS records are maintained in accordance with FDA's Records Control Schedule, and with the applicable General Records Schedule (GRS) and disposition schedule approved by NARA. UFS records fall under GRS 20, Items 2a(4) (hard copy input records), 12 and 16 (Output records and reports), and NARA approved citation N1-088-09-11, Items 1.1 (files maintained in the Office of Financial Management), 1.2 (data maintained by FDA Centers), and 1.3.2 (database records).
George Brindza, Division of Systems, FDA Office of Information Management (OIM), 2094 Gaither Rd., rm. 131, Rockville, MD 20850; 301-796-7845.
In accordance with 21 CFR part 21, subpart D, an individual may submit a request to the FDA Privacy Act Coordinator, with a notarized signature, to confirm whether records exist about him or her. Requests should be directed to the FDA Privacy Act Coordinator, Division of Freedom of Information, 12420 Parklawn Dr., ELEM-1036, Rockville, MD 20857. An individual requesting notification via mail should certify in his or her request that he or she is the individual who he or she claims to be and that he or she understands that the knowing and willful request for or acquisition of a
Procedures are the same as above, in Notification Procedures. Requesters should also reasonably specify the record contents being sought. Some records may be exempt from access under 5 U.S.C. 552a(d)(5), if they are “compiled in reasonable anticipation of a civil action or proceeding.” If access to requested records is denied, the requester may appeal the denial to the FDA Commissioner. Additional details regarding record access procedures and identity verification requirements appear in 21 CFR part 21, subpart D.
In addition to the procedures described above, requesters should reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction, and provide justifying information showing why the record is not accurate, complete, timely, or relevant. Rules and procedures regarding amendment of Privacy Act records appear in 21 CFR part 21, subpart E.
Information in this system is obtained from many sources, including: (1) Directly from the individual, company or organization that is required to submit user fees to FDA; (2) from materials supplied by the submitter or individual acting on his/her behalf; (3) from FDA Centers such as the Center for Drug Evaluation and Research, Center for Devices and Radiological Health, Center for Biologics Evaluation and Research, Center for Veterinary Medicine, Center for Tobacco Products, Center for Food Safety and Applied Nutrition, and the Office of Financial Management; and (4) from any other relevant source.