09-25-0169 SYSTEMS LISTING

Medical Staff-Credentials Files, HHS/NIH/CC.

None.

Credentialing Services Office, Clinical Center (CC), Building 10, Room 1N204, 10 Center Drive, Bethesda, MD 20892-1192.

Write to the System Manager at the address below for a list of Contractor locations, including the address of any Federal Records Center where records from this system may be stored.

Individuals who have been approved as members of the medical staff at the Warren G. Magnuson Clinical Center.

Medical staff names, date of birth, home address and telephone number, office address and telephone number, citizenship, visa information, appointment date, hospital-wide computer access privileges, Institute/Center designation, branch/lab, type of medical staff membership, privilege delineation, professional degree(s) including school of attendance and graduation dates, foreign medical examinations, specialty board certifications, licensing information (including state of licensure and license number), record of disciplinary actions, documentation of training, and admitting privileges.

The authority for collecting the requested information is contained in section 301 (42 U.S.C. 241) of the Public Health Service Act, as amended, outlining the authority of the Secretary to, within the Public Health Service (PHS), promote the coordination of various research and associated activities, including for purposes of study, admitting and treating individuals at PHS facilities. Section 402(b) of the Public Health Service Act (42 U.S.C. 282(b)), as amended, outlining the authority of the Director of the National Institutes of Health (NIH) with respect to the admission and treatment of individuals at NIH facilities for purposes of study.

These records are used to: (1) maintain information used in the credentialing and privileging of active medical staff members at the Warren G. Magnuson Clinical Center; (2) document patient care privileges for active members of the medical staff; (3) provide information about active and non-active members of the medical staff to authorized individuals; and (4) report to the National Practitioner Data Bank as required by the provisions of Title IV of Pub. L. 99-660, as amended.

1. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
2. The Department of Health and Human Services (HHS) may disclose information from this system of records to the Department of Justice, or to a court or other tribunal, when (a) HHS, or any component thereof; or (b) any HHS employee in his or her official capacity; or (c) any HHS employee in his or her individual capacity where the Department of Justice (or HHS, where it is authorized to do so) has agreed to represent the employee; or (d) the United States or any agency thereof where HHS determines that the litigation is likely to affect HHS or any of its components, is a party to litigation, and HHS determines that the use of such records by the Department of Justice, court or other tribunal is relevant and necessary to the litigation and would help in the effective representation of the governmental party, provided, however, that in each case HHS determines that such disclosure is compatible with the purpose for which the records were collected.
3. In the event that a system of records maintained by this agency to carry out its functions indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule or order issued pursuant thereto, the relevant records in the system of records may be referred to the appropriate agency, whether Federal, State, or local, charged with enforcing or implementing the statute or rule, regulation or order issued pursuant thereto.
4. NIH may disclose records to Department contractors and subcontractors for the purpose of collecting, compiling, aggregating, analyzing, or refining records in the system. Contractors maintain, and are also required to ensure that subcontractors maintain, Privacy Act safeguards with respect to such records.
5. NIH may disclose information to representatives of the Joint Commission on Accreditation of Healthcare Organizations for the purpose of conducting quality assurance reviews and inspections of the Warren G. Magnuson Clinical Center credentialing policies and procedures.
6. NIH may disclose information from this system of records to State medical boards for purposes of professional quality assurance activities.
7. NIH may disclose information from this system of records to health care facilities for the purpose of verifying that an individual to whom they intend to grant medical staff or patient care privileges has or previously held such privileges at the Warren G. Magnuson Clinical Center.

Records are stored on paper forms in file folders and in electronic databases.

Records are retrieved by name, date of birth, type of medical staff membership, Institute/Center and licensing status.

1. Authorized Users: Data on the computer network system is accessed by a password known only to authorized users who are NIH employees and contractor staff responsible for implementing the medical staff credentials data system. Access to information is thus limited to those with a need to know.
2. Physical Safeguards: Rooms where records are stored are locked when not in use. During regular business hours rooms are unlocked but entry is controlled by on-site personnel.
3. Procedural and Technical Safeguards: Access to files is strictly controlled by the system manager. Names and other identifying particulars are deleted when data from original records are encoded for analysis. Data stored in computers is accessed through a network system by use of a password known only to authorized users. All authorized users of personal information in connection with the performance of their jobs (see Authorized Users, above) protect information from public view and from unauthorized personnel entering an unsupervised office.

These practices are in compliance with the standards of Chapter 45-13 of the HHS General Administration Manual, "Safeguarding Records Contained in Systems of Records," supplementary Chapter PHS hf: 45-13, and the HHS Automated Information Systems Security Program Handbook.

Records are retained and disposed of under the authority of the NIH Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 1B "Keeping and Destroying Records" (HHS Records Management Manual, Appendix B-361), item 2300-293-4, "Medical Staffs' Credential Files," which allows inactive records to be transferred to the Federal Records Center at five year intervals and to be destroyed after thirty years. Refer to the NIH Manual Chapter for specific disposition instructions.

Chief, Credentialing Services Office, Clinical Center, Building 10, Room 1N204, 10 Center Drive, Bethesda, MD 20892-1192.

To determine if a record exists, write to the System manager at the above address. The requester must provide tangible proof of identity (e.g., driver's license). If no identification papers are available, the requester must verify his or her identity by providing either a notarization of the request or a written certification that the requester is who he or she claims to be and understands that the knowing and willful request for acquisition of a record pertaining to an individual under false pretenses is a criminal offense under the Act, subject to a five thousand dollar fine.

Write to the System Manager specified above to attain access to records and provide the same information as that required under the Notification Procedures. Requesters should also reasonably specify the record contents being requested. Individuals may also request an accounting of disclosure of their records, if any.

Contact the System Manager specified above and reasonably identify the record, specify the information to be contested, the corrective action sought, and your reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely or irrelevant. The right to contest records is limited to information which is incomplete, irrelevant, incorrect, or untimely (obsolete).

Subject individual.

None.