09-25-0099 SYSTEMS LISTING

Clinical Research: Patient Medical Records, HHS/NIH/CC.

None.

Medical Record Department, Clinical Center, Building 10, Room 1N208, 10 Center Drive, Bethesda, MD 20892-1192 and at private organizations under contract. Write to the system manager for a list of current locations.

Registered Clinical Center patients. Some individuals not registered as patients but seen in Clinical Center for diagnostic tests.

Medical treatment records.

42 U.S.C. 241, 248: "Research and Investigation," and "Hospitals, Medical Examinations, and Medical Care."

1. To provide a continuous history of the treatment afforded individual patients in the Clinical Center.
2. To provide a data base for the clinical research conducted within the hospital.

1. Information may be used to respond to Congressional inquiries for constituents concerning their admission to NIH Clinical Center.
2. Social Work Department may give pertinent information to community agencies to assist patients or their families.
3. Referring physicians receive medical information for continuing patient care after discharge.
4. Information regarding diagnostic problems, or having unusual scientific value may be disclosed to appropriate medical or medical research organizations or consultants in connection with treatment of patients or in order to accomplish the research purposes of this system. For example, tissue specimens may be sent to the Armed Forces Institute of Pathology; X-rays may be sent for the opinion of a radiologist with extensive experience in a particular kind of diagnostic radiology. The recipients are required to maintain Privacy Act safeguards with respect to these records.
5. Records may be disclosed to representatives of the Joint Commission on Accreditation of Hospitals conducting inspections to ensure that the quality of Clinical Center medical record-keeping meets established standards.
6. Certain diseases and conditions, including infectious diseases, may be reported to appropriate representatives of State or Federal Government as required by State or Federal law.
7. Medical information may be disclosed in identifiable form to tumor registries for maintenance of health statistics, e.g., for use in epidemiologic studies.
8. The Department contemplates that it may contract with a private firm for transcribing, updating, copying, or otherwise refining records in this system. Relevant records will be disclosed to such a contractor. The contractor will be required to comply with the requirements of the Privacy Act with respect to such records
9. In the event of litigation where the defendant is (a) the Department, any component of the Department, or any employee of the Department in his or her official capacity; (b) the United States where the Department determines that the claim, if successful, is likely to directly affect the operations of the Department or any of its components; or (c) any Department employee in his or her individual capacity where the Justice Department has agreed to represent such employee, for example in defending against a claim based upon an individual's mental or physical condition and alleged to have arisen because of activities of the Public Health Service in connection with such individual, the Department may disclose such records as it deems desirable or necessary to the Department of Justice to enable that agency to present an effective defense, provided that such disclosure is compatible with the purpose for which the records were collected.
10. a). PHS may inform the sexual and/or needle-sharing partner(s) of a subject individual who is infected with the human immunodeficiency virus (HIV) of their exposure to HIV, under the following circumstances: (1) The information has been obtained in the course of clinical activities at PHS facilities carried out by PHS personnel or contractors; (2) The PHS employee or contractor has made reasonable efforts to counsel and encourage the subject individual to provide the information to the individual's sexual or needle-sharing partner(s); (3) The PHS employee or contractor determines that the subject individual is unlikely to provide the information to the sexual or needle-sharing partner(s) or that the provision of such information cannot reasonably be verified; and (4) The notification of the partner(s) is made, whenever possible, by the subject individual's physician or by a professional counselor and shall follow standard counseling practices.

b). PHS may disclose information to State or local public health departments, to assist in the notification of the subject individual's sexual and/or needle-sharing partner(s), or in the verification that the subject individual has notified such sexual or needle-sharing partner(s).

Records are stored in file folders and/or on microfiche, and on computer tapes.

Records are retrieved by unit number and patient name.

Measures to prevent unauthorized disclosures are implemented as appropriate for each location and for the particular records maintained in each project. Each site implements personnel, physical, and procedural safeguards such as the following:

1. Authorized Users: Employees maintaining records in this system are instructed to grant regular access only to physicians and dentists and other health care professionals officially participating in patient care, to contractors, or to NIH researchers specifically authorized by the system manager.
2. Physical Safeguards: All record facilities are locked when system personnel are not present.
3. Procedural Safeguards: Access to files is strictly controlled by the system manager. Records may be removed only by system personnel following receipt of a request signed by an authorized user. Access to computerized records is controlled by the use of security codes known only to the authorized user. Codes are user- and function-specific.

Contractor compliance is assured through inclusion of Privacy Act requirements in contract clauses, and through monitoring by contract and project officers. Contractors who maintain records in this system are instructed to make no disclosure of the records except as authorized by the System Manager.

These practices are in compliance with the standards of Chapter 45-13 of the HHS General Administration Manual, "Safeguarding Records Contained in Systems of Records," supplementary Chapter PHS hf: 45-13, and the HHS Automated Information Systems Security Program Handbook.

Records are retained and disposed of under the authority of the NIH Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 1 - "Keeping and Destroying Records" (HHS Records Management Manual, Appendix B-361), item 3000-E-22, which allows records to be kept until no longer needed for scientific reference. Refer to the NIH Manual Chapter for specific disposition instructions.

Director, Medical Record Department, Clinical Center (CC), Building 10, Room 1N208, 10 Center Drive, Bethesda, MD 20892-1192.

To determine if a record exists, write to the System Manager at the above address. The requester must provide tangible proof of identity, such as a driver's license. If no identification papers are available, the requester must verify his or her identity by providing either a notarization of the request or a written certification that the requester is who he or she claims to be and understands that the knowing and willful request for acquisition of a record pertaining to an individual under false pretenses is a criminal offense under the Act, subject to a five thousand dollar fine.

An individual who requests notification of or access to a medical/dental record shall, at the time the request is made, designate in writing a responsible representative who will be willing to review the record and inform the subject individual of its contents at the representative's discretion. The representative may be a physician, or other health professional, or other responsible individual. The subject individual will be granted direct access unless it is determined that such access is likely to have an adverse effect on him or her. In that case, the medical/dental record will be sent to the designated representative. The individual will be informed in writing if the record is sent to the representative.

A parent or guardian who requests notification of or access to a child's/incompetent person's record shall designate a family physician or other health professional (other than a family member) to whom the record, if any, will be sent. The parent or guardian must verify relationship to the child/incompetent person as well as his/her own identity.

Same as Notification Procedures. Requesters should also reasonably identify the specific reports and related dates pertaining to the information to be released. There may be a fee for reproducing more than 20 pages of material. Individuals may also request listings of accountable disclosures that have been made of their records, if any.

Contact the System Manager and reasonably identify the record and specify the information to be contested, and state the corrective action sought and your reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely or irrelevant. The right to contest records is limited to information which is incomplete, irrelevant, incorrect, or untimely (obsolete).

Referring physicians, other medical facilities (with patient's consent), patients, relatives of patients.

None.