Billing Code: 4410-36 DEPARTMENT OF JUSTICE [CPCLO Order No. 003-2024] Privacy Act of 1974; Systems of Records AGENCY: Federal Bureau of Prisons, United States Department of Justice. ACTION: Notice of a modified system of records. SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Federal Bureau of Prisons (hereinafter the Bureau or FBOP), a component within the United States Department of Justice (DOJ or Department), proposes to modify a system of records notice titled, “Inmate Physical and Mental Health Record System,†JUSTICE/BOP-007, last modified on May 25, 2017, in order to consolidate previously published modifications of the system of records into one document to promote transparency. The modifications also incorporate OMB guidance, technological advancements, and changes to four (4) routine uses. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is applicable upon publication, subject to a 30-day period in which to comment on the routine uses, described below. Therefore, please submit any comments by [INSERT DATE 30 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]. ADDRESSES: The public, OMB, and Congress are invited to submit any comments: by mail to the United States Department of Justice, Office of Privacy and Civil Liberties, ATTN: Privacy Analyst, Two Constitution Square (2CON), 145 N Street, NE, Suite 8W.300, Washington, DC 20002; by facsimile at 202-307-0693; or by email at privacy.compliance@usdoj.gov. To ensure proper handling, please reference the above CPCLO Order No. on your correspondence. FOR FURTHER INFORMATION CONTACT: Eugene Baime, Supervisory Attorney, Freedom of Information Act and Privacy Act Section, Office of General Counsel, Federal Bureau of Prisons, 320 First Street NW, Suite 924A, Washington, DC 20534, BOP-OGC-EFOIA-S@BOP.GOV, 202-616-7750. SUPPLEMENTARY INFORMATION: FBOP is modifying this system of records to consolidate earlier modifications of the system of records into one document to promote transparency. For a detailed list of previously published modifications, please review the “History†section below. Additionally, modifications to the system of records have been made to incorporate OMB guidance, technological advancements, and the modification of four (4) routine uses. Pursuant to OMB Circular No. A-108, various sections were rearranged, and various section titles were edited. FBOP also has changed the “System Location†section by adding to the list of locations where records may be maintained contractor-operated correctional facilities, National Archive Centers, secure cloud computing environments, and contracted storage facilities. FBOP has updated the “Addresses†section to reflect administrative changes. FBOP has made a slight change to the Purpose(s) of the System to add the Attorney General as one of the parties that this system assists. FBOP has updated the “Categories of Individuals Covered by the System†to clarify that it includes those individuals under custody for criminal and civil commitments. FBOP has updated the “Categories of Records†in the system to include additional identifying particulars and information regarding specific health conditions. FBOP has added modified routine uses that: allow medical health care professionals to access former inmates’ medical records for continuity of care purposes, and eliminating the requirement the records only be provided for pre-existing condition (see RU b); include specific mention of the United States Probation Office (see RU c); permit Members of Congress to request and receive records at the bequest of the authorized next-of-kin for inmates who are mentally or physically incapacitated (see RU g); and account for authorized disclosures related to Coronavirus-19 (SARS-CoV-2) and other unknown infectious diseases (see RU j). Additionally, previously published routine uses on breach procedures have been consolidated here to make them easier to find. FBOP also has made a slight change in the “Policies and Practices for Storage of Records†section by adding a federally-authorized secure cloud as a location where files may be stored. FBOP has updated the “Policies and Practices for Retrieval of Records†section to include additional identifying particulars. FBOP had made an update to the “Administrative, Technical, and Physical Safeguards†section to clarify that access to data is facilitated via strong authentication and data is segregated to limit staff’s ability to update data absent authorization. FBOP has updated the “Record Access Procedures,†“Contesting Record Procedures,†and “Notification Procedures†to include more detail on how one may access, contest, or receive notifications about records. Specifically, the “Records Access Procedures†section recognizes updated methods of record access for authorized next-ofkin, former inmates, and attorneys representing current and former inmates in criminal or civil matters. FBOP continues to assert the same Privacy Act exemptions as previously published in the Federal Register. See 28 CFR 16.97(a) and (n). In accordance with 5 U.S.C. 552a(r), the Department has provided a report to OMB and Congress on this notice of a modified system of records. Dated: May 28, 2024. Peter A. Winn, Acting Chief Privacy and Civil Liberties Officer, United States Department of Justice. JUSTICE/BOP–007 SYSTEM NAME AND NUMBER: Inmate Physical and Mental Health Record System, JUSTICE/BOP–007 SYSTEM LOCATION: Records may be retained at any Department of Justice authorized location, including the Central Office of FBOP, its Regional Offices, and any correctional facilities operated by FBOP or its contractors, and FBOP’s National Archive Centers. A list of Bureau system locations may be found at 28 CFR part 503 and on the Internet at https://www.bop.gov. Records within this system of records may be transferred to a Department-authorized cloud service provider, in which records would be limited to locations within the United States. SYSTEM MANAGER(S): Assistant Director, Health Services Division, Federal Bureau of Prisons; 320 First Street NW., Washington, DC 20534 AUTHORITY FOR MAINTENANCE OF THE SYSTEM: This system is established and maintained under the authority of 18 U.S.C. 3621, 4014, 4042, 4082, 4241 et seq., 5003, and section 11201 of chapter 1 of subtitle C of title XI of the National Capital Revitalization and Self- Government Improvement Act of 1997. PURPOSE(S) OF THE SYSTEM: This system assists the Attorney General and the Bureau in providing appropriate health care to persons in the custody of the Bureau. It provides for the maintenance and release of records concerning the medical, mental, and dental health of persons in the Bureau’s custody. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals currently or formerly under the custody of the Attorney General and/or the Director of the Bureau, including those individuals under custody for criminal and civil commitments. CATEGORIES OF RECORDS IN THE SYSTEM: Records in this system include: (1) identification data, including name, inmate register number, date of birth, Social Security number, FBI number, alien registration number, system-generated identification number, miscellaneous identification numbers, drug testing data and DNA samples and analysis; (2) medical and dental history and examinations (past and present), including diagnosis and treatment notes, records, and pharmaceutical information; (3) medical information concerning deaths of inmates; (4) offense information, including Pre-Sentence Reports; (5) designations of inmates from parent facilities to medical facilities, including date and type of referral; (6) precertifications authorizing inmates to receive care at local medical facilities, including authorized and actual length of stay, and all associated cost information; (7) mental health and drug abuse information, including interview summaries or reports with health care professionals, testing data, and progress or observation notes, generated and maintained by Bureau staff; (8) mental health and drug abuse information generated outside the Bureau by other corrections agencies and health care providers such as surgical clinics, mental hospitals, private therapists, etc.; (9) urine surveillance reports of drug program participants; (10) automated data, including Electronic Signatures, Sensitive Medical Data (SMD), Medical Duty Status (MDS), and Diagnosis Group (DGN); and (11) information concerning individuals with a specific health condition or status such as cancer, diabetes, infectious/communicable disease(s), HIV, Coronavirus19, Tuberculosis, immunizations, suicidal behavior, or disabilities. RECORD SOURCE CATEGORIES: Records are generated by: (1) individuals currently or formerly under Bureau custody; (2) Bureau staff; (3) community health care providers, including individuals, hospitals, and/or other professionals involved in the medical, mental, and dental care of inmates and/or former inmates; and (4) other Federal and/or State, local or Tribal agencies, including those preparing or providing information on Pre-Sentence Reports. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: Relevant data from this system will be disclosed as follows: (a) To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to providing appropriate health care to persons in the custody of the Bureau; (b) To community health care professionals, including physicians, psychiatrists, psychologists, and State and Federal medical facility personnel who are providing treatment to former Federal inmates for continuity of care purposes; (c) To Federal, State, local, foreign and international law enforcement agencies and officials, including the United States Probation Office, for law enforcement purposes such as investigations, possible criminal prosecutions, civil court actions, or regulatory proceedings; (d) To a court or adjudicative body before which the Department of Justice or the Bureau is authorized to appear when any of the following is a party to litigation or has an interest in litigation and such records are determined by the Bureau to be arguably relevant to the litigation: (1) the Bureau, or any subdivision thereof, or (2) any Department or Bureau employee in his or her official capacity, or (3) any Department or Bureau employee in his or her individual capacity where the Department has agreed to provide representation for the employee, or (4) the United States, where the Bureau determines that the litigation is likely to affect it or any of its subdivisions; (e) In an appropriate proceeding before a court or administrative or regulatory body when records are determined by the Department to be arguably relevant to the proceeding, including Federal, State, and local licensing agencies or associations which require information concerning the suitability or eligibility of an individual for a license or permit; (f) To the news media and the public pursuant to 28 CFR 50.2, unless it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy; (g) To a Member of Congress or staff acting upon the Member’s behalf when the Member or staff requests the information on behalf of and at the request of the individual who is the subject of the record or the individual’s authorized next-of-kin if the individual is mentally or physically incapacitated; (h) To the National Archives and Records Administration and General Services Administration in records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906; (i) To any person or entity to the extent necessary to prevent immediate loss of life or serious bodily injury; and (j) For information relating to infectious diseases, as follows: (1) To State health departments and/ or the Center for Disease Control, pursuant to State and/or Federal laws requiring notice of cases of reportable infectious diseases or immunization status regarding certain infectious diseases; (2) To the United States Probation Office in the district where an inmate is being released from Bureau custody on parole, placement in a community-based program, furlough, or full-term release, when the inmate is known to be HIV positive, under treatment for exposure to or active Tuberculosis (TB), tested positive for the Coronavirus-19, and is required to be quarantined with local, State, or Federal guidance, or immunization status regarding certain infectious diseases required by law; (3) To the Director of a Residential Reentry Center (halfway house) receiving an inmate from Bureau custody when the inmate is known to be HIV positive, under treatment for exposure to or active TB, tested positive for the Coronavirus-19 and is required to be quarantined with local, State, or Federal guidance, or immunization status regarding certain infectious diseases required by law; (4) To the physician/provider of a Bureau or non-Bureau staff, or other person exposed to a bloodborne pathogen while lawfully present in a Bureau facility, for the purpose of providing prophylaxis or other treatment and counseling; (k) The Department may disclose relevant and necessary information to a former employee of the Department for purposes of: responding to an official inquiry by a Federal, State, or local government entity or professional licensing authority, in accordance with applicable Department regulations; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the Department requires information and/or consultation assistance from the former employee regarding a matter within that person’s former area of responsibility; (l) To appropriate agencies, entities, and persons when: (1) the Department suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and (m) To another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Information maintained in the system is stored in electronic media in Bureau facilities via a configuration of personal computer, client/server, and mainframe systems, and/or federally-authorized cloud architecture and may be accessed by only those staff with a need-to-know at all Bureau and contractor facilities. Some information may be stored on computerized media, e.g., hard disk, magnetic tape, digital recordings, and/or Compact or Digital Video Discs (CD/DVDs). Documentary (paper) records are maintained in manual file folders. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrieved by identifying data of the persons covered by this system, including name, inmate register number, FBI number, Social Security number, alien registration number, system-generated identification number, or miscellaneous identification number. Records are also retrievable by institution, date, or type of incident (e.g. inmate misconduct investigation). POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records in this system are retained for a period of thirty (30) years after the expiration of the sentence. Records of an unsentenced inmate are retained for a period of thirty (30) years after the inmate’s release from confinement. Documentary records are destroyed by shredding; computer records are destroyed by degaussing and/or shredding. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Information is safeguarded in accordance with Federal IT security requirements and Bureau rules and policy governing automated information systems security, including physical security and access controls. These safeguards include the maintenance of records and technical equipment in restricted areas, the use of encryption to protect data, and the required use of strong user authentication to access the system. Only those authorized personnel who require access to perform their official duties may access the system equipment and the information in the system. The data is also segregated and encrypted, and staff’s ability to update inmate data is restricted absent authorization. Documentary records are maintained in secure areas in locked fireproof cabinets in guarded buildings and accessed only by authorized personnel. RECORD ACCESS PROCEDURES: The Attorney General has exempted this system of records from the notification, access, amendment, and contest procedures of the Privacy Act. These exemptions apply only to the extent that the information in this system is subject to exemption pursuant to 5 U.S.C. 552a(j). Where compliance would not appear to interfere with or adversely affect the purposes of the system, or the overall law enforcement/intelligence process, the applicable exemption (in whole or in part) may be waived by the BOP in its sole discretion. All requests for records may be made by writing to the Director, Federal Bureau of Prisons, 320 First Street NW, Washington, DC 20534, and should be clearly marked “Privacy Act Request.†In addition, the requester must provide a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format: If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on [date]. [Signature].†If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on [date]. [Signature].†While no specific form is required, requesters may obtain a form (Form DOJ– 361) for use in certification of identity, available at https://www.justice.gov/oip/page/file/1280011/download. In the initial request, the requester may also include any other identifying data that the requester may wish to furnish to assist the BOP in making a reasonable search. The request should include a return address for use by the BOP in responding; requesters are also encouraged to include a telephone number to facilitate BOP contacts related to processing the request. A determination of whether a record may be accessed will be made after a request is received. The authorized next-of-kin must provide legal support of his/her status. A statement may be substituted if it is notarized or sworn under penalty of perjury. To obtain records for former inmates, the medical professional’s statement must be notarized or sworn under penalty of perjury. To obtain records for current inmates, a notation in the inmate’s medical records from the treating medical professional stating the inmate is mentally incapable of making decision on his/her own behalf is required. Former inmates’ requesting their own records must include the former inmate’s full name, current address, date and place of birth. The signature on the request must be notarized or sworn under penalty of perjury. A DOJ-Form 361 may be used to satisfy the signature requirements. Attorneys’ requests for medical records of their clients in civil or criminal matters must include the current or former inmate’s full name, current address, date and place of birth. The inmate’s written authorization to provide the medical records to an attorney must be notarized or sworn under penalty of perjury. A DOJ-Form 361 may be used to satisfy the authorization requirements. An attorney may complete and sign the DOJ-361 or submit a statement either notarized or sworn under penalty of perjury on behalf of the inmate if: (1) the attorney submits a statement either notarized or sworn under penalty of perjury s/he represents the inmate; and (2) The attorney proffers the medical records are necessary to adequately represent his/her client. CONTESTING RECORD PROCEDURES: Individuals seeking to contest or amend records maintained in this system of records must direct their requests to the address indicated in the “RECORD ACCESS PROCEDURES†section, above. All requests to contest or amend records must be in writing and the envelope and letter should be clearly marked “Privacy Act Amendment Request.†All requests must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record. Some information may be exempt from the amendment provisions as described in the “EXEMPTIONS PROMULGATED FOR THE SYSTEM†section below. An individual who is the subject of a record in this system of records may contest or amend those records that are not exempt. A determination of whether a record is exempt from the amendment provisions will be made after a request is received. More information regarding the Department’s procedures for amending or contesting records in accordance with the Privacy Act can be found at 28 CFR 16.46, “Requests for Amendment or Correction of Records.†NOTIFICATION PROCEDURES: Individuals may be notified if a record in this system of records pertains to them when the individuals request information utilizing the same procedures as those identified in the “RECORD ACCESS PROCEDURES†section, above. EXEMPTIONS PROMULGATED FOR THE SYSTEM: The Attorney General has exempted this system from subsections (c)(3) and (4), (d), (e)(1), (e)(2), (e)(3), (e)(4) (H), (e)(5), (e)(8); (f); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j). See 28 CFR 16.97(a) and (n). Rules have been promulgated in accordance with the requirements of 5 U.S.C., 553(b), (c) and (e), and have been published in the Federal Register. HISTORY: 67 FR 11712 (March 15, 2002): Last published in full; 72 FR 3410 (January 25, 2007): Added routine use; 82 FR 24147 (May 25, 2017): Rescinded 72 FR 3410 and added routine uses. Billing Code 4410-36 [FR Doc. 2024-12221 Filed: 6/11/2024 8:45 am; Publication Date: 6/12/2024]