{"database": "openregs", "table": "federal_register", "rows": [["E7-22079", "Privacy Act of 1974; Report of a Modified System of Records", "Notice", "In accordance with the requirements of the Privacy Act of 1974, we are proposing to modify an existing SOR titled, \"Individuals Authorized Access to Centers for Medicare & Medicaid Services (CMS) Computer Services (IACS), System No. 09-70-0064,\" most recently modified at 67 FR 48911 (July 26, 2002). We propose to assign a new CMS identification number to this system to simplify the obsolete and confusing numbering system originally designed to identify the Bureau, Office, or Center that maintained information in the Health Care Financing Administration systems of records. The new identifying number for this system should read: System No. 09-70-0538. We propose to broaden the scope of this system to include a CMS service planned to provide a centralized user provisioning and administration service that supports the creation, deletion, and lifecycle management of enterprise identities. This service creates accounts, supports Role Based Access Control (RBAC), and provides business application integration points. RBAC is a form flow approval process and enterprise identity audit and recertification based on the role of the individual. The business application integration point allows business application owners to use the form flow process of the user provisioning service to approve or deny requests for access to business applications. This modification will permit CMS to implement a unified framework for managing user information and access rights, for those individuals who apply for and are granted access across multiple CMS systems and business contexts. We propose to modify existing routine use number 1 that permits disclosure to agency contractors and consultants to include disclosure to CMS grantees who perform a task for the agency. CMS grantees, charged with completing projects or activities that require CMS data to carry out that activity, are classified separate from CMS contractors and/or consultants. The modified routine use will remain as routine use number 1. We will delete routine use number 2 authorizing disclosure to support constituent requests made to a congressional representative. If an authorization for the disclosure has been obtained from the data subject, then no routine use is needed. The Privacy Act allows for disclosures with the \"prior written consent\" of the data subject. Finally, we will delete the section titled \"Additional Circumstances Affecting Routine Use Disclosures,\" that addresses \"Protected Health Information (PHI)\" and \"small cell size.\" The requirement for compliance with HHS regulation \"Standards for Privacy of Individually Identifiable Health Information\" does not apply because this system does not collect or maintain PHI. In addition, our policy to prohibit release if there is a possibility that an individual can be identified through \"small cell size\" is not applicable to the data maintained in this system. We are modifying the language in the remaining routine uses to provide a proper explanation as to the need for the routine use and to provide clarity to CMS's intention to disclose individual-specific information contained in this system. The routine uses will then be prioritized and reordered according to their usage. We will also take the opportunity to update any sections of the system that were affected by the recent reorganization or because of the impact of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108-173) provisions and to update language in the administrative sections to correspond with language used in other CMS SORs. The primary purpose of the system has been to collect and maintain individually identifiable information to assign, control, track, and report authorized access to and use of CMS's computerized information and resources, for those individuals who apply for and are granted access across multiple CMS systems and business contexts. Information in this system will also be used to: (1) Support regulatory and policy functions performed within the Agency or by a contractor, consultant, or CMS grantee; and (2) support litigation involving the Agency related to this system. We have provided background information about the modified system in the \"Supplementary Information\" section below. Although the Privacy Act requires only that the \"routine use\" portion of the system be published for comment, CMS invites comments on all portions of this notice. See Effective Dates section for comment period.", "2007-11-13", 2007, 11, "https://www.federalregister.gov/documents/2007/11/13/E7-22079/privacy-act-of-1974-report-of-a-modified-system-of-records", "https://www.govinfo.gov/content/pkg/FR-2007-11-13/pdf/E7-22079.pdf", "Health and Human Services Department; Centers for Medicare & Medicaid Services", "221,45", "In accordance with the requirements of the Privacy Act of 1974, we are proposing to modify an existing SOR titled, \"Individuals Authorized Access to Centers for Medicare & Medicaid Services (CMS) Computer Services (IACS), System No. 09-70-0064,\" most...", null]], "columns": ["document_number", "title", "type", "abstract", "publication_date", "pub_year", "pub_month", "html_url", "pdf_url", "agency_names", "agency_ids", "excerpts", "regulation_id_numbers"], "primary_keys": ["document_number"], "primary_key_values": ["E7-22079"], "units": {}, "query_ms": 27.50056399963796, "source": "Federal Register API & Regulations.gov API", "source_url": "https://www.federalregister.gov/developers/api/v1", "license": "Public Domain (U.S. Government data)", "license_url": "https://www.regulations.gov/faq"}