Notice2022-25017
Privacy Act of 1974; System of Records
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
November 17, 2022
Issuing agencies
Health and Human Services DepartmentChildren and Families Administration
Abstract
In accordance with the requirements of the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is modifying an existing system of records maintained by the Administration for Children & Families (ACF), Office of Child Support Enforcement (OCSE): System No. 09-80-0389, "OCSE Data Center General Support System, HHS/ACF/OCSE."
Full Text
<html>
<head>
<title>Federal Register, Volume 87 Issue 221 (Thursday, November 17, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 221 (Thursday, November 17, 2022)]
[Notices]
[Pages 69026-69030]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-25017]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Administration for Children and Families
Privacy Act of 1974; System of Records
AGENCY: Administration for Children & Families, Department of Health
and Human Services.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the Department of Health and Human Services (HHS) is
modifying an existing system of records maintained by the
Administration for Children & Families (ACF), Office of Child Support
Enforcement (OCSE): System No. 09-80-0389, ``OCSE Data Center General
Support System, HHS/ACF/OCSE.''
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is
applicable November 17, 2022, subject to a 30-day period in which to
comment on the routine uses, described below. Please submit any
comments by December 19, 2022.
ADDRESSES: The public should address written comments by mail or email
to: Anita Alford, Senior Official for Privacy, Administration for
Children & Families, 330 C St. SW, Washington, DC 20201, or
<a href="/cdn-cgi/l/email-protection#e687888f9287c8878a80899482a6878580c88e8e95c8818990"><span class="__cf_email__" data-cfemail="65040b0c11044b0409030a1701250406034b0d0d164b020a13">[email protected]</span></a>.
FOR FURTHER INFORMATION CONTACT: General questions about this system of
records should be submitted by mail or email to Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support
Enforcement, at 330 C St. SW, 5th Floor, Washington, DC 20201, or
<a href="/cdn-cgi/l/email-protection#c395a6ada8a2b7a2ed88acada7a2b3acafb683a2a0a5edababb0eda4acb5"><span class="__cf_email__" data-cfemail="1244777c797366733c597d7c7673627d7e67527371743c7a7a613c757d64">[email protected]</span></a>.
SUPPLEMENTARY INFORMATION:
I. Explanation of Changes to System of Records 09-80-0389
This system of records covers information maintained in a secure
gateway system (the OCSE Data Center General Support System)
established by OCSE. OCSE and (at their option) external partners use
the system to facilitate electronic exchanges of information between
(1) a state child support enforcement agency and (2) another external
child support program partner, such as an employer, a health plan
administrator, a financial institution, or a central authority in a
foreign treaty country or a foreign country that is the subject of a
declaration under 42 U.S.C. 659a, through OCSE. The system maintains
information about individual participants in child support cases,
including income withholding order information, medical support
information, financial institution account information, levy file
information, and details of child support disbursements transmitted
between the United States and the authorized entity of the foreign
treaty country or foreign country subject of a declaration under 42
U.S.C. 659a for distribution of the support payment by the foreign
authority in accordance with the terms of the order. The following
modifications have been made:
<bullet> The System Manager section has been revised to change the
email address of the official serving as the System Manager, and to
change the title of the official from ``Acting Commissioner'' to
``Director.''
[[Page 69027]]
<bullet> The Authority section has been revised to include 42
U.S.C. 654, 654a, 654b, and 659a.
<bullet> The Purpose(s) section has been updated as follows:
[cir] To include an additional purpose for which OCSE may use the
OCSE Data Center General Support System; i.e., to support the Central
Authority Payment (CAP) program, that exchanges details of child
support disbursements transmitted between the United States and the
authorized entity of the foreign treaty country or foreign country
subject of a declaration under 42 U.S.C. 659a for distribution of the
support payment by the foreign authority in accordance with the terms
of the order;
[cir] To add the CAP program to the bulleted list of programs
supported by the gateway system;
[cir] To add the new purpose to the list of reasons for which state
child support enforcement agencies use the system; and
[cir] To add, at the end of the section, reasons for which U.S.
states use the system.
<bullet> The Categories of Records section has been revised to add
a new category 4: child support case information used to administer the
Central Authority Payment (CAP) program, which includes:
[cir] Obligor/non-custodial parent's name and Social Security
Number (SSN).
[cir] Foreign authority name, FIPS locator code, and foreign
authority's child support case identifier.
[cir] U.S. state name and state child support agency's case number.
[cir] Amount and date of payment.
[cir] Medical support indicator.
[cir] Employment termination indicator.
<bullet> In the Record Source Categories section, the description
of the first record source category has been changed from ``[s]tate
child support enforcement agencies initiating e-IWO, eNMSN, and FAST
Levy program transactions'' to ``[s]tate child support enforcement
agencies transmitting payment information to the CAP program for
foreign authorities, and initiating e-IWO, e-NMSN, and FAST Levy
program transactions in domestic child support cases.''
<bullet> The Routine Uses section has been updated to add new
routine use 11 to allow disclosure of child support case information
involving residents of the United States and residents of foreign
treaty countries or foreign countries that are the subject of a
declaration under 42 U.S.C. 659a to the foreign authority.
<bullet> The Policies and Practices for Retention and Disposal of
Records section has been updated to insert, in the description of
various retention periods that OCSE plans to propose to the National
Archives and Records Administration (NARA) for the records, ``up to 120
days to correct errors, and up to one year to reconcile information
with external partners.''
Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support
Enforcement, Administration for Children & Families, U.S. Department of
Health and Human Services.
SYSTEM NAME AND NUMBER:
OCSE Data Center General Support System, HHS/ACF/OCSE, 09-80-0389.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The address of the agency component responsible for the system of
records is Office of Child Support Enforcement, Administration for
Children & Families, 330 C St. SW, 5th Floor, Washington, DC 20201.
SYSTEM MANAGER(S):
Director, Division of Federal Systems, Office of Child Support
Enforcement, Administration for Children & Families, Department of
Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC
20201, or <a href="/cdn-cgi/l/email-protection#782e1d1613190c19563317161c190817140d38191b1e5610100b561f170e"><span class="__cf_email__" data-cfemail="1e487b70757f6a7f305571707a7f6e71726b5e7f7d783076766d30797168">[email protected]</span></a>.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 652, 654, 654a, 654b, 659, 659a, 666, 669a.
PURPOSE(S) OF THE SYSTEM:
The purpose of the system of records is to support the enforcement
of child support obligations, by providing a secure gateway (the OCSE
Data Center General Support System, or any successor system) that OCSE
will use to facilitate electronic exchanges of information about
individual participants in child support cases, between state child
support enforcement agencies and other external partners such as
employers, health plan administrators, financial institutions, and
central authorities in foreign treaty countries or foreign countries
that are the subject of a declaration under 42 U.S.C. 659a. The child
support enforcement agencies and other external partners will use the
gateway system to electronically submit information to and receive
information from each other, through OCSE.
The gateway system will support, for example:
<bullet> The Electronic Income Withholding Order (e-IWO) program,
that provides the means to electronically exchange income withholding
order information between state child support enforcement agencies and
employers.
<bullet> The Electronic National Medical Support Notice (e-NMSN)
program, that allows state child support enforcement agencies,
employers, and health plan administrators to electronically send and
receive National Medical Support Notices used to enroll children in
medical insurance plans pursuant to child support orders.
<bullet> The Federally Assisted State Transmitted (FAST) Levy
program, that allows states and financial institutions to exchange
information about levy actions through an electronic process.
<bullet> The Central Authority Payment (CAP) program, that allows
states and foreign authorities to exchange details of child support
disbursements transmitted between the United States and the authorized
entity of the foreign treaty country or foreign country subject of a
declaration under 42 U.S.C. 659a for distribution of the support
payment by the foreign authority in accordance with the terms of the
order.
Multiple child support program partners will utilize the gateway
system to electronically send and receive information:
State child support enforcement agencies will use the system to
transmit e-IWOs to employers and e-NMSNs to employers and health plan
administrators. State child support enforcement agencies will also use
the system to create levy actions for distribution to multiple
financial institutions, and to transmit information about child support
disbursements between U.S. states and foreign authorities through the
CAP program.
Employers will use the system to respond to state child support
enforcement agencies regarding e-IWOs and to provide information about
health insurance coverage provided by the employer. Employers and
health plan administrators will use the system to respond to state
child support enforcement agencies regarding e-NMSNs.
Financial institutions will use the system to receive and respond
to levy actions from multiple state child support enforcement agencies.
U.S. states will use the system to transmit information about child
support disbursements transmitted from the United States to a foreign
authority through the CAP program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records in the system of records are about custodial and
noncustodial parents, legal guardians, and third-party caretakers who
are participants in child
[[Page 69028]]
support program cases and whose names and Social Security numbers
(SSNs) are used to retrieve the records. Children's personal
identifiers are not used to retrieve records in this system of records,
so children are not subject individuals for purposes of this system of
records.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records exchanged in the gateway system include:
1. Child support case information used to populate an e-IWO, which
may include:
a. Name of state, tribe, territory, or private individual entity
issuing an e-IWO;
b. Order ID and Case ID;
c. Remittance ID;
d. Employer/income withholder name, address, federal employer
identification number (FEIN), telephone number, FAX number, email, or
website;
e. Employee/obligor's name, Social Security number (SSN), date of
birth;
f. Custodial parent's/obligee's name;
g. Child(ren)'s name(s) and date(s) of birth;
h. Income withholding amounts for current child support, past-due
child support, current cash medical support, past-due cash medical
support, current spousal support, past-due spousal support;
i. Child support state disbursement unit or tribal order payee name
and address;
j. Judge/issuing official's name, title, and signature; and
k. Employee/obligor termination date, last known telephone number,
last known address, new employer/income withholder's name and address.
2. Child support case information used to populate an e-NMSN, and
medical insurance information included in e-NMSN responses from
employers and health plan administrators, which may include:
a. Custodial parent/obligee's name and mailing address;
b. Substituted official/agency name and address (if custodial
parent/obligee's address is left blank);
c. Name, telephone number, and mailing address of representative of
child(ren);
d. Child(ren)'s name(s), gender, date of birth, and SSN;
e. Employee's name, SSN, and mailing address;
f. Plan administrator name, contact person, FAX number and
telephone number;
g. Employer and/or employer representative name, FEIN, and
telephone number;
h. Date of medical support termination, reason for termination, and
child(ren) to be terminated from medical support;
i. Medical insurance provider name, group number, policy number,
address;
j. Dental insurance provider name, group number, policy number,
address;
k. Vision insurance provider name, group number, policy number,
address;
l. Prescription drug insurance provider name, group number, policy
number, address;
m. Mental health insurance provider name, group number, policy
number, address;
n. Other insurance, specified by name, group number, policy number,
address; and
o. Plan administrator name, title, telephone number and address.
3. Child support case information used to administer the FAST Levy
program, which includes:
a. Requesting state agency name, address, and state Federal
Information Processing Standard (FIPS) code;
b. Financial institution's name and FEIN;
c. Obligor's name, SSN, and date of birth;
d. Account number of account from which to withhold funds;
e. Withholding amount; and
f. Contact name, phone number, and email for point of contact in
requesting state.
4. Child support case information used to administer the CAP
program, which includes:
a. Obligor/non-custodial parent's name and SSN;
b. Foreign authority name, FIPS locator code, and foreign
authority's child support case identifier;
c. U.S. state name and state child support agency's case number;
d. Amount and date of payment;
e. Medical support indicator; and
f. Employment termination indicator.
RECORD SOURCE CATEGORIES:
The sources of the information in the system of records include:
<bullet> State child support enforcement agencies transmitting
payment information to the CAP program for foreign authorities, and
initiating e-IWO, e-NMSN, and FAST Levy program transactions in
domestic child support cases.
<bullet> Employers or authorized third parties responding to e-IWOs
and e-NMSNs.
<bullet> Health plan administrators responding to e-NMSNs.
<bullet> Financial institutions responding to FAST Levy requests.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to the disclosures authorized directly in the Privacy
Act at 5 U.S.C. 552a(b)(1)-(b)(2) and (b)(4)-(b)(11), these routine
uses specify circumstances under which the agency may disclose
information from this system of records to a non-HHS officer or
employee without the consent of the data subject. ACF will prohibit
redisclosures, or may permit only certain redisclosures, as required or
authorized by law. Each proposed disclosure or redisclosure of
information permitted directly in the Privacy Act or under these
routine uses will be evaluated to ensure that the disclosure or
redisclosure is legally permissible.
Any information defined as ``return''' or ``return information''
under 26 U.S.C. 6103 (Internal Revenue Code) is not disclosed unless
authorized by a statute, the Internal Revenue Service (IRS), or IRS
regulations.
1. Disclosure to Financial Institution to Collect Past-Due Support.
Pursuant to 42 U.S.C. 652(l), information pertaining to an
individual owing past-due child support may be disclosed to a financial
institution doing business in two or more states to identify an
individual who maintains an account at the institution for the purpose
of collecting past-due support. Information pertaining to requests by
the state child support enforcement agencies for the placement of a
lien or levy of such accounts may also be disclosed.
2. Disclosure of Financial Institution Information to State Child
Support Enforcement Agency for Assistance in Collecting Past-Due
Support.
Pursuant to 42 U.S.C. 652(l), the results of a comparison between
information pertaining to an individual owing past-due child support
and information provided by multistate financial institutions may be
disclosed to a state child support enforcement agency for the purpose
of assisting the state agency in collecting past-due support.
Information pertaining to responses to requests by a state child
support enforcement agency for the placement of a lien or levy of such
accounts may also be disclosed.
3. Disclosure to Employer to Enforce Child Support Obligations.
Pursuant to 42 U.S.C. 666(b), information pertaining to an
individual owing current or past-due child support may be disclosed to
an employer for the purpose of collecting current or past-due support
by way of an e-IWO.
[[Page 69029]]
4. Disclosure of Employer Information to State Child Support
Enforcement Agency in Response to an e-IWO.
Information pertaining to a response by an employer to an e-IWO
issued by a state child support enforcement agency for the collection
of child support may be disclosed to the state child support
enforcement agency.
5. Disclosure to Employer and Health Plan Administrator to Enforce
Medical Support Obligations.
Pursuant to 42 U.S.C. 666(a)(19), information pertaining to
participants in a child support case may be disclosed to an employer or
a health plan administrator for the purpose of enforcing medical
support for a child by way of an e-NMSN.
6. Disclosure of Employer and Health Plan Administrator Information
to State Child Support Enforcement Agency in Response to an e-NMSN.
Information pertaining to a response by an employer or a health
plan administrator to an e-NMSN issued by a state child support
enforcement agency for the enforcement of medical support may be
disclosed to the state child support enforcement agency.
7. Disclosure to Department of Justice or in Proceedings.
Records may be disclosed to the Department of Justice (DOJ) or to a
court or other adjudicative body in litigation or other proceedings
when HHS or any of its components, or any employee of HHS acting in the
employee's official capacity, or any employee of HHS acting in the
employee's individual capacity where the DOJ or HHS has agreed to
represent the employee, or the United States Government, is a party to
the proceedings or has an interest in the proceedings and, by careful
review, HHS determines that the records are both relevant and necessary
to the proceedings.
8. Disclosure to Congressional Office.
Information may be disclosed to a congressional office from the
record of an individual in response to a written inquiry from the
congressional office made at the written request of the individual.
9. Disclosure to Contractor to Perform Duties.
Records may be disclosed to a contractor performing or working on a
contract for HHS and who has a need to have access to the information
in the performance of its duties or activities for HHS in accordance
with law and with the contract.
10. Disclosure in the Event of a Security Breach.
a. Information may be disclosed to appropriate agencies, entities,
and persons when (1) HHS suspects or has confirmed that there has been
a breach of the system of records; (2) HHS has determined that as a
result of the suspected or confirmed breach there is a risk of harm to
individuals, HHS (including its information systems, programs, and
operations), the federal government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with HHS's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
b. Information may be disclosed to another federal agency or
federal entity, when HHS determines that information from this system
of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the federal government, or national
security, resulting from a suspected or confirmed breach.
11. Disclosure to a Foreign Reciprocating Country and Foreign
Treaty Country for Child Support Purposes.
Pursuant to 42 U.S.C. 652(n), 653(a)(2), 653(c)(5) and 659a(c)(2),
child support case information involving residents of the United States
and residents of foreign treaty countries or foreign countries that are
the subject of a declaration under 42 U.S.C. 659a may be disclosed to
the foreign authority.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records are stored electronically.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by the parent's, guardians, or third-party
caretaker's name or SSN.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Upon approval of a disposition schedule by the National Archives
and Records Administration (NARA), the records will be deleted when
eligible for destruction under the schedule, if the records are no
longer needed for administrative, audit, legal, or operational
purposes. ACF anticipates requesting NARA's approval of retention
periods of approximately 90 days for the information contained in the
transmission files (i.e., long enough to confirm receipt or to resend
if necessary), up to 120 days to correct errors, up to a year to
reconcile information with external partners, and up to seven years for
the audit log records. Approved disposal methods for electronic records
and media include overwriting, degaussing, erasing, disintegration,
pulverization, burning, melting, incineration, shredding, or sanding.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The system leverages cloud service providers that maintain an
authority to operate in accordance with applicable laws, rules, and
policies, including Federal Risk and Authorization Management Program
(FedRAMP) requirements. Specific administrative, technical, and
physical controls are in place to ensure that the records collected,
maintained, and transmitted using the OCSE Data Center General Support
System are secure from unauthorized access. Access to the records
within the system is restricted to authorized personnel who are advised
of the confidentiality of the records and the civil and criminal
penalties for misuse, and who sign a nondisclosure oath to that effect.
Agency personnel are provided privacy and security training before
being granted access to the records and annually thereafter. Additional
safeguards include protecting the facilities where records are stored
or accessed with security guards, badges and cameras; limiting access
to electronic databases to authorized users based on roles and either
two-factor authentication or user ID and password (as appropriate);
using a secured operating system protected by encryption, firewalls,
and intrusion detection systems; reviewing security controls on a
periodic basis; and using secure destruction methods prescribed in NIST
SP 800-88 to dispose of eligible records. All safeguards conform to the
HHS Information Security and Privacy Program, <a href="https://www.hhs.gov/ocio/securityprivacy/index.html">https://www.hhs.gov/ocio/securityprivacy/index.html</a>.
RECORD ACCESS PROCEDURES:
To request access to a record about you in this system of records,
submit a written access request to the System Manager identified in the
``System Manager'' section of this System of Records Notice (SORN), in
accordance with the Department's Privacy Act implementation regulations
in 45 CFR. The request must reasonably describe the record sought and
must include (for contact purposes and identity verification purposes)
your full name, current address, telephone number and/or email address,
date and place of birth, and signature, and (if needed by
[[Page 69030]]
the agency) sufficient particulars contained in the records (such as,
your SSN) to enable the System Manager to distinguish between records
on subject individuals with the same name. In addition, to verify your
identity, your signature must be notarized, or the request must include
your written certification that you are the individual who you claim to
be and that you understand that the knowing and willful request for or
acquisition of a record pertaining to an individual under false
pretenses is a criminal offense subject to a fine of up to $5,000. You
may request that copies of the records be sent to you, or you may
request an appointment to review the records in person (including with
a person of your choosing, if you provide written authorization for
agency personnel to discuss the records in that person's presence). You
may also request an accounting of disclosures that have been made of
records about you, if any.
CONTESTING RECORD PROCEDURES:
To request correction of a record about you in this system of
records, submit a written amendment request to the System Manager
identified in the ``System Manager'' section of this SORN, in
accordance with the Department's Privacy Act implementation regulations
in 45 CFR. The request must contain the same information required for
an access request and include verification of your identity in the same
manner required for an access request. In addition, the request must
reasonably identify the record and specify the information contested,
the corrective action sought, and the reasons for requesting the
correction; and should include supporting information to show how the
record is inaccurate, incomplete, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
To find out if the system of records contains a record about you,
submit a written notification request to the System Manager identified
in the ``System Manager'' section of this SORN, in accordance with the
Department's Privacy Act implementation regulations in 45 CFR. The
request must identify this system of records, contain the same
information required for an access request, and include verification of
your identity in the same manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
86 FR 72245 (Dec. 21, 2021).
[FR Doc. 2022-25017 Filed 11-16-22; 8:45 am]
BILLING CODE 4184-42-P
</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>Indexed from Federal Register on November 17, 2022.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.