Privacy Act of 1974; Systems of Records

Issuing agencies

Abstract

Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Federal Bureau of Prisons (hereinafter the Bureau or FBOP), a component within the United States Department of Justice (DOJ or Department), proposes to modify a system of records notice titled, "Inmate Physical and Mental Health Record System," JUSTICE/BOP-007, last modified on May 25, 2017, in order to consolidate previously published modifications of the system of records into one document to promote transparency. The modifications also incorporate OMB guidance, technological advancements, and changes to four (4) routine uses.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 114 (Wednesday, June 12, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 114 (Wednesday, June 12, 2024)]
[Notices]
[Pages 49906-49909]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-12221]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 003-2024]


Privacy Act of 1974; Systems of Records

AGENCY: Federal Bureau of Prisons, United States Department of Justice.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management 
and Budget (OMB) Circular No. A-108, notice is hereby given that the 
Federal Bureau of Prisons (hereinafter the Bureau or FBOP), a component 
within the United States Department of Justice (DOJ or Department), 
proposes to modify a system of records notice titled, ``Inmate Physical 
and Mental Health Record System,'' JUSTICE/BOP-007, last modified on 
May 25, 2017, in order to consolidate previously published 
modifications of the system of records into one document to promote 
transparency. The modifications also incorporate OMB guidance, 
technological advancements, and changes to four (4) routine uses.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
applicable upon publication, subject to a 30-day period in which to 
comment on the routine uses, described below. Therefore, please submit 
any comments by July 12, 2024.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments: by mail to the United States Department of Justice, Office of 
Privacy and Civil Liberties, ATTN: Privacy Analyst, Two Constitution 
Square (2CON), 145 N Street NE, Suite 8W.300, Washington, DC 20002; by 
facsimile at 202-307-0693; or by email at <a href="/cdn-cgi/l/email-protection#0676746f7067657f2865696b766a6f6768656346737562696c28616970"><span class="__cf_email__" data-cfemail="5727253e2136342e7934383a273b3e3639343217222433383d79303821">[email&#160;protected]</span></a>. 
To ensure proper handling, please reference the above CPCLO Order No. 
on your correspondence.

FOR FURTHER INFORMATION CONTACT: Eugene Baime, Supervisory Attorney, 
Freedom of Information Act and Privacy Act Section, Office of General 
Counsel, Federal Bureau of Prisons, 320 First Street NW, Suite 924A, 
Washington, DC 20534, <a href="/cdn-cgi/l/email-protection#0f4d405f2240484c224a4940464e225c4f4d405f21484059"><span class="__cf_email__" data-cfemail="2e6c617e0361696d036b6861676f037d6e6c617e00696178">[email&#160;protected]</span></a>, 202-616-7750.

SUPPLEMENTARY INFORMATION: FBOP is modifying this system of records to 
consolidate earlier modifications of the system of records into one 
document to promote transparency. For a detailed list of previously 
published modifications, please review the ``History'' section below. 
Additionally, modifications to the system of records have been made to 
incorporate OMB guidance, technological advancements, and the 
modification of four (4) routine uses. Pursuant to OMB Circular No. A-
108, various sections were rearranged, and various section titles were 
edited.
    FBOP also has changed the ``System Location'' section by adding to 
the list of locations where records may be maintained contractor-
operated correctional facilities, National Archive Centers, secure 
cloud computing environments, and contracted storage facilities. FBOP 
has updated the Addresses section to reflect administrative changes. 
FBOP has made a slight change to the Purpose(s) of the System to add 
the Attorney General as one of the parties that this system assists. 
FBOP has updated the ``Categories of Individuals Covered by the 
System'' to clarify that it includes those individuals under custody 
for criminal and civil commitments. FBOP has updated the ``Categories 
of Records'' in the system to include additional identifying 
particulars and information regarding specific health conditions.
    FBOP has added modified routine uses that: allow medical health 
care professionals to access former inmates' medical records for 
continuity of care purposes, and eliminating the requirement the 
records only be provided for pre-existing condition (see RU b); include 
specific mention of the United States Probation Office (see RU c); 
permit Members of Congress to request and receive records at the 
bequest of the authorized next-of-kin for inmates who are mentally or 
physically incapacitated (see RU g); and account for authorized 
disclosures related to Coronavirus-19 (SARS-CoV-2) and other unknown 
infectious diseases (see

[[Page 49907]]

RU j). Additionally, previously published routine uses on breach 
procedures have been consolidated here to make them easier to find.
    FBOP also has made a slight change in the ``Policies and Practices 
for Storage of Records'' section by adding a federally-authorized 
secure cloud as a location where files may be stored. FBOP has updated 
the ``Policies and Practices for Retrieval of Records'' section to 
include additional identifying particulars. FBOP had made an update to 
the ``Administrative, Technical, and Physical Safeguards'' section to 
clarify that access to data is facilitated via strong authentication 
and data is segregated to limit staff's ability to update data absent 
authorization.
    FBOP has updated the ``Record Access Procedures,'' ``Contesting 
Record Procedures,'' and ``Notification Procedures'' to include more 
detail on how one may access, contest, or receive notifications about 
records. Specifically, the ``Records Access Procedures'' section 
recognizes updated methods of record access for authorized next-of-kin, 
former inmates, and attorneys representing current and former inmates 
in criminal or civil matters.
    FBOP continues to assert the same Privacy Act exemptions as 
previously published in the Federal Register. See 28 CFR 16.97(a) and 
(n).
    In accordance with 5 U.S.C. 552a(r), the Department has provided a 
report to OMB and Congress on this notice of a modified system of 
records.

    Dated: May 28, 2024.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States 
Department of Justice.
JUSTICE/BOP-007

SYSTEM NAME AND NUMBER:
    Inmate Physical and Mental Health Record System, JUSTICE/BOP-007

SYSTEM LOCATION:
    Records may be retained at any Department of Justice authorized 
location, including the Central Office of FBOP, its Regional Offices, 
and any correctional facilities operated by FBOP or its contractors, 
and FBOP's National Archive Centers. A list of Bureau system locations 
may be found at 28 CFR part 503 and on the internet at <a href="https://www.bop.gov">https://www.bop.gov</a>. Records within this system of records may be transferred 
to a Department-authorized cloud service provider, in which records 
would be limited to locations within the United States.

SYSTEM MANAGER(S):
    Assistant Director, Health Services Division, Federal Bureau of 
Prisons; 320 First Street NW, Washington, DC 20534.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system is established and maintained under the authority of 18 
U.S.C. 3621, 4014, 4042, 4082, 4241 et seq., 5003, and section 11201 of 
chapter 1 of subtitle C of title XI of the National Capital 
Revitalization and Self- Government Improvement Act of 1997.

PURPOSE(S) OF THE SYSTEM:
    This system assists the Attorney General and the Bureau in 
providing appropriate health care to persons in the custody of the 
Bureau. It provides for the maintenance and release of records 
concerning the medical, mental, and dental health of persons in the 
Bureau's custody.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals currently or formerly under the custody of the Attorney 
General and/or the Director of the Bureau, including those individuals 
under custody for criminal and civil commitments.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system include: (1) identification data, including 
name, inmate register number, date of birth, Social Security number, 
FBI number, alien registration number, system-generated identification 
number, miscellaneous identification numbers, drug testing data and DNA 
samples and analysis; (2) medical and dental history and examinations 
(past and present), including diagnosis and treatment notes, records, 
and pharmaceutical information; (3) medical information concerning 
deaths of inmates; (4) offense information, including Pre-Sentence 
Reports; (5) designations of inmates from parent facilities to medical 
facilities, including date and type of referral; (6) pre-certifications 
authorizing inmates to receive care at local medical facilities, 
including authorized and actual length of stay, and all associated cost 
information; (7) mental health and drug abuse information, including 
interview summaries or reports with health care professionals, testing 
data, and progress or observation notes, generated and maintained by 
Bureau staff; (8) mental health and drug abuse information generated 
outside the Bureau by other corrections agencies and health care 
providers such as surgical clinics, mental hospitals, private 
therapists, etc.; (9) urine surveillance reports of drug program 
participants; (10) automated data, including Electronic Signatures, 
Sensitive Medical Data (SMD), Medical Duty Status (MDS), and Diagnosis 
Group (DGN); and (11) information concerning individuals with a 
specific health condition or status such as cancer, diabetes, 
infectious/communicable disease(s), HIV, Coronavirus-19, Tuberculosis, 
immunizations, suicidal behavior, or disabilities.

RECORD SOURCE CATEGORIES:
    Records are generated by: (1) individuals currently or formerly 
under Bureau custody; (2) Bureau staff; (3) community health care 
providers, including individuals, hospitals, and/or other professionals 
involved in the medical, mental, and dental care of inmates and/or 
former inmates; and (4) other Federal and/or State, local or Tribal 
agencies, including those preparing or providing information on Pre-
Sentence Reports.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Relevant data from this system will be disclosed as follows:
    (a) To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to providing 
appropriate health care to persons in the custody of the Bureau;
    (b) To community health care professionals, including physicians, 
psychiatrists, psychologists, and State and Federal medical facility 
personnel who are providing treatment to former Federal inmates for 
continuity of care purposes;
    (c) To Federal, State, local, foreign and international law 
enforcement agencies and officials, including the United States 
Probation Office, for law enforcement purposes such as investigations, 
possible criminal prosecutions, civil court actions, or regulatory 
proceedings;
    (d) To a court or adjudicative body before which the Department of 
Justice or the Bureau is authorized to appear when any of the following 
is a party to litigation or has an interest in litigation and such 
records are determined by the Bureau to be arguably relevant to the 
litigation: (1) the Bureau, or any subdivision thereof, or (2) any 
Department or Bureau employee in his or her official capacity, or (3) 
any Department or Bureau employee in his or her individual capacity 
where the

[[Page 49908]]

Department has agreed to provide representation for the employee, or 
(4) the United States, where the Bureau determines that the litigation 
is likely to affect it or any of its subdivisions;
    (e) In an appropriate proceeding before a court or administrative 
or regulatory body when records are determined by the Department to be 
arguably relevant to the proceeding, including Federal, State, and 
local licensing agencies or associations which require information 
concerning the suitability or eligibility of an individual for a 
license or permit;
    (f) To the news media and the public pursuant to 28 CFR 50.2, 
unless it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy;
    (g) To a Member of Congress or staff acting upon the Member's 
behalf when the Member or staff requests the information on behalf of 
and at the request of the individual who is the subject of the record 
or the individual's authorized next-of-kin if the individual is 
mentally or physically incapacitated;
    (h) To the National Archives and Records Administration and General 
Services Administration in records management inspections conducted 
under the authority of 44 U.S.C. 2904 and 2906;
    (i) To any person or entity to the extent necessary to prevent 
immediate loss of life or serious bodily injury; and
    (j) For information relating to infectious diseases, as follows: 
(1) To State health departments and/or the Center for Disease Control, 
pursuant to State and/or Federal laws requiring notice of cases of 
reportable infectious diseases or immunization status regarding certain 
infectious diseases; (2) To the United States Probation Office in the 
district where an inmate is being released from Bureau custody on 
parole, placement in a community-based program, furlough, or full-term 
release, when the inmate is known to be HIV positive, under treatment 
for exposure to or active Tuberculosis (TB), tested positive for the 
Coronavirus-19, and is required to be quarantined with local, State, or 
Federal guidance, or immunization status regarding certain infectious 
diseases required by law; (3) To the Director of a Residential Reentry 
Center (halfway house) receiving an inmate from Bureau custody when the 
inmate is known to be HIV positive, under treatment for exposure to or 
active TB, tested positive for the Coronavirus-19 and is required to be 
quarantined with local, State, or Federal guidance, or immunization 
status regarding certain infectious diseases required by law; (4) To 
the physician/provider of a Bureau or non-Bureau staff, or other person 
exposed to a blood-borne pathogen while lawfully present in a Bureau 
facility, for the purpose of providing prophylaxis or other treatment 
and counseling;
    (k) The Department may disclose relevant and necessary information 
to a former employee of the Department for purposes of: responding to 
an official inquiry by a Federal, State, or local government entity or 
professional licensing authority, in accordance with applicable 
Department regulations; or facilitating communications with a former 
employee that may be necessary for personnel-related or other official 
purposes where the Department requires information and/or consultation 
assistance from the former employee regarding a matter within that 
person's former area of responsibility;
    (l) To appropriate agencies, entities, and persons when: (1) the 
Department suspects or has confirmed that there has been a breach of 
the system of records; (2) the Department has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, the Department (including its information systems, 
programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm; and
    (m) To another Federal agency or Federal entity, when the 
Department determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach, or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Information maintained in the system is stored in electronic media 
in Bureau facilities via a configuration of personal computer, client/
server, and mainframe systems, and/or federally-authorized cloud 
architecture and may be accessed by only those staff with a need-to-
know at all Bureau and contractor facilities. Some information may be 
stored on computerized media, e.g., hard disk, magnetic tape, digital 
recordings, and/or Compact or Digital Video Discs (CD/DVDs). 
Documentary (paper) records are maintained in manual file folders.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by identifying data of the persons covered by 
this system, including name, inmate register number, FBI number, Social 
Security number, alien registration number, system-generated 
identification number, or miscellaneous identification number. Records 
are also retrievable by institution, date, or type of incident (e.g., 
inmate misconduct investigation).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained for a period of thirty (30) 
years after the expiration of the sentence. Records of an unsentenced 
inmate are retained for a period of thirty (30) years after the 
inmate's release from confinement. Documentary records are destroyed by 
shredding; computer records are destroyed by degaussing and/or 
shredding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information is safeguarded in accordance with Federal IT security 
requirements and Bureau rules and policy governing automated 
information systems security, including physical security and access 
controls. These safeguards include the maintenance of records and 
technical equipment in restricted areas, the use of encryption to 
protect data, and the required use of strong user authentication to 
access the system. Only those authorized personnel who require access 
to perform their official duties may access the system equipment and 
the information in the system. The data is also segregated and 
encrypted, and staff's ability to update inmate data is restricted 
absent authorization. Documentary records are maintained in secure 
areas in locked fireproof cabinets in guarded buildings and accessed 
only by authorized personnel.

RECORD ACCESS PROCEDURES:
    The Attorney General has exempted this system of records from the 
notification, access, amendment, and contest procedures of the Privacy 
Act. These exemptions apply only to the extent that the information in 
this system is subject to exemption pursuant to 5 U.S.C. 552a(j). Where 
compliance would not appear to interfere with or adversely affect the 
purposes of the system, or the overall law enforcement/intelligence 
process, the applicable

[[Page 49909]]

exemption (in whole or in part) may be waived by the BOP in its sole 
discretion.
    All requests for records may be made by writing to the Director, 
Federal Bureau of Prisons, 320 First Street NW, Washington, DC 20534, 
and should be clearly marked ``Privacy Act Request.'' In addition, the 
requester must provide a notarized statement or an unsworn declaration 
made in accordance with 28 U.S.C. 1746, in the following format: If 
executed outside the United States: ``I declare (or certify, verify, or 
state) under penalty of perjury under the laws of the United States of 
America that the foregoing is true and correct. Executed on [date]. 
[Signature].'' If executed within the United States, its territories, 
possessions, or commonwealths: ``I declare (or certify, verify, or 
state) under penalty of perjury that the foregoing is true and correct. 
Executed on [date]. [Signature].''
    While no specific form is required, requesters may obtain a form 
(Form DOJ-361) for use in certification of identity, available at 
<a href="https://www.justice.gov/oip/page/file/1280011/download">https://www.justice.gov/oip/page/file/1280011/download</a>. In the initial 
request, the requester may also include any other identifying data that 
the requester may wish to furnish to assist the BOP in making a 
reasonable search. The request should include a return address for use 
by the BOP in responding; requesters are also encouraged to include a 
telephone number to facilitate BOP contacts related to processing the 
request. A determination of whether a record may be accessed will be 
made after a request is received.
    The authorized next-of-kin must provide legal support of his/her 
status. A statement may be substituted if it is notarized or sworn 
under penalty of perjury. To obtain records for former inmates, the 
medical professional's statement must be notarized or sworn under 
penalty of perjury. To obtain records for current inmates, a notation 
in the inmate's medical records from the treating medical professional 
stating the inmate is mentally incapable of making decision on his/her 
own behalf is required.
    Former inmates' requesting their own records must include the 
former inmate's full name, current address, date and place of birth. 
The signature on the request must be notarized or sworn under penalty 
of perjury. A DOJ-Form 361 may be used to satisfy the signature 
requirements.
    Attorneys' requests for medical records of their clients in civil 
or criminal matters must include the current or former inmate's full 
name, current address, date and place of birth. The inmate's written 
authorization to provide the medical records to an attorney must be 
notarized or sworn under penalty of perjury. A DOJ-Form 361 may be used 
to satisfy the authorization requirements. An attorney may complete and 
sign the DOJ-361 or submit a statement either notarized or sworn under 
penalty of perjury on behalf of the inmate if: (1) the attorney submits 
a statement either notarized or sworn under penalty of perjury s/he 
represents the inmate; and (2) The attorney proffers the medical 
records are necessary to adequately represent his/her client.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records maintained in this 
system of records must direct their requests to the address indicated 
in the ``RECORD ACCESS PROCEDURES'' section, above. All requests to 
contest or amend records must be in writing and the envelope and letter 
should be clearly marked ``Privacy Act Amendment Request.'' All 
requests must state clearly and concisely what record is being 
contested, the reasons for contesting it, and the proposed amendment to 
the record. Some information may be exempt from the amendment 
provisions as described in the ``EXEMPTIONS PROMULGATED FOR THE 
SYSTEM'' section below. An individual who is the subject of a record in 
this system of records may contest or amend those records that are not 
exempt. A determination of whether a record is exempt from the 
amendment provisions will be made after a request is received.
    More information regarding the Department's procedures for amending 
or contesting records in accordance with the Privacy Act can be found 
at 28 CFR 16.46, ``Requests for Amendment or Correction of Records.''

NOTIFICATION PROCEDURES:
    Individuals may be notified if a record in this system of records 
pertains to them when the individuals request information utilizing the 
same procedures as those identified in the ``RECORD ACCESS PROCEDURES'' 
section, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Attorney General has exempted this system from subsections 
(c)(3) and (4), (d), (e)(1), (e)(2), (e)(3), (e)(4) (H), (e)(5), 
(e)(8); (f); and (g) of the Privacy Act pursuant to 5 U.S.C. 552a(j). 
See 28 CFR 16.97(a) and (n). Rules have been promulgated in accordance 
with the requirements of 5 U.S.C., 553(b), (c) and (e), and have been 
published in the Federal Register.

HISTORY:
    67 FR 11712 (March 15, 2002): Last published in full;
    72 FR 3410 (January 25, 2007): Added routine use;
    82 FR 24147 (May 25, 2017): Rescinded 72 FR 3410 and added routine 
uses.

[FR Doc. 2024-12221 Filed 6-11-24; 8:45 am]
BILLING CODE 4410-36-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>