System name: Minority/Disadvantaged Health Professions Programs, HHS/HRSA/ BHPr.

Security classification: None.

System location:

• Division of Disadvantaged Assistance, Bureau of Health Professions, Health Resources and Services Administration, Room 8A-09, Parklawn Building, 5600 Fishers Lane, Rockville, Maryland 20857.

Categories of individuals covered by the system: Institutional grantees, student and faculty participants in the Health Careers Opportunity Program, and Centers of Excellence Program.

Categories of records in the system: Name of the institutional grantee, grant number, type of grantee institution, budget information, project dates, amount of grant award, program participants by name, date of birth, social security number, race ethnicity and gender, current educational pathway or practice status of participants, outcomes of program participation for participants, and programmatic results for the grantee.

Authority for maintenance of the system: The Programs are authorized by Title VII, sections 739 Center of Excellence and 740 Educational Assistance Regarding Undergraduates of the Public Health Service Act, as amended by Pub. L. 102-408.

Purpose(s):

1. To maintain information relative to the activities and participants of programs conducted by institutions and organizations awarded grants under this program.
2. To monitor grantees’ performance outcomes and progress in meeting stated objectives.
3. To track individual student program participants in order to evaluate program effectiveness and outcomes.
4. To compile and generate statistical reports.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

1. Disclosure may be made to a congressional office from the record of an individual participant or institutional grantee, in response to an inquiry from the congressional office made at the request of the student or the institution.
2. Disclosure may be made to the Department of Justice, or to a court or other tribunal, from this system of records, when (a) HHS, or any component thereof; or (b) any HHS employee in his or her official capacity; or (c) any HHS employee in his or her individual capacity where the Department of Justice (or HHS, where it is authorized to do so) has agreed to represent the employee; or (d) the United States or any agency thereof, where HHS determines that the litigation is likely to affect HHS or any of its components, is a party to litigation or has an interest in such litigation, and HHS determines that the use of such records by the Department of Justice, the court or other tribunal is relevant and necessary to the litigation and would help in the effective representation of the governmental party, provided, however, that in such case HHS determines that such disclosure is compatible with the purpose for which the records were collected.
3. HRSA may disclose records to Department contractors and subcontractors for the purposes of conducting data analysis for program evaluations, compiling managerial and statistical reports, and record systems processing and refinement.
4. In the event that a system of records maintained by this agency to carry out its functions indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, the
   relevant records in the system of records may be referred to the appropriate agency, whether Federal, State or local, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute or rule, regulation or order issued pursuant thereto.

Policies and practices for storing, retrieving, accessing, retaining and disposing of records in the system:

• Storage: Records are maintained in file folders, on computer hard drives and/or disk packs.
• Retrievability: Retrieval will be by grantee name or by grant number or programs’ participant name and/or social security number.
• Safeguards:
  
  
  1. Assign Responsibility for Security: Assign responsibility for security to a management official knowledgeable in the nature of the information and process supported by the application and in the management, personnel, operational, and technical controls used to protect it.
  2. Develop Application Security Plan: Plan for the adequate security of the application, taking into account the security of all systems in which the application will operate. Application security plans shall address application rules, training on use of the system, personnel security, contingency planning, technical controls, information sharing, public access controls.
  3. Review Application Controls: Perform an independent review or audit of the security control in the application at least every 3 years.
  4. Authorize Processing: Ensure that a management official authorizes in writing use of the application by confirming that its security plan as implemented adequately secures the application. The application must be authorized prior to operating and reauthorized at least every 3 years thereafter. Management authorization implies accepting the risk of each system used by the application.
  5. Implementation Guidelines: DHHS Chapter 45-13 and supplementary Chapter PHS.H:45-l3 of the General Administration Manual; the DHHS Automated Information Systems Security Program Handbook; and Appendix III to 0MB Circular No. A-130.

Retention and disposal: Records will be retained for 6 years after the grant is closed, and then destroyed.

System manager(s) and address:

• Director, Division of Disadvantaged Assistance, Bureau of Health Professions, Health Resources and Services Administration, Parklawn Building, Room 8A-09, 5600 Fishers Lane, Rockville, MD 20857.

Notification procedure: Requests must be made to the System Manager.

Requests in person: An individual who appears at the site where records are stored seeking access to or disclosure of records relating to him/her shall provide his/her name, current address, and at least one piece of identification such as driver’s license, passport, voter registration card, or union card. Identification with a current photograph is preferred but not required. Additional identification may be requested when there is a request for access to records which contain an apparent discrepancy between information contained in the records and that provided by the individual requesting access to the records. No verification of identity shall be required where the record is one which is required to be disclosed under the Freedom of Information Act.

Requests by mail: Requests for information and/or access to records received by mail must contain information providing the identity of the writer and a reasonable description of the record desired. Written requests must contain the name and address of the requester, his/her date of birth and at least one piece of information which is also contained in the subject record, and his/ her signature for comparison purposes.

Requests by telephone: Since positive identification of the caller cannot be established, telephone requests are not honored.

Record access procedures: Same as notification procedures. Requesters should also reasonably specify the record contents being sought. Individuals may also request an accounting of disclosure that may have been made of their records, if any.

Contesting record procedure: Contact the System Manager at the address specified above and reasonably identify the record, specify the information being contested, and state the corrective action and the reason(s) for requesting the correction, along with supporting justification to show how the record is inaccurate, incomplete, untimely, or irrelevant.

Record source categories: Institutions and organizations awarded grants.

Systems exempted from certain provisions of the act: None.