Federal & State Lawfederalstatelaw.com
Home/Federal/Federal Register/2022-19182
Notice2022-19182

Privacy Act of 1974; Department of Transportation, Federal Aviation Administration, DOT/FAA 811, FAA Health Information Records

Primary source

Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.

Published
September 7, 2022
Effective
October 7, 2022

Issuing agencies

Transportation Department

Abstract

In accordance with the Privacy Act of 1974, the Department of Transportation (DOT) proposes to rename, update, and reissue an existing system of records notice currently titled DOT Federal Aviation Administration (FAA) system of records DOT/FAA 811, "Employee Health Record System." This system of records notice (hereafter referred to as "Notice") previously covered FAA employees only. FAA employee occupational health care records and Health Awareness Program records are currently covered under the Office of Personnel Management (OPM)/ Government (GOVT)--10 Employee Medical File System Records SORN (80 FR 74815--November 30, 2015). The updated Notice covers the FAA's collection, use, and maintenance of non-occupational health records on federal employees, as well as FAA contractors and members of the public, such as students, interns and training and research participants, who receive emergency medical services at either the Civil Aerospace Medical Institute (CAMI) Occupational Health Clinic located at the Mike Monroney Aeronautical Center (MMAC) in Oklahoma City, OK, or the FAA Headquarters (HQ) Health Unit located in the HQ building in Washington, DC. Additionally, it covers FAA's collection of participation status (i.e., eligible, ineligible) on members of the public who engage in research and training programs at the agency. Any medical records collected in the course of these research or training programs is outside the scope of this Notice. The data collected in the system is a combination of health information and Personally Identifiable Information (PII) which is used to provide proper medical care and case management.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 172 (Wednesday, September 7, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 172 (Wednesday, September 7, 2022)]
[Notices]
[Pages 54751-54755]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-19182]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

[Docket No. OST-2022-0074]


Privacy Act of 1974; Department of Transportation, Federal 
Aviation Administration, DOT/FAA 811, FAA Health Information Records

AGENCY: Office of the Departmental Chief Information Officer, Office of 
the Secretary of Transportation, DOT.

ACTION: Notice of a modified Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation (DOT) proposes to rename, update, and reissue an 
existing system of records notice currently titled DOT Federal Aviation 
Administration (FAA) system of records DOT/FAA 811, ``Employee Health 
Record System.'' This system of records notice (hereafter referred to 
as ``Notice'') previously covered FAA employees only. FAA employee 
occupational health care records and Health Awareness Program records 
are currently covered under the Office of Personnel Management (OPM)/
Government (GOVT)--10 Employee Medical File System Records SORN (80 FR 
74815--November 30, 2015). The updated Notice covers the FAA's 
collection, use, and maintenance of non-occupational health records on 
federal employees, as well as FAA contractors and members of the 
public, such as students, interns and training and research 
participants, who receive emergency medical services at either the 
Civil Aerospace Medical Institute (CAMI) Occupational Health Clinic 
located at the Mike Monroney Aeronautical Center (MMAC) in Oklahoma 
City, OK, or the FAA Headquarters (HQ) Health Unit located in the HQ 
building in Washington, DC. Additionally, it covers FAA's collection of 
participation status (i.e., eligible, ineligible) on members of the 
public who engage in research and training programs at the agency. Any 
medical records collected in the course of these research or training 
programs is outside the scope of this Notice. The data collected in the 
system is a combination of health information and Personally 
Identifiable Information (PII) which is used to provide proper medical 
care and case management.

DATES: Written comments should be submitted on or before October 7, 
2022. The Department may publish an amended Systems of Records Notice 
in light of any comments received. This new system will be effective 
October 7, 2022.

ADDRESSES: You may submit comments, identified by docket number OST-
2022-0074 by any of the following methods:
    <bullet> Federal e-Rulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. 
Follow the instructions for submitting comments.
    <bullet> Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001.
    <bullet> Hand Delivery or Courier: West Building Ground Floor, Room 
W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday 
through Friday, except Federal Holidays.
    <bullet> Fax: (202) 493-2251. Instructions: You must include the 
agency name and docket number Docket No. OST-2022-0074. All comments 
received will be posted without change to <a href="http://www.regulations.gov">http://www.regulations.gov</a>, 
including any personal information provided.
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review the 
DOT's complete Privacy Act statement in the Federal Register published 
on January 17, 2008 (73 FR 3316-3317), or you may visit <a href="https://www.transportation.gov/privacy">https://www.transportation.gov/privacy</a>.
    Docket: For access to the docket to read background documents or 
comments received, go to <a href="http://www.regulations.gov">http://www.regulations.gov</a> or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: For questions, please contact Karyn 
Gorman, Acting Departmental Chief Privacy Officer, Privacy Office, 
Department of Transportation, Washington, DC 20590; <a href="/cdn-cgi/l/email-protection#0272706b7463617b42666d762c656d74"><span class="__cf_email__" data-cfemail="5525273c2334362c15313a217b323a23">[email&#160;protected]</span></a>; or 
202-366-3140.

SUPPLEMENTARY INFORMATION:

Notice Updates

    This Notice update includes substantive changes to system name, 
system location, system manager, purpose, categories of individuals, 
categories of records, record source categories, routine uses of 
records maintained in the system, policies and practices for retrieval 
of records, policies and practices for retention and disposal of 
records, policies and practices for storage of records, and record 
access procedures; and non-substantive changes to administrative, 
technical and physical safeguards, contesting record procedures, and 
notification procedures. Updates also include editorial changes to 
simplify and clarify language, formatting, and text of the previously 
published Notice, to align with the requirements of Office of 
Management and Budget (OMB) Memoranda A-108, and to ensure consistency 
with other Notices issued by the Department of Transportation.

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Transportation (DOT)/Federal Aviation Administration 
(FAA) proposes to modify a DOT system of records titled

[[Page 54752]]

DOT/FAA 811 ``Employee Health Record System.'' This system of records 
notice applies to non-occupational health records the FAA collects and 
maintains on federal employees, as well as FAA contractors, and members 
of the public who receive emergency medical services. This notice also 
applies to medical information concerning members of public's 
eligibility to participate in research and training programs offered by 
CAMI, and their participant status within those programs. Medical 
information that CAMI maintains on these training and research 
participants is the same medical evaluation information that it 
maintains on those who visit the health centers for non-occupational 
health reasons, except that these files also include documentation of 
the individual's participant status in the relevant research or 
training program. Any medical records collected as part of FAA's 
research is outside the scope of this Notice. The health facilities 
that provide in-person care are located at the Mike Monroney 
Aeronautical Center (MMAC), Civil Aerospace Medicine Institute (CAMI in 
Oklahoma City, OK and the FAA Headquarters (HQ), Room 328, Building 
FOB10A, in Washington, DC The facility that provides medical 
evaluations for purposes of determining eligibility for research and 
training programs is the Mike Monroney Aeronautical Center (MMAC), 
Civil Aerospace Medicine Institute (CAMI) in Oklahoma City, OK. The 
data collected on individuals is detailed below in the Categories of 
Records.
    The following substantive changes have been made to the Notice:
    1. System Name: This Notice updates the system name from DOT/FAA 
811 ``Employee Health Record System,'' to DOT/FAA 811 ``FAA Health 
Information Records System'' to describe more accurately the coverage 
of health records specifically collected, used, and maintained on 
federal employees, FAA contractors, and members of the public treated 
at one of the two FAA health facilities.
    2. System Location: This Notice updates the system locations to 
specifically identify the addresses of the two FAA health facilities. 
One is located at the FAA, Civil Aerospace Medical Institute, 
Occupational Health Clinic, Mike Monroney Aeronautical Center, 6500 S 
Macarthur Blvd., Oklahoma City, OK 73169, and the other at the FAA HQ, 
800 Independence Avenue SW, Room 328, Building FOB10A, Washington, DC 
20591. The previous Notice only mentioned the Washington location with 
no specific address, and regional and center medical facilities. The 
FAA's regional and center medical facilities only collect occupational 
health records, which are covered by the Office of Personnel Management 
(OPM)/Government (GOVT)-10 Employee Medical File System Records. 
Because these regional and center medical facilities do not collect or 
maintain non-occupational records, the references to these previous 
locations are removed from this modified Notice.
    3. System Manager: This Notice updates the system manager 
information for the two FAA health facilities and adds telephone 
numbers for each. The modified Notice removes the reference to Regional 
Flight Surgeon as it no longer applies given collection of only 
occupational health records in the regional and center medical 
facilities, which is covered by the OPM/GOVT-10 Notice.
    4. Purpose: This Notice updates the purpose section to reflect the 
documentation of emergency care provided to federal employees, FAA 
contractors, and members of the public. Additionally, there is 
documentation of participation status of members of the public to 
engage in research and training programs at the FAA. The previous 
Notice reference of documenting the nature of the complaint or physical 
examination findings, treatment rendered, and case disposition will 
remain in this Notice while the preparation of analytical and 
statistical studies and reports is removed as it no longer applies.
    5. Categories of Individuals: The previously published Notice only 
lists FAA employees as categories of individuals. However, the FAA 
health facilities provide emergency care to federal employees, as well 
as FAA contractors and members of the public, such as students, 
interns, and training and research participants. This Notice updates 
the categories of individuals to include these groups.
    6. Categories of Records: This Notice updates the categories of 
records information referenced in the previous Notice by identifying 
data elements, to include PII such as: last name, social security 
number (SSN)/patient identifier (ID), date of birth (DOB), gender, 
company (if contractor), work phone and cell phone. The previous Notice 
listed broad categories of PII and health records; therefore, to ensure 
greater transparency, these changes provide more specificity to these 
categories and data elements collected and maintained by the FAA.
    7. Records Source: This Notice updates the records source 
categories to reflect that the FAA collects data from non-FAA federal 
employees (i.e., Department of Defense and DOT personnel), FAA 
contractors and members of the public, as well as FAA health facility 
staff, federal and private sector medical practitioners and treatment 
facilities (including external providers and consultants).
    8. Routine Use: This Notice updates the routine uses to include the 
Department of Transportation's general routine uses applicable to this 
Notice as they were previously only incorporated by reference. The 
Office of Management and Budget (OMB) Memorandum A-108 recommends that 
agencies include all routine uses in one notice rather than 
incorporating general routine uses by reference; therefore, the 
Department is replacing the statement in DOT/FAA 811 that referenced 
the ``Statement of General Routine Uses'' with all of the general 
routine uses that apply to this system of records. Additionally, there 
are new system specific routine uses being added to this Notice. Each 
new external sharing of medical information is compatible with the 
purpose of providing the best care to those individuals needing it at 
the respective FAA facilities. The CAMI Health Clinic, specifically, 
expects to receive accreditation regarding its quality of care and will 
share information on appropriate patient records with assessors for 
this purpose. Specific portions of patient records will be shared with 
appropriate external providers to ensure their continuity of care. 
Patient consent to share their information cannot always be obtained in 
a timely manner, especially if incapacitated, so it is necessary to 
authorize sharing with external providers as needed. And, finally, in 
the interest of public health, any information related to communicable 
diseases at FAA facilities will be shared with relevant federal, state 
and local health authorities. Only personal information specific to the 
sharing will be exchanged with external sources. The new routine uses 
are as follows:
    a. To external medical professionals and independent entities, any 
patient records required to support their reviews for purposes of 
determining medical quality assurance and safety of FAA health 
facilities.
    b. To private or other government health care providers, portions 
of patient records required for consultation, referral, and continuity 
of care or medical contingency support.
    c. To disclose information to a Federal, state, or local agency to 
the extent necessary to comply with laws governing reporting of 
communicable diseases.

[[Page 54753]]

    d. To disclose to a requesting agency, organization, or individual 
minimal personal and health information concerning those individuals 
who are reasonably believed to have contracted an illness or been 
exposed to or suffered from a health hazard while visiting FAA 
facilities.
    9. Records Storage: This Notice updates the policies and practices 
for the storage of records to reflect that records previously 
referenced in the Notice as stored in security files and containers, 
and in computer databases, are now also stored in micrographic, 
photographic, as well as medical recordings, such as electrocardiograph 
tapes, x-rays and strip charts.
    10. Records Retrieval: This Notice updates the policies and 
practices for the retrieval of records to reflect that individual 
medical history records are retrieved by name, patient ID and date of 
birth.
    11. Retention and Disposal: This Notice updates the policies and 
practices for retention and disposal of records section to add the 
following schedules: National Archives and Records Administration 
(NARA) General Records Schedule (GRS) 2.7, ``Employee Health and Safety 
Records,'' Item 070, ``Non-occupational Individual medical case 
files,'' which requires records to be destroyed 10 years after the most 
recent encounter. In addition, the previous Notice stipulated that 
federal employee health records would be destroyed six years after last 
entry; this requirement is removed from this modified Notice because 
the records are now maintained for ten years as referenced above. NARA, 
NCI-237-77-7, ``Environmental Health Record,'' Item 6, Medical Records 
for non-FAA employees which are destroyed five years after treatment 
date.
    12. Records Access: This Notice updates the record access 
procedures to reflect that signatures on signed requests for records 
must either be notarized or accompanied by a statement made under 
penalty of perjury in compliance with 28 U.S.C. 1746. The FAA has 
determined that the sensitivity of the health information maintained in 
this system of records warrants this additional identity requirement.
    The following non-substantive changes to the administrative, 
technical, and physical safeguards, contesting records procedures, and 
notification procedures have been made to improve the transparency and 
readability of the Notice:
    13. Administrative, Technical and Physical Safeguards: This Notice 
updates the administrative, technical and physical safeguards to align 
with the requirements of OMB Memoranda A-108 and for consistency with 
other DOT/FAA SORNs.
    14. Contesting Records: This Notice updates the procedures for 
contesting records to refer the reader to the record access procedures 
section rather than the ``System Manager.''
    15. Notifications: This Notice updates the notification procedures 
to refer the reader to the record access procedures section rather than 
the ``System Manager.''

II. Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records Notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information). In accordance with 5 U.S.C. 552a(r), DOT has provided a 
report of this system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    DOT/FAA 811, ``FAA Health Information Records System.''

SECURITY CLASSIFICATION:
    Unclassified, sensitive.

SYSTEM LOCATION:
    1. Federal Aviation Administration, Mike Monroney Aeronautical 
Center, Civil Aerospace Medical Institute, Occupational Health Clinic, 
6500 S. MacArthur Blvd., Building 13, Oklahoma City, OK 73169.
    2. Federal Aviation Administration, 800 Independence Avenue SW, 
Room 328, Building FOB10A, Washington, DC 20591.

SYSTEM MANAGER(S):
    1. CAMI Occupational Health Clinic: AAM-700 CAMI Clinic Manager, 
Federal Aviation Administration, Mike Monroney Aeronautical Center, 
6500 S. MacArthur Blvd., Building 13, Oklahoma City, OK 73169; (405) 
954-3711.
    2. DC Health Unit: AAM-200 Medical Specialties Division Manager, 
Federal Aviation Administration, 800 Independence Avenue SW, Room 328, 
Building FOB10A, Washington, DC 20591; (202) 267-3535.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 7901.

PURPOSE(S) OF THE SYSTEM:
    Records in this system of records are maintained for a variety of 
purposes, which include the following: Document the health facility 
visit(s) and/or emergency care provided, the nature of complaint, 
physical examination findings, treatment rendered, and case 
disposition. Medical evaluation records and participation status are 
maintained about members of the public to determine their eligibility 
to participate in research or training programs at the FAA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include federal employees, FAA 
contractors, and members of the public.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Information maintained includes records of emergency care visits by 
individuals at one of the FAA health facility locations, as well as 
participation status to determine eligibility for engagement in 
training and research programs at the FAA. Categories of records could 
include healthcare records such as medical history, vaccination 
information, full lists of medications and allergies, chronic medical 
problems and surgical history, medical examinations, laboratory and 
radiology information, hearing tests and spirometry tests for non-
occupational reasons, as well as treatment plans, and participation 
status for engagement in research and training programs. PII elements 
include: full name, SSN/patient ID, date of birth, address, gender, 
company (if contractor), work phone, and cell phone.

RECORD SOURCE CATEGORIES:
    Information contained in this system comes from a variety of 
sources to include the individuals to whom the records pertain, FAA 
health facility staff, federal and private sector medical practitioners 
and treatment facilities (including external providers and 
consultants).

[[Page 54754]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to other disclosures, generally permitted under 5 
U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOT as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    System Specific Routine Use
    1. To external medical professionals and independent entities, any 
patient records required to support their reviews for purposes of 
determining medical quality assurance and safety of FAA health 
facilities.
    2. To private or other government health care providers, portions 
of patient records required for consultation, referral, and continuity 
of care or mission medical contingency support.
    3. To disclose information to a Federal, state, or local agency to 
the extent necessary to comply with laws governing reporting of 
communicable diseases.
    4. To disclose to a requesting agency, organization, or individual 
minimal personal and health information concerning those individuals 
who are reasonably believed to have contracted an illness or been 
exposed to or suffered from a health hazard while visiting FAA 
facilities.
    Departmental Routine Uses
    5. In the event that a system of records maintained by DOT to carry 
out its functions indicates a violation or potential violation of law, 
whether civil, criminal or regulatory in nature, and whether arising by 
general statute or particular program pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether Federal, State, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    6. A record from this system of records may be disclosed, as a 
routine use, to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to a DOT decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    7. A record from this system of records may be disclosed, as a 
routine use, to a Federal agency, in response to its request, in 
connection with the hiring or retention of an employee, the issuance of 
a security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    8a. Routine Use for Disclosure for Use in Litigation. It shall be a 
routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when (a) DOT, or any agency thereof, or (b) Any employee of 
DOT or any agency thereof, in his/her official capacity, or (c) Any 
employee of DOT or any agency thereof, in his/her individual capacity, 
where the Department of Justice has agreed to represent the employee, 
or (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case, DOT determines that 
disclosure of the records in the litigation is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    8b. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when (a) DOT, or any 
agency thereof, or (b) Any employee of DOT or any agency thereof in 
his/her official capacity, or (c) Any employee of DOT or any agency 
thereof in his/her individual capacity where DOT has agreed to 
represent the employee, or (d) The United States or any agency thereof, 
where DOT determines that the proceeding is likely to affect the United 
States, is a party to the proceeding or has an interest in such 
proceeding, and DOT determines that use of such records is relevant and 
necessary in the proceeding provided, however that in each case, DOT 
determines that disclosure of the records in the proceeding is a use of 
the information contained in the records that is compatible with the 
purpose for which the records were collected.
    9. The information contained in this system of records will be 
disclosed to the Office of Management and Budget, OMB, in connection 
with the review of private relief legislation as set forth in OMB 
Circular No. A-19 at any stage of the legislative coordination and 
clearance process as set forth in that Circular.
    10. Disclosure may be made to a Congressional office from the 
record of an individual in response to an inquiry from the 
Congressional office made at the request of that individual. In such 
cases, however, the Congressional office does not have greater rights 
to records than the individual. Thus, the disclosure may be withheld 
from delivery to the individual where the file contains investigative 
or actual information or other materials, which are being used, or are 
expected to be used, to support prosecution or fines against the 
individual for violations of a statute, or of regulations of the 
Department based on statutory authority. No such limitations apply to 
records requested for Congressional oversight or legislative purposes; 
release is authorized under 49 CFR 10.35(9).
    11. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    12. DOT may make available to another agency or instrumentality of 
any government jurisdiction, including State and local governments, 
listings of names from any system of records in DOT for use in law 
enforcement activities, either civil or criminal, or to expose 
fraudulent claims, regardless of the stated purpose for the collection 
of the information in the system of records. These enforcement 
activities are generally referred to as matching programs because two 
lists of names are checked for match using automated assistance. This 
routine use is advisory in nature and does not offer unrestricted 
access to systems of records for such law enforcement and related 
antifraud activities. Each request will be considered on the basis of 
its purpose, merits, cost effectiveness and alternatives using 
Instructions on reporting computer matching programs to the Office of 
Management and Budget, OMB, Congress, and the public, published by the 
Director, OMB, dated September 20, 1989.
    13. It shall be a routine use of the information in any DOT system 
of records to provide to the Attorney General of the United States, or 
his/her designee, information indicating that a person meets any of the 
disqualifications for receipt, possession, shipment, or transport of a 
firearm

[[Page 54755]]

under the Brady Handgun Violence Prevention Act. In case of a dispute 
concerning the validity of the information provided by DOT to the 
Attorney General, or his/her designee, it shall be a routine use of the 
information in any DOT system of records to make any disclosures of 
such information to the National Background Information Check System, 
established by the Brady Handgun Violence Prevention Act, as may be 
necessary to resolve such dispute.
    14a. To appropriate agencies, entities, and persons when (1) DOT 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOT has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOT (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DOT's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    14b. To another Federal agency or Federal entity, when DOT 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    15. DOT may disclose records from this system, as a routine use, to 
the Office of Government Information Services for the purpose of (a) 
resolving disputes between FOIA requesters and Federal agencies and (b) 
reviewing agencies' policies, procedures, and compliance in order to 
recommend policy changes to Congress and the President.
    16. DOT may disclose records from this system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    17. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1) of the Privacy Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in multiple formats, including paper, digital, 
micrographic, photographic, as well as medical recordings, such as 
electrocardiograph tapes, x-rays and strip charts.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name, SSN, patient ID and/or date of 
birth.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Emergency medical care related health records and participation 
status for engagement in research and training programs are maintained 
according to the following schedule: GRS 2.7 ``Employee Health and 
Safety Records,'' Item 070, ``Non-occupational Individual medical case 
files,'' which requires records to be destroyed 10 years after the most 
recent encounter. Medical records for non-FAA employees visiting the 
clinic to receive first aid or emergency treatment are maintained 
according to NARA, NCI-237-77-7 and destroyed five years after 
treatment date.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DOT automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to records in this system is limited to those 
individuals who have a need to know the information for the performance 
of their official duties and who have appropriate clearances or 
permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking notification of whether this system of records 
contains information about them may contact the System Manager at the 
address provided in the section ``System Manager.'' When seeking 
records about yourself from this system of records or any other 
Departmental system of records your request must conform to the Privacy 
Act regulations set forth in 49 CFR part 10. You must sign your request 
and your signature must either be notarized or submitted under 28 
U.S.C. 1746, a law that permits statements to be made under penalty of 
perjury as a substitute for notarization. If your request is seeking 
records pertaining to another living individual, you must include a 
statement from that individual certifying his/her agreement for you to 
access his/her records.

CONTESTING RECORD PROCEDURES:
    See ``Record Access Procedures.''

NOTIFICATION PROCEDURE:
    See ``Record Access Procedures.''

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

HISTORY:
    A full notice of this system of records, DOT/FAA 811 Employee 
Health Record System, was published in the Federal Register on April 
11, 2000 (65 FR 19519).

    Issued in Washington, DC.
Karyn Gorman,
Acting Departmental Chief Privacy Officer.
[FR Doc. 2022-19182 Filed 9-6-22; 8:45 am]
BILLING CODE P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>
View on FederalRegister.gov →Plain-text source
Indexed from Federal Register on September 7, 2022.

This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.