National Transportation Safety Board (NTSB).
Notice of a new System of Records.
The NTSB is notifying the public about a new Privacy Act System of Records for its Medical Investigation Catalog System (MEDICS). MEDICS includes electronically held personally identifiable health information about individuals involved in transportation accidents and incidents that the NTSB investigates.
Comments are due by October 25, 2018. Unless the NTSB determines that comments warrant a revision to the routine uses, new routine uses will be applicable October 25, 2018.
You may send written comments, identified by docket number NTSB-CIO-2017-0005, using any of the following methods:
1. Federal eRulemaking Portal: Go to http://www.regulations.gov and follow the instructions for sending your comments electronically.
2. Mail: Mail comments concerning this notice to Melba D. Moye, CIO-40, National Transportation Safety Board, 490 L'Enfant Plaza SW, Washington, DC 20594-2000.
3. Fax: (202) 558-4290, Attention: Melba D. Moye.
4. Hand Delivery: 6th Floor, National Transportation Safety Board, CIO-40, 490 L'Enfant Plaza SW, Washington, DC, between 9 a.m. and 4:30 p.m., Monday through Friday, except Federal holidays.
Instructions: All comments received must contain the agency name and docket number for this System of Records. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Melba D. Moye, Office of Chief Information Officer, Records Management Division, (202) 314-6551.
End Further Info
Start Supplemental Information
The NTSB first published a System of Records Notice for MEDICS on May 19, 2017. 82 FR 23075. The NTSB received and incorporated input from the Office of Management and Budget (OMB), and it is now re-publishing the SORN.
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the NTSB notes that the descriptions below reference the Chief of the NTSB's Records Management Division. Individuals may request access to or amendment of records pertaining to themselves by contacting the Chief of the NTSB's Records Management Division, or the Chief's designee.
SYSTEM NAME AND NUMBER:
Medical Investigation Catalog System (MEDICS) NTSB-33.
National Transportation Safety Board, Office of Chief Information Officer, 490 L'Enfant Plaza SW, Washington, DC 20594.
Chief Medical Officer(s), Office of Research and Engineering, National Transportation Safety Board, 490 L'Enfant Plaza SW, Washington, DC 20594, (202) 314-6031.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
49 U.S.C. chapter 11 and 49 CFR parts 802 and 831.
PURPOSE(S) OF THE SYSTEM:
The purpose of MEDICS is to securely receive and store investigative health information records. The NTSB is an independent federal agency responsible for determining the probable cause of transportation accidents or incidents, conducting transportation safety research, promoting transportation safety, and assisting victims of transportation accidents and their families. In support of the agency's statutory mandate, NTSB investigators, medical officers, and staff review health information records to (1) determine the facts or circumstances of an accident or incident; (2) determine the probable cause of an accident or incident; (3) evaluate human performance or survival factors issues arising during an accident or incident investigation; (4) provide victim and family assistance following an accident or incident; (5) carry out special studies and investigations about transportation safety (including avoiding personal injury); and/or (6) examine techniques and methods of accident or incident investigation, and publish recommended procedures for accident or incident investigations.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
MEDICS records contain personally identifiable information (PII), which may include health information as defined below, of individuals such as operators, crewmembers, occupants, and bystanders involved in transportation accidents or incidents investigated or studied by the NTSB, as well as related PII of individuals responsible for providing their medical care.
CATEGORIES OF RECORDS IN THE SYSTEM:
MEDICS contains electronically recorded PII, including health information, which means any information that—
(A) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, health care clearinghouse, or federal, state, or local agency; and
(B) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; and/or the past, present, or future payment for the provision of health care to an individual.
MEDICS may also contain electronically recorded health information, as described by paragraph B above, from individuals, families, or other entities, whether created or received by or from one of the entities described in paragraph A above, and Start Printed Page 48460from accident sites and wreckage. For the NTSB's purposes, health information includes any record of medical conditions or care, for example, notes from a health care provider; medical certification documentation such as Federal Aviation Administration blue ribbon files and commercial driver's license long forms; results of any drug or toxicology tests; radiology images; autopsy reports; laboratory reports; prehospital patient care reports; ambulance run sheets or patient care reports; pharmacy records; billing and insurance information; results from a search of a prescription monitoring program; and any other official record related to an individual's health or health care.
RECORD SOURCE CATEGORIES:
Health information is obtained from health care providers, insurers, employers, individuals, family members of accident victims, and the accident site and wreckage. The NTSB may also obtain health information from other federal, state, or local agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS, AND THE PURPOSES OF SUCH USES:
In addition to the disclosures permitted under the Privacy Act, 5 U.S.C. 552a(b), the NTSB is establishing twelve routine uses under which the NTSB may disclose records contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected.
1. Records may be disclosed to a participant in an NTSB investigation, appointed pursuant to 49 CFR 831.11 to provide suitable technical expertise and assist in establishing the facts and circumstances of an accident. Participants may include representatives from operators or manufacturers involved in accidents or incidents, as well as representatives from federal, state, and local agencies. Participation is governed by 49 CFR part 831, and section 831.13 prohibits participants from further disseminating the information.
2. Records may be disclosed to other medical consultants or contractors not named under routine use number 1, as appropriate to enable consultation related to an NTSB investigation.
3. Records may be disclosed to a foreign government agency acting as an accredited representative to an NTSB investigation pursuant to Annex 13 of the International Convention on Civil Aviation, and any technical advisor assisting the accredited representative.
4. Records may be disclosed to a foreign government agency when the NTSB is acting as an accredited representative to the foreign government agency's investigation pursuant to Annex 13 of the International Convention on Civil Aviation.
5. Records may be disclosed to the public in a docket or report for an accident investigation, or in a safety study report. The NTSB is required to inform the public of the facts, circumstances, and probable cause of accidents, and to publish findings in safety studies and reports. 49 U.S.C. 1116, 1131(e). The NTSB will disclose a record or part of a record in a public docket or report only if (1) the subject of the record's actions or decision making may have contributed to an accident or may be related to a safety hazard; (2) disclosure is reasonably necessary to support a finding, conclusion, and/or probable cause determination, or safety recommendation; and (3) the NTSB determines that the public's and the NTSB's interest in disclosure outweighs the individual's privacy interest.
6. When information indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, records may be disclosed to the appropriate agency, whether federal, foreign, state, local, or tribal, or other public authority responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto, if the information disclosed is relevant to any enforcement, regulatory, investigative or prosecutory responsibility of the receiving entity. This routine use allows for disclosures other than those provided by the Privacy Act exemption for law enforcement activities, 5 U.S.C. 552a(b)(7). The law enforcement exemption requires the head of the agency requesting disclosure to make a written request specifying the records requested and the relevant law enforcement activity. The NTSB must be able to disclose a record relevant to a potential violation of law without a request from the agency to whom records are disclosed because the NTSB may be the first to discover the potential violation of law, and the NTSB must be able to confer with other agencies about whether it will relinquish investigative priority pursuant to 49 U.S.C. 1131(a)(2).
7. Records may be disclosed to a federal, foreign, state, local, or tribal agency that (1) performs safety related functions; (2) is not a participant to an NTSB investigation as described in routine use number 1; and (3) is not conducting an investigation, enforcement action, or prosecution as described in routine use number 6, if the NTSB determines that disclosure would enable the receiving agency to take corrective action or address a safety risk.
8. Records may be disclosed to an agency or organization that regulates, oversees, licenses, or accredits healthcare providers or organizations if the NTSB determines that a provider's conduct or decision-making may warrant corrective action or creates a safety risk.
9. Records may be disclosed to the Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before which the NTSB is authorized to appear, when (1) the NTSB, or any component thereof; (2) any employee of the NTSB in his or her official capacity; (3) any employee of the NTSB in his or her individual capacity whom the Department of Justice or the NTSB has agreed to represent; or (4) the United States is a party to litigation or has an interest in such litigation, and the NTSB determines that the records are both relevant and necessary to the litigation and the use of such records is deemed by the NTSB to be for a purpose that is compatible with the purpose for which the records were collected.
10. Records may be disclosed to the National Archives and Records Administration or General Services Administration for records management inspections conducted under 44 U.S.C. 2904, 2906.
11. Records may be disclosed to appropriate agencies, entities, and persons when (1) the NTSB suspects or has confirmed that there has been a breach of the system of records; (2) the NTSB has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the NTSB (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the NTSB's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
12. Records may be disclosed to another Federal agency or Federal entity, when the NTSB determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) Start Printed Page 48461responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
MEDICS records are primarily maintained electronically in a database. Some paper records may also be kept, and their location will be identified in the database. Paper records whose location is identified in MEDICS will be secured in a locked file cabinet, a secure office, or both, and will be searchable only by NTSB accident investigation number, not by PII. Paper records that are uploaded to MEDICS are destroyed. The database may be accessed from NTSB approved computers. In the future, the database may become accessible from any computer that provides for an authorized user's authentication.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Once an authorized user accesses MEDICS with his or her user ID and password, the MEDICS system is searchable by NTSB accident or incident number, accident city, accident state, accident country, and an individual's name, age, and date of birth.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
MEDICS records that are disclosed in the NTSB's public docket pursuant to routine use number 5 will be retained permanently. All other MEDICS records will be destroyed one year after the conclusion of the investigation or safety study to which the record relates, unless required to be retained under another record retention statute, regulation or court order.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
NTSB headquarters is guarded and monitored by security personnel, cameras, a Physical Access Control System (PACS), and other physical security measures. The computerized records contained within MEDICS are maintained in a secure, password-protected, encrypted computer system. Access to and use of these records are limited to NTSB employees and contractors whose official duties require such access. NTSB personnel may access the records only when access is relevant to (1) determining the facts or circumstances of an accident or incident; (2) determining the probable cause of an accident or incident; (3) evaluating human performance or survival factors issues arising during an accident or incident investigation; (4) providing victim and family assistance following an accident or incident; (5) carrying out special studies and investigations about transportation safety (including avoiding personal injury); and/or (6) examining techniques and methods of accident or incident investigation, and periodically publishing recommended procedures for accident or incident investigations. Electronic records are protected from unauthorized access through password identification procedures, limited access, firewalls and other system-based protection methods. This system conforms to all applicable Federal laws and regulations, as well as NTSB policies and standards, as they relate to information security and data privacy. Access is limited by user roles. Participants to an investigation may access only the records relevant to that accident, while NTSB Medical Officers will have access to all records. MEDICS will identify the location of paper records, which will be stored in a locked cabinet, a secured office, or both.
RECORD ACCESS PROCEDURE:
Individuals wishing to access information about themselves in this system of records may contact the Chief, Records Management Division, National Transportation Safety Board, 490 L'Enfant Plaza SW, Washington, DC 20594. Individuals must comply with NTSB regulations regarding the Privacy Act, 49 CFR part 802, and must furnish the following information for their records to be located and identified:
1. Full name(s).
2. Date of birth.
3. If known, the date and location of the accident, incident, or occurrence, or the NTSB investigation identifier(s) for the investigation(s) in which the NTSB created or obtained the record.
CONTESTING RECORD PROCEDURE:
Individuals wishing to amend their records should contact the agency office identified in the Record Access Procedure section and furnish such identifying information described in that section to identify the records to be amended. Individuals seeking amendment of their records must also follow the agency's Privacy Act regulations, 49 CFR part 802. Where the requested amendment implicates information provided by a third-party source, the agency will refer the individual to the source from which the agency obtained the information. The NTSB is not authorized to amend records from non-agency sources. Additionally, the NTSB is not authorized to direct a non-agency source to change or alter records. Because medical practitioners may provide differing but equally valid medical judgments and opinions when making medical evaluations of an individual's health status, review of requests from individuals seeking amendment of their medical records, beyond administrative correction such as association of a medical record with an incorrect individual, may be limited to consideration of including the differing opinion in the record rather than attempting to determine whether the original opinion is accurate.
Individuals wishing to inquire about whether this system of records contains information about them may contact the agency office listed in the Record Access Procedure section, and provide the identifying information described in that section.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
82 FR 23075.
End Supplemental Information
Dated: September 20, 2018.
Robert L. Sumwalt, III,
[FR Doc. 2018-20821 Filed 9-24-18; 8:45 am]
BILLING CODE 7533-01-P