AGENCY:

Court Services and Offender Supervision Agency.

ACTION:

Notice of a new system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, Court Services and Offender Supervision Agency (hereafter “CSOSA” or “Agency”) is issuing a public notice of its intent to create the Court Services and Offender Supervision Agency Privacy Act system of records, “Personal Health and Religious Information.” This system of records maintains personal health and religious information collected in response to reasonable accommodation requests for disability (or medical) or religious exception; a public health emergency or similar health and safety incident, such as a pandemic, epidemic, or man-made emergency; and/or any other lawful collection of health-related information or data that is necessary to ensure a safe and healthy environment for individuals who are occupying CSOSA facilities, attending CSOSA-sponsored events, or otherwise engaged in official business on behalf of the Agency, including but not limited to Executive Order 12564, Drug Free Federal Workplace (Sept. 15, 1986), Occupational Safety and Health Administration (OSHA) compliance, Office of Workers' Compensation Programs (OWCP) claims, leave administration, disability retirement, medically-related decisions such as fitness-for-duty decisions, and health and wellness programs. The system of records will assist the Agency in the collection, storing, dissemination, and disposal of personal health and religious information collected and maintained by the Agency.

DATES:

This new system will be effective upon publication. New or modified routine uses will be effective February 10, 2022. Submit comments on or before February 10, 2022.

ADDRESSES:

You may send comments by any of the following methods:

• Federal eRulemaking Portal: https://www.regulations.gov. Follow the instructions for sending comments.

• Email: sheila.stokes@csosa.gov.

• U.S. Mail or Hand-Delivery: Office of General Counsel, 800 North Capitol Street NW, Suite 702, Washington, DC 20001.

Instructions: All submissions received must include the agency name. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Sheila Stokes, Senior Agency Official for Privacy, 800 North Capitol Street NW, 7th Floor, Washington, DC 20002, sheila.stokes@csosa.gov or phone number (202) 220-5797.

SUPPLEMENTARY INFORMATION:

I. Background

CSOSA maintains the “Personal Health and Religious Information” system of records. CSOSA is committed to providing all staff (political appointees, employees, detailees, contractors, consultants, interns, applicants, and volunteers), visitors, and occupants of its facilities with a safe and healthy environment. To ensure and maintain the safety of all occupants during standard operations and public health emergencies or similar health and safety incidents, such as a pandemic, epidemic, or man-made emergency, CSOSA may develop and institute additional safety measures that Start Printed Page 1406 require the collection of personal health information. CSOSA is also committed to providing reasonable accommodation for disability (medical) to qualified CSOSA and Pretrial Services Agency (PSA) staff and applicants and religious exceptions to qualified CSOSA staff and applicants pursuant to Section 501 of the Rehabilitation Act of 1973, as amended and Title VII of the Civil Rights Act of 1964, unless doing so would cause undue hardship. CSOSA is also committed to complying with Executive 14043, Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (Sept. 9, 2021), which requires Federal agencies to collect staff health information related to the Coronavirus 2019 (hereafter “COVID-19). CSOSA may develop and institute additional measures that require the collection of personal health information.

CSOSA will collect reasonable accommodation requests for disability (or medical) for CSOSA and the PSA staff (including political appointees, employees, applicants, detailees, contractors, consultants, interns, and volunteers) and religious exceptions for CSOSA staff (including political appointees, employees, detailees, contractors, consultants, interns, applicants, and volunteers).^[1] In response to public health emergencies, such as a pandemic or epidemic, CSOSA may collect health related information (including but not limited to vaccination status and proof of vaccination status) for CSOSA staff (including political appointees, employees, detailees, contractors, consultants, interns, applicants, and volunteers) necessary to ensure a safe and healthy environment.

CSOSA is also committed to complying with the law, rules, and regulations associated with collecting personal health information related to (including but not limited to) Executive Order 12564, Drug Free Federal Workplace (Sept. 15, 1986), Occupational Safety and Health Administration (OSHA) compliance, Office of Workers' Compensation Programs (OWCP) claims, leave administration, disability retirement, medically-related decisions such as fitness-for-duty decisions, and health and wellness programs.

Information will be collected, maintained, and disclosed in accordance with applicable law, regulations, and statutes, including, but not limited to, the Privacy Act of 1974, the Rehabilitation Act of 1973, the Genetic Information Nondiscrimination Act of 2008, Title VII of the Civil Rights Act of 1964, the Executive Order 14043, Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (Sept. 9, 2021) and regulations and guidance published by the U.S. Occupational Safety and Health Administration, the U.S. Equal Employment Opportunity Commission, the U.S. Department of Labor, and the U.S. Centers for Disease Control and Prevention, the Office of Management and Budget, Safer Federal Workforce Taskforce, or other relevant entities. This newly established system will be included in the CSOSA inventory of record systems.

II. Privacy Act

The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to records about individuals that are maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of CSOSA by complying with Privacy Act regulations at 43 CFR part 2, subpart K, and following the procedures outlined in the Records Access, Contesting Record, and Notification Procedures sections of this notice.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the existence and character of each system of records that the agency maintains and the routine uses of each system. The “Personal Health and Religious Information” system of records notice is published in its entirety below. In accordance with 5 U.S.C. 552a(r), CSOSA has provided a report of this system of records to the Office of Management and Budget and to Congress.

III. Public Participation

You should be aware your entire comment including your personally identifiable information, such as your address, phone number, email address, or any other personal information in your comment, may be made publicly available at any time. While you may request to withhold your personally identifiable information from public review, we cannot guarantee we will be able to do so.

SYSTEM NAME:

CSOSA, Personal Health and Religious Information.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

This system is maintained by the Court Services and Offender Supervisor Agency at 800 North Capitol Street NW, 7th Floor, Washington, DC 20002.

SYSTEM MANAGER(S) AND ADDRESS:

The system manager is the Office of Information Technology located at 800 North Capitol Street, 6th Floor NW, Washington, DC 20002.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The authority to collect this information derives from section 501 of the Rehabilitation Act of 1973, as amended. The substantive standards of the Americans with Disabilities Act of 1990, as amended (42 U.S.C. 12101 et seq. ) apply to the Federal Government through the Rehabilitation Act. (29 U.S.C. 791 et seq. ). Additional authority is derived from title VII of the Civil Rights Act of 1964. Additional authority is derived from 5 U.S.C. chapters 11 and 79, and in discharging the functions directed under Executive Order 14043, Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (Sept. 9, 2021), we are authorized to collect this information. The authority for the system of records notice (SORN) associated with this collection of information, also includes 5 U.S.C. chapters 33 and 63 and Executive Order 12196, Occupational Safety and Health Program for Federal Employees (Feb. 26, 1980). U.S.C. chapters 11 and 79, and in discharging the functions directed under Executive Order 14043, Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (Sept. 9, 2021), Reg. 74815 (Nov. 30, 2015); 5 U.S.C. chapters 33 and 63; Executive Order 12196, Occupational Safety and Health Program for Federal Employees (Feb. 26, 1980).

PURPOSE(S) OF THE SYSTEM:

The primary purpose of the system is to collect, maintain, use, and disseminate personal health and religious information collected by the Agency. Records in this system of records are maintained for a variety of purposes, which include the following: Start Printed Page 1407

(a) To ensure that records required to be retained on a long-term basis to meet the mandates of law, Executive Order, or regulations ( e.g., the Department of Labor's Occupational Safety and Health Administration (OSHA) and OWCP regulations), are so maintained;

(b) To comply with the Rehabilitation Action of 1973, as amended and Title VII of the Civil Rights Act of 1964 in processing reasonable accommodation requests based on disability (medical) or religious exception;

(c) To comply with Executive Order 14043, Requiring Coronavirus Disease 2019 Vaccination for Federal Employees (Sept. 9, 2021), and applicable implementation guidance to determine the appropriate health and safety protocols for employees related to the COVID-19;

(d) To comply with Executive Order 12564, Drug Free Federal Workplace (Sept. 15, 1986), and applicable guidance to ensure the proper and accurate operation of the agency's employee drug testing program.

(e) To comply with the Occupational Safety and Health Administration (OSHA) laws, rules, regulations, and associated requirements related to employee's reporting of on-the-job injuries and/or unhealthy or unsafe working conditions, including the reporting of such conditions to OSHA and actions taken by that agency and to provide a method for evaluating quality of health care rendered and job-health-protection including engineering protection provided, protective equipment worn, workplace monitoring, and medical exam monitoring required by OSHA or by good practice.

(f) To comply with the law, rules, regulations, and associated requirements related to claims filed the U.S. Department of Labor's Office of Workers' Compensation Programs (OWCP);

(g) To comply with the laws, rules, regulations, and associated requirements related to disability retirement claims, leave administration (including but not limited to sick leave, extended sick leave, the Voluntary Annual Leave Program, Family Medical Leave Act (FMLA), or COVID-related leave), and/or to ensure that all relevant, necessary, accurate, and timely data are available to support any medically-related employment decisions affecting the subject of the records ( e.g., in connection with fitness-for-duty and disability retirement decisions).

(h) To enable evaluation of the effectiveness of employee health and wellness programs.

The system enables CSOSA to electronically log, track, and manage personal health and religious information.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered include but are not limited to CSOSA and PSA political appointees, employees, detailees, contractors, consultants, interns, applicants, and volunteers, or any family member, health professional, or other person making a request as a representative of the same.

CATEGORIES OF RECORDS IN THE SYSTEM:

The personal health and information records may contain some or all of the following records: Reasonable accommodation requests, including medical records, notes, religious affiliation, or records made during consideration of requests, and decisions on requests. These records may contain general personal data, including but not limited to the political appointee's, employee's, detailee's, contractor's, consultant's, intern's, applicant's, and volunteer's name, date of birth, social security number, religion, maiden name, place of birth, financial information, alias, home address, medical information, gender, telephone number, military service, age, email address, physical characteristics, race/ethnicity, and/or education. These records may also contain work-related data, including but not limited to occupation, telephone number, salary, job title, email address, work history, work address, business associates, and/or program office to which the employee is assigned. Additional records maintained in this system may include:

a. Medical records, forms, and reports completed or obtained when an individual applies for a Federal job and is subsequently employed;

b. Medical records, forms, and reports completed during employment as a condition of employment, either by the employing agency or by another agency, State or local government entity, or a private sector entity under contract to the employing agency;

c. Records pertaining and resulting from the testing of the employee for use of illegal drugs under Executive Order 12564. Such records may be retained by the agency ( e.g., by the agency Medical Review Official) or by a contractor laboratory. This includes records of negative results, confirmed or unconfirmed positive test results, and documents related to the reasons for testing or other aspects of test results.

d. Reports of on-the-job injuries and medical records, forms, and reports generated as a result of the filing of a claim for Workers' Compensation, whether the claim is accepted or not. (The official OWCP claim file is not covered by this system; rather, it is part of the Department of Labor's Office of Workers' Compensation Program (OWCP) system of records.)

e. All other medical records, forms, and reports created on an employee during his/her period of employment, including any retained on a temporary basis ( e.g., those designated to be retained only during the period of service with a given agency) and those designated for long-term retention ( i.e., those retained for the entire duration of Federal service and for some period of time after).

f. Records resulting from participation in agency-sponsored health promotion and wellness activities, including health risk appraisals, biometric testing, health coaching, disease management, behavioral management, preventive services, fitness programs, and any other activities that could be considered part of a comprehensive worksite health and wellness program.

RECORD SOURCE CATEGORIES:

Records in this system are obtained directly from the political appointee, employee, detailee, contractor, consultant, intern, applicant, and volunteer, or any family member, health professional, or other person making such a request as a representative of the same; therefore, the accuracy is ensured by collecting the information from the source who may be required to certify under penalty of perjury that the information is true and accurate to the best of their knowledge.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside CSOSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To Members of Congress or their staff on behalf of and at the request of the individuals who is the subject of the record or at the request of or on behalf of their constituents.

B. To another Federal agency or a party in litigation before a court or in an administrative proceeding being conducted by a Federal agency, when the Government is a party to the judicial or administrative proceeding, and such information is the subject of a court order directing disclosure or deemed by CSOSA to be relevant and necessary to the litigation. Start Printed Page 1408

C. At the initiative of CSOSA, to a law enforcement agency under the control of the United States for investigation or prosecution where a record indicates a violation or suspected violation of law.

D. By the National Archives and Records Administration (NARA) in records management and inspections under the authority of 44 U.S.C. 2904 and 2906.

E. To disclose information to the Department of Justice or in a proceeding before a court, adjudicative body, or other administrative body before which CSOSA is authorized to appear when:

(1) CSOSA, or any component thereof; or

(2) Any employee of CSOSA in his or her official capacity; or

(3) Any employee of CSOSA in his or her individual capacity where the Department of Justice or CSOSA has agreed to represent the employee; or

(4) Any employee of CSOSA in his or her individual capacity where CSOSA has agreed to represent the employee; or

(5) The United States, where the CSOSA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or CSOSA is deemed by CSOSA to be relevant and necessary to the litigation.

F. To disclose information to officials of the Merit Systems Protection Board or the Office of the Special Counsel, when requested in connection with appeals, special studies of the civil service and other merit systems, review of OPM rules and regulations, investigations of alleged or possible prohibited personnel practices, and such other functions as promulgated in 5 U.S.C. 1205 and 1206, or as may be authorized by law.

G. To disclose information to the U.S. Equal Employment Opportunity Commission when requested in connection with investigations into alleged or possible discrimination practices in the Federal sector, examination of Federal affirmative employment programs, compliance by Federal agencies with the Uniform Guidelines of Employee Selection Procedures, or other functions vested in the Commission.

H. To disclose information to the Federal Labor Relations Authority or its General Counsel when requested in connection with investigations of allegations of unfair labor practices of matters before the Federal Service Impasses Panel.

I. To disclose information to the Office of Management and Budget at any stage of the legislative coordination and clearance process in connection with private relief legislation as set forth in OMB circular No. A-19.

J. To authorized contractors, vendors, grantees, or volunteers performing or working on a contract, service, grant, cooperative agreement, or job for CSOSA or the Federal government that is in the performance of a Federal duty to which the information is deemed relevant.

K. To disclose to a requesting Federal agency, information in connection with the hiring, retention, separation, or retirement of an employee; the issuance of a security clearance; the reporting of an investigation of an employee; the letting of a contract; the classification of a job; or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that CSOSA determines that the information is relevant and necessary to the requesting party's decision on the matter.

L. To an appeal, grievance, hearing, or complaints examiner; an equal opportunity investigator, arbitrator, or mediator; and an exclusive representative or other person authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of the record.

M. For Data Breach and Mitigation Response to provide information to appropriate agencies, entities, and persons when;

(1) CSOSA suspects or has confirmed that there has been a breach of the system of records; (2) CSOSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, CSOSA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with CSOSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

N. To provide information to another Federal agency or Federal entity, when CSOSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

None.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system of records are stored electronically or on paper in secure facilities. Electronic records are stored on CSOSA's secure network or cloud-based software using the Federal Risk and Authorization Management Program (FedRAMP) approved platform.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information covered by this system of records notice may be retrieved by the name of the individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

a. Medical Qualification and Eligibility Determination Records. Temporary. Destroy immediately after final determination has been issued. This disposition instruction is mandatory; deviations are not allowed.

b. Occupational Individual Medical Case Files. Temporary: Destroy 30 Years after employee separation or when the Official Personnel Folder is destroyed, whichever is longer.

c. Non-Occupational Individual Medical Case Files. Temporary: Destroy 10 Years after the most recent encounter, but longer retention is authorized if needed for business use.

d. Employees Drug Test Plans, Procedures and Scheduling Records. Temporary. Destroy when 3 years old or when superseded or obsolete.

e. Employees Drug Test Results. (Positive). Temporary. Destroy when the employee leaves the agency or when 3 years old, whichever is longer.

f. Employees Drug Test Results. (Negative). Temporary. Destroy when 3 years old.

g. Workers Compensation Records. Temporary: Destroy 3 years after compensation ceases or when deadline for filing a claim has passed.

h. Non-Occupational Health and Wellness Program Records. Temporary: Destroy 3 Years after the project/activity/or transaction is completed or superseded, but longer retention is authorized if needed for business use.

i. Reasonable Accommodation Case Files. Temporary. Destroy 3 years after employee separation from the agency or all appeals are concluded whichever is later, but longer retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use Start Printed Page 1409 through administrative, technical, and physical security measures. Technical security safeguards within CSOSA include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many CSOSA network components; use of encryption for certain data types and transfers; firewalls and intrusion detection applications; and regular review of security procedures and best practices to enhance security. Physical safeguards include restrictions on building access to authorized individuals, security guard service, and maintenance of records in lockable offices and filing cabinets. Describe the administrative, technical, and physical safeguards, e.g., locked cabinets, locked rooms, passwords, audit trail, electronic data encryption, security, privacy and record management training that are in place to ensure the records are not accessed, used or disclosed in an unauthorized manner.

RECORD ACCESS PROCEDURES:

Individuals requesting access to their individual records should send a signed, written inquiry to the System Manager identified above.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of records about themselves contained in this system of records should follow the Notification Procedure below.

NOTIFICATION PROCEDURES:

Individuals requesting notification of the existence of records on themselves or requesting access to their individual records must send a signed, written inquiry to Sheila Stokes, Senior Agency Official for Privacy, 800 North Capitol Street NW, 7th Floor, Washington, DC 20002, sheila.stokes@csosa.gov or phone number (202) 220-5797. The request envelope (or subject line) and letter should both be clearly marked “PRIVACY ACT INQUIRY.” A request for notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.

Footnotes