2019-21412. Privacy Act of 1974; Department of Transportation (DOT), Federal Motor Carrier Safety Administration (FMCSA) DOT/FMCSA 009-National Registry of Certified Medical Examiners (National Registry) System of Records  

  • Start Preamble

    AGENCY:

    Office of the Departmental Chief Information Officer, Office of the Secretary of Transportation, DOT.

    ACTION:

    Notice of a Modified System of Records.

    SUMMARY:

    In accordance with the Privacy Act of 1974, the Department of Transportation proposes to update and reissue a current Department of Transportation's system of records titled, “Department of Transportation Federal Motor Carrier Safety Administration 009—National Registry of Certified Medical Examiners System of Records.” This system of records allows the Department of Transportation/Federal Motor Carrier Safety Administration to collect and maintain records on Medical Examiners registering on the National Registry website and applying for Federal Motor Carrier Safety Administration Medical Examiner certification, certified Medical Examiner designated administrative assistants and authorized representatives who have registered on the National Registry to perform reporting functions on behalf of a certified Medical Examiner, and commercial motor vehicle drivers examined by Federal Motor Carrier Safety Administration certified Medical Examiners listed on the National Registry. The categories of records collected and maintained in this system include several pieces of personally identifiable information as detailed in the “Categories of Records in the System” section of this system of records notice. The information for the record subjects is collected and used as part of the process of establishing and maintaining a current national registry of Medical Examiners that are certified by FMCSA to perform medical examinations of interstate commercial motor vehicle drivers and issue Medical Examiner's Certificates as outlined in the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA-LU). The specifics regarding the information collected and how the Agency uses the information is more thoroughly detailed below and in the associated Privacy Impact Assessment on DOT's website at https://www.transportation.gov/​privacy.

    In addition to non-substantive changes to simplify the formatting and text of the previously published notice, we are revising this notice to reflect the following changes resulting from publication of the Medical Examiner's Certification Integration final rule (80 FR 22790) and the Process for Department of Veterans Affairs (VA) Physicians to be Added to the National Registry of Certified Medical Examiners final rule (83 FR 26846). These changes include inclusion of additional information in the categories of records to address information collected using the CMV Driver Medical Examination Results Form, MCSA-5850 (2126-0006), addition of the Fixing America's Surface Transportation (FAST) Act, Public Law 114-94, as an authority for the system, addition of one new routine use for the sharing of CMV driver information to State Driver's Licensing Agencies, deletion of four routine uses duplicative of Department-wide general routine uses, and reduction in the retention disposition for records maintained in this system.

    This updated system will be included in the Department of Transportation's inventory of record systems.

    DATES:

    Written comments should be submitted on or before November 4, 2019. The Department may publish an amended SORN in light of any comments received. This new system will be effective November 4, 2019.

    ADDRESSES:

    You may submit comments, identified by docket number DOT-OST-2019-0138 by any of the following methods:

    • Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
    • Mail: Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor, Room W12-140, Washington, DC 20590-0001.
    • Hand Delivery or Courier: West Building Ground Floor, Room W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal Holidays.
    • Fax: (202) 493-2251.

    Instructions: You must include the agency name and docket number DOT-OST-2019-0138. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

    Privacy Act: Anyone is able to search the electronic form of all comments received in any of our dockets by the name of the individual submitting the comment (or signing the comment, if Start Printed Page 53222submitted on behalf of an association, business, labor union, etc.). You may review DOT's complete Privacy Act statement in the Federal Register published on April 11, 2000 (65 FR 19477-78), or you may visit http://DocketsInfo.dot.gov.

    Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov or to the street address listed above. Follow the online instructions for accessing the docket.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    For general questions please contact: Charles A. Horan III, Director, Office of Carrier, Driver, and Vehicle Safety Standards, Federal Motor Carrier Safety Administration, Department of Transportation, Washington, DC 20590, 202.366.2362, charles.horan@dot.gov.

    For privacy issues please contact: Claire W. Barrett, Departmental Chief Privacy Officer, Privacy Office, Department of Transportation, Washington, DC 20590; privacy@dot.gov; or 202.527.3284.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Department of Transportation (DOT)/Federal Motor Carrier Safety Administration (FMCSA) proposes to update and reissue a current DOT system of records titled, “Department of Transportation Federal Motor Carrier Safety Administration DOT/FMCSA 009—National Registry of Certified Medical Examiners (National Registry) System of Records.” This system of records is being updated as a result of changes to and use of the records collected through the publication of the Medical Examiner's Certification Integration final rule (80 FR 22790). This system of records collects information under the Paperwork Reduction Act using the commercial motor vehicle (CMV) Driver Medical Examination Results Form, MCSA-5850 (electronic), Office of Management and Budget (OMB) Control No. 2126-0006, under the information collection titled “Medical Qualification Requirements.”

    FMCSA developed the National Registry to improve highway safety and driver health by focusing on Medical Examiner (ME) performance through requiring MEs to be trained and certified to determine effectively whether a CMV driver's health meets the Federal Motor Carrier Safety Regulations (FMCSRs). The MEs must demonstrate an understanding of the physical qualifications standards in the FMCSRs and how they relate to the medical demands of operating a CMV and how to apply those standards in a uniform and consistent manner when making the determination whether an individual driver meets the standards.

    To be listed as a certified ME on the National Registry, an ME must be licensed, certified, or registered to perform medical examinations in accordance with applicable State laws and regulations, register on the National Registry website, successfully complete required training on FMCSA's physical qualification standards and guidelines, and pass a certification test. Once certified, MEs are listed on FMCSA's National Registry website where their contact information and national registry number is made available to assist CMV drivers in locating and contacting FMCSA certified MEs.

    All interstate CMV drivers are required to obtain their Medical Examiner's Certificates (MECs) from a certified ME listed on the National Registry. Therefore, once certified, MEs perform medical examinations on interstate CMV drivers who are required to receive a medical examination at least once every two years. Certified MEs and their designated Medical Examiner Administrative Assistants (MEAAs) transmit driver medical examination results to FMCSA via the CMV Driver Medical Examination Results Form, MCS. A-5850 (2126-0006), once a month, view previously submitted CMV driver medical examination results, and edit the ME's contact information. Other authorized representatives designated by the certified ME are only able to simultaneously upload (bulk upload) multiple CMV Driver Medical Examination Results from their medical system to the National Registry. FMCSA uses the CMV driver medical examination results (MEC information) to monitor ME competence and performance in evaluating the CMV driver health and fitness and to detect irregularities in examination procedures.

    As part of the Medical Examiner's Certification Integration final rule, beginning June 22, 2018, the FMCSA certified ME or his or her designated MEAA will be required to transmit to FMCSA, through the National Registry, by midnight (local time) of the next calendar day following the exam, the results of all CMV driver medical examinations that they have performed in accordance with the FMCSRs, via the CMV Driver Medical Examination Results Form, MCSA-5850. In addition, certified MEs will be allowed to transmit to FMCSA, through the National Registry, the results of all CMV driver medical examinations that they have performed in accordance with the FMCSRs with any applicable State variances, via the CMV Driver Medical Examination Results Form, MCSA-5850. As a result of these added collections, the driver's address, optional email address, and results of examinations performed in accordance with the FMCSRs with any applicable State variances, have been added to the CMV Driver Medical Examination Results Form, MCSA-5850. For commercial driver's license (CDL) holders, FMCSA will electronically transmit MEC information from the National Registry to the State Driver's Licensing Agencies (SDLAs) for examinations conducted in accordance with the FMCSRs as well as those in accordance with the FMCSRs with any applicable State variances. FMCSA will also electronically transmit medical variance information for all CMV drivers from the National Registry to the SDLAs.

    We are updating this system of records notice to reflect non-substantive changes to simplify the formatting and text of the previously published notice and to reflect the following changes:

    Categories of Records

    • Added collection of the CMV driver's address for the Agency to contact the driver regarding their certification during the oversight and audit process for the program. This has been added to the CMV Driver Medical Examination Results Form, MCSA-5850 (2126-0006).
    • Added optional collection of CMV driver's email address for general correspondence with the driver regarding his/her certification. This has been added to the CMV Driver Medical Examination Results Form, MCSA-5850 (2126-0006).
    • Added optional collection of CMV driver examination results when performed in accordance with the FMCSRs with any applicable State variances for electronic transmission at the request of several States. This has been added to the CMV Driver Medical Examination Results Form, MCSA-5850 (2126-0006).
    • Added the issued and expiration dates for medical variances for electronic transmission to the SDLAs and posting to the driver's record.

    Authority

    • Added the Fixing America's Surface Transportation Act (FAST Act) as an authority for the system. The FAST Act requires that the Department establish a process that allows veteran operators to obtain their DOT medical certification exams from a Department of Veterans Start Printed Page 53223Affairs physician. Information maintained on Medical Examiners and CMV drivers obtained through these processes would be the same as that for other examiners and drivers. Although the details of this process will not be finalized until publication of the final rule, the FAST Act requires that a process be established, and thus, we are including the FAST Act authority in this SORN in anticipation of the eventual establishment of the process mandated by the FAST Act and inclusion of this information in this system.

    Routine Uses of Records Maintained in the System

    • Added a routine use for the electronic transfer of MEC information for commercial driver's license (CDL) holders and medical variance information for all CMV drivers from the National Registry to the SDLAs for posting to the driver's record. This includes information collected from both the ME and the CMV driver. This routine use is compatible with the purposes of the system as it allows State and Federal enforcement officials to be able to view the most current and accurate information regarding the medical status of the CDL holder, all information on the MEC, and the medical variance information to include the issued and expiration dates.
    • Deleted four routine uses addressing sharing records with contractors and oversight bodies because they are duplicative of the Department's general routine uses applicable to all systems.

    Retention and Disposal

    • Reduced the retention and disposal of information collected to retain records for the least amount of time necessary and to maintain consistency with the FMCSRs (49 CFR 383.73(j)(ii) and 391.43(i))

    This updated system will be included in DOT's inventory of record systems.

    II. Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the Federal Government collects, maintains, and uses personally identifiable information (PII) in a System of Records. A “System of Records” is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a System of Records Notice (SORN) identifying and describing each System of Records the agency maintains, including the purposes for which the agency uses PII in the system, the routine uses for which the agency discloses such information outside the agency, and how individuals to whom a Privacy Act record pertains can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them and to contest inaccurate information).

    In accordance with 5 U.S.C. 552a(r), DOT has provided a report of this system of records to the Office of Management and Budget and to Congress.

    SYSTEM NAME AND NUMBER:

    Department of Transportation Federal Motor Carrier Safety Administration DOT/FMCSA 009—National Registry of Certified Medical Examiners (National Registry)

    SECURITY CLASSIFICATION:

    Unclassified, Sensitive.

    SYSTEM LOCATION:

    Records are maintained by FMCSA, U.S. Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590.

    SYSTEM MANAGER AND ADDRESS:

    Director, Office of Carrier, Driver and Vehicle Safety, (202) 366-2362, charles.horan@dot.gov, Federal Motor Carrier Safety Administration, U.S. Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    The Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA-LU) sections 4116(a) (codified as amended at 49 U.S.C. 31149) and 4116(b) (codified as amended at 49 U.S.C. 31136(a)(3)). Fixing America's Surface Transportation Act (FAST Act), Public Law 114-94.

    PURPOSE(S) OF THE SYSTEM:

    The National Registry program is designed to produce trained, certified medical examiners who fully understand the medical standards in the Federal Motor Carrier Safety Regulations (FMCSRs), to create a registry of these trained and certified medical examiners, and to ensure that the most current and accurate information regarding the medical status of CMV drivers is known.

    This system of records allows the DOT/FMCSA to collect and maintain records on MEs registering on the National Registry website and applying for FMCSA ME certification, designated MEAAs and authorized representatives who have registered on the National Registry to perform reporting functions on behalf of a certified ME, and CMV drivers examined by FMCSA certified MEs listed on the National Registry.

    The purpose of this system and how FMCSA uses the information collected and maintained in the National Registry system is described below by categories of individuals covered by the system.

    Information collected from MEs registering on the National Registry website and applying for FMCSA ME certification:

    FMCSA compares the ME's contact and medical licensing information provided by the ME during registration to the State's medical licensing data in order to ensure the data provided by the ME is valid.

    FMCSA uses ME contact and employer information to communicate with the ME regarding their information in the National Registry and their application and certification status.

    FMCSA uses ME contact information, medical licensing information, training information, certification testing information, and identification information to evaluate the ME's eligibility for certification. In addition, FMCSA may request and review ME supporting documentation for eligibility of certification. FMCSA also reviews the ME certification test answers in order to validate the test grade and score provided by the test center and to ensure that the test center properly graded and scored the test.

    FMCSA uses the ME's contact and employer information to list eligible FMCSA certified MEs on the National Registry website where the general public can search for certified MEs.

    Information collected from designated MEAAs and authorized representatives who have registered on the National Registry to perform reporting functions on behalf of a certified ME:

    The FMCSA uses designated MEAA's and authorized representatives' contact and employer information to communicate with the designated MEAA or authorized representative regarding their information in the National Registry.

    Information collected from CMV drivers examined by FMCSA certified MEs listed on the National Registry:

    FMCSA uses the CMV driver's medical examination results (MEC information) to monitor certified ME competence and performance in evaluating the CMV driver's health and to detect irregularities in examination procedures.

    FMCSA uses the CMV driver's identity information and state driver's license information to analyze the relationship between the driver's Start Printed Page 53224medical examination results and public safety.

    FMCSA uses the CMV driver's medical examination results, ME determination, and medical variance information to periodically review a representative sample of the Medical Examination Report (MER) Forms associated with the name and numerical identifiers of applicants transmitted for errors, omissions, or other indications of improper certification.

    FMCSA uses the CMV driver's identity information to contact the driver regarding their certification during the oversight and audit process for the program as well as for general correspondence with the driver.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Categories of individuals covered by this system of records include:

    • Medical examiners (MEs) registering on the National Registry website and applying for FMCSA ME certification.
    • ME Administrative Assistants (MEAAs) and authorized representatives who have registered on the National Registry and been designated by a certified ME to perform reporting functions on behalf of the ME.
    • Commercial motor vehicle (CMV) drivers examined by FMCSA certified MEs listed on the National Registry.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The National Registry of Certified Medical Examiners system collects, processes, transmits, and stores the following types of information:

    ME Personally Identifiable Information (PII) Collection for Registration and Certification Process

    • Contact Information/Place of Business (physical location where ME will perform licensed CMV driver medical examinations)

    ○ Full name (first, last, middle initial)

    ○ Primary email address

    ○ Business name

    ○ Business address

    ○ Business telephone number

    ○ Business fax number (optional)

    ○ Business email address (optional)

    ○ Business website address (optional)

    ○ Business hours of operation (optional)

    • Employer Information

    ○ Employer name

    ○ Employer address

    ○ Employer telephone number

    ○ Employer fax number (optional)

    ○ Employer email address (optional)

    • Medical Licensing Information (used to validate medical credentials)

    ○ Medical profession

    ○ License, certificate or registration number

    ○ Medical license State of issue

    ○ Medical license expiration date

    ME PII Collection for Certification Training

    • Training Information

    ○ Provider name

    ○ Training provider address or website (optional)

    ○ Date training completed

    ○ Training expiration date

    ○ Organization that accredited the training (optional)

    ○ Type of training (optional)

    ME PII Collection for Certification Testing

    • Identity Verification Information

    ○ Type of ME photo ID

    ○ Expiration date of ME photo ID

    ○ National registry number issued by FMCSA

    ○ Medical credential or license

    ○ Training certification

    • Test Information

    ○ Test delivery organization name

    ○ Test delivery organization ID

    ○ Test center name

    ○ Test center ID

    ○ Test type

    ○ Test ID

    ○ Date of certification test

    ○ Certification test questions

    ○ Certification test answers

    ○ Test center grade (pass fail)

    ○ Test center score (numeric)

    ME PII Collection Regarding Certification Decision/Status

    • Test Results

    ○ FMCSA test grade (pass/fail)

    ○ FMCSA test score (numeric)

    MEAAs PII Collection to Register with the National Registry System

    • Identity Information

    ○ Full name (first, last, middle initial)

    ○ National registry number issued by FMCSA

    • ME Business Relationship

    ○ Business address

    ○ Business telephone number

    ○ Business email address

    ○ Business website link information

    ○ Name of certified ME that designated the AA

    ○ National registry number of certified ME that designated the AA

    CMV Drivers PII Collection for Reporting Medical Examination Results to the National Registry System via the MCSA-5850

    • Identity Verification Information

    ○ Full name (first, last, middle initial)

    ○ Date of birth

    ○ Driver's mailing address

    ○ Driver's email address (optional)

    • State Driver's License Information

    ○ License number

    ○ License issuing State

    ○ CDL status

    • Medical Examination Results

    ○ Date of examination

    ○ Examination Result (medically qualified in accordance with the FMCSRs, medically qualified in accordance with the FMCSRs and any applicable State variances, medically unqualified, pending determination, incomplete examination)

    ○ Medical Examiner's Certificate expiration date

    ○ Driver restrictions/variances

    ○ Driver waiver/exemption type

    CMV Driver PII Collection for Medical Variances (exemptions, skills performance evaluation certificates and grandfathered exemptions)

    • Identity Verification Information

    ○ Full name (first, last, middle initial)

    ○ Date of Birth

    • Medical Variance Information

    ○ Type

    ○ Issue date

    ○ Expiration date

    RECORD SOURCE CATEGORIES:

    Information about the ME is obtained from the ME during the registration and certification process. Information about the MEAA is obtained from the MEAA during the registration process. Information about any authorized representative providing bulk upload services is obtained from the representative during the application process. Information about the CMV driver is provided by the driver at the time of medical examination to the ME.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

    System-Specific Routine Uses

    1. To State Medical Boards for the purposes of verifying ME license information and status. (State Medical Boards are the authoritative repositories for ME license information and, as such, already have access to ME licensing information and the verification of the same by the Department does not constitute a disclosure under the Privacy Act. This Routine Use is included in this Notice in an effort by the Department to be transparent to the public regarding the way it which it will use personal information maintained in the National Registry system of records.)

    2. To the test centers who use ME identification information, contact information, medical licensing information, employer contact information, and training information to Start Printed Page 53225verify the ME's identity and eligibility to take the ME certification test and to transmit certification test information to the National Registry.

    3. To FMCSA certified MEs or designated MEAAs and authorized representatives to submit/update CMV driver medical examination results data to FMCSA for CMV driver examinations they have conducted and to search for previous CMV driver medical examination results.

    4. To the general public to perform searches on the National Registry website for the purpose of locating and contacting FMCSA certified MEs.

    5. To the SDLAs medical examination results (MEC information) of CLP/CDL applicants/holders and medical variance information (exemptions, skills performance evaluation certificates and grandfathered exemptions) for all CMV drivers, for posting to the driver's record.

    Department General Routine Uses

    6. One or more records from a system of records may be disclosed routinely to the National Archives and Records Administration (NARA) in records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

    7. DOT may make available to another agency or instrumentality of any government jurisdiction, including State and local governments, listings of names from any system of records in DOT for use in law enforcement activities, either civil or criminal, or to expose fraudulent claims, regardless of the stated purpose for the collection of the information in the system of records. These enforcement activities are generally referred to as matching programs because two lists of names are checked for match using automated assistance. This routine use is advisory in nature and does not offer unrestricted access to systems of records for such law enforcement and related antifraud activities. Each request will be considered on the basis of its purpose, merits, cost effectiveness and alternatives using Instructions on reporting computer matching programs to the Office of Management and Budget, OMB, Congress, and the public, published by the Director, OMB, dated September 20, 1989.

    8. DOT may disclose records from this system, as a routine use, to the Office of Government Information Services for the purpose of (a) resolving disputes between FOIA requesters and Federal agencies and (b) reviewing agencies' policies, procedures, and compliance in order to recommend policy changes to Congress and the President.

    9. DOT may disclose records from the system, as a routine use, to contractors and their agents, experts, consultants, and others performing or working on a contract, service, cooperative agreement, or other assignment for DOT, when necessary to accomplish an agency function related to this system of records.

    10. DOT may disclose records from this system, as a routine use, to an agency, organization, or individual for the purpose of performing audit or oversight operations related to this system of records, but only such records as are necessary and relevant to the audit or oversight activity. This routine use does not apply to intra-agency sharing authorized under Section (b)(1) of the Privacy Act.

    11. DOT may disclose from this system, as a routine use, records consisting of, or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law enforcement information (Guideline 2 Report attached to White House Memorandum, “Information Sharing Environment”, November 22, 2006) to a Federal, State, local, tribal, territorial, foreign government and/or multinational agency, either in response to its request or upon the initiative of the Component, for purposes of sharing such information as is necessary and relevant for the agencies to detect, prevent, disrupt, preempt, and mitigate the effects of terrorist activities against the territory, people, and interests of the United States of America, as contemplated by the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 (October 25, 2005).

    OMB-Required Routine Uses

    12. In the event that a system of records maintained by DOT to carry out its functions indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto.

    13. A record from this system of records may be disclosed, as a routine use, to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to a DOT decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit.

    14. A record from this system of records may be disclosed, as a routine use, to a Federal agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

    15. Routine Use for Agency Disclosure in Other Proceedings. It shall be a routine use of records in this system to disclose them in proceedings before any court or adjudicative or administrative body before which DOT or any agency thereof, appears, when—(a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof in his/her official capacity, or (c) Any employee of DOT or any agency thereof in his/her individual capacity where DOT has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that the proceeding is likely to affect the United States, is a party to the proceeding or has an interest in such proceeding, and DOT determines that use of such records is relevant and necessary in the proceeding, provided, however, that in each case, DOT determines that disclosure of the records in the proceeding is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

    16. Routine Use for Disclosure for Use in Litigation. It shall be a routine use of the records in this system of records to disclose them to the Department of Justice or other Federal agency conducting litigation when—(a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof, in his/her official capacity, or (c) Any employee of DOT or any agency thereof, in his/her individual capacity where the Department of Justice has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that litigation is likely to affect the United States, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or other Federal agency conducting the litigation is deemed by DOT to be relevant and necessary in the litigation, provided, however, that in each case, Start Printed Page 53226DOT determines that disclosure of the records in the litigation is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

    17. Disclosure may be made to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual. In such cases, however, the Congressional office does not have greater rights to records than the individual. Thus, the disclosure may be withheld from delivery to the individual where the file contains investigative or actual information or other materials which are being used, or are expected to be used, to support prosecution or fines against the individual for violations of a statute, or of regulations of the Department based on statutory authority. No such limitations apply to records requested for Congressional oversight or legislative purposes; release is authorized under 49 CFR 10.35(9).

    18. DOT may disclose records from the system, as a routine use to appropriate agencies, entities, and persons when (1) DOT suspects or has confirmed that there has been a breach of the system of records, (2) DOT has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOT (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOT's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

    19. DOT may disclose records from the system, as a routine use to another Federal agency or Federal entity, when DOT determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. DOT may disclose records from this system, as a routine use, to the Office of Government Information Services for the purpose of (a) resolving disputes between FOIA requesters and Federal agencies and (b) reviewing agencies' policies, procedures, and compliance in order to recommend policy changes to Congress and the President.

    20. DOT may disclose records from this system, as a routine use, to contractors and their agents, experts, consultants, and others performing or working on a contract, service, cooperative agreement, or other assignment for DOT, when necessary to accomplish an agency function related to this system of records.

    21. DOT may disclose records from this system, as a routine use, to an agency, organization, or individual for the purpose of performing audit or oversight operations related to this system of records, but only such records as are necessary and relevant to the audit or oversight activity. This routine use does not apply to intra-agency sharing authorized under Section (b)(1), of the Privacy Act. 15. DOT may disclose from this system, as a routine use, records consisting of, or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law enforcement information (Guideline 2 Report attached to White House Memorandum, “Information Sharing Environment, November 22, 2006) to a Federal, State, local, tribal, territorial, foreign government and/or multinational agency, either in response to its request or upon the initiative of the Component, for purposes of sharing such information as is necessary and relevant for the agencies to detect, prevent, disrupt, preempt, and mitigate the effects of terrorist activities against the territory, people, and interests of the United States of America, as contemplated by the Intelligence Reform and Terrorism Prevention Act of 2004, (Pub. L. 108-458) and Executive Order, 13388 (October 25, 2005).

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records in this system are stored electronically and/or on paper in secure facilities. Electronic records may be stored on magnetic disc, tape, digital media, DVD, and CD-ROM.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records may be retrieved by searching using the following fields:

    • ME name, ME city and state, ME zip code, business name, employer name, medical profession, and/or national registry number.
    • MEAA name, name of designating certified ME, national registry number of designating certified ME, and/or national registry number.
    • CMV driver's last name, and exam start and end date range.

    RETENTION AND DISPOSAL:

    In an effort to retain records for the least amount of time necessary and to maintain consistency with the FMCSRs (49 CFR 383.73(j)(ii) and 391.43(i)), the DOT has updated the retention and disposal schedule to reduce the amount of time records are retained from a range of 16 and 60 years to a range of one to six years depending on the record type and purpose. Records will be retained and disposed in accordance with the National Registry of Certified Medical Examiners, #DAA-0557-2015-0001, approved by the National Archives and Records Administration (NARA) on February 16, 2016. The categories of records stored has been streamlined to provide a clear description of the records covered by the National Registry system of records. Below are the categories in the approved schedule. Details can be found by searching and viewing the approved schedule referenced above on the NARA website, http://www.archives.gov.

    1. Records of Certified MEs will be retained for the time the ME is on the National Registry plus 6 years following removal from the National Registry.

    2. Records of MEs that are registered but have not completed the certification process or are ineligible for certification by DOT will be retained for 6 years following removal from the National Registry.

    3. Records of MEAAs and third parties designated by a certified ME will be retained for 1 year from the date the individual is no longer authorized to perform duties in the National Registry system on behalf of the Certified ME.

    4. Records of CMV Drivers will be retained concurrent with the records of the ME who performed the driver's medical examination.

    5. National Registry PII and MER Records of CMV Drivers will be retained for 3 years from the date the medical examination report records are provided to FMCSA.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DOT automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.Start Printed Page 53227

    FMCSA ensures that PII in the National Registry system is protected by reasonable security safeguards against loss or unauthorized access, destruction, usage, modification, or disclosure. These safeguards incorporate standards and practices required for Federal information systems under the Federal Information System Management Act and are detailed in Federal Information Processing Standards Publication 200, Minimum Security Requirements for Federal Information and Information Systems, dated March 2006, NIST Special Publication 800-53 Rev. 3, and Recommended Security Controls for Federal Information Systems and Organizations, dated August 2009. FMCSA has a comprehensive information security program that contains management, operational, and technical safeguards that are appropriate for the protection of PII. These safeguards are designed to achieve the following objectives:

    • Ensure the security, integrity, and confidentiality of PII
    • Protect against any reasonably anticipated threats or hazards to the security or integrity of PII
    • Protect against unauthorized access to or use of PII

    The National Registry is more thoroughly in the associated Privacy Impact Assessment (PIA). The PIA can be found on the DOT Privacy website at http://transportation.gov/​privacy. This updated system will be included in DOT's inventory of record systems.

    RECORD ACCESS PROCEDURES:

    See “Notification procedure” above.

    CONTESTING RECORD PROCEDURES:

    See “Notification procedure” above.

    NOTIFICATION PROCEDURES:

    Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the DOT FOIA officer whose contact information can be found at http://www.transportation.gov/​foia under “Contact Us.” If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Departmental Freedom of Information Act Office, U.S. Department of Transportation, Room W94-122, 1200 New Jersey Ave. SE, Washington, DC 20590, ATTN: Privacy Act request.

    When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 49 CFR part 10. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Freedom of Information Act Officer, http://www.transportation.gov/​foia or 202.366.4542. In addition you should provide the following:

    An explanation of why you believe the Department would have information on you;

    • Identify which component(s) of the Department you believe may have the information about you;
    • Specify when you believe the records would have been created;
    • Provide any other information that will help the FOIA staff determine which DOT component agency may have responsive records; and

    If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

    Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    HISTORY:

    77 FR 24247—April 23, 2012.

    DISCLOSURE TO CONSUMER REPORTING AGENCIES:

    None.

    Start Signature

    Issued in Washington, DC, on September 27, 2019.

    Claire W. Barrett,

    Departmental Chief Privacy Officer.

    End Signature End Supplemental Information

    [FR Doc. 2019-21412 Filed 10-3-19; 8:45 am]

    BILLING CODE 4910-9X-P

Document Information

Effective Date:
11/4/2019
Published:
10/04/2019
Department:
Transportation Department
Entry Type:
Notice
Action:
Notice of a Modified System of Records.
Document Number:
2019-21412
Dates:
Written comments should be submitted on or before November 4, 2019. The Department may publish an amended SORN in light of any comments received. This new system will be effective November 4, 2019.
Pages:
53221-53227 (7 pages)
Docket Numbers:
Docket No. DOT-OST-2019-0138
PDF File:
2019-21412.Pdf