AGENCY:

Department of Commerce.

ACTION:

Notice of a new system of records.

SUMMARY:

The U.S. Department of Commerce (“Department”) is establishing a new system of records to cover the collection and maintenance of records pertaining to the implementation of the Helping American Victims Afflicted by Neurological Attacks Act of 2021 (HAVANA Act). The HAVANA Act provides the authority for the Secretary of Commerce and other agency heads to provide payments to certain individuals who have incurred qualifying injuries to the brain.

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice will go into effect without further notice on April 25, 2023 unless otherwise revised pursuant to comments received. All routine uses will go into effect on May 25, 2023. Comments must be received on or before May 25, 2023.

ADDRESSES:

You may submit comments, identified as pertaining to “COMMERCE/DEPT–32, Helping American Victims Afflicted by Neurological Attacks Act of 2021 (HAVANA Act) Records,” by any of the following methods:

• Mail: Send to Charles Cutshall, Chief Privacy Officer and Director of Open Government, U.S. Department of Commerce, Office of Privacy and Open Government, 1401 Constitution Ave. NW, Room 61025, Washington, DC 20230.

• Email: Send to privacyact@doc.gov.

Please submit your comments using only one of these methods. All comments must be submitted in English, or if not, be accompanied by an English translation.

FOR FURTHER INFORMATION CONTACT:

Tahira Murphy, Deputy for Departmental Privacy Operations, privacyact@doc.gov or (202) 482–8075.

SUPPLEMENTARY INFORMATION:

On December 20, 2019, Congress gave authority (Pub. L. 116–94, Division J, Title IX, section 901) to the Department of State to pay benefits to certain individuals for injuries suffered after January 1, 2016 in the Republic of Cuba, the People's Republic of China, or another foreign country designated by the Department of State, in connection with certain injuries designated by the Secretary of State. These benefits were limited to Department of State employees, their dependents and other individuals affiliated with the Department of State.

On January 1, 2021, Congress amended this law (Pub. L. 116–283, div. A, title XI, section 1110), authorizing other federal government agencies (such as the Department of Commerce) to provide benefits to their own employees Start Printed Page 24973 for those injuries. These provisions are codified at 22 U.S.C. 2680b.

On October 8, 2021, the “Helping American Victims Afflicted by Neurological Attacks” (HAVANA) Act of 2021 became law (Pub. L. 117–46). In this latest Act, Congress authorized federal government agencies to compensate affected current employees, former employees, and their dependents for qualifying injuries to the brain. Section 3 of the HAVANA Act of 2021 removed the requirement in Public Law 116–94, Division J, Title IX, Section 901, that the qualifying injury occur in “the Republic of Cuba, People's Republic of China, or other foreign country designated by the Secretary of State” for the purpose of making a payment under the HAVANA Act.

SYSTEM NAME AND NUMBER:

COMMERCE/DEPT–32, Helping American Victims Afflicted by Neurological Attacks Act of 2021 (HAVANA Act) Records.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

This system is located at the U.S. Department of Commerce, Office of Human Resources Management, 1401 Constitution Ave. NW, Room 5001, Washington, DC 20230.

SYSTEM MANAGER(S):

Chief Human Capital Officer, AHRITF@doc.gov, U.S. Department of Commerce, Office of Human Resources Management, 1401 Constitution Ave, NW, Room 5001, Washington, DC 20230.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

This system is authorized by the Helping American Victims Afflicted by Neurological Attacks Act of 2021 (Pub. L. 117–46), codified at 22 U.S.C. 2680b, and the Department's implementing regulations.

PURPOSE(S) OF THE SYSTEM:

The system maintains records essential to the mission of the Department of Commerce, which is committed to protecting its employees and their dependents from injury. Records maintained in this system of record are collected, maintained, and disclosed to make payments to claimants in accordance with the HAVANA Act for qualifying injuries to the brain incurred in connection with war, insurgency, hostile act, terrorist activity, or other incidents designated by the Secretary of State or Secretary of Commerce, as permitted by law, and which were not the result of the willful misconduct of the claimant.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The categories of individuals on whom records are maintained in this system include:

1. “Covered employees,” an employee of the Department of Commerce who, on or after January 1, 2016, becomes injured by reason of a qualifying injury to the brain. Covered employees include Department of Commerce employees in the Foreign Service, National Oceanic and Atmospheric Administration Commissioned Corps Officers, and Department of Commerce employees who meet the definition of “employee” set forth in 5 U.S.C. 2105(a).

2. “Covered individuals,” any former employee of the Department (including retired or separated employees) who, on or after January 1, 2016, becomes injured by a qualifying injury to the brain while they were a covered employee of the Department.

3. “Covered Dependents,” a family member of a current or former Department employee who, on or after January 1, 2016, becomes injured by reason of a qualifying injury to the brain while the dependent's sponsor was an employee of the Department.

4. Board-certified physicians responsible for assessing and diagnosing qualify injuries to the brain.

CATEGORIES OF RECORDS IN THE SYSTEM:

The categories of records in this system include:

1. Biographic information, including first name, last name, and date of birth.

2. Contact information, including address ( i.e., street address, city, state, and zip code), email address, and phone number.

3. Employment information, including current employer, employment status, and other information related to current or former employment with the Department's Foreign and Civil Service or with the National Oceanic and Atmospheric Administration Commissioned Corps, such as duty station.

4. Familial information, including government-issued birth certificate, Consular Report of Birth Abroad, adoption certificates and decrees, guardianship (medical and financial), Power of Attorney (medical and financial), or other documents required to verify the relationship between a covered employee or covered individual and their dependents.

5. Geographical information, including the location and date of an incident. An “incident” is defined as a “qualifying injury to the brain” under the HAVANA Act. The Department has adopted the standard set forth by the Department of State in its regulations implementing the HAVANA Act. The standard accounts for a variety of observable impacts to an individual, including either a concussion, a penetrating injury, or absent either of those, the ability of an appropriately certified physician to review one of a variety of forms of medical imaging evidence indicating permanent alterations in brain function.

6. Medical information, including (1) information that identifies the individual as having suffered an acute injury to the brain such as, but not limited to, a concussion, penetrating injury, or as the consequence of an event that leads to permanent alterations in brain function as demonstrated by confirming correlative findings on imaging studies (to include computed tomography scan (CT), or magnetic resonance imaging scan (MRI)), or electroencephalogram (EEG); (2) a medical diagnosis of a traumatic brain injury (TBI) that required active medical treatment for 12 months or more; and (3) information that identifies the individual as having suffered acute onset of new persistent, disabling neurologic symptoms as demonstrated by confirming correlative findings on imaging studies (to include CT or MRI), or EEG, or physical exam, or other appropriate testing, and that required active medical treatment for 12 months or more.

7. Benefit information, including whether the Social Security Administration has approved an individual for Social Security Disability Insurance or Supplemental Security Insurance (SSI) benefits.

8. Financial information, including bank account information necessary to disburse payment to eligible individuals.

RECORD SOURCE CATEGORIES:

The sources for the records maintained in this system include:

1. Covered employees;

2. Covered dependents;

3. Covered individuals;

4. Legal representatives or other individuals acting on behalf of covered employees, covered dependents, or covered individuals;

5. Board-certified physicians;

6. Federal and state agencies; and

7. Financial Institutions.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under the Privacy Start Printed Page 24974 Act of 1974, as amended, 5 U.S.C. 552a(b), records maintained as part of this system of records may be routinely disclosed pursuant to 5 U.S.C. 552a(b)(3), as consistent with the Rehabilitation Act or other laws, regulations, or policies concerning confidential medical information (as applicable), as follows:

1. To the U.S. Department of Labor to determine whether an individual has no reemployment potential.

2. To the U.S. Department of State to verify an individual's prior employment and to determine eligibility.

3. To a state Board of Medicine, or any similar organization, responsible for primary-source public licensing and discipline information to verify the status of a certifying physician's medical license.

4. To a certified physician attesting to an individual's eligibility when necessary to follow up regarding information provided on an individual's application.

5. To a financial institution to process payment to covered individuals and dependents who are eligible for payment in accordance with the HAVANA Act, codified at 22 U.S.C. 2680b, and the Department's implementing regulations.

6. To another federal agency to identify their current and former covered employees, and current and former dependents who reported an anomalous health incident.

7. To the U.S. Department of Defense (DoD) to facilitate covered individuals receiving treatment from DoD medical treatment facilities.

8. To contractors performing or working on a contract for the Federal government when necessary to accomplish an agency function.

9. To oversight authorities responsible for reviewing Departmental programs.

10. To the U.S. Department of Justice (DOJ), or in a proceeding before a court, adjudicative body, or other administrative body which the Department is authorized to appear, when

a. the Department, or any component thereof;

b. any employee of the Department in their official capacity; or

c. any employee of the Department where the DOJ or the Department has agreed to represent the employee; or

d. the United States, when the Department determines that litigation is likely to affect the Department or any of its components;

is a party to litigation or has an interest in such litigation, and the use of such records by the DOJ or the Department is deemed by the Department to be relevant and necessary to the litigation.

11. To the National Archives and Records Administration (NARA) pursuant to its records management and inspection authorities under 44 U.S.C. 2904 and 2906.

12. To appropriate agencies, entities, and persons when (1) the Department suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

13. To another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records maintained in this system of records are stored electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The records are retrieved by an individual's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

These records are currently unscheduled. In accordance with NARA rules codified at 36 CFR 1225.16, we maintain unscheduled records until NARA approves an agency-specific records schedule or publishes a corresponding General Records Schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are protected from unauthorized access and improper use through administrative, technical, and physical security measures employed by the Department. Administrative safeguards include maintenance of written policies, standards, and procedures reinforced by training and periodic auditing. In addition, medical information collected is maintained on separate forms and in separate medical files and is treated as a confidential medical record. Technical security safeguards include restrictions on computer access to authorized individuals who have a legitimate need to know the information; required use of strong passwords that are frequently changed; multi-factor authentication for remote access and access to many network components; use of encryption for certain data types and transfers; and firewalls and intrusion detection applications. Physical safeguards include restrictions on building access to authorized individuals, use of security guard services, and video surveillance.

RECORD ACCESS PROCEDURES:

Individuals seeking to access records maintained in this system of records must submit an access request in accordance with the Department's Privacy Act implementing regulations in 15 CFR part 4, subpart B. The regulations define the procedures for making requests for records in person, not in person, and on behalf of a minor or by a legal guardian.

CONTESTING RECORD PROCEDURES:

Individuals contesting the content of records about themselves contained in this system of records must submit a request for correction or amendment in accordance with the Department's Privacy Act implementing regulations in 15 CFR part 4, subpart B. The regulations define the procedures for making requests for correction or amendment and include what should be submitted with the request.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains information about themselves must submit a request in accordance with the Department's Privacy Act implementation regulations in 15 CFR part 4, subpart B. The regulations define the procedures for making inquiries and what information should be submitted with the request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.