[Federal Register Volume 63, Number 122 (Thursday, June 25, 1998)]
[Notices]
[Pages 34656-34659]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 98-16914]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
National Institutes of Health
Privacy Act of 1974; Altered System of Records
AGENCY: National Institutes of Health, HHS.
ACTION: Notification of an altered system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act, the
National Institutes of Health (NIH) is publishing a notice of proposal
to alter an existing system of records 09-25-0036, ``Extramural Awards
and Chartered Advisory Committees: IMPAC (Grant/Contract/Cooperative
Agreement Information/Chartered Advisory Committee Information), HHS/
NIH/OER and HHS/NIH/CMO.'' The system is altered by including
contractor past performance information as a new category of records;
adding consultants and contractors as individuals covered by the
system; and including a new routine use which allows NIH to share
information it collects on contractor past performance information with
other Federal agencies.
DATES: The NIH invites interested parties to submit comments on the
proposed internal and routine uses on or before July 27, 1998. The NIH
sent a Report of the Altered System to the Congress and to the Office
of Management and Budget (OMB) on June 19, 1998. The alteration of this
system of records will be effective 40 days from the date submitted to
the OMB, unless NIH receives comments which would result in a contrary
determination.
ADDRESSES: Please submit comments to: NIH Privacy Act Officer, 6011
Executive Boulevard, Room 601, MSC 7669, Rockville, MD 20852, 301-496-
2832. (This is not a toll free number.)
Comments received will be available for inspection at this same
address from 9 a.m. to 3 p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT:
NIH Privacy Act Officer, 6011 Executive Boulevard, Room 601, MSC 7669,
Rockville, MD 20852, 301-496-2832. (This is not a toll free number.)
SUPPLEMENTARY INFORMATION: The National Institutes of Health (NIH)
proposes to alter an existing system of records 09-25-0036,
``Extramural Awards and Chartered Advisory Committees: IMPAC (Grant/
Contract/Cooperative Agreement Information/Chartered Advisory Committee
Information), HHS/NIH/DRG and HHS/NIH/CMO.'' The system is altered by
including contractor past performance information as a new category of
records; adding consultants and contractors as individuals covered by
the system; including a new routine use which allows NIH to share
information it collects on contractor past performance information with
other Federal agencies; and editorial changes to accommodate normal
updating changes.
The purposes of this system of records are to (1) support
centralized grant programs of the Public Health Service by providing
services in the areas of grant application assignment and referral,
initial review, council review, award processing and grant accounting;
maintain communication with former fellows and trainees who have
incurred a payback obligation through the National Research Service
Award Program; maintain current and historical information pertaining
to the establishment of chartered advisory committees of the National
Institutes of Health and the appointment or designation of their
members; and maintain current and historical information pertaining to
contracts awarded by the National Institutes of Health, and performance
evaluations on NIH contracts and contracts awarded by other Federal
agencies that participate in the NIH Contractor Performance System.
This system will comprise records that contain names, applications,
grant or contract ID number, contractor tax ID number, awards, trainee
appointments, current and historical information pertaining to
chartered advisory committees, and past performance information
pertaining to contractors.
The records in this system will be maintained in a secure manner
compatible with their content and use. NIH and contractor staff will be
required to adhere to the provisions of the Privacy Act and the HHS
Privacy Act regulations. The System Managers will control access to the
data. Authorized users will be granted access only to those records
within their specific area of responsibility. Only authorized users
whose official duties require the use of such information will have
regular access to the records in this system. Authorized users are NIH
extramural and committee management staff, NIH contract management
staff, and Federal acquisition personnel. One-time and special access
by other employees is granted on a need-to-know basis as specifically
authorized by the System Manager. Records may be stored on hard copy,
discs and magnetic tapes, and in other machine-readable format,
regardless of physical form or characteristics. Manual and computerized
records will be maintained in accordance with the standards of Chapter
45-13 of the HHS General Administration Manual, ``Safeguarding Records
Contained in Systems of Records,'' supplementary Chapter PHS hf:45-13,
the Department's Automated Information System Security Program
Handbook, and the National Institute of Standards and Technology
Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub.
31).
Access to source data files is strictly controlled by files staff.
Records may be removed from files only at the request of the System
Manager or other
[[Page 34657]]
authorized employee. Access to computer files is controlled by the use
of registered accounts, registered initials, keywords, and similar
limited access systems. Access to the contractor performance files is
restricted through the use of secure socket layer encryption and
through an IBM password protection system. Physical access to work
areas is restricted to employees or authorized contractors with a valid
``need-to-know.''
The routine uses proposed for this system are compatible with the
stated purposes of the system. The first routine use allows disclosure
to the National Technical Information Service (NTIS), Department of
Commerce, for dissemination of scientific and fiscal information on
funded awards. The second routine use allows disclosure to the
cognizant audit agency for auditing. The third routine use allows
disclosure to a Member of Congress or to a Congressional staff member
in response to an inquiry of the Congressional office made at the
written request of the constituent about whom the record is maintained.
The forth routine use allows disclosure to qualified experts not within
the definition of Department employees as prescribed in Department
regulations for opinions as a part of the application review process.
The fifth routine use allows disclosure to a Federal agency, in
response to its request, in connection with the issuance of a license,
grant or other benefit by the requesting agency, to the extent that the
record is relevant and necessary to the requesting agency's decision in
the matter. The sixth routine use allows disclosure of contractor past
performance information to a Federal agency upon request and allows
routine access to contractor past performance information to Federal
agencies that subscribe to the NIH Contractor Performance System. The
seventh routine use allows disclosure for a research purpose as
authorized by the Department or required by law. The eighth routine use
allows disclosure to a private contractor or Federal agency for the
purpose of collating, analyzing, aggregating or otherwise refining
records in this system. The ninth routine use allows disclosure to a
grantee or contract institution in connection with performance or
administration under the conditions of the particular award or
contract. The tenth routine use allows disclosure to the Department of
Justice, or to a court or other adjudicative body, from this system of
records when HHS determines that the records are relevant and necessary
to the proceeding and would help in the effective representation of the
governmental party.
We have also made editorial changes throughout the System Notice to
enhance clarity and specificity and to accommodate normal updating
changes.
The following notice is written in the present, rather than future
tense, in order to avoid the unnecessary expenditure of public funds to
republish the notice after the system has become effective.
Dated: June 5, 1998.
Anthony L. Itteilag,
Deputy Director for Management.
SYSTEM NAME:
Extramural Awards and Chartered Advisory Committees: IMPAC (Grant/
Contract/Cooperative Agreement Information/Chartered Advisory Committee
Information), HHS/NIH/OER and HHS/NIH/CMO.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
Rockledge Centre II, 6701 Rockledge Drive, Bethesda, MD 20817
Building 12, NIH Computer Center, 9000 Rockville Pike, Bethesda, MD
20892
Building 31, Room 3B-59, 9000 Rockville Pike, Bethesda, MD 20892.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Principal investigators; program directors; program and projects
staff and others named in the application; National Research Service
Awards (NRSA) trainees and fellows; research career awardees; chartered
advisory committee members; contractor personnel; subcontractor
personnel; and consultants.
CATEGORIES OF RECORDS IN THE SYSTEM:
Funding applications, awards, associated records, trainee
appointments, current and historical information pertaining to
chartered advisory committees, and past performance information
pertaining to contractors.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48 CFR
Subpart 15.3 and Subpart 42.15.
PURPOSE(S) OF THE SYSTEM:
(1) To support centralized grant programs of the Public Health
Service. Services are provided in the areas of grant application
assignment and referral, initial review, council review, award
processing and grant accounting. The database is used to provide
complete, accurate, and up-to-date reports to all levels of management.
(2) To maintain communication with former fellows and trainees who
have incurred a payback obligation through the National Research
Service Award Program.
(3) To maintain current and historical information pertaining to
the establishment of chartered advisory committees of the National
Institutes of Health and the appointment or designation of their
members.
(4) To maintain current and historical information pertaining to
contracts awarded by the National Institutes of Health, and performance
evaluations on NIH contracts and contracts awarded by other Federal
agencies that participate in the NIH Contractor Performance System.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
1. Disclosure may be made to the National Technical Information
Service (NTIS), Department of Commerce, for dissemination of scientific
and fiscal information on funded awards (abstract of research projects
and relevant administrative and financial data).
2. Disclosure may be made to the cognizant audit agency for
auditing.
3. Disclosure may be made to a congressional office from the record
of an individual in response to an inquiry from the congressional
office made at the request of that individual.
4. Disclosure may be made to qualified experts not within the
definition of Department employees as prescribed in Department
regulations for opinions as a part of the application review process.
5. Disclosure may be made to a Federal agency, in response to its
request, in connection with the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision in the
matter.
6. Disclosure of past performance information pertaining to
contractors may be made to a Federal agency upon request. In addition,
routine access to past performance information on contractors will be
provided to Federal agencies that subscribe to the NIH Contractor
Performance System.
7. A record may be disclosed for a research purpose, when the
Department: (A) Has determined that the use or disclosure does not
violate legal or policy limitations under which the record was
provided, collected, or obtained; (B) has determined that the
[[Page 34658]]
research purpose (1) cannot be reasonably accomplished unless the
record is provided in individually identifiable form, and (2) justifies
the risk to the privacy of the individual that additional exposure of
the record might bring; (C) has required the recipient to (1) establish
reasonable administrative, technical, and physical safeguards to
prevent unauthorized use or disclosure of the record, (2) remove or
destroy the information that identifies the individual at the earliest
time at which removal or destruction can be accomplished consistent
with the purpose of the research project, unless the recipient has
presented adequate justification of a research or health nature for
retaining that information, and (3) make no further use or disclosure
of the record except (a) in emergency circumstances affecting the
health or safety of any individual, (b) for use in another research
project, under these same conditions, and with written authorization of
the Department, (c) for disclosure to a properly identified person for
the purpose of an audit related to the research project, if information
that would enable research subjects to be identified is removed or
destroyed at the earliest opportunity consistent with the purpose of
the audit, or (d) when required by law; and (D) has secured a written
statement attesting to the recipient's understanding of, and
willingness to abide by these provisions.
8. Disclosure may be made to a private contractor or Federal agency
for the purpose of collating, analyzing, aggregating or otherwise
refining records in this system. The contractor or Federal agency will
be required to maintain Privacy Act safeguards with respect to these
records.
9. Disclosure may be made to a grantee or contract institution in
connection with performance or administration under the conditions of
the particular award or contract.
10. Disclosure may be made to the Department of Justice, or to a
court or other adjudicative body, from this system of records when (a)
HHS, or any component thereof; of (b) any HHS officer or employee in
his or her official capacity; or (c) any HHS officer or employee in his
or her individual capacity when the Department of Justice (or HHS,
where it is authorized to do so) his agreed to represent the officer or
employee; or (d) the United States or any agency thereof where HHS
determines that the proceeding is likely to affect HHS or any of its
components, is a party to proceeding or has any interest in the
proceeding, and HHS determines that the records are relevant and
necessary to the proceeding and would held in the effective
representation of the governmental party.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
Storage:
Records are stored on hard copy, discs and magnetic tapes, and in
other machine-readable format, regardless of physical form or
characteristics.
Retrievability:
Records are retrieved by name, application, grant or contract ID
number, and contractor tax ID number.
Safeguards:
1. Authorized Users: Employees who maintain records in this system
are instructed to grant regular access only to NIH extramural and
committee management staff, NIH contract management staff, and Federal
acquisition personnel. Other one-time and special access by other
employees is granted on a need-to-know basis as specifically authorized
by the System Manager.
2. Physical Safeguards: Physical access to Office of Extramural
Research (OER) work areas is restricted to OER employees. Physical
access to Office of Contracts Management (OCM) work areas is restricted
to OCM employees. Physical access to Committee Management Office (CMO)
work areas is restricted to CMO employees. Access to the contractor
performance files is restricted through the use of secure socket layer
encryption and through an IBM password protection system. Only
authorized government contracting personnel are permitted access.
Access is monitored and controlled by permitted access. Access is
monitored and controlled by OCM.
3. Procedural Safeguards: Access to source data files is strictly
controlled by files staff. Records may be removed from files only at
the request of the System Manager or other authorized employee. Access
to computer files is controlled by the use of registered accounts,
registered initials, keywords, and similar limited access systems.
These practices are in compliance with the standards of chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records
Contained in Systems of Records,'' supplementary chapter PHS hf: 45-13,
and Part 6, ``ADP Systems Security,'' of the HHS Information Resources
Management Manual and the National Institute of Standards and
Technology Federal Information Processing Standards (FIPS Pub. 41 and
FIPS Pub. 31).
RETENTION AND DISPOSAL:
Records are retained and disposed of under the authority of the NIH
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix
1--``Keeping and Destroying Records,'' item 4000-A-2, which allows
records to be destroyed when no longer needed for administrative
purposes. Refer to the NIH Manual Chapter for specific disposition
instructions.
SYSTEM MANAGERS AND ADDRESSES:
For extramural awards:
Director, Extramural Information Systems, OD/OER/OPERA, Rockledge
II, Room 2172, Bethesda, MD 20892
For chartered Federal advisory committees of the National Institutes of
Health:
NIH Committee Management Officer, Building 31, Room 3B-59, 31
Center Drive, Bethesda, MD 20892
For contracts:
Office of Contracts Management, 6100 Executive Boulevard, Room
6D01, Rockville, MD 20892
Notification Procedure:
To determine if a record exists, write to the System Manager listed
above. The requester must also verify his or her identity by providing
either a notarization of the request or a written certification that
the requester is who he or she claims to be and understands that the
knowing and willful request for acquisition of a record pertaining to
an individual under false pretenses is a criminal offense under the
Privacy Act, subject to a five thousand dollar fine.
Record Access Procedure:
Same as notification procedures. Requesters should also reasonably
specify the record contents being sought. Individuals may also request
listings of accountable disclosures that have been made of their
records, if any.
Contesting Record Procedure:
Contact the official under notification procedures above, and
reasonably identify the record and specify the information to be
contested, and state the corrective action sought and the reasons for
the correction, with supporting justification. The right to contest
records is limited to information which is incomplete, irrelevant,
incorrect, or untimely (obsolete).
Record Source Categories:
Applicant institution, individual, individual's educational
institution and references, and participating Federal acquisition
personnel.
[[Page 34659]]
Systems Exempted From Certain Provisions of the Act:
None.
[FR Doc. 98-16914 Filed 6-24-98; 8:45 am]
BILLING CODE 4140-01-M