[Federal Register Volume 64, Number 131 (Friday, July 9, 1999)]
[Notices]
[Pages 37143-37147]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-17412]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
National Institutes of Health
Privacy Act of 1974; New System of Records
AGENCY: National Institutes of Health, HHS.
ACTION: Notification of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, the National Institutes of Health (NIH) is proposing to establish
a new system of records, 09-25-0213, ``Administration: Investigative
Records, HHS/NIH/OM/OA/OMA.''
DATES: NIH invites interested parties to submit comments with regard to
the proposed internal and routine uses on or before August 9, 1999. NIH
sent a report of a New System to the Congress and to the Office of
Management and Budget (OMB) on July 9, 1999. This system of records
will be effective 40 days from the date of publication unless NIH
receives comments on the routine uses which would result in a contrary
determination.
ADDRESSES: Please submit comments to: NIH Privacy Act Officer, 6011
Executive Boulevard, Room 601, MSC 7669, Rockville, MD 20852, 301-496-
2832. (This is not a toll free number.) Comments received will be
available for inspection at this same address from 9 a.m. to 3 p.m.,
Monday through Friday.
FOR FURTHER INFORMATION CONTACT: NIH Privacy Act Officer, 6011
Executive Boulevard, Room 601, MSC 7669, Rockville, MD 20852, 301-496-
2832. (This is not a toll free number.)
SUPPLEMENTARY INFORMATION: The National Institutes of Health (NIH)
proposes to establish a new system of records: 09-25-0213,
``Administration: Investigative Records, HHS/NIH/OM/OA/OMA.'' The
purposes of the Investigative Records system of records are to document
reviews and investigations undertaken by the Office of Management
Assessment (OMA), NIH, to provide management or the Office of Inspector
General, Office of the Secretary, HHS, with information needed to take
action to resolve complaints of misconduct or alleged violations of
statutes, regulations, policies, or the terms and conditions of
funding.
This system will comprise records that contain a unique
classification number; names of the victim, accused, complainant, and
witnesses; date of birth; Social Security number; nature of the
incident; and time of occurrence.
[[Page 37144]]
This system will include records relating to correspondence concerning
an individual's employment status or conduct while employed by or
working at NIH. This system will also contain reports of investigations
to resolve allegations of misconduct or violations of statutes,
regulations or policies, with related exhibits of statements,
affidavits or records obtained during the investigation; reports of
action taken by management; decisions on any misconduct substantiated
by the investigation; and reports of legal action resulting from
violations of statutes referred for prosecution.
The records in this system will be maintained in a secure manner
compatible with their content and use. NIH and contractor staff will be
required to adhere to the provisions of the Privacy Act and the HHS
Privacy Act Regulations. The System Manager will control access to the
data. Only authorized users whose official duties require the use of
such information will have regular access to the records in this
system. Authorized users are OMA employees and contractors responsible
for implementing employee conduct investigations. Records may be stored
on electronic media such as computer tapes and diskettes, and as hard-
copy records. Manual and computerized records will be maintained in
accordance with the standards of Chapter 45-13 of the HHS General
Administration Manual, ``Safeguarding Records Contained in Systems of
Records,'' supplementary Chapter PHS hf:45-13, the Department's
Automated Information System Security Program Handbook, and the
National Institute of Standards and Technology Federal Information
Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
Data on computer files is accessed by keyword known only to
authorized users who are OMA employees or contractor staff who have a
need for the data in the performance of their duties as determined by
the system manager. Access to the restricted office area containing the
rooms where records are stored is controlled through the use of door
locks. Only authorized users have the keys to these locks. During
regular business hours, rooms in this restricted area are unlocked but
entry is controlled by on-site personnel. Rooms where records are
stored are locked when not in use. Individually identifiable records
are kept in locked file cabinets or in locked rooms under the direct
control of the system manager or his/her delegated representatives.
Computer records are accessible only through a series of code or
keyword commands available from and under direct control of the system
manager or his/her delegated representatives.
The routine uses proposed for this system are compatible with the
stated purposes of the system. The first routine use allows disclosure
to a Member of Congress or to a Congressional staff member in response
to an inquiry of the Congressional office made at the written request
of the constituent about whom the record is maintained, if the
disclosure does not compromise the investigative activities of the OMA.
The second routine use allows the Department of Health and Human
Services (HHS) to disclose information from this system of records to
the Department of Justice when: (a) The agency or any component
thereof; or (b) any employee of the agency in his or her official
capacity where the Department of Justice has agreed to represent the
employee; or (c) the United States Government, is a party to litigation
or has an interest in such litigation, and by careful review, the
agency determines that the records are both relevant and necessary to
the litigation and the use of such records by the Department of Justice
is therefore deemed by the agency to be for a purpose that is
compatible with the purpose for which the agency collected the records.
The third routine use allows disclosure to a court or adjudicative body
in a proceeding when: (a) The agency or any component thereof; or (b)
any employee of the agency in his or her official capacity; or (c) any
employee of the agency in his or her individual capacity where the
agency has agreed to represent the employee; or (d) the United states
Government, is a party to the proceeding or has an interest in such
proceeding, and by careful review, the agency determines that the
records are both relevant and necessary to the proceeding and the use
of such records is therefore deemed by the agency to be for a purpose
that is compatible with the purpose for which the agency collected the
records. The fourth routine use allows disclosure when a record, on its
face or in conjunction with other records, indicates a violation or
potential violation of law, whether civil, criminal or regulatory in
nature, and whether arising by general statute or particular program
statute, or by regulation, rule, or order issued pursuant thereto, to
the appropriate agency, whether Federal, foreign, State, local, or
tribal, or other public authority responsible for enforcing,
investigating or prosecuting such violation or charged with enforcing
or implementing the statute, or rule, regulation, or order issued
pursuant thereto, if the information disclosed is relevant to any
enforcement, regulatory, investigative or prosecutive responsibility of
the receiving entity. The fifth routine use allows disclosure to a
Federal, State, local, foreign, or tribal or other public authority of
any portion of this system of records that contains information
relevant to the retention of an employee, the retention of a security
clearance, the letting of a contract, or the issuance or retention of a
license, grant, or other benefit. The sixth routine use allows
disclosure to Federal, State, local or foreign agencies maintaining,
civil, criminal, or other relevant enforcement records, or other
pertinent records, or to another public authority or professional
organization, if necessary to obtain information relevant to an
investigation concerning the retention of an employee or other
personnel action, the issuance or retention of a security clearance,
the letting of a contract, or the issuance or retention of a grant, or
other benefit. The seventh routine use allows disclosure where Federal
agencies having the power to subpoena other Federal agencies' records,
such as the Internal Revenue Service or the Civil Rights Commission,
issue a subpoena to the Department for records in this system of
records, and the Department is authorized to make such records
available. The eighth routine use allows disclosure to agency
contractors, experts, or consultants who have been engaged by the
agency to assist in the performance of a service related to this system
of records and who need to have access to the records in order to
perform the activity. The ninth routine use allows disclosure in the
course of employee discipline or competence determination proceedings.
The tenth routine use allows disclosure of pertinent records
(excluding, for example, records that OMA determines would invade the
privacy of the complainant or witnesses, impede the investigation or
reveal investigative techniques) to representatives of an awardee of an
NIH grant, contract, or cooperative agreement that is the subject of an
investigation by OMA, NIH.
The following notice is written in the present, rather than future
tense, in order to avoid the unnecessary expenditure of public funds to
republish the notice after the system has become effective.
[[Page 37145]]
Dated: October 13, 1998.
Anthony L. Itteilag,
Deputy Director for Management, National Institutes of Health.
09-25-0213
SYSTEM NAME:
Administration: Investigative Records, HHS/NIH/OM/OA/OMA.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
Office of Management Assessment (OMA), 6011 Executive Building,
Rockville, MD 20892.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who are alleged or suspected to have violated NIH or
Departmental policies, regulations or Federal statutes and are:
Personnel employed by the Federal Government who are under a career,
career conditional, or other type of appointment; personnel working
under Intergovernmental Personnel Act assignments; Guest Researchers;
Volunteers; Individuals on Temporary Appointments (including student
appointments); Fogarty International Center Scholars; Staff Fellows;
Intramural Research Training Award Fellows; IC Fellowship Award
Recipients; Visiting Associates, Scientists, and Fellows; Commissioned
Corps; individuals who receive funding through or have responsibility
for NIH sponsored grants, contracts, or cooperative agreements and
other individuals who transact or seek to transact business with NIH or
HHS or use the facilities of those agencies.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system includes records relating to allegations of misconduct
against the categories of individuals covered by the system of records.
Examples of these records include: Correspondence from employees,
members of Congress and members of the public alleging misconduct by an
employee of NIH or a person who transacts business with NIH. It also
contains working papers prepared during the investigations, reports of
investigations to resolve allegations of misconduct or violations of
statutes, regulations, or policies, with related exhibits of
statements, affidavits or records obtained during the investigation;
reports of action taken by management; decisions on any misconduct
substantiated by the investigation; and reports of legal action
resulting from violations of statutes referred for prosecution.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301, 302; 42 U.S.C. 203, 282; 44 U.S.C. 3101; E.0. 10450.
PURPOSE(S):
To document reviews and investigations undertaken by the OMA, NIH
to provide management or the Office of Inspector General, Office of the
Secretary, HHS with information needed to take action to resolve
complaints of misconduct or alleged violations of statutes,
regulations, policies, or the terms and conditions of funding.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USE:
1. Disclosure may be made to a Member of Congress or to a
Congressional staff member in response to an inquiry of the
Congressional office made at the written request of the constituent
about whom the record is maintained, if the disclosure does not
compromise the investigative activities of the OMA.
2. The Department of Health and Human Services (HHS) may disclose
information from this system of records to the Department of Justice
when: (a) The agency or any component thereof; or (b) any employee of
the agency in his or her official capacity where the Department of
Justice has agreed to represent the employee; or (c) the United States
Government, is a party to litigation or has an interest in such
litigation, and by careful review, the agency determines that the
records are both relevant and necessary to the litigation and the use
of such records by the Department of Justice is therefore deemed by the
agency to be for a purpose that is compatible with the purpose for
which the agency collected the records.
3. Disclosure may be made to a court or adjudicative body in a
proceeding when: (a) The agency or any component thereof; or (b) any
employee of the agency in his or her official capacity; or (c) any
employee of the agency in his or her individual capacity where the
agency has agreed to represent the employee; or (d) the United States
Government, is a party to the proceeding or has an interest in such
proceeding, and by careful review, the agency determines that the
records are both relevant and necessary to the proceeding and the use
of such records is therefore deemed by the agency to be for a purpose
that is compatible with the purpose for which the agency collected the
records.
4. When a record on its face, or in conjunction with other records,
indicates a violation or potential violation of law, whether civil,
criminal or regulatory in nature, and whether arising by general
statute or particular program statute, or by regulation, rule, or order
issued pursuant thereto, disclosure may be made to the appropriate
agency, whether Federal, foreign, State, local, or tribal, or other
public authority responsible for enforcing, investigating or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation, or order issued pursuant thereto, if
the information disclosed is relevant to any enforcement, regulatory,
investigative or prosecutive responsibility of the receiving entity.
5. Disclosure may be made to a Federal, State, local, foreign, or
tribal or other public authority of any portion of this system of
records that contains information relevant to the retention of an
employee, the retention of a security clearance, the letting of a
contract, or the issuance or retention of a license, grant, or other
benefit. The other agency or licensing organization may then make a
request supported by the written consent of the individual for the
entire record if it so chooses. No disclosure will be made unless the
information has been determined to be sufficiently reliable to support
a referral to another office within the agency or to another Federal
agency for criminal, civil, administrative, personnel, or regulatory
action.
6. Disclosure may be made to Federal, State, local or foreign
agency maintaining civil, criminal, or other relevant enforcement
records, or other pertinent records, or to another public authority or
professional organization, if necessary to obtain information relevant
to an investigation concerning the retention of an employee or other
personnel action, the issuance or retention of a security clearance,
the letting of a contract, or the issuance or retention of a grant, or
other benefit.
7. Where Federal agencies having the power to subpoena other
Federal agencies' records, such as the Internal Revenue Service or the
Civil Rights Commission, issue a subpoena to the Department for records
in this system of records, the Department is authorized to make such
records available.
8. Disclosure may be made to agency contractors, experts, or
consultants who have been engaged by the agency to assist in the
performance of a service related to this system of records and who need
to have access to the records in order to perform the activity.
Recipients shall be required to comply with the requirements of the
Privacy Act
[[Page 37146]]
of 1974, as amended, pursuant to 5 U.S.C. 552a(m).
9. Disclosure may be made in the course of employee discipline or
competence determination proceedings.
10. Disclosure may be made to representatives of an awardee of an
NIH grant, contract, or cooperative agreement that is the subject of an
investigation by the OMA, NIH, to the extent necessary for OMA to carry
out its investigative functions, while providing appropriate
confidentiality for the accused, complainant and witness.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored on paper forms in file folders, file cards,
magnetic tapes, magnetic disks, optical disks and/or other types of
data storage devices.
RETRIEVABILITY:
Records are retrieved by a unique classification number; name of
the victim, accused, or complainant, date of birth, Social Security
number; and by the nature of the incident and/or time of occurrence.
SAFEGUARDS:
1. Authorized Users: Data on computer files is accessed by keyword
known only to authorized users who are OMA employees or contractor
staff who have a need for the data in the performance of their duties
as determined by the system manager.
2. Physical Safeguards: Access to the restricted office area
containing the rooms where records are stored is controlled through the
use of door locks. Only authorized users have the keys to these locks.
During regular business hours, rooms in this restricted area are
unlocked but entry is controlled by on-site personnel. Rooms where
records are stored are locked when not in use. Individually
identifiable records are kept in locked file cabinets or in locked
rooms under the direct control of the system manager or his/her
delegated representatives.
3. Procedural and Technical Safeguards: Computer records are
accessible only through a series of code or keyword commands available
from and under direct control of the system manager or his/her
delegated representatives. These records are secured by a multiple-
level security system which is capable of controlling access to the
individual data field level. Persons having access to the computer
database can be restricted to a confined application which permits only
a narrow ``view'' of the data. All authorized users of personal
information in connection with the performance of their jobs (see
Authorized Users, above) protect information from public view and from
unauthorized personnel entering an unsupervised area/office. These
practices are in compliance with the standards of Chapter 45-13 of the
HHS General Administration Manual, supplementary Chapter PHS hf: 45-13,
the Department's Automated Information Systems Security Program
Handbook, and the National Institute of Standards and Technology
Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub.
31).
RETENTION AND DISPOSAL:
Records are retained and disposed of under the authority of the NIH
Records Control Schedule contained in Manual Chapter 1743, Appendix 1--
``Keeping and Destroying Records'' (HHS Records Management Manual,
Appendix B-361): Item 1700-A-4, which allows records to be kept
permanently when involving extensive litigation; five years for minor
infractions or improprieties when final recommendation is that no
action be taken, or 20 years for all other. Refer to the NIH Manual
Chapter for specific retention and disposition instructions.
SYSTEM MANAGER(S) AND ADDRESS:
Director, Office of Management Assessment, National Institutes of
Health, 6011 Executive Blvd., Room 601, Rockville, Maryland 20892.
NOTIFICATION PROCEDURES:
This system is exempt from the notification requirements. However,
consideration will be given to requests addressed to the system manager
listed above. The requestor must verify his or her identity by
providing either a notarization of the request or a written
certification that the requestor is who he or she claims to be and
understands that the knowing and willful request for acquisition of a
record pertaining to an individual under false pretenses is a criminal
offense under the Act, subject to a five thousand dollar fine. The
request should include: (a) full name, (b) address, and, (c) year of
records in question.
RECORDS ACCESS PROCEDURE:
This system is exempt from the access requirements. However,
consideration will be given to requests addressed to the system manager
listed above. The requestor must verify his or her identity by
providing either a notarization of the request or a written
certification that the requestor is who he or she claims to be and
understands that the knowing and willful request for acquisition of a
record pertaining to an individual under false pretenses is a criminal
offense under the Act, subject to a five thousand dollar fine. The
request should include: (a) Full name, (b) address, and, (c) year of
records in question. Requestors should also reasonably specify the
record contents being sought. Although the system is exempt,
individuals may, upon request, receive records from this system and an
accounting of disclosure of their records, if the system manager
determines that disclosure would not compromise the investigative
activities of the OMA, NIH.
CONTESTING RECORD PROCEDURE:
Exempt. However, consideration will be given requests addressed to
the system manager. Requests for corrections should reasonably identify
the record and specify the information being contested, and state the
corrective action sought with supporting information. The right to
contest records is limited to information which is incomplete,
irrelevant, incorrect, or untimely (obsolete).
RECORD SOURCE CATEGORIES:
Departmental and other Federal, State, and local government
records; subjects of investigations, complaints, witnesses; documents
and other material furnished by non-government sources; and personal
observations by the investigator.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
This system has been exempted pursuant to 5 U.S.C. 552a (k)(2) of
the Privacy Act from the access, notification, correction, and
amendment provisions of the Privacy Act [5 U.S.C. 552a (c)(3), (d)(1)-
(4), (e)(1), (e)(4)(G) and (H) and (f)], because it consists of
investigatory material compiled for law enforcement purposes.
Individual access to these files could impair investigations and alert
subjects of investigations that their activities are being scrutinized,
thereby allowing them time to take measures to prevent detection of
illegal action or to escape prosecution. Disclosure of investigative
techniques/procedures and the existence and identity of confidential
sources of information could jeopardize investigative activities.
However, any individual who has been denied any right, privilege, or
benefit for which he/she would otherwise be entitled or be eligible, as
a result of the maintenance of such material, will be given access to
the material, except to the extent that the disclosure of the material
would
[[Page 37147]]
reveal the identity of a source who furnished information to the
Government under an express promise that the identity of such source
would be held in confidence.
The system is also exempted under 5 U.S.C. 552a (k)(5) of the
Privacy Act which allows the agency to exempt from individual access,
investigatory materials compiled for the purpose of determining
suitability, eligibility, or qualification for federal employment or
financial assistance if release of the material would disclose the
identity of a confidential source who furnished information to the
Government under an express promise that the identity of the source
would be held in confidence.
Note: This document was received by the Office of the Federal
Register on July 2, 1999.
[FR Doc. 99-17412 Filed 7-8-99; 8:45 am]
BILLING CODE 4140-01-P
