AGENCY:

National Science Foundation.

ACTION:

Notice of two new systems of records.

SUMMARY:

The National Science Foundation (NSF) proposes to establish two new systems of records: NSF-78 “NSF Staff and Visitor Medical Information” and NSF-79 “Health Program Records.” NSF-78 “NSF Staff and Visitor Medical Information” will contain workplace safety and personnel information collected from NSF staff and visitors in response to a health-related declaration of a national emergency by the President, a public health emergency declared by the Secretary of the Department of Health and Human Services (HHS) or other designated federal official, or a designated state official. NSF-79 “Health Program Records” will contain medical information from NSF staff and visitors who use the services of the NSF Health Unit or other NSF health programs. Such services may include routine well visits, occupational health, travel clearances, immunizations, and health assessments.

DATES:

Persons wishing to comment on the changes set out in this notice may do so on or before December 22, 2021.

Effective Date: This action will be effective without further notice on December 22, 2021 unless modified by subsequent notice to incorporate comments received from the public.

ADDRESSES:

You may submit comments, identified by any of the following methods:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

• Email: Sarita Marshall, Branch Chief, at samarsha@nsf.gov.

• Mail: Sarita Marshall, Branch Chief, Division of Human Resource Management, National Science Foundation, 2415 Eisenhower Ave., Alexandria, VA 22331.

Instructions: NSF will post all comments on the NSF's website ( https://www.nsf.gov/​policies/​privacy_​act.jsp ). All comments submitted in response to this Notice will become a matter of public record. Therefore, you should submit only information that you wish to make publicly available.

FOR FURTHER INFORMATION CONTACT:

If you wish to submit general questions about the proposed new systems of records NSF-78 and NSF-79, please contact Sarita Marshall, Branch Chief, at 202-292-8767, or via email at samarsha@nsf.gov.

SUPPLEMENTARY INFORMATION:

NSF is publishing NSF-78 “NSF Staff and Visitor Medical Information” to provide notice to individuals regarding the collection, maintenance, use and disclosure of health screening and contact tracing information collected from and about NSF staff and visitors, including those working at or visiting Start Printed Page 66341 NSF or an NSF-sponsored event outside of the headquarters location. For purposes of this SORN, “NSF staff” includes NSF federal employees, Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, Engineers, and Educators (VSEEs), NSF contractors, non-NSF government personnel or contractors, interns, fellows, and volunteers. NSF is collecting this information to protect the health of NSF staff and visitors, including those who seek to enter the NSF facility and/or were physically present in the facility and came in close proximity to or had physical contact with NSF staff and/or visitors who, at the time, were infected or had symptoms of infection with a communicable disease.

Health screening information will be used to reduce the risk that individuals with symptoms consistent with a communicable disease will enter the NSF facility or event and infect NSF staff and/or visitors with a communicable disease. Contact tracing information will be used to identify other NSF staff and/or visitors who were present in the NSF facility and in close proximity to or had physical contact with NSF staff and/or visitors who, at the time, were infected or had symptoms of infection with a communicable disease.

The proposed system of records will have an effect on individual privacy because personally identifiable information, including medical information, is required to conduct health screening, to identify persons who have or may have been exposed to or infected with a communicable disease ( e.g., to reduce risk by allowing them to work from home or use leave, as needed), and to identify other persons with whom an infected person might have had contact in the NSF facility or another facility hosting a NSF-sponsored event. In order to reduce the risk to individual privacy, NSF is minimizing dissemination of the information it maintains. For example, if NSF staff or visitors test positive for a communicable disease and reveal this information to NSF (or NSF acquires this information from another source), their identity will not be disclosed to other persons with whom they came in close physical contact unless otherwise authorized by law.

NSF is publishing NSF-79 “Health Program Records” to provide notice to individuals regarding the collection, maintenance, use and disclosure of medical and health related information collected from NSF staff and visitors who use the services of the NSF Health Unit and/or other NSF health-related programs and initiatives. For purposes of this SORN, “NSF staff” includes NSF federal employees, Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, Engineers, and Educators (VSEEs), NSF contractors, non-NSF government personnel or contractors, interns, fellows, and volunteers. The primary purposes of the collection and maintenance of these records is to allow NSF, including the NSF Health Unit, to provide medical evaluation and treatment of patients, comply with laws and policies regarding the reporting of communicable diseases, support personnel-related matters, and allow NSF staff to participate in NSF health programs. A new electronic record keeping system will support electronic registration of new patients as well as the capability for patients 24/7 access their medical records.

SYSTEM NAME AND NUMBER:

NSF Staff and Visitor Medical Information, NSF-78.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

National Science Foundation, 2415 Eisenhower Ave., Alexandria, VA 22314.

SYSTEM MANAGER(S):

Branch Chief, Division of Human Resource Management, 2415 Eisenhower Ave., Alexandria, VA 22314

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Occupational Safety and Health Act (OSHA) of 1970, Public Law 91-596, Section 19(a) ( 29 U.S.C. 668 (a)); Executive Order 12196 (Occupational Safety and Health Programs for Federal Employees), 5 U.S.C. 7902 (d); 29 U.S.C. 668, 29 CFR part 1904, 29 CFR 1910.1020, and 29 CFR 1960.66; Executive Orders 12196 (Occupational Safety and Health Programs for Federal Employees), 13991 (Protecting the Federal Workforce and Requiring Mask-Wearing), 14042 (Ensuring Adequate Safety COVID Protocols for Contractors), and 14043 (Requiring Coronavirus Disease 2019 Vaccination for Federal Employees); OMB Memorandum M-21-15, COVID-19 Safe Federal Workplace: Agency Model Safety Principles; OMB Memorandum M-21-25, Integrating Planning for a Safe Increased Return of Federal Employees and Contractors to Physical Workplaces with Post-Reentry Personnel Policies and Work Environments; updated COVID-19 Workplace Safety: Agency Model Safety Principles, issued by the Safer Federal Workforce Task Force; the National Science Foundation Act of 1950 (Pub. L. 81-507, sec. 11), including policies and agreements authorized and issued thereunder; and other authorities, including title VII of the Civil Rights Act of 1964, the Rehabilitation Act of 1973, Executive Order 13164 (Establishing Procedures to Facilitate the Provision of Reasonable Accommodation), and Equal Employment Opportunity Commission (EEOC) regulations (29 CFR parts 1601 et seq. ), as applicable.

PURPOSE(S) OF THE SYSTEM:

NSF intends to collect the information in the system to assist NSF with maintaining a safe and healthy workplace, to (1) protect individuals in the NSF facility, including NSF-sponsored events outside of the NSF facility, from risks associated with a public health emergency; (2) to plan and respond to workplace and personnel flexibilities needed during a public health emergency; (3) to facilitate NSF's cooperation with public health authorities; (4) to perform contact tracing investigations of and notifications to NSF staff and visitors known or suspected of exposure to communicable diseases who came in close physical proximity to or had physical contact with other persons while working in or visiting the NSF facility; and (5) to comply with OSHA recordkeeping and reporting requirements.

Contact tracing is defined as the identification, monitoring, and support of an affected individual (an individual in the NSF facility with confirmed or probable exposure to a public health emergency contaminant), and identification and contact of a potentially affected individual (an individual who was in contact with an affected individual or exposed to a public health emergency contaminant while in the NSF facility or at an NSF-sponsored event outside of the NSF facility).

NSF may collect this information in response to a declaration of public health emergency by the Secretary of HHS. Under section 319 of the Public Health Service Act, the Secretary of HHS may declare that: (a) A disease or disorder presents a public health emergency; or (b) that a public health emergency, including significant outbreaks of infectious disease or bioterrorist attacks, otherwise exists. When the Secretary of HHS determines that a public health emergency exists, NSF must respond to protect the health of its workforce. NSF's response will depend on the nature of the particular public health emergency but may include collecting information from NSF staff and visitors. Start Printed Page 66342

NSF may also collect this information when it determines that the spread of a communicable disease presents a significant risk of substantial harm to the health of NSF staff or visitors. NSF will consider any public health emergency declared by state or local officials in making such a determination. In other circumstances, even in the absence of a health-related declaration of national emergency or declaration of public health emergency (HHS or state level), NSF may collect this information where it determines that the spread of a communicable disease presents a significant risk of substantial harm to the health of NSF staff or visitors.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system covers NSF federal employees, individuals working in the NSF facility or on official NSF business, including Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, Engineers, and Educators (VSEEs), NSF contractors, non-NSF government personnel or contractors, interns, fellows, and volunteers. Other categories of individuals covered by the system include visitors to the NSF facility and potentially affected individuals at NSF-sponsored events outside of the NSF facility or otherwise present during official NSF business. The system also covers individuals listed as emergency contacts for such individuals.

CATEGORIES OF RECORDS IN THE SYSTEM:

NSF Staff and Visitor Medical Information may include identification and contact information such as name, address, work or personal phone number(s), work or personal email address(es), organization (directorate/division), date of birth, medical reports, assessments, vaccination status, testing status (where and when it occurred; status of results), test type, test results, disease type, health status, approximate date of exposure, last date physically present in the NSF facility or at an NSF-sponsored event, name of facility visited (if outside of the NSF facility), areas of the NSF or other facility (if an NSF event outside of the NSF facility) traversed, areas and objects touched, workplace contacts, names of persons who had physical contact with or was in prolonged close physical proximity to infected/potentially infected persons, extended proximity event time and date, number of events, number of individuals in an event, number of individuals at location, dates and locations of domestic and international travel, and related information and documents collected for the purpose of screening and contact tracing, including attestations regarding vaccination, testing and treatment status. In addition, relevant personal information may be collected from individuals to assist NSF in making a determination regarding an employee's request for an exception to a vaccination requirement and/or other reasonable accommodations.

RECORD SOURCE CATEGORIES:

Records are obtained through paper forms, interviews, or electronically from NSF staff, visitors, or individuals who attend an NSF-sponsored event. With regard to contact tracing, information may be collected from individuals infected or potentially infected while physically present in the NSF facility or at an NSF-sponsored event, other individuals with whom an infected or potentially infected individual had close contact, other federal or state agencies, physicians (as allowed by law or with consent from the individual), visitors or their employers, and NSF staff and visitors who maintain (manually or electronically) a log or report of their close physical contacts (and the duration of that contact) while in the NSF facility to individuals designated by NSF.

Information is also collected from security systems monitoring access to Agency facilities (such as video surveillance and key card logs), human resources systems, emergency notification systems, and federal, state, and local agencies assisting with the response to a public health emergency.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The following NSF standard routine uses apply:

1. Members of Congress. Information from a system may be disclosed to congressional offices in response to inquiries from the congressional offices made at the request of the individual to whom the record pertains.

2. Freedom of Information Act/Privacy Act Compliance. Information from a system may be disclosed to the Department of Justice or the Office of Management and Budget in order to obtain advice regarding NSF's obligations under the Freedom of Information Act and the Privacy Act.

3. Counsel. Information from a system may be disclosed to NSF's legal representatives, including the Department of Justice and other outside counsel, where the agency is a party in litigation or has an interest in litigation and the information is relevant and necessary to such litigation, including when any of the following is a party to the litigation or has an interest in such litigation: (a) NSF, or any component thereof; (b) any NSF employee in his or her official capacity; (c) any NSF employee in his or her individual capacity, where the Department of Justice has agreed to, or is considering a request to, represent the employee; or (d) the United States, where NSF determines that litigation is likely to affect the agency or any of its components.

4. National Archives, General Services Administration. Information from a system may be disclosed to representatives of the General Services Administration and the National Archives and Records Administration (NARA) during the course of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

5. Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information. NSF may disclose information from the system to appropriate agencies, entities, and persons when: (a) NSF suspects or has confirmed that there has been a breach of the system of records; (2) NSF has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals; NSF (including its information systems, programs, and operations); the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NSF efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. Furthermore, NSF may disclose information from the system to another Federal agency or Federal entity, when NSF determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) Responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

6. Courts. Information from a system may be disclosed to the Department of Justice or other agencies in the event of a pending court or formal administrative proceeding, when the information is relevant and necessary to that proceeding, for the purpose of representing the government, or in the course of presenting evidence, or the information may be produced to parties Start Printed Page 66343 or counsel involved in the proceeding in the course of pre-trial discovery.

7. Contractors. Information from a system may be disclosed to contractors, agents, experts, consultants, or others performing work on a contract, service, cooperative agreement, job, or other activity for NSF and who have a need to access the information in the performance of their duties or activities for NSF.

8. Audit. Information from a system may be disclosed to government agencies and other entities authorized to perform audits, including financial and other audits, of the agency and its activities.

9. Law Enforcement. Information from a system may be disclosed, where the information indicates a violation or potential violation of civil or criminal law, including any rule, regulation or order issued pursuant thereto, to appropriate Federal, State, or local agencies responsible for investigating, prosecuting, enforcing, or implementing such statute, rule, regulation, or order.

10. Disclosure When Requesting Information. Information from a system may be disclosed to Federal, State, or local agencies which maintain civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary, to obtain information relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

11. To the news media and the public when: (1) A matter has become public knowledge, (2) the NSF Office of the Director determines that disclosure is necessary to preserve confidence in the integrity of NSF or is necessary to demonstrate the accountability of NSF's officers, employees, or individuals covered by this system, or (3) the Office of the Director determines that there exists a legitimate public interest in the disclosure of the information, except to the extent that the Office of the Director determines in any of these situations that disclosure of specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

In addition to the standard routine uses, information may be disclosed as follows:

12. Federal agencies such as the HHS, state and local health departments, and other public health or cooperating medical authorities in connection with program activities and related collaborative efforts to deal more effectively with exposures to communicable diseases, and to satisfy mandatory reporting requirements when applicable.

13. Contractors to assist the agency in health screening and contact tracing activities and assessing/revising/improving NSF processes, procedures, performance, and implementation of health screening and contact tracing activities.

14. To appropriate federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, to the extent permitted by law for the purpose of protecting the vital interests of a data subject or other persons, including to assist such agencies or organizations in preventing exposure to or transmission of a communicable or quarantinable disease or to combat other significant public health threats.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system are stored electronically in secure facilities or on paper. Electronic records are maintained in a secure password-protected environment. Permission level assignments will allow internal agency users access only to those functions for which they are authorized. All paper records are maintained in secure, access-controlled areas or buildings. Paper records are stored in a locked drawer, behind a locked door or at a secure offsite location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by an individual's name or other unique personal identifier such as an email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

All data maintained by this system of records are retained and destroyed in accordance with the NARA Records Schedule 2.7; item 020 (occupational injury and illness program records), and item 040 (workplace environmental monitoring and exposure records). Contact tracing records will be maintained in the agency in accordance with proposed retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system are safeguarded in accordance with applicable law, rules, and policies, including all applicable NSF automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know (including medical personnel under a contract agreement) the information for the performance of their official duties. These records are maintained in a secure password-protected environment. All users are required to take annual NSF IT Security and Privacy Awareness Training, which covers the procedures for handling Sensitive but Unclassified Information, including personally identifiable information (PII).

RECORD ACCESS PROCEDURES:

Individuals seeking to access information about themselves contained in this system are required to follow the procedures found at 45 CFR part 613.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest information about themselves contained in this system are required to follow the procedures found at 45 CFR part 613.

NOTIFICATION PROCEDURES:

Individuals requesting access to or contesting records contained in this system will be notified according to the procures found at 45 CFR part 613.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.

SYSTEM NAME AND NUMBER:

Health Program Records, NSF-79.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

National Science Foundation, 2415 Eisenhower Ave., Alexandria, VA 22314.

SYSTEM MANAGER(S):

Branch Chief, Pay and Benefits Services, Division of Human Resource Management 2415 Eisenhower Ave., Suite W 15000, Alexandria, VA 22314.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 7901 and the National Science Foundation Act of 1950 (Pub. L. 81-507). To the extent that this system includes records relating to requests for reasonable accommodations, see also title VII of the Civil Rights Act of 1964, the Rehabilitation Act of 1973, Executive Order 13164 (Establishing Procedures to Facilitate the Provision of Reasonable Accommodation), and Equal Employment Opportunity Commission (EEOC) regulations (29 CFR parts 1601 et seq. ), as applicable. Start Printed Page 66344

PURPOSE(S) OF THE SYSTEM:

Information in this system of records is collected and maintained to document an individual's utilization of health services provided by the NSF Health Unit and other NSF health programs. Data is necessary to ensure proper evaluation, diagnosis, treatment, and referral to maintain continuity of care; a medical history of care received by the individual; planning for further care of the individual; a means of communication among health care members who contribute to the individual's care; and a legal document of health care rendered. Information is also collected to help NSF coordinate with other federal, state and local agencies when responding to health emergencies, comply with laws regarding the reporting of communicable disease, and address personnel matters such as review of medical documentation submitted in support of requests for reasonable accommodations on the basis of a disability or travel clearances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system covers any individual who receives care at the NSF Health Unit or by Health Unit staff, or other NSF health programs. Covered individuals may include NSF federal employees, individuals working in the NSF facility or on official NSF business, including Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, Engineers, and Educators (VSEEs), NSF contractors, non-NSF government personnel or contractors, interns, fellows, volunteers, and visitors to NSF headquarters.

CATEGORIES OF RECORDS IN THE SYSTEM:

Health screening data, patient medical records, and other information provided to the Health Unit during the course of patient intake and care, and/or information provided to other NSF health programs that NSF may participate in. These records may include personal data such as name; date of birth; address; telephone number; email address; emergency contact information; information about and obtained from and individual's physician; medical history; biographical data including about family members; examination, diagnostic, assessment, and treatment data; laboratory findings; nutrition and dietetic files; nursing notes; immunization records; vaccination records; and prescription information. In addition, this system may contain relevant personal information that has been collected from individuals to assist NSF in making a determination regarding the individual's request for a medical exception to a vaccination requirement and/or other reasonable accommodations requested on the basis of a disability. See also SORN NSF-78.

RECORD SOURCE CATEGORIES:

Information in this system of records comes from the individual to whom it applies; laboratory reports and test results; health unit physicians, nurses, and other medical technicians who have examined, tested, or treated the individual; the individual's personal physician; other federal employee health units; and other federal, state and local agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The following NSF standard routine uses apply:

1. Members of Congress. Information from a system may be disclosed to congressional offices in response to inquiries from the congressional offices made at the request of the individual to whom the record pertains.

2. Freedom of Information Act/Privacy Act Compliance. Information from a system may be disclosed to the Department of Justice or the Office of Management and Budget in order to obtain advice regarding NSF's obligations under the Freedom of Information Act and the Privacy Act.

3. Counsel. Information from a system may be disclosed to NSF's legal representatives, including the Department of Justice and other outside counsel, where the agency is a party in litigation or has an interest in litigation and the information is relevant and necessary to such litigation, including when any of the following is a party to the litigation or has an interest in such litigation: (a) NSF, or any component thereof; (b) any NSF employee in his or her official capacity; (c) any NSF employee in his or her individual capacity, where the Department of Justice has agreed to, or is considering a request to, represent the employee; or (d) the United States, where NSF determines that litigation is likely to affect the agency or any of its components.

4. National Archives, General Services Administration. Information from a system may be disclosed to representatives of the General Services Administration and the National Archives and Records Administration (NARA) during the course of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

5. Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information. NSF may disclose information from the system to appropriate agencies, entities, and persons when: (a) NSF suspects or has confirmed that there has been a breach of the system of records; (2) NSF has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NSF (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NSF efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. Furthermore, NSF may disclose information from the system to another Federal agency or Federal entity, when NSF determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) Responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

6. Courts. Information from a system may be disclosed to the Department of Justice or other agencies in the event of a pending court or formal administrative proceeding, when the information is relevant and necessary to that proceeding, for the purpose of representing the government, or in the course of presenting evidence, or the information may be produced to parties or counsel involved in the proceeding in the course of pre-trial discovery.

7. Contractors. Information from a system may be disclosed to contractors, agents, experts, consultants, or others performing work on a contract, service, cooperative agreement, job, or other activity for NSF and who have a need to access the information in the performance of their duties or activities for NSF.

8. Audit. Information from a system may be disclosed to government agencies and other entities authorized to perform audits, including financial and other audits, of the agency and its activities.

9. Law Enforcement. Information from a system may be disclosed, where the information indicates a violation or potential violation of civil or criminal law, including any rule, regulation, or order issued pursuant thereto, to appropriate Federal, State, or local Start Printed Page 66345 agencies responsible for investigating, prosecuting, enforcing, or implementing such statute, rule, regulation, or order.

10. Disclosure When Requesting Information. Information from a system may be disclosed to Federal, State, or local agencies which maintain civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary, to obtain information relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

11. To the news media and the public when: (1) A matter has become public knowledge, (2) the NSF Office of the Director determines that disclosure is necessary to preserve confidence in the integrity of NSF or is necessary to demonstrate the accountability of NSF's officers, employees, or individuals covered by this system, or (3) the Office of the Director determines that there exists a legitimate public interest in the disclosure of the information, except to the extent that the Office of the Director determines in any of these situations that disclosure of specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

In addition to the standard routine uses, information may be disclosed as follows:

12. Medical personnel under a contract agreement with NSF.

13. To disclose information to a federal, state, or local agency to the extent necessary to comply with laws governing reporting of communicable disease.

14. Appropriate federal, state, or local agencies responsible for investigation of an accident, disease, medical condition, or injury as required by pertinent legal authority.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system are stored electronically in secure facilities or on paper. Electronic records are maintained in a secure password-protected environment. Permission level assignments will allow internal agency users access only to those functions for which they are authorized. All paper records are maintained in secure, access-controlled areas or buildings. Paper records are stored in a locked drawer, behind a locked door or at a secure offsite location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by an individual's name or other unique personal identifier such as an email address or phone number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

All data maintained by this system of records are retained and destroyed in accordance with the NARA Records Schedule 2.7; item 010 (clinic scheduling records); items 060, 061, and 062 (occupational individual medical case files); and item 070 (non-occupational individual medical case files).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system are safeguarded in accordance with applicable law, rules, and policies, including all applicable NSF automated systems security and access policies. Strict controls have been imposed to minimize the risk of compromising the information that is being stored. Access to the computer system containing electronic records in this system is limited to those individuals who have a need to know (including medical personnel under a contract agreement) the information for the performance of their official duties. These records are maintained in a secure password-protected environment. All users are required to take annual NSF IT Security and Privacy Awareness Training, which covers the procedures for handling Sensitive but Unclassified Information, including personally identifiable information (PII).

RECORD ACCESS PROCEDURES:

Individuals seeking to access information about themselves contained in this system are required to follow the procedures found at 45 CFR part 613.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest information about themselves contained in this system are required to follow the procedures found at 45 CFR part 613.

NOTIFICATION PROCEDURES:

Individuals requesting access to or contesting records contained in this system will be notified according to the procures found at 45 CFR part 613.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.