[Federal Register Volume 64, Number 131 (Friday, July 9, 1999)]
[Notices]
[Pages 37143-37147]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-17412]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

National Institutes of Health


Privacy Act of 1974; New System of Records

AGENCY: National Institutes of Health, HHS.

ACTION: Notification of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, the National Institutes of Health (NIH) is proposing to establish 
a new system of records, 09-25-0213, ``Administration: Investigative 
Records, HHS/NIH/OM/OA/OMA.''

DATES: NIH invites interested parties to submit comments with regard to 
the proposed internal and routine uses on or before August 9, 1999. NIH 
sent a report of a New System to the Congress and to the Office of 
Management and Budget (OMB) on July 9, 1999. This system of records 
will be effective 40 days from the date of publication unless NIH 
receives comments on the routine uses which would result in a contrary 
determination.

ADDRESSES: Please submit comments to: NIH Privacy Act Officer, 6011 
Executive Boulevard, Room 601, MSC 7669, Rockville, MD 20852, 301-496-
2832. (This is not a toll free number.) Comments received will be 
available for inspection at this same address from 9 a.m. to 3 p.m., 
Monday through Friday.

FOR FURTHER INFORMATION CONTACT: NIH Privacy Act Officer, 6011 
Executive Boulevard, Room 601, MSC 7669, Rockville, MD 20852, 301-496-
2832. (This is not a toll free number.)

SUPPLEMENTARY INFORMATION: The National Institutes of Health (NIH) 
proposes to establish a new system of records: 09-25-0213, 
``Administration: Investigative Records, HHS/NIH/OM/OA/OMA.'' The 
purposes of the Investigative Records system of records are to document 
reviews and investigations undertaken by the Office of Management 
Assessment (OMA), NIH, to provide management or the Office of Inspector 
General, Office of the Secretary, HHS, with information needed to take 
action to resolve complaints of misconduct or alleged violations of 
statutes, regulations, policies, or the terms and conditions of 
funding.
    This system will comprise records that contain a unique 
classification number; names of the victim, accused, complainant, and 
witnesses; date of birth; Social Security number; nature of the 
incident; and time of occurrence.

[[Page 37144]]

This system will include records relating to correspondence concerning 
an individual's employment status or conduct while employed by or 
working at NIH. This system will also contain reports of investigations 
to resolve allegations of misconduct or violations of statutes, 
regulations or policies, with related exhibits of statements, 
affidavits or records obtained during the investigation; reports of 
action taken by management; decisions on any misconduct substantiated 
by the investigation; and reports of legal action resulting from 
violations of statutes referred for prosecution.
    The records in this system will be maintained in a secure manner 
compatible with their content and use. NIH and contractor staff will be 
required to adhere to the provisions of the Privacy Act and the HHS 
Privacy Act Regulations. The System Manager will control access to the 
data. Only authorized users whose official duties require the use of 
such information will have regular access to the records in this 
system. Authorized users are OMA employees and contractors responsible 
for implementing employee conduct investigations. Records may be stored 
on electronic media such as computer tapes and diskettes, and as hard-
copy records. Manual and computerized records will be maintained in 
accordance with the standards of Chapter 45-13 of the HHS General 
Administration Manual, ``Safeguarding Records Contained in Systems of 
Records,'' supplementary Chapter PHS hf:45-13, the Department's 
Automated Information System Security Program Handbook, and the 
National Institute of Standards and Technology Federal Information 
Processing Standards (FIPS Pub. 41 and FIPS Pub. 31).
    Data on computer files is accessed by keyword known only to 
authorized users who are OMA employees or contractor staff who have a 
need for the data in the performance of their duties as determined by 
the system manager. Access to the restricted office area containing the 
rooms where records are stored is controlled through the use of door 
locks. Only authorized users have the keys to these locks. During 
regular business hours, rooms in this restricted area are unlocked but 
entry is controlled by on-site personnel. Rooms where records are 
stored are locked when not in use. Individually identifiable records 
are kept in locked file cabinets or in locked rooms under the direct 
control of the system manager or his/her delegated representatives. 
Computer records are accessible only through a series of code or 
keyword commands available from and under direct control of the system 
manager or his/her delegated representatives.
    The routine uses proposed for this system are compatible with the 
stated purposes of the system. The first routine use allows disclosure 
to a Member of Congress or to a Congressional staff member in response 
to an inquiry of the Congressional office made at the written request 
of the constituent about whom the record is maintained, if the 
disclosure does not compromise the investigative activities of the OMA. 
The second routine use allows the Department of Health and Human 
Services (HHS) to disclose information from this system of records to 
the Department of Justice when: (a) The agency or any component 
thereof; or (b) any employee of the agency in his or her official 
capacity where the Department of Justice has agreed to represent the 
employee; or (c) the United States Government, is a party to litigation 
or has an interest in such litigation, and by careful review, the 
agency determines that the records are both relevant and necessary to 
the litigation and the use of such records by the Department of Justice 
is therefore deemed by the agency to be for a purpose that is 
compatible with the purpose for which the agency collected the records. 
The third routine use allows disclosure to a court or adjudicative body 
in a proceeding when: (a) The agency or any component thereof; or (b) 
any employee of the agency in his or her official capacity; or (c) any 
employee of the agency in his or her individual capacity where the 
agency has agreed to represent the employee; or (d) the United states 
Government, is a party to the proceeding or has an interest in such 
proceeding, and by careful review, the agency determines that the 
records are both relevant and necessary to the proceeding and the use 
of such records is therefore deemed by the agency to be for a purpose 
that is compatible with the purpose for which the agency collected the 
records. The fourth routine use allows disclosure when a record, on its 
face or in conjunction with other records, indicates a violation or 
potential violation of law, whether civil, criminal or regulatory in 
nature, and whether arising by general statute or particular program 
statute, or by regulation, rule, or order issued pursuant thereto, to 
the appropriate agency, whether Federal, foreign, State, local, or 
tribal, or other public authority responsible for enforcing, 
investigating or prosecuting such violation or charged with enforcing 
or implementing the statute, or rule, regulation, or order issued 
pursuant thereto, if the information disclosed is relevant to any 
enforcement, regulatory, investigative or prosecutive responsibility of 
the receiving entity. The fifth routine use allows disclosure to a 
Federal, State, local, foreign, or tribal or other public authority of 
any portion of this system of records that contains information 
relevant to the retention of an employee, the retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
license, grant, or other benefit. The sixth routine use allows 
disclosure to Federal, State, local or foreign agencies maintaining, 
civil, criminal, or other relevant enforcement records, or other 
pertinent records, or to another public authority or professional 
organization, if necessary to obtain information relevant to an 
investigation concerning the retention of an employee or other 
personnel action, the issuance or retention of a security clearance, 
the letting of a contract, or the issuance or retention of a grant, or 
other benefit. The seventh routine use allows disclosure where Federal 
agencies having the power to subpoena other Federal agencies' records, 
such as the Internal Revenue Service or the Civil Rights Commission, 
issue a subpoena to the Department for records in this system of 
records, and the Department is authorized to make such records 
available. The eighth routine use allows disclosure to agency 
contractors, experts, or consultants who have been engaged by the 
agency to assist in the performance of a service related to this system 
of records and who need to have access to the records in order to 
perform the activity. The ninth routine use allows disclosure in the 
course of employee discipline or competence determination proceedings. 
The tenth routine use allows disclosure of pertinent records 
(excluding, for example, records that OMA determines would invade the 
privacy of the complainant or witnesses, impede the investigation or 
reveal investigative techniques) to representatives of an awardee of an 
NIH grant, contract, or cooperative agreement that is the subject of an 
investigation by OMA, NIH.
    The following notice is written in the present, rather than future 
tense, in order to avoid the unnecessary expenditure of public funds to 
republish the notice after the system has become effective.


[[Page 37145]]


    Dated: October 13, 1998.
Anthony L. Itteilag,
Deputy Director for Management, National Institutes of Health.
09-25-0213

SYSTEM NAME:
    Administration: Investigative Records, HHS/NIH/OM/OA/OMA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Office of Management Assessment (OMA), 6011 Executive Building, 
Rockville, MD 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who are alleged or suspected to have violated NIH or 
Departmental policies, regulations or Federal statutes and are: 
Personnel employed by the Federal Government who are under a career, 
career conditional, or other type of appointment; personnel working 
under Intergovernmental Personnel Act assignments; Guest Researchers; 
Volunteers; Individuals on Temporary Appointments (including student 
appointments); Fogarty International Center Scholars; Staff Fellows; 
Intramural Research Training Award Fellows; IC Fellowship Award 
Recipients; Visiting Associates, Scientists, and Fellows; Commissioned 
Corps; individuals who receive funding through or have responsibility 
for NIH sponsored grants, contracts, or cooperative agreements and 
other individuals who transact or seek to transact business with NIH or 
HHS or use the facilities of those agencies.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system includes records relating to allegations of misconduct 
against the categories of individuals covered by the system of records. 
Examples of these records include: Correspondence from employees, 
members of Congress and members of the public alleging misconduct by an 
employee of NIH or a person who transacts business with NIH. It also 
contains working papers prepared during the investigations, reports of 
investigations to resolve allegations of misconduct or violations of 
statutes, regulations, or policies, with related exhibits of 
statements, affidavits or records obtained during the investigation; 
reports of action taken by management; decisions on any misconduct 
substantiated by the investigation; and reports of legal action 
resulting from violations of statutes referred for prosecution.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 302; 42 U.S.C. 203, 282; 44 U.S.C. 3101; E.0. 10450.

PURPOSE(S):
    To document reviews and investigations undertaken by the OMA, NIH 
to provide management or the Office of Inspector General, Office of the 
Secretary, HHS with information needed to take action to resolve 
complaints of misconduct or alleged violations of statutes, 
regulations, policies, or the terms and conditions of funding.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USE:
    1. Disclosure may be made to a Member of Congress or to a 
Congressional staff member in response to an inquiry of the 
Congressional office made at the written request of the constituent 
about whom the record is maintained, if the disclosure does not 
compromise the investigative activities of the OMA.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice 
when: (a) The agency or any component thereof; or (b) any employee of 
the agency in his or her official capacity where the Department of 
Justice has agreed to represent the employee; or (c) the United States 
Government, is a party to litigation or has an interest in such 
litigation, and by careful review, the agency determines that the 
records are both relevant and necessary to the litigation and the use 
of such records by the Department of Justice is therefore deemed by the 
agency to be for a purpose that is compatible with the purpose for 
which the agency collected the records.
    3. Disclosure may be made to a court or adjudicative body in a 
proceeding when: (a) The agency or any component thereof; or (b) any 
employee of the agency in his or her official capacity; or (c) any 
employee of the agency in his or her individual capacity where the 
agency has agreed to represent the employee; or (d) the United States 
Government, is a party to the proceeding or has an interest in such 
proceeding, and by careful review, the agency determines that the 
records are both relevant and necessary to the proceeding and the use 
of such records is therefore deemed by the agency to be for a purpose 
that is compatible with the purpose for which the agency collected the 
records.
    4. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule, or order 
issued pursuant thereto, disclosure may be made to the appropriate 
agency, whether Federal, foreign, State, local, or tribal, or other 
public authority responsible for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, if 
the information disclosed is relevant to any enforcement, regulatory, 
investigative or prosecutive responsibility of the receiving entity.
    5. Disclosure may be made to a Federal, State, local, foreign, or 
tribal or other public authority of any portion of this system of 
records that contains information relevant to the retention of an 
employee, the retention of a security clearance, the letting of a 
contract, or the issuance or retention of a license, grant, or other 
benefit. The other agency or licensing organization may then make a 
request supported by the written consent of the individual for the 
entire record if it so chooses. No disclosure will be made unless the 
information has been determined to be sufficiently reliable to support 
a referral to another office within the agency or to another Federal 
agency for criminal, civil, administrative, personnel, or regulatory 
action.
    6. Disclosure may be made to Federal, State, local or foreign 
agency maintaining civil, criminal, or other relevant enforcement 
records, or other pertinent records, or to another public authority or 
professional organization, if necessary to obtain information relevant 
to an investigation concerning the retention of an employee or other 
personnel action, the issuance or retention of a security clearance, 
the letting of a contract, or the issuance or retention of a grant, or 
other benefit.
    7. Where Federal agencies having the power to subpoena other 
Federal agencies' records, such as the Internal Revenue Service or the 
Civil Rights Commission, issue a subpoena to the Department for records 
in this system of records, the Department is authorized to make such 
records available.
    8. Disclosure may be made to agency contractors, experts, or 
consultants who have been engaged by the agency to assist in the 
performance of a service related to this system of records and who need 
to have access to the records in order to perform the activity. 
Recipients shall be required to comply with the requirements of the 
Privacy Act

[[Page 37146]]

of 1974, as amended, pursuant to 5 U.S.C. 552a(m).
    9. Disclosure may be made in the course of employee discipline or 
competence determination proceedings.
    10. Disclosure may be made to representatives of an awardee of an 
NIH grant, contract, or cooperative agreement that is the subject of an 
investigation by the OMA, NIH, to the extent necessary for OMA to carry 
out its investigative functions, while providing appropriate 
confidentiality for the accused, complainant and witness.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on paper forms in file folders, file cards, 
magnetic tapes, magnetic disks, optical disks and/or other types of 
data storage devices.

RETRIEVABILITY:
    Records are retrieved by a unique classification number; name of 
the victim, accused, or complainant, date of birth, Social Security 
number; and by the nature of the incident and/or time of occurrence.

SAFEGUARDS:
    1. Authorized Users: Data on computer files is accessed by keyword 
known only to authorized users who are OMA employees or contractor 
staff who have a need for the data in the performance of their duties 
as determined by the system manager.
    2. Physical Safeguards: Access to the restricted office area 
containing the rooms where records are stored is controlled through the 
use of door locks. Only authorized users have the keys to these locks. 
During regular business hours, rooms in this restricted area are 
unlocked but entry is controlled by on-site personnel. Rooms where 
records are stored are locked when not in use. Individually 
identifiable records are kept in locked file cabinets or in locked 
rooms under the direct control of the system manager or his/her 
delegated representatives.
    3. Procedural and Technical Safeguards: Computer records are 
accessible only through a series of code or keyword commands available 
from and under direct control of the system manager or his/her 
delegated representatives. These records are secured by a multiple-
level security system which is capable of controlling access to the 
individual data field level. Persons having access to the computer 
database can be restricted to a confined application which permits only 
a narrow ``view'' of the data. All authorized users of personal 
information in connection with the performance of their jobs (see 
Authorized Users, above) protect information from public view and from 
unauthorized personnel entering an unsupervised area/office. These 
practices are in compliance with the standards of Chapter 45-13 of the 
HHS General Administration Manual, supplementary Chapter PHS hf: 45-13, 
the Department's Automated Information Systems Security Program 
Handbook, and the National Institute of Standards and Technology 
Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 
31).

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in Manual Chapter 1743, Appendix 1--
``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361): Item 1700-A-4, which allows records to be kept 
permanently when involving extensive litigation; five years for minor 
infractions or improprieties when final recommendation is that no 
action be taken, or 20 years for all other. Refer to the NIH Manual 
Chapter for specific retention and disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Office of Management Assessment, National Institutes of 
Health, 6011 Executive Blvd., Room 601, Rockville, Maryland 20892.

NOTIFICATION PROCEDURES:
    This system is exempt from the notification requirements. However, 
consideration will be given to requests addressed to the system manager 
listed above. The requestor must verify his or her identity by 
providing either a notarization of the request or a written 
certification that the requestor is who he or she claims to be and 
understands that the knowing and willful request for acquisition of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Act, subject to a five thousand dollar fine. The 
request should include: (a) full name, (b) address, and, (c) year of 
records in question.

RECORDS ACCESS PROCEDURE:
    This system is exempt from the access requirements. However, 
consideration will be given to requests addressed to the system manager 
listed above. The requestor must verify his or her identity by 
providing either a notarization of the request or a written 
certification that the requestor is who he or she claims to be and 
understands that the knowing and willful request for acquisition of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Act, subject to a five thousand dollar fine. The 
request should include: (a) Full name, (b) address, and, (c) year of 
records in question. Requestors should also reasonably specify the 
record contents being sought. Although the system is exempt, 
individuals may, upon request, receive records from this system and an 
accounting of disclosure of their records, if the system manager 
determines that disclosure would not compromise the investigative 
activities of the OMA, NIH.

CONTESTING RECORD PROCEDURE:
    Exempt. However, consideration will be given requests addressed to 
the system manager. Requests for corrections should reasonably identify 
the record and specify the information being contested, and state the 
corrective action sought with supporting information. The right to 
contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Departmental and other Federal, State, and local government 
records; subjects of investigations, complaints, witnesses; documents 
and other material furnished by non-government sources; and personal 
observations by the investigator.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    This system has been exempted pursuant to 5 U.S.C. 552a (k)(2) of 
the Privacy Act from the access, notification, correction, and 
amendment provisions of the Privacy Act [5 U.S.C. 552a (c)(3), (d)(1)-
(4), (e)(1), (e)(4)(G) and (H) and (f)], because it consists of 
investigatory material compiled for law enforcement purposes. 
Individual access to these files could impair investigations and alert 
subjects of investigations that their activities are being scrutinized, 
thereby allowing them time to take measures to prevent detection of 
illegal action or to escape prosecution. Disclosure of investigative 
techniques/procedures and the existence and identity of confidential 
sources of information could jeopardize investigative activities. 
However, any individual who has been denied any right, privilege, or 
benefit for which he/she would otherwise be entitled or be eligible, as 
a result of the maintenance of such material, will be given access to 
the material, except to the extent that the disclosure of the material 
would

[[Page 37147]]

reveal the identity of a source who furnished information to the 
Government under an express promise that the identity of such source 
would be held in confidence.
    The system is also exempted under 5 U.S.C. 552a (k)(5) of the 
Privacy Act which allows the agency to exempt from individual access, 
investigatory materials compiled for the purpose of determining 
suitability, eligibility, or qualification for federal employment or 
financial assistance if release of the material would disclose the 
identity of a confidential source who furnished information to the 
Government under an express promise that the identity of the source 
would be held in confidence.

    Note: This document was received by the Office of the Federal 
Register on July 2, 1999.

[FR Doc. 99-17412 Filed 7-8-99; 8:45 am]
BILLING CODE 4140-01-P