[Federal Register Volume 67, Number 187 (Thursday, September 26, 2002)]
[Notices]
[Pages 60742-60794]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-23965]



[[Page 60741]]

-----------------------------------------------------------------------

Part III





Department of Health and Human Services





-----------------------------------------------------------------------



National Institutes of Health



-----------------------------------------------------------------------



Privacy Act of 1974; Annual Publication of Systems of Records; Notice

  Federal Register / Vol. 67, No. 187 / Thursday, September 26, 2002 / 
Notices  

[[Page 60742]]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

National Institutes of Health


Privacy Act of 1974; Annual Publication of Systems of Records

AGENCY: National Institutes of Health, HHS.

ACTION: Privacy Act: Annual Re-publication of Notices of Revised 
Systems of Records.

-----------------------------------------------------------------------

SUMMARY: The National Institutes of Health (NIH) has conducted a 
comprehensive review of all Privacy Act systems of records and is 
publishing the resulting revisions. None of the revisions meet the OMB 
criteria for a new or altered system of records requiring an advance 
period for public comment. These changes are in compliance with 
Circular A-130, Appendix 1. The notices re-published below are complete 
and accurate as of August 31, 2002

SUPPLEMENTARY INFORMATION: The following information summarizes the 
current status of systems of records which had minor modifications 
during 1998 and lists all systems maintained by NIH:

A. System Name

    The following systems have been updated to reflect a change in the 
name of the system.

09-25-0005, Administration: Library Operations and User I.D. File, HHS/
NIH/OD
09-25-0012, Clinical Research: Candidate Normal Volunteer Records, HHS/
NIH/CC
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0036, Extramural Awards and Chartered Advisory Committees: IMPAC 
(Grant/Contract/Cooperative Agreement/Chartered Advisory Committee 
Information), HHS/NIH/OER and HHS/NIH/CMO
09-25-0054, Administration: Property Accounting, HHS/NIH/ORS
09-25-0140, International Activities: International Scientific 
Researchers in Intramural Laboratories at the National Institutes of 
Health, HHS/NIH/FIC
09-25-0158, Administration: Records of Applicants and Awardees of the 
NIH Intramural Research Training Awards Program, HHS/NIH/OD
09-25-0168, Invention, Patent, and Licensing Documents Submitted to the 
Public Health Service by its Employees, Grantees, Fellowship 
Recipients, and Contractors, HHS/PHS/FDA/NIH/OTT
09-25-0200, Clinical, Epidemiologic, and Biometric Studies of the 
National Institutes of Health (NIH), HHS/NIH/OD
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA
09-25-0213, Administration: Employee Conduct Investigative Records, 
HHS/NIH/OM/OA/OMA

B. Security Classification

    None.

C. System Location

    The following systems have been updated to reflect a change in the 
system location or location address. These changes do not affect the 
access by the individual to the individual's records.

09-25-0005, Administration: Library Operations and User I.D. File, HHS/
NIH/OD
09-25-0007, Administration: NIH Safety Glasses Issuance Program, HHS/
NIH/ORS
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0033, International Activities: Fellowships Awarded by Foreign 
Organizations, HHS/NIH/FIC
09-25-0034, International Activities: Scholars-in-Residence Program, 
HHS/NIH/FIC
09-25-0036, Extramural Awards and Chartered Advisory Committees: IMPAC 
(Grant/Contract/Cooperative Agreement/Chartered Advisory Committee 
Information), HHS/NIH/OER and HHS/NIH/CMO
09-25-0041, Research Resources: Scientists Requesting Hormone 
Distribution, HHS/NIH/NIDDK
09-25-0054, Administration: Property Accounting, HHS/NIH/ORS
09-25-0078, Administration: Consultant File, HHS/NIH/NHLBI
09-25-0087, Administration: Senior Staff, HHS/NIH/NIAID
09-25-0099, Clinical Research: Patient Medical Records, HHS/NIH/CC
09-25-0105, Administration: Health Records of Employees, Visiting 
Scientists, Fellows, and Others Who Receive Medical Care Through the 
Employee Health Unit, HHS/NIH/ORS
09-25-0106, Administration: Office of the NIH Director and Institute/
Center Correspondence Records, HHS/NIH/OD
09-25-0108, Personnel: Guest Researchers, Special Volunteers, and 
Scientists Emeriti, HHS/NIH/OHRM
09-25-0115, Administration: Curricula Vitae of Consultants and Clinical 
Investigators, HHS/NIH/NIAID
09-25-0140, International Activities: International Scientific 
Researchers in Intramural Laboratories at the National Institutes of 
Health, HHS/NIH/FIC
09-25-0168, Invention, Patent, and Licensing Documents Submitted to the 
Public Health Service by its Employees, Grantees, Fellowship 
Recipients, and Contractors, HHS/PHS/FDA/NIH/OTT
09-25-0169, Medical Staff-Credentials Files, HHS/NIH/CC
09-25-0203, National Institute on Drug Abuse, Intramural Research 
Program, Federal Prisoner and Non-Prisoner Research Files, HHS/NIH/NIDA
09-25-0210, Shipment Records of Drugs of Abuse to Authorized 
Researchers, HHS/NIH/NIDA

D. Categories of Individuals Covered by the System

    The following systems have been updated to reflect a change in the 
categories of individuals covered by the system.

09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0200, Clinical, Epidemiologic, and Biometric Studies of the 
National Institutes of Health, (NIH), HHS/NIH/OD
09-25-0207, Subject-Participants in Pharmacokinetic Studies on Drugs of 
Abuse and on Treatment Medications, HHS/NIH/NIDA
09-25-0208, Drug Abuse Treatment Outcome Study (DATOS), HHS/NIH/NIDA
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA

E. Categories of Records in the System

    The following systems have been updated to reflect a change in the 
categories of records in the system.

09-25-0011, Clinical Research: Blood Donor Records, HHS/NIH/CC
09-25-0160, United States Renal Data System (USRDS), HHS/NIH/NIDDK

F. Legal Authority for Maintenance of the System

    None of the systems have been updated to reflect a change in the 
legal authority for the maintenance of the system.

G. Purpose

    The following systems have been updated to reflect a change in the 
purpose of the system.

09-25-0041, Research Resources: Scientists Requesting Hormone 
Distribution, HHS/NIH/NIDDK

[[Page 60743]]

09-25-0160, United States Renal Data System (USRDS), HHS/NIH/NIDDK
09-25-0200, Clinical, Epidemiologic, and Biometric Studies of the 
National Institutes of Health (NIH), HHS/NIH/OD
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA

H. Routine Uses of Records

    The following systems have been updated to reflect a change in the 
routine uses of the system.

09-25-0005, Administration: Library Operations and User I.D. File, HHS/
NIH/OD
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0099, Clinical Research: Patient Medical Records, HHS/NIH/CC
09-25-0158, Administration: Records of Applicants and Awardees of the 
NIH Intramural Research Training Awards Program, HHS/NIH/OD
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA

I. Storage

    The following systems have been updated to reflect a change in the 
storage of the system.

09-25-0005, Administration: Library Operations and User I.D. File, HHS/
NIH/OD
09-25-0012, Clinical Research: Candidate Normal Volunteer Records, HHS/
NIH/CC
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0036, Extramural Awards and Chartered Advisory Committees: IMPAC 
(Grant/Contract/Cooperative Agreement/Chartered Advisory Committee 
Information), HHS/NIH/OER and HHS/NIH/CMO
09-25-0108, Personnel: Guest Researchers, Special Volunteers, and 
Scientists Emeriti, HHS/NIH/OHRM
09-25-0158, Administration: Records of Applicants and Awardees of the 
NIH Intramural Research Training Awards Program, HHS/NIH/OD
09-25-0169, Medical Staff-Credentials Files, HHS/NIH/CC
09-25-0202, Patient Records on PHS Beneficiaries (1935-1974) and 
Civilly Committed Drug Abusers (1967-1976) Treated at the PHS Hospitals 
in Fort Worth, Texas, or Lexington, Kentucky, HHS/NIH/NIDA

J. Retrieval

    The following system has been updated to reflect a change in the 
retrieval of the system.

09-25-0160, United States Renal Data System (USRDS), HHS/NIH/NIDDK

K. Safeguards

    The following systems have been updated to reflect a change in the 
safeguards of the system.

09-25-0005, Administration: Library Operations and User I.D. File, HHS/
NIH/OD
09-25-0012, Clinical Research: Candidate Normal Volunteer Records, HHS/
NIH/CC
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0036, Extramural Awards and Chartered Advisory Committees: IMPAC 
(Grant/Contract/Cooperative Agreement/Chartered Advisory Committee 
Information), HHS/NIH/OER and HHS/NIH/CMO
09-25-0106, Administration: Office of the NIH Director and Institute/
Center Correspondence Records, HHS/NIH/OD
09-25-0115, Administration: Curricula Vitae of Consultants and Clinical 
Investigators, HHS/NIH/NIAID
09-25-0160, United States Renal Data System (USRDS), HHS/NIH/NIDDK
09-25-0202, Patient Records on PHS Beneficiaries (1935-1974) and 
Civilly Committed Drug Abusers (1967-1976) Treated at the PHS Hospitals 
in Fort Worth, Texas, or Lexington, Kentucky, HHS/NIH/NIDA
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA
09-25-0210, Shipment Records of Drugs of Abuse to Authorized 
Researchers, HHS/NIH/NIDA

L. Retention and Disposal

    The following systems have been updated to reflect a change in the 
retention and disposal of the system.

09-25-0207, Subject-Participants in Pharmacokinetic Studies on Drugs of 
Abuse and on Treatment Medications, HHS/NIH/NIDA
09-25-0208, Drug Abuse Treatment Outcome Study (DATOS), HHS/NIH/NIDA
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA

M. System Manager(s) and Address

    The following systems have been updated to reflect a change in the 
name and/or address of the system manager(s).

09-25-0005, Administration: Library Operations and User I.D. File, HHS/
NIH/OD
09-25-0007, Administration: NIH Safety Glasses Issuance Program, HHS/
NIH/ORS
09-25-0011, Clinical Research: Blood Donor Records, HHS/NIH/CC
09-25-0012, Clinical Research: Candidate Normal Volunteer Records, HHS/
NIH/CC
09-25-0014, Clinical Research: Student Records, HHS/NIH/CC
09-25-0033, International Activities: Fellowships Awarded by Foreign 
Organizations, HHS/NIH/FIC
09-25-0034, International Activities: Scholars-in-Residence Program, 
HHS/NIH/FIC
09-25-0036, Extramural Awards and Chartered Advisory Committees: IMPAC 
(Grant/Contract/Cooperative Agreement/Chartered Advisory Committee 
Information), HHS/NIH/OER and HHS/NIH/CMO
09-25-0041, Research Resources: Scientists Requesting Hormone 
Distribution, HHS/NIH/NIDDK
09-25-0054, Administration: Property Accounting, HHS/NIH/ORS
09-25-0078, Administration: Consultant File, HHS/NIH/NHLBI
09-25-0087, Administration: Senior Staff, HHS/NIH/NIAID
09-25-0099, Clinical Research: Patient Medical Records, HHS/NIH/CC
09-25-0105, Administration: Health Records of Employees, Visiting 
Scientists, Fellows, and Others Who Receive Medical Care Through the 
Employee Health Unit, HHS/NIH/ORS
09-25-0106, Administration: Office of the NIH Director and Institute/
Center Correspondence Records, HHS/NIH/OD
09-25-0108, Personnel: Guest Researchers, Special Volunteers, and 
Scientists Emeriti, HHS/NIH/OHRM
09-25-0115, Administration: Curricula Vitae of Consultants and Clinical 
Investigators, HHS/NIH/NIAID
09-25-0118, Contracts: Professional Services Contractors, HHS/NIH/NCI
09-25-0121, International Activities: Senior International Fellowships 
Program, HHS/NIH/FIC
09-25-0124, Administration: Pharmacology Research Associates, HHS/NIH/
NIGMS
09-25-0140, International Activities: International Scientific 
Researchers in Intramural Laboratories at the National Institutes of 
Health, HHS/NIH/FIC
09-25-0156, Records of Participants in Programs and Respondents in 
Surveys

[[Page 60744]]

Used to Evaluate Programs of the Public Health Service, HHS/PHS/NIH/OD
09-25-0158, Administration: Records of Applicants and Awardees of the 
NIH Intramural Research Training Awards Program, HHS/NIH/OD
09-25-0160, United States Renal Data System (USRDS), HHS/NIH/NIDDK
09-25-0166, Administration: Radiation and Occupational Safety and 
Health Management Information Systems, HHS/NIH/ORS
09-25-0167, National Institutes of Health (NIH) TRANSHARE Program, HHS/
NIH/OD
09-25-0168, Invention, Patent, and Licensing Documents Submitted to the 
Public Health Service by its Employees, Grantees, Fellowship 
Recipients, and Contractors, HHS/PHS/FDA/NIH/OTT
09-25-0169, Medical Staff-Credentials Files, HHS/NIH/CC
09-25-0200, Clinical, Epidemiologic, and Biometric Studies of the 
National Institutes of Health (NIH), HHS/NIH/OD
09-25-0202, Patient Records on PHS Beneficiaries (1935-1974) and 
Civilly Committed Drug Abusers (1967-1976) Treated at the PHS Hospitals 
in Fort Worth, Texas, or Lexington, Kentucky, HHS/NIH/NIDA
09-25-0203, National Institute on Drug Abuse, Intramural Research 
Program, Federal Prisoner and Non-Prisoner Research Files, HHS/NIH/NIDA
09-25-0207, Subject-Participants in Pharmacokinetic Studies on Drugs of 
Abuse and on Treatment Medications, HHS/NIH/NIDA
09-25-0208, Drug Abuse Treatment Outcome Study (DATOS), HHS/NIH/NIDA
09-25-0209, Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting New Drug Applications, HHS/NIH/
NIDA
09-25-0210, Shipment Records of Drugs of Abuse to Authorized 
Researchers, HHS/NIH/NIDA
09-25-0211, Intramural Research Program Records of In- and Out-Patients 
with Various Types of Alcohol Abuse and Dependence, Relatives of 
Patients with Alcoholism, and Healthy Volunteers, HHS/NIH/NIAAA
09-25-0213, Administration: Employee Conduct Investigative Records, 
HHS/NIH/OM/OA/OMA
09-25-0216, Administration: NIH Electronic Directory, HHS/NIH

N. Notification Procedure

    The following systems have been updated to reflect a change in the 
notification procedure of the system.

09-25-0041, Research Resources: Scientists Requesting Hormone 
Distribution, HHS/NIH/NIDDK
09-25-0078, Administration: Consultant File, HHS/NIH/NHLBI
09-25-0115, Administration: Curricula Vitae of Consultants and Clinical 
Investigators, HHS/NIH/NIAID
09-25-0156, Records of Participants in Programs and Respondents in 
Surveys Used to Evaluate Programs of the Public Health Service, HHS/
PHS/NIH/OD
09-25-0200, Clinical, Epidemiologic, and Biometric Studies of the 
National Institutes of Health (NIH), HHS/NIH/OD

O. Record Access Procedure

    The following system has been updated to reflect a change in the 
record access procedure of the system.

09-25-0012, Clinical Research: Candidate Normal Volunteer Records, HHS/
NIH/CC

P. Contesting Record Procedure

    None.

Q. Record Source Categories

    The following systems have been updated to reflect a change in the 
record source categories of the system.

09-25-0012, Clinical Research: Candidate Normal Volunteer Records, HHS/
NIH/CC
09-25-0160, United States Renal Data System (USRDS), HHS/NIH/NIDDK

R. Systems Exempted From Certain Provisions of the Act

    None.

S. No Changes

    None.

T. Edits

    None.

U. Published Prior to Update

    System 09-25-0165, ``NIH Office of Loan Repayment and Scholarship 
(OLRS) Records System, HHS/NIH/OD''was previously altered and updated. 
It was published in the Federal Register on February 8, 2002.

V. Deleted Systems of Records

    The following systems have been deleted.

09-25-0093, Administration: Authors, Reviewers, Editorial Board, and 
Members of the Journal of the National Cancer Institute, HHS/NIH/NCI
09-25-0112, Grants and Cooperative Agreements: Research, Research 
Training, Fellowship and Construction Applications and Related Awards, 
HHS/NIH/OD
09-25-0161, Administration: NIH Consultant File, HHS/NIH/CSR

    Dated: September 13, 2002.
Timothy J. Wheeles,
Director, Division of Management Support, OMA/OA/OM/OD/NIH.
09-25-0005

SYSTEM NAME:
    Administration: Library Operations and NIH Library User I.D. File, 
HHS/NIH.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    This system of records is an umbrella system comprising separate 
sets of records located in National Institutes of Health (NIH) 
facilities in Bethesda, Maryland, or facilities of contractors of the 
NIH. Write to the appropriate System Manager listed below for list of 
current contractor locations.
    Clinical Center (CC), Building 10, Room 1L07, 10 Center Drive, 
Bethesda, MD 20892.
    National Library of Medicine (NLM), Building 38, Room 1S33, 8600 
Rockville Pike, Bethesda, MD 20894.
    National Library of Medicine (NLM), Building 38, Room 1N21, 8600 
Rockville Pike, Bethesda, MD 20894.
    National Library of Medicine (NLM), Building 38, Room B1E21, 8600 
Rockville Pike, Bethesda, MD 20894.
    National Technical Information Service (NTIS), Accounting 
Department, 8001 Forbes Place, Room 208F, Springfield, VA 22151.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Users of library services.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Name, organization, address, phone number, photographs, issue date, 
email address, signature, user code and identification number; and when 
applicable, credit card number and billing information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 301 of the Public Health Service Act, describing the 
general powers and duties of the Public Health Service relating to 
research and investigation (42 U.S.C. 241).

PURPOSE(S):
    1. To monitor library material, services, and circulation control.
    2. To provide user documentation.
    3. To provide copying services (duplication of library materials).
    4. To manage invoice and billing transactions for library services.

[[Page 60745]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Disclosure may be made to a congressional office from the record of 
an individual in response to an inquiry from the congressional office 
made at the request of that individual.
    The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has an 
interest in such litigation, and HHS determines that the use of such 
records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.
    Disclosure may be made to contractors and staff to monitor library 
material, services, circulation control; to provide user documentation; 
and to process or refine the records. Recipients are required to 
maintain Privacy Act safeguards with respect to those records.
    Disclosure may be made for billing purposes to: (a) contractors 
providing copying services and (b) NTIS for document delivery services.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on computer tape and disk, paper and file cards.

RETRIEVABILITY:
    Records are retrieved by name, user code and/or identification 
number.

SAFEGUARDS:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to Library staff members 
who need to verify that Library identification cards have been issued 
to those Library users requesting services such as reference and 
interlibrary loans. Other one-time and special access by other 
employees is granted on a need-to-know basis as specifically authorized 
by the system manager. The contractor maintains a list of personnel 
having authority to access records to perform their duties.
    2. Physical Safeguards: The offices housing the cabinets and file 
drawers for storage of records are locked during all library off-duty 
hours. During all duty hours offices are attended by employees who 
maintain the files. The contractor has secured records storage areas 
which are not left unattended during the working hours and file 
cabinets which are locked after hours.
    3. Procedural Safeguards: Access to the file is strictly controlled 
by employees who maintain the files. Records may be removed from files 
only at the request of the system manager or other authorized 
employees. Access to computerized records is controlled by the use of 
security codes known only to authorized users. Contractor personnel 
receive instruction concerning the significance of safeguards under the 
Privacy Act.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 8000-D-2, which allows records to be kept until 
superseded or for a maximum period of six years. Refer to the NIH 
Manual Chapter for specific conditions on disposal.

SYSTEM MANAGER(S) AND ADDRESS:
    Management Analyst, Office of Administration, National Library of 
Medicine (NLM), Building 38A, Room B2N12, 8600 Rockville Pike, 
Bethesda, MD 20894.
    Chief, Reference and Bibliographic Services Section, Library 
Branch, Office of Research Services, Office of the Director (OD), 
Building 10, Room 1L21, 10 Center Drive, Bethesda, MD 20892.
    Head, Quality Assurance Unit, Preservation and Collection 
Management Section, Public Services Division, Library Operations, 
National Library of Medicine (NLM), Building 38, Room B1E21, 8600 
Rockville Pike, Bethesda, MD 20894.
    Chief, Public Services Division, Library Operations, National 
Library of Medicine (NLM), Building 38, Room 1S33, 8600 Rockville Pike, 
Bethesda, MD 20894.
    Librarian, History of Medicine Division, National Library of 
Medicine (NLM), Building 38, Room 1N21, 8600 Rockville Pike, Bethesda, 
MD 20894.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
an accounting of disclosures that have been made of their records, if 
any.

CONTESTING RECORD PROCEDURE:
    Write to the official at the address specified under Notification 
Procedures above, and reasonably identify the record and specify the 
information to be contested, the corrective action sought, and the 
reasons for the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely, or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Individual, NIH Library ID card data.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0007

SYSTEM NAME:
    Administration: NIH Safety Glasses Issuance Program, HHS/NIH/ORS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Health Unit, Occupational Medical Service, Division of Safety, 
Office of Research Services (ORS), Building 13, Room G904, 13 South 
Drive, Bethesda, MD 20892.
    Write to the System Manager at the address below for the address of 
any Federal Records Center where records from this system may be 
stored.

[[Page 60746]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    NIH employees who apply for safety glasses.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Explanation of eye impact and hazard occupation.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5. U.S.C. 7902.

PURPOSE(S):
    Records are used for proper distribution of safety glasses and for 
proof of delivery.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Disclosure may be made to a congressional office from the record of 
an individual in response to an inquiry from the congressional office 
made at the request of that individual.
    The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical and 
procedural safeguards such as the following:
    1. Authorized Users: Access is limited to personnel involved in 
safety glasses issuance program, to supervisors of employees who have 
requested glasses, and to personnel involved in accounting.
    2. Physical Safeguards: Record storage locations are locked when 
unattended.
    3. Procedural Safeguards: Access to file rooms and files is 
controlled by system manager or designee.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1300-B-3, which allows records to be kept for a 
maximum period of five years. Refer to the NIH Manual Chapter for 
specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Deputy Director, Division of Safety, Office of Research Services 
(ORS), Building 31, Room 1C02, 31 Center Drive, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official at the address specified under Notification 
Procedures above, and reasonably identify the record and specify the 
information to be contested, the corrective action sought, and the 
reasons for the correction, with supporting information to how the 
record is inaccurate, incomplete, untimely or irrelevant. The right to 
contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Previous employer and education institutions.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0011

SYSTEM NAME:
    Clinical Research: Blood Donor Records, HHS/NIH/CC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Transfusion Medicine Department, Clinical Center (CC), Building 10, 
Room 1C711, 10 Center Drive, Bethesda, MD 20892-1184.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Donors of blood and blood components to be used in the NIH Clinical 
Center for patient infusions.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Past donations, blood types, phenotypes. Laboratory results of 
infectious disease testing, serologic reactions on all blood samples, 
donations of blood or blood components.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    ``Preparation of Biological Products'' of the Public Health Service 
Act (42 U.S.C. 263).

PURPOSE(S):
    1. To provide a means for contacting blood donors for patient care 
and research.
    2. To provide a medical history of all donors for the transfusion 
records of each blood unit.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to HHS contractors and their staff in 
order to accomplish the purposes for which the records are collected. 
The recipients are required to comply with the requirements of the 
Privacy Act with respect to such records.
    2. Certain diseases and conditions, including infectious diseases, 
may be reported to State or Federal government as required by State or 
Federal law.
    3. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    4. In the event of litigation where the defendant is (a) the 
Department, any component of the Department, or any employee of the 
Department in his or her official capacity; (b) the United States where 
the Department determines

[[Page 60747]]

that the claim, if successful, is likely to directly affect the 
operations of the Department or any of its components; or (c) any 
Department employee in his or her individual capacity where the Justice 
Department has agreed to represent such employee, for example in 
defending against a claim based upon an individual's mental or physical 
condition and alleged to have arisen because of activities of the 
Public Health Service in connection with such individual, the 
Department may disclose such records as it deems desirable or necessary 
to the Department of Justice or other appropriate Federal agency to 
enable that agency to present an effective defense, provided that such 
disclosure is compatible with the purpose for which the records were 
collected.
    5. (a) PHS may inform the sexual and/or needle-sharing partner(s) 
of a subject individual who is infected with the human immunodeficiency 
virus (HIV) of their exposure to HIV, under the following 
circumstances: (1) The information has been obtained in the course of 
clinical activities at PHS facilities carried out by PHS personnel or 
contractors; (2) The PHS employee or contractor has made reasonable 
efforts to counsel and encourage the subject individual to provide the 
information to the individual's sexual or needle-sharing partner(s); 
(3) The PHS employee or contractor determines that the subject 
individual is unlikely to provide the information to the sexual or 
needle-sharing partner(s) or that the provision of such information 
cannot reasonably be verified; and (4) The notification of the 
partner(s) is made, whenever possible, by the subject individual's 
physician or by a professional counselor and shall follow standard 
counseling practices.
    (b) PHS may disclose information to State or local public health 
departments, to assist in the notification of the subject individual's 
sexual and/or needle-sharing partner(s), or in the verification that 
the subject individual has notified such sexual or needle-sharing 
partner(s).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in a computer file, on donor cards, and on 
microfilm.

RETRIEVABILITY:
    Records are retrieved by a unique control number assigned to each 
individual donor.

SAFEGUARDS:
    Access is granted only to authorized employees in the Department of 
Transfusion Medicine including physicians, nurses, technologists, 
computer operators, and the department's administrative officer.
    1. Authorized Users: Access is granted only to authorized employees 
of the Department of Transfusion Medicine including physicians, nurses 
technologists, computer operators and the secretary to the Chief.
    2. Physical Safeguards: Record facilities are locked when system 
personnel are not present.
    3. Procedural Safeguards: Access to manual files is limited to 
authorized users. Access to computerized records is controlled by the 
use of security codes known only to the authorized users.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 3000-E-50. Refer to the NIH Manual Chapter for 
specific conditions on disposal.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief, Transfusion Medicine Department, Clinical Center (CC), 
Building 10, Room 1C711, 10 Center Drive, Bethesda, MD 20892-1184.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.
    An individual who requests notification of or access to a medical 
record shall, at the time the request is made, designate in writing, a 
responsible representative, who may be a physician, who will be willing 
to review the record and inform the subject individual of its contents 
at the representative's discretion.

RECORD ACCESS PROCEDURE:
    To obtain access to a record, contact the System Manager at the 
address specified above. Requesters should provide the same information 
as is required under the Notification Procedures above. Individuals may 
also request listings of accountable disclosures that have been made of 
their records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely, or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Data are collected from the individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0012

SYSTEM NAME:
    Clinical Research: Candidate Healthy Volunteer Records, HHS/NIH/CC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Clinical Research Volunteer Program, Building 61, 10 Cloister 
Court, Bethesda, MD 20892-4754.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Normally healthy individuals who volunteer to participate in NIH 
studies.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Program application, health questionnaire and record of 
participation.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241, 263.

PURPOSE(S):
    1. To determine suitability for participation in the normal 
volunteer program.
    2. To document remuneration of normal volunteers.
    3. To provide a record of participation to be used (a) in writing 
letters of recommendation/reference for the volunteer, and (b) 
preparing reports on the normal volunteer program.

[[Page 60748]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Clinical research data are made available to approved or 
collaborating researchers, including HHS contractors and grantees.
    2. Certain diseases and conditions, including infectious diseases, 
may be reported to appropriate representatives of State or Federal 
Government as required by State or Federal law.
    3. Information may be used to respond to congressional inquiries 
for constituents concerning admission to the NIH Clinical Center.
    4. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Program applications and health questionnaires are stored in file 
folders. Records of participation are stored in databases and date 
files.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, procedural 
safeguards such as the following:
    1. Authorized Users: Access is granted only to the Healthy 
Volunteer Program staff and to NIH physicians who have requested the 
recruitment of volunteers for their clinical research projects.
    2. Physical Safeguards: Access to the files is strictly controlled 
by the files staff. Records may be removed from the file only at the 
request of the system manager or other authorized employees. Record 
facilities are locked when system personnel are not present.
    3. Procedural Safeguards: Access to the files is strictly 
controlled by the files staff. Records may be removed from the file 
only at the request of the system manager or other authorized 
employees.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1-``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 3000-E-61, which allows records to be kept for a 
maximum period of three years after the volunteer period ends. Refer to 
the NIH Manual Chapter for specific conditions on disposal.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Clinical Research Volunteer Program, Building 61,10 
Cloister Court, Bethesda, MD 20892-4745.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.
    An individual who requests notification of or access to a medical 
record shall, at the time the request is made, designate in writing, a 
responsible representative, who may be a physician, who will be willing 
to review the record and inform the subject individual of its contents 
at the representative's discretion.
    A parent or guardian who requests notification of, or access to, a 
child's or incompetent person's medical record shall designate a family 
physician or other health professional (other than a family member) to 
whom the record, if any, will be sent. The parent or guardian must 
verify relationship to the child or incompetent person as well as his 
or her own identity.

RECORD ACCESS PROCEDURE:
    To obtain access to a record, contact: Clinical Research Volunteer 
Program, National Institutes of Health, 10 Cloister Court, Building 61, 
Bethesda, MD 20892-4754 and provide the information described under 
notification procedures above. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official at the address specified under notification 
procedures above, and reasonably identify the record and specify the 
information to be contested, the corrective action sought, and the 
reasons for the correction, with supporting justification. The right to 
contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Volunteer.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0014

SYSTEM NAME:
    Clinical Research: Student Records, HHS/NIH/OD/OIR/OE.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Office of Education, Office of Intramural Research, Office of the 
Director (OD), Building 2, Room 2E06, 2 Center Drive, Bethesda, MD 
20892-1158.
    Write to the System Manager at the address below for the address of 
any Federal Records Center where records from this system may be 
stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Potential and accepted Clinical and Research Fellows, medical 
students, and other students in NIH training programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Application form, transcripts, references, evaluations.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241.

PURPOSE(S):
    1. To identify candidates for clinical and research fellow, 
clinical elective, and other training positions.
    2. To maintain a permanent record of those individuals who have 
received clinical research training at the NIH for historical and 
reference uses.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Information may be used to respond to congressional inquiries 
regarding constituents who have applied for training programs.
    2. Information may be used to respond to hospitals and other 
healthcare institutions seeking verification of training for physicians 
who trained in NIH clinical programs.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders, electronic databases and disks.

RETRIEVABILITY:
    Records are retrieved by name and year.

[[Page 60749]]

SAFEGUARDS:
    Measures to prevent the unauthorized disclosure of information 
covered under the Privacy Act are implemented for each training program 
administered through the Office of Education.
    1. Authorized Users: Staff in the Office of Education are 
instructed to disclose information only to NIH personnel who are 
involved in the evaluation and selection of candidates for intramural 
training programs.
    2. Physical Safeguards: Paper files and disks are stored in 
cabinets in a locked room that is under constant surveillance by 
security personnel. Electronic databases are accessible only with a 
password on secure web sites.
    3. Procedural safeguards: Access to the paper files is strictly 
controlled by the Office of Education staff. Files may be removed only 
with the approval of the system manager or other authorized 
official(s).

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1-``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), items 2300-320-1-13, which allows records to be kept 
up to a maximum period of ten years. Refer to the NIH Manual Chapter 
for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Deputy Director, Office of Education, Office of Intramural 
Research, Office of the Director (OD), Building 2, Room 2E06, 2 Center 
Drive, Bethesda, MD 20892-1158.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    To obtain access to a record, contact the System Manager at the 
above address and provide the information described under notification 
procedures above. Requesters should also reasonably specify the record 
contents being sought. Individuals may also request listings of 
accountable disclosures that have been made of their records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the System Manager at the address specified above, and 
reasonably identify the record and specify the information to be 
contested, the corrective action sought, and the reasons for the 
correction, with supporting justification. The right to contest records 
is limited to information which is incomplete, irrelevant, incorrect, 
or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Applicants, universities and teachers.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0033

SYSTEM NAME:
    International Activities: Fellowships Awarded by Foreign 
Organizations, HHS/NIH/FIC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Fogarty International Center (FIC), Building 31, Room B2C39, 31 
Center Drive, Bethesda, MD 20892.
    Write to System Manager at the address below for the address of any 
Federal Records Center where records from this system may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    U.S. citizens qualified in health-related sciences submitting 
applications through NIH for fellowships for study abroad.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Applications and associated records and reports.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
PURPOSE(S):
    To perform scientific reviews and evaluations of applicants' 
suitability of referral to awarding organization in foreign countries.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. After review by the operating agency review panel the 
applications and all supporting documents are forwarded to the foreign 
organizations or agencies making awards.
    2. In addition, such application may be made available to 
authorized employees and agents of the Federal Government for purposes 
of investigations, inspections and audits, and, in appropriate cases, 
to the Department of Justice for prosecution under civil and criminal 
laws.
    3. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    4. Disclosure may be made to the Department of Justice, or to a 
court or other tribunal, when (a) HHS, or any component thereof; or (b) 
any HHS employee in his or her official capacity; or (c) any HHS 
employee in his or her individual capacity where the Department of 
Justice (or HHS, where it is authorized to do so) has agreed to 
represent the employee; or (d) the United States or any agency thereof 
where HHS determines that the litigation is likely to affect HHS or any 
of its components, is a party to litigation or has any interest in such 
litigation, and HHS determines that the use of such records by the 
Department of Justice, court or other tribunal is relevant and 
necessary to the litigation and would help in the effective 
representation of the governmental party, provided, however, that in 
each case, HHS determines that such disclosure is compatible with the 
purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders.

RETRIEVABILITY:
    Records are retrieved by name and fellowship number.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical and 
procedural safeguards such as the following:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to FIC program staff. Other 
one-time and special access by other employees is granted on a need-to-
know basis as specifically authorized by the system manager.
    2. Physical Safeguards: The records are maintained in locked file 
cabinets, and offices are locked during off-duty hours.
    3. Procedural Safeguards: Access to file rooms and files is 
strictly controlled by files staff. Records may be removed from files 
only at the request of the system manager or other authorized 
employees.

[[Page 60750]]

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), items 2300-320-5, which allows records to be destroyed 
after a maximum period of six years after the close of a case. Refer to 
the NIH Manual Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Division of International Training and Research, Fogarty 
International Center (FIC), Building 31, Room B2C39, 31 Center Drive, 
Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    Requests for notification of or access to records should be 
addressed to the System Manager, as listed above. The requester must 
also verify his or her identity by providing either a notarization of 
the request or a written certification that the requester is who he or 
she claims to be and understands that the knowing and willful request 
for acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely or irrelevant.

RECORD SOURCE CATEGORIES:
    Applicants and persons supplying references.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0034

SYSTEM NAME:
    International Activities: Scholars-in-Residence Program, HHS/NIH/
FIC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Fogarty International Center (FIC), Building 16, Room 202, 16 
Center Drive, Bethesda, MD 20892.
    Write to System Manager at the address below for the address of the 
Federal Records Center where records may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Distinguished scientists and scholars invited to accept NIH 
scholarships.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Employment and education histories; references.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 2421, ``International Cooperation'' of the PHS Act.

PURPOSE(S):
    To administer and award scholarships to distinguished scientists.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Information is made available to authorized employees and agents 
of the Federal Government for purposes of investigations, inspections 
and audits, and in appropriate cases, to the Department of Justice for 
prosecution under civil and criminal laws.
    2. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    3. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, and 
procedural safeguards such as the following:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to FIC program staff. Other 
one-time and special access by other employees is granted on a need-to-
know basis as specifically authorized by the system manager.
    2. Physical safeguards: Records are kept in file cabinets. Offices 
are locked during off-duty hours.
    3. Procedural safeguards: Access to files is strictly controlled by 
files staff. Files may be removed only at the request of the system 
manager or other authorized employee.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), items 2300-320-7 which allows records to be destroyed 
after a maximum period of six years after the close of a case. Refer to 
the NIH Manual Chapter for specific retention instructions.

SYSTEM MANAGER(S) AND ADDRESS(ES):
    Director, Division of Advanced Studies and Policy Analysis, Fogarty 
International Center (FIC), Building 16, Room 202, 16 Center Drive, 
Bethesda, MD 20892-6705.

NOTIFICATION PROCEDURE:
    Requests for notification of or access to records should be 
addressed to the System Manager, as listed above. The requester must 
also verify his or her identity by providing either a notarization of 
the request or a written certification that the requester is who he or 
she claims to be and understands that the knowing and willful request 
for acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand dollar fine.

[[Page 60751]]

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought. The right to contest 
records is limited to information which is incomplete, irrelevant, 
incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Information is obtained from invitees, reference sources, and 
persons supplying recommendations.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0036

SYSTEM NAME:
    Extramural Awards and Chartered Advisory Committees (IMPAC 2), 
Contract Information (DCIS), and Cooperative Agreement Information, 
HHS/NIH.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Office of Policy for Extramural Research Administration, Office of 
Extramural Research, Office of the Director (OD), Rockledge II, Room 
2172, 6701 Rockledge Drive, Bethesda, MD 20892.
    Office of Federal Advisory Committee Policy, Office of the Director 
(OD), Building 31, Room 3B-59, 31 Center Drive, Bethesda, MD 20892.
    Office of Acquisition Management and Policy, Office of the Director 
(OD), 6100 Executive Boulevard, Room 6D01, Bethesda, MD 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Principal investigators; program directors; program and projects 
staff and others named in the application; National Research Service 
Awards (NRSA) trainees and fellows; research career awardees; chartered 
advisory committee members; contractor personnel; subcontractor 
personnel; and consultants.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Funding applications, awards, associated records, trainee 
appointments, current and historical information pertaining to 
chartered advisory committees, and past performance information 
pertaining to contractors.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5. U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48 
CFR Subpart 15.3 and Subpart 42.15.

PURPOSE(S):
    1. To support centralized grant programs of the Public Health 
Service.
    Services are provided in the areas of grant application assignment 
and referral, initial review, council review, award processing and 
grant accounting. The database is used to provide complete, accurate, 
and up-to-date reports to all levels of management.
    2. To maintain communication with former fellows and trainees who 
have incurred a payback obligation through the National Research 
Service Award Program.
    3. To maintain current and historical information pertaining to the 
establishment of chartered advisory committees of the National 
Institutes of Health and the appointment or designation of their 
members.
    4. To maintain current and historical information pertaining to 
contracts awarded by the National Institutes of Health, and performance 
evaluations on NIH contracts and contracts awarded by other Federal 
agencies that participate in the NIH Contractor Performance System.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to the National Technical Information 
Service (NTIS), Department of Commerce, for dissemination of scientific 
and fiscal information on funded awards (abstract of research projects 
and relevant administrative and financial data).
    2. Disclosure may be made to the cognizant audit agency for 
auditing.
    3. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    4. Disclosure may be made to qualified experts not within the 
definition of Department employees as prescribed in Department 
regulations for opinions as a part of the application review process.
    5. Disclosure may be made to a Federal agency, in response to its 
request, in connection with the issuance of a license, grant or other 
benefit by the requesting agency, to the extent that the record is 
relevant and necessary to the requesting agency's decision in the 
matter.
    6. Disclosure of past performance information pertaining to 
contractors may be made to a Federal agency upon request. In addition, 
routine access to past performance information on contractors will be 
provided to Federal agencies that subscribe to the NIH Contractor 
Performance System.
    7. A record may be disclosed for a research purpose, when the 
Department: (A) Has determined that the use or disclosure does not 
violate legal or policy limitations under which the record was 
provided, collected, or obtained; (B) has determined that the research 
purpose (1) cannot be reasonably accomplished unless the record is 
provided in individually identifiable form, and (2) justifies the risk 
to the privacy of the individual that additional exposure of the record 
might bring; (C) has required the recipient to (1) establish reasonable 
administrative, technical, and physical safeguards to prevent 
unauthorized use or disclosure of the record, (2) remove or destroy the 
information that identifies the individual at the earliest time at 
which removal or destruction can be accomplished consistent with the 
purpose of the research project, unless the recipient has presented 
adequate justification of a research or health nature for retaining 
that information, and (3) make no further use or disclosure of the 
record except (a) in emergency circumstances affecting the health or 
safety of any individual, (b) for use in another research project, 
under these same conditions, and with written authorization of the 
Department, (c) for disclosure to a properly identified person for the 
purpose of an audit related to the research project, if information 
that would enable research subjects to be identified is removed or 
destroyed at the earliest opportunity consistent with the purpose of 
the audit, or (d) when required by law; and (D) has secured a written 
statement attesting to the recipient's understanding of, and 
willingness to abide by these provisions.
    8. Disclosure may be made to a private contractor or Federal agency 
for the purpose of collating, analyzing, aggregating or otherwise 
refining records in this system. The contractor or Federal agency will 
be required to maintain Privacy Act safeguards with respect to these 
records.
    9. Disclosure may be made to a grantee or contract institution in 
connection with performance or administration under the conditions of 
the particular award or contract.
    10. Disclosure may be made to the Department of Justice, or to a 
court or

[[Page 60752]]

other adjudicative body, from this system of records when (a) HHS, or 
any component thereof; or (b) any HHS officer or employee in his or her 
official capacity; or (c) any HHS officer or employee in his or her 
individual capacity where the Department of Justice (or HHS, where it 
is authorized to do so) has agreed to represent the officer or 
employee; or (d) the United States or any agency thereof where HHS 
determines that the proceeding is likely to affect HHS or any of its 
components, is a party to proceeding or has any interest in the 
proceeding, and HHS determines that the records are relevant and 
necessary to the proceeding and would help in the effective 
representation of the governmental party.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored by name, application, grant or contract ID 
number, and contractor tax ID number.

RETRIEVABILITY:
    Records are retrieved by name, application, grant or contract ID 
number, and contractor tax ID number.

SAFEGUARDS:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to NIH extramural and 
advisory committee staff, NIH contract management staff, and Federal 
acquisition personnel. Other one-time and special access by other 
employees is granted on a need-to-know basis as specifically authorized 
by the System manager.
    2. Physical Safeguards: Physical access to Office of Extramural 
Research (OER) work areas is restricted to OER employees. Physical 
access to the Office of Acquisition and Policy (OAMP) work areas is 
restricted to OAMP employees. Physical access to Office of Federal 
Advisory Committee Policy (OFACP) work areas is restricted to OFACP 
employees. Access to the contractor performance files is restricted 
through the use of secure socket layer encryption and through an IBM 
password protection system. Only authorized government contracting 
personnel are permitted access. Access is monitored and controlled by 
OAMP.
    3. Procedural Safeguards: Access to source data files is strictly 
controlled by files staff. Records may be removed from files only at 
the request of the System manager or other authorized employee. Access 
to computer files is controlled by the use of registered accounts, 
registered initials, keywords, and similar limited access systems.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 4000-A-2, which allows records to be destroyed 
when no longer needed for administrative purposes. Refer to the NIH 
Manual Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    For Extramural Awards: Director, Extramural Information Systems, 
Division of Grants Compliance and Oversight in the Office of Policy for 
Extramural Research Administration (OPERA), Office of Extramural 
Research, Office of the Director (OD), Rockledge II, Room 2172, 6701 
Rockledge Drive, Bethesda, MD 20892.
    For Chartered Federal Advisory Committees of the National 
Institutes of Health: Director, Office of Federal Advisory Committee 
Policy, Office of the Director, Building 31, Room 3B-59, 31 Center 
Drive, Bethesda, MD 20892.
    For Contracts: Office of Acquisition Management and Policy, Office 
of the Director (OD), 6100 Executive Boulevard, Room 6D01, Bethesda, MD 
20892.

NOTIFICATION PROCEDURE:
    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Privacy Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought and the reasons for 
the correction, with supporting justification. The right to contest 
records is limited to information which is incomplete, irrelevant, 
incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Applicant institution, individual, individual's educational 
institution and references, and participating Federal acquisition 
personnel.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0041

SYSTEM NAME:
    Research Resources: Scientists Requesting Hormone Distribution, 
HHS/NIH/NIDDK.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    National Institute of Diabetes, and Digestive Kidney Diseases 
(NIDDK), Democracy Plaza II, Room 693, 6707 Democracy Boulevard, 
Bethesda, MD 20892-5460.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Scientists requesting hormones from the National Institute of 
Diabetes, and Digestive Kidney Diseases.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Justification for request for hormones, including requester's 
competence.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241, 263, 289a, 289c.

PURPOSE(S):
    1. For review of applications requesting hormones and antibodies 
for research purposes, prior to awarding these substances.
    2. To determine if the requester is qualified to receive these 
materials.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to NIDDK Contractors for distribution of 
various hormones to requesters.
    2. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    3. In the event of litigation where the defendant is (a) the 
Department, any component of the Department, or any

[[Page 60753]]

employee of the Department in his or her official capacity; (b) the 
United States where the Department determines that the claim, if 
successful, is likely to directly affect the operations of the 
Department or any of its components; or (c) any Department employee in 
his or her individual capacity where the Justice Department has agreed 
to represent such employee, the Department may disclose such records as 
it deems desirable or necessary to the Department of Justice to enable 
that Department to present an effective defense, provided that such 
disclosure is compatible with the purpose for which the records were 
collected.
    Records may be disclosed to student volunteers, individuals working 
under a personal services contract, and other individuals performing 
functions for PHS who do not technically have the status of agency 
employees, if they need the records in the performance of their agency 
functions.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to staff working for the 
contractor who need the records for hormone distribution, to NIH staff 
who supervise the Hormone Distribution Program, and, as approved by the 
system manager, to scientists and physicians who may have need of the 
information for research.
    2. Physical Safeguards: Records are kept in cabinets in offices 
which are locked during off-duty hours and which have alarms.
    3. Procedural Safeguards: Access to files is strictly controlled by 
files staff. Files may be obtained only at the request of the system 
manager or other authorized employee.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records
    Control Schedule contained in NIH Manual Chapter 1743, Appendix 1--
Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 3000-G-3, which allows records to be kept as long 
as they are useful in scientific research. Refer to the NIH Manual 
Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Hormone Distribution Program, National Institute of 
Diabetes, Digestive and Kidney Diseases (NIDDK), Democracy Plaza II, 
Room 693, 6707 Democracy Boulevard, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists write to: Administrative Officer, 
National Institute of Diabetes, Digestive and Kidney Diseases (NIDDK), 
Building 31, Room 9A46, 31 Center Drive, Bethesda, MD 20892.
    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought and the reasons for 
the correction, with supporting justification. The right to contest 
records is limited to information which is incomplete, irrelevant, 
incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Data is obtained from the individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0054

SYSTEM NAME:
    Administration: Property Accounting (Card Key System), HHS/NIH/ORS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    NIH Computer Center, National Institutes of Health, Building 12A, 
Room 1011, 12 South Drive, Bethesda, MD 20892.
    Office of Research Services, Building 13, Room 215, 13 South Drive, 
Bethesda, MD 20892-5758.
    Facilities Engineering Branch, National Institute of Environmental 
Health Sciences (NIEHS), 102-01, PO Box 12233, Research Triangle Park, 
NC 27709.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Employees of the National Institutes of Health who are issued card 
keys.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Property management.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; 5 U.S.C. 5901; 5 U.S.C. 7903; 40 U.S.C. 318a; 42 
U.S.C. 241.

PURPOSE(S):
    Used for card keys issuance and control.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. In the event that a system of records maintained by this agency 
to carry out its functions indicates a violation or potential violation 
of law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule or order issued pursuant thereto, the relevant records 
in the system of records may be referred, as a routine use, to the 
appropriate agency, whether Federal, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, or rule, regulation 
or order issued pursuant thereto.
    3. In the event of litigation where the defendant is (a) the 
Department, any component of the Department, or any employee of the 
Department in his or her official capacity; (b) the United States where 
the Department determines that the claim, if successful, is likely to 
directly affect the operations of the Department or any of its 
components; or (c) any Department employee in his or her individual 
capacity where the Justice Department has agreed to represent such 
employee, the Department may disclose such records as it deems 
desirable or necessary to the Department of Justice to enable that 
Department to present an effective defense, provided that such 
disclosure is compatible with the purpose for which the records were 
collected.

[[Page 60754]]

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders, and on magnetic media.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to officials whose duties 
require use of the information. Other one-time and special access by 
other employees is granted on a need-to-know basis as specifically 
authorized by the system manager.
    2. Physical Safeguards: Textual records are stored in offices which 
are locked when not in use.
    3. Procedural Safeguards: Computer files are password protected.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1300-C-14, which allows records to be destroyed 
after all listed credentials are accounted for or three months after 
the return of credentials to the issuing office. Refer to the NIH 
Manual Chapter for specific instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Management Analyst, Division of Engineering Services, Office of 
Research Services (ORS), Building 3, Room 112, 3 Center Drive, 
Bethesda, MD 20892-0307.
    Chief, Facilities Engineering Branch, National Institute of 
Environmental Health Sciences (NIEHS), 102-01, PO Box 12233, Research 
Triangle Park, NC 27709.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Data is obtained from the individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0078

SYSTEM NAME:
    Administration: Consultant File, HHS/NIH/NHLBI.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    National Heart, Lung, and Blood Institute (NHLBI), Rockledge II, 
6701 Rockledge Drive, Bethesda, MD 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    List of consultants available for use in evaluation of National 
Heart, Lung, and Blood Institute special grants and contracts.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Names and resumes.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241(d), 281.

PURPOSE(S):
    1. To identify and select experts and consultants for program 
reviews and evaluations.
    2. For use in evaluation of NHLBI special grants and contracts.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. In the event of litigation where the defendant is (a) the 
Department, any component of the Department, or any employee of the 
Department in his or her official capacity; (b) the United States where 
the Department determines that the claim, if successful, is likely to 
directly affect the operations of the Department or any of its 
components; or (c) any Department employee in his or her individual 
capacity where the Justice Department has agreed to represent such 
employee, the Department may disclose such records as it deems 
desirable or necessary to the Department of Justice to enable that 
Department to present an effective defense, provided that such 
disclosure is compatible with the purpose for which the records were 
collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Computer disk and file folders.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    1. Authorized Users: Data on computer files is accessed by keyword 
known only to authorized users.
    2. Physical Safeguards: Rooms where records are stored are locked 
when not in use.
    3. Procedural Safeguards: During regular business hours, rooms are 
unlocked but are controlled by on-site personnel.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1100-G. Refer to the NIH Manual Chapter for 
specific disposition instructions.

[[Page 60755]]

SYSTEM MANAGER(S) AND ADDRESS:
    Chief, Review Branch, National Heart, Lung, and Blood Institute 
(NHLBI), Rockledge II, Room 7178, 6701 Rockledge Drive, Bethesda, MD 
20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, contact: Privacy Act Coordinator, 
National Heart, Lung, and Blood Institute (NHLBI), Building 31, Room 
5A33, 31 Center Drive, Bethesda, MD 20892-2490.
    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under also pretenses is a criminal offense under the Act, 
subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought. The right to contest 
records is limited to information which is incomplete, irrelevant, 
incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Subject individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0087

SYSTEM NAME:
    Administration: Senior Staff, HHS/NIH/NIAID.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    National Institute of Allergy and Infectious Diseases (NIAID), 
Building 31, Room 7A50, 31 Center Drive, Bethesda, MD 20892.
    Write to System Manager at the address below for the address of the 
Federal Records Center where records from this system may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and former key professional employees of the Institute, and 
consultants.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Press releases, curricula vitae, nominations for awards, and 
photographs.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241(d), 289a.

PURPOSE(S):
    For background records to provide public announcements on National 
Institute of Allergy and Infectious Diseases research.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Disclosure may be made to a congressional office from the record of 
an individual in response to an inquiry from the congressional office 
made at the request of that individual.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Stored in file folders.

RETRIEVABILITY:
    Retrieved by name.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, and 
procedural safeguards such as the following:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to staff whose duties 
require the use of such information. Authorized users are located in 
the Office of the Director, NIAID. Other one time and special access by 
other employees is granted on a need-to-know basis as specifically 
authorized by the system manager.
    2. Physical Safeguards: Records in this system are stored in file 
folders which are kept in locked cabinets. The room is locked during 
off-duty hours.
    3. Procedural Safeguards: Access to files is strictly controlled by 
files staff. Records may be removed from files only at the request of 
the system manager or other authorized employee.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1100-G. Refer to the NIH Manual Chapter for 
specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Office of Communications and Public Liaison, National 
Institute of Allergy and Infectious Diseases (NIAID), Building 31, Room 
7A-50, 31 Center Drive, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to: Privacy Act Coordinator, 
National Institute of Allergy and Infectious Diseases (NIAID), 6700-B 
Rockledge Drive, Room 2143, Bethesda, MD 20892. The requester must also 
verify his or her identity by providing either a notarization of the 
request or a written certification that the requester is who he or she 
claims to be and understands that the knowing and willful request for 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as record Notification Procedures. Requesters should also 
reasonably specify the record contents being sought. Individuals may 
also request listings of accountable disclosures that have been made of 
their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager at the address above, and reasonably 
identify the record and specify the information to be contested, and 
state the corrective action sought and the reasons for the correction, 
with supporting justification. The right to contest records is limited 
to information which is incomplete, irrelevant, incorrect, or untimely 
(obsolete).

RECORD SOURCE CATEGORIES:
    Individuals and newspaper clippings.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0099

SYSTEM NAME:
    Clinical Research: Patient Medical Records, HHS/NIH/CC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Medical Record Department, Clinical Center, Building 10, Room 
1N208, 10

[[Page 60756]]

Center Drive, Bethesda, MD 20892-1192 and at private organizations 
under contract. Write to the system manager for a list of current 
locations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Registered Clinical Center patients and some individuals not 
registered as patients but seen in the Clinical Center for diagnostic 
tests.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Medical treatment records.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241, 248: ``Research and Investigation,'' and 
``Hospitals, Medical Examinations, and Medical Care.''

PURPOSE(S):
    1. To provide a continuous history of the treatment afforded 
individual patients in the Clinical Center.
    2. To provide a data base for the clinical research conducted 
within the hospital.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Information may be used to respond to Congressional inquiries 
for constituents concerning their admission to NIH Clinical Center.
    2. Social Work Department may give pertinent information to 
community agencies to assist patients or their families.
    3. Referring physicians receive medical information for continuing 
patient care after discharge.
    4. Information regarding diagnostic problems, or having unusual 
scientific value may be disclosed to appropriate medical or medical 
research organizations or consultants in connection with treatment of 
patients or in order to accomplish the research purposes of this 
system. For example, tissue specimens may be sent to the Armed Forces 
Institute of Pathology; X-rays may be sent for the opinion of a 
radiologist with extensive experience in a particular kind of 
diagnostic radiology. The recipients are required to maintain Privacy 
Act safeguards with respect to these records.
    5. Records may be disclosed to representatives of the Joint 
Commission on Accreditation of Hospitals conducting inspections to 
ensure that the quality of the Clinical Center medical record-keeping 
meets established standards.
    6. Certain diseases and conditions, including infectious diseases, 
may be reported to appropriate representatives of State or Federal 
Government as required by State or Federal law.
    7. Medical information may be disclosed in identifiable form to 
tumor registries for maintenance of health statistics, e.g., for use in 
epidemiologic studies.
    8. The Department contemplates that it may contract with a private 
firm for transcribing, updating, copying, or otherwise refining records 
in this system. Relevant records will be disclosed to such a 
contractor. The contractor will be required to comply with the 
requirements of the Privacy Act with respect to such records.
    9. In the event of litigation where the defendant is (a) the 
Department, any component of the Department, or any employee of the 
Department in his or her official capacity; (b) the United States where 
the Department determines that the claim, if successful, is likely to 
directly affect the operations of the Department or any of its 
components; or (c) any Department employee in his or her individual 
capacity where the Justice Department has agreed to represent such 
employee, for example in defending against a claim based upon an 
individual's mental or physical condition and alleged to have arisen 
because of activities of the Public Health Service in connection with 
such individual, the Department may disclose such records as it deems 
desirable or necessary to the Department of Justice to enable that 
agency to present an effective defense, provided that such disclosure 
is compatible with the purpose for which the records were collected.
    10.(a). PHS may inform the sexual and/or needle-sharing partner(s) 
of a subject individual who is infected with the human immunodeficiency 
virus (HIV) of their exposure to HIV, under the following 
circumstances: (1) The information has been obtained in the course of 
clinical activities at PHS facilities carried out by PHS personnel or 
contractors; (2) The PHS employee or contractor has made reasonable 
efforts to counsel and encourage the subject individual to provide the 
information to the individual's sexual or needle-sharing partner(s); 
(3) The PHS employee or contractor determines that the subject 
individual is unlikely to provide the information to the sexual or 
needle-sharing partner(s) or that the provision of such information 
cannot reasonably be verified; and (4) The notification of the 
partner(s) is made, whenever possible, by the subject individual's 
physician or by a professional counselor and shall follow standard 
counseling practices.
    (b). PHS may disclose information to State or local public health 
departments, to assist in the notification of the subject individual's 
sexual and/or needle-sharing partner(s), or in the verification that 
the subject individual has notified such sexual or needle-sharing 
partner(s).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders and/or on microfiche, and on 
computer tapes.

RETRIEVABILITY:
    Records are retrieved by unit number and patient name.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, and 
procedural safeguards such as the following:
    1. Authorized Users: Employees maintaining records in this system 
are instructed to grant regular access only to physicians and dentists 
and other health care professionals officially participating in patient 
care, to contractors, or to NIH researchers specifically authorized by 
the system manager.
    2. Physical Safeguards: All record facilities are locked when 
system personnel are not present.
    3. Procedural Safeguards: Access to files is strictly controlled by 
the system manager. Records may be removed only by system personnel 
following receipt of a request signed by an authorized user. Access to 
computerized records is controlled by the use of security codes known 
only to the authorized user. Codes are user- and function-specific.
    Contractor compliance is assured through inclusion of Privacy Act 
requirements in contract clauses, and through monitoring by contract 
and project officers. Contractors who maintain records in this system 
are instructed to make no disclosure of the records except as 
authorized by the System Manager.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--

[[Page 60757]]

``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 3000-E-22, which allows records to be kept until 
no longer needed for scientific reference. Refer to the NIH Manual 
Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Medical Record Department, Clinical Center (CC), Building 
10, Room 1N208, 10 Center Drive, Bethesda, MD 20892-1192.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
above address. The requester must provide tangible proof of identity, 
such as a driver's license. If no identification papers are available, 
the requester must verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.
    An individual who requests notification of or access to a medical/
dental record shall, at the time the request is made, designate in 
writing a responsible representative who will be willing to review the 
record and inform the subject individual of its contents at the 
representative's discretion. The representative may be a physician, or 
other health professional, or other responsible individual. The subject 
individual will be granted direct access unless it is determined that 
such access is likely to have an adverse effect on him or her. In that 
case, the medical/dental record will be sent to the designated 
representative. The individual will be informed in writing if the 
record is sent to the representative.
    A parent or guardian who requests notification of or access to a 
child's/incompetent person's record shall designate a family physician 
or other health professional (other than a family member) to whom the 
record, if any, will be sent. The parent or guardian must verify 
relationship to the child/incompetent person as well as his/her own 
identity.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
identify the specific reports and related dates pertaining to the 
information to be released. There may be a fee for reproducing more 
than 20 pages of material. Individuals may also request listings of 
accountable disclosures that have been made of their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager and reasonably identify the record and 
specify the information to be contested, and state the corrective 
action sought and your reasons for requesting the correction, along 
with supporting information to show how the record is inaccurate, 
incomplete, untimely or irrelevant. The right to contest records is 
limited to information which is incomplete, irrelevant, incorrect, or 
untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Referring physicians, other medical facilities (with patient's 
consent), patients, relatives of patients.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0105

SYSTEM NAME:
    Administration: Health Records of Employees, Visiting Scientists, 
Fellows, and Others who Receive Medical Care Through the Employee 
Health Unit, HHS/NIH/ORS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Main Employee Health Unit, Occupational Medical Service, Building 
10, 6th Floor Clinic, 10 Center Drive, Bethesda, MD 20892.
    Auxiliary Employee Health Unit, Occupational Medical Service, 
Building 13, Room G904, 13 South Drive, Bethesda, MD 20892.
    Employee Health Unit, Rocky Mountain Laboratories, Hamilton, 
Montana 59840.
    Employee Assistance Program, Occupational Medical Service, Building 
31, Room B2B57, 31 Center Drive, Bethesda, MD 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Employees, fellows, visiting scientists, relatives of inpatients, 
visitors, and others who receive medical care through the Employee 
Health Unit.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Medical records.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 7901.

PURPOSE(S):
    1. For medical treatment.
    2. Upon researcher request with individual's written permission, 
release of record for research purposes to medical personnel.
    3. Upon request by HHS personnel offices for determination of 
fitness for duty, and for disability retirement and other separation 
actions.
    4. For monitoring personnel to assure that safety standards are 
maintained.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to Federal, State, and local government 
agencies for adjudication of benefits under workman's compensation, and 
for disability retirement and other separation actions.
    2. To district office of OPEC, Department of Labor with copies to 
the U.S. Office of Personnel Management for processing of disability 
retirement and other separation actions.
    3. Upon non-HHS agency request, for examination to determine 
fitness for duty with copies to requesting agency and to the U.S. 
Office of Personnel Management.
    4. Disclosure may be made to a congressional office from the record 
of an individual in response to any inquiry from the congressional 
office made at the request of the individual.
    5. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders.

[[Page 60758]]

RETRIEVABILITY:
    Records are retrieved by name and social security number.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical and 
procedural safeguards such as the following:
    1. Authorized Users: Access is limited to authorized personnel 
(system manager and staff; Occupational Medicine Service staff; and 
personnel and administrative officers with need for information for 
fitness for duty, disability, and other similar determinations).
    2. Physical Safeguards: Files are maintained in locked cabinets.
    3. Procedural Safeguards: Access to files is strictly controlled by 
authorized staff.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule, Manual Chapter 1743 (HHS Records Management 
Manual, Appendix B-361), item 2300-792-3.

SYSTEM MANAGER(S) AND ADDRESS:
    Deputy Director, Division of Safety, Office of Research Services 
(ORS), Building 31, Room 1C02, 31 Center Drive, Bethesda, MD 20892.
    Chief, Rocky Mountain Operations Branch, Rocky Mountain 
Laboratories, Hamilton, Montana 59840.

NOTIFICATION PROCEDURE:
    Contact System Manager at appropriate treatment location listed 
above, to determine if a record exists. The requester must also verify 
his or her identity by providing either a notarization of the request 
or a written certification that the requester is who he or she claims 
to be and understands that the knowing and willful request for 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to five thousand 
dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requester should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Records contain data resulting from clinical and preventative 
services provided at treatment location, and data received from 
individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0106

SYSTEM NAME:
    Administration: Office of the NIH Director and Institute/Center 
Correspondence Records, HHS/NIH/OD.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Executive Secretariat, Office of the Director (OD), Building 1, 
Room B1-55, 1 Center Drive, Bethesda, MD 20892-0122.
    Machine Room, Executive Secretariat, Office of the Director (OD), 
Building 31, Room 3B33, 31 Center Drive, Bethesda, MD 20892.
    Office of Legislative Policy and Analysis, Office of the Director 
(OD), Building 1, Room 244, 1 Center Drive, Bethesda, MD 20892.
    Office of Science Education, Office of Science Policy, Office of 
the Director (OD), Rockledge I, Room 724, 6705 Rockledge Drive, 
Bethesda, MD 20892.
    Institute/Center staff offices that retain correspondence files and 
computer servers which store document images.
    Write to the appropriate System Manager listed in Appendix I for a 
list of current locations and for the address of the Federal Records 
Center where records are stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who have contacted the NIH Director or his/her 
subordinates, or have been contacted in writing by one of these 
officials.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Correspondence and other supporting documents; mailing lists.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; 44 U.S.C. 3101.

PURPOSE(S):
    1. To control, address, and track all correspondence documents 
addressed or directed to the NIH Director or his/her subordinates, as 
well as documents/supporting documents initiated by them, in order to 
assure timely and appropriate attention.
    2. Incoming correspondence and supporting documentation is 
forwarded to other HHS components when a response from them is 
warranted.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. Disclosure may be made from this system of records by the 
Department of Health and Human Services (HHS) to the Department of 
Justice, or to a court or other tribunal, when (a) HHS, or any 
component thereof; or (b) any HHS employee in his or her official 
capacity; or (c) any HHS employee in his or her individual capacity 
where the Department of Justice (or HHS, where it is authorized to do 
so) has agreed to represent the employee; or (d) the United States or 
any agency thereof where HHS determines that the litigation is likely 
to affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored by computer index, optical image and in file 
folders.

RETRIEVABILITY:
    Records are retrieved by name, document number, date, and subject.

SAFEGUARDS:
    1. Authorized Users: Access to textual records is limited to 
authorized personnel (system managers and staff).
    2. Physical Safeguards: Physical access to records and to computer 
servers containing records is restricted to authorized personnel.

[[Page 60759]]

    3. Procedural Safeguards: Access to textual records is strictly 
controlled by system managers and staff. Records may be removed from 
files only at the request of system managers or other authorized 
employees. Computer files are password protected.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1700-C, which allows records to be kept for a 
maximum period of ten years. Refer to the NIH Manual Chapter for 
specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    System Managers are listed in Appendix I; each maintains full 
responsibility for their specific correspondence system.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the appropriate System 
Manager as listed in Appendix I.
    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought and the reasons for 
the correction. The right to contest records is limited to information 
which is incomplete, irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Records are derived from incoming and outgoing correspondence.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.

Appendix I: System Managers

    Information Systems Manager, Executive Secretariat, Office of 
the Director (OD), Building 1, Room B146, 1 Center Drive, Bethesda, 
MD 20892-0122.
    Acting Associate Director, Office of Legislative Policy and 
Analysis, Office of the Director (OD), Building 1, Room 244, 1 
Center Drive, Bethesda, MD 20892-0160.
    Privacy Act Systems Manager, Office of Science Education, Office 
of Science Policy, Office of the Director (OD), Rockledge I, Room 
729, 6705 Rockledge Drive, Bethesda, MD 20892-7984.
    Secretary to the Director, National Cancer Institute (NCI), 
Building 31, Room 11A48, 31 Center Drive, Bethesda, MD 20892-2590.
    Secretary to the Director, Office of the Director, National 
Heart, Lung, and Blood Institute (NHLBI), Building 31, Room 5A52, 31 
Center Drive, Bethesda, MD 20892-2486.
    Director, Office of Communication and Public Liaison, National 
Institute of Diabetes and Digestive and Kidney (NIDDK), Building 31, 
Room 9A04, 31 Center Drive, Bethesda, MD 20892-2560.
    Executive Secretariat, National Institute of Environmental 
Health Sciences (NIEHS), PO Box 12233, South Campus, Building 2, 
Room B201, Research Triangle Park, NC 27709-B201.
    Secretary to the Director, National Eye Institute (NEI), 
Building 31, Room 6A03, 31 Center Drive, Bethesda, MD 20892-2510.
    Executive Assistant to the Director, National Institute of 
Arthritis and Musculoskeletal and Skin Diseases (NIAMS), Building 
31, Room 4C32, 31 Center Drive, Bethesda, MD 20892-2350.
    Chief, Administrative Management Branch, National Institute on 
Deafness and Other Communication Disorders (NIDCD), Building 31, 
Room 3C02, 31 Center Drive, Bethesda, MD 20892-2320.
    Secretary to the Director, National Institute of General Medical 
Sciences (NIGMS), Natcher Building, Room 2AN12D, 45 Center Drive, 
Bethesda, MD 20892-6200.
    Secretary to the Director, Office of the Director, National 
Library of Medicine (NLM), Building 38, Room 2E17, 8600 Rockville 
Pike, Bethesda, MD 20894-6075.
    Secretary to the Director, Fogarty International Center (FIC), 
Building 31, Room B2C02, 31 Center Drive, Bethesda, MD 20892-2220.
    Special Assistant for Liaison Activities, Office of AIDS 
Research, Office of the Director (OD), Building 2, Room 4E14, 2 
Center Drive, Bethesda, MD 20892.
    Executive Secretariat, National Institute on Drug Abuse (NIDA), 
Neuroscience Center, 6001 Executive Boulevard, Room 5101, Bethesda, 
MD 20892-9585.
    Executive Secretariat, National Institute on Alcohol Abuse and 
Alcoholism (NIAAA), Willco Building, Room 400, 6000 Executive 
Boulevard, Bethesda, MD 20892-7003.
    Executive Secretariat, National Institute of Mental Health 
(NIMH), Neuroscience Center, 6001 Executive Boulevard, Room 8208, 
Bethesda, MD 20892-9667.
    Director, Office of Communications, National Center for 
Complementary and Alternative Medicine (NCCAM), Democracy Plaza II, 
Room 401, 6707 Democracy Boulevard, Bethesda, MD 20892-5475.
    Privacy Act Coordinator, National Institute of Biomedical 
Imaging and Bioengineering (NIBIB), Building 31, Room 1B37, 31 
Center Drive, Bethesda, MD 20892-2077.
    Privacy Act Coordinator, National Center on Minority Health and 
Health Disparities (NCMHD), Democracy Plaza II, Room 800, 6707 
Democracy Boulevard, Bethesda, MD 20892-5465.
09-25-0108

SYSTEM NAME:
    Personnel: Guest Researchers, Special Volunteers, and Scientists 
Emeriti, HHS/NIH/OHRM.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    This system is located in the Personnel/Administrative Offices of 
individual Institutes/Centers of the National Institutes of Health. 
These records are interspersed with staff records and filed 
alphabetically.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals using NIH facilities who are not NIH employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personal information including name, address, date and place of 
birth, education, employment, purpose for which NIH facilities are 
desired, outside sponsor, and NIH sponsor.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241(a)(2), 42 U.S.C. 282(b)(10), and 42 U.S.C. 
284(b)(1)(k).

PURPOSE(S):
    To determine eligibility to use NIH facilities, to document the 
individual's presence at NIH, and to record that the individual is not 
an employee.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to U.S. Office of Personnel Management 
for program evaluation purposes; to General Accounting Office for fund 
disbursement determinations.
    2. Disclosure may be made to institutions providing financial 
support.
    3. Disclosure may be made to a congressional office from the record 
of an individual in response to a verified inquiry from the 
congressional office made at the request of that individual.

[[Page 60760]]

    4. Disclosure may be made to the Department of Justice or to a 
court or other tribunal, when (a) HHS, or any component thereof; or (b) 
any HHS employee in his or her official capacity; or (c) any HHS 
employee in his or her individual capacity where the Department of 
Justice (or HHS, where it is authorized to do so) has agreed to 
represent the employee; or (d) the United States or any agency thereof 
where HHS determines that the litigation is likely to affect HHS or any 
of its components, is a party to litigation or has any interest in such 
litigation, and HHS determines that the use of such records by the 
Department of Justice, court or other tribunal is relevant and 
necessary to the litigation and would help in the effective 
representation of the governmental party, provided, however, that in 
each case, HHS determines that such disclosure is compatible with the 
purpose for which the records were collected.
    5. Records may be disclosed to student volunteers, individuals 
working under a personal services contract, and other individuals 
performing functions for PHS who do not technically have the status of 
agency employees, if they need the records in the performance of their 
agency functions.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    File folders and computer programs.

RETRIEVABILITY:
    Records are retrieved by name.

SAFEGUARDS:
    For each location and for the particular records maintained in each 
project. Each site implements personnel, physical and procedural 
safeguards such as the following:
    1. Authorized Users: Access is granted only to personnel staff, 
administrative office staff and management officials directly involved 
in the administration of the Guest Researcher, Special Volunteer and 
Scientist Emeriti programs.
    2. Physical Safeguards: Record facilities are locked when system 
personnel are not present.
    3. Procedural Safeguards: Access to files is strictly controlled by 
system personnel. Records may be removed from the file only with the 
approval of the system manager or other authorized employees.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2300-320-3(a), which allows records to be 
destroyed after a maximum period of two years after the individual 
completes work at NIH. Refer to the NIH Manual Chapter for specific 
disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Personnel/Principal or Senior Administrative Officers of National 
Institutes of Health Institutes/Centers.

NOTIFICATION PROCEDURE:
    To determine if a record exists and where it is located, contact 
the Privacy Act Coordinator, Office of Human Resource Management, 
Office of the Director (OD), Building 31, Room 1C39, 31 Center Drive, 
Bethesda, MD 20892.
    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Contact the Personnel Officer or Administrative Officer in whose 
office the record is located and provide verification of identity as 
described under notification procedure above. Requesters should also 
reasonably specify the record contents being sought. Individuals may 
also request listings of accountable disclosures that have been made of 
their records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Subject individual, NIH sponsor, funding institution.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0115

SYSTEM NAME:
    Administration: Curricula Vitae of Consultants and Clinical 
Investigators, HHS/NIH/NIAID.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    National Institute of Allergy and Infectious Diseases (NIAID), 
6700-B Rockledge Drive, Room 3134, Bethesda, MD 20892-7630.
    McKesson BioServices Corporation, 7501 Standish Place, Rockville, 
MD 20850.
    Write to the System Manager at the address below for the address of 
the Federal Records Center where records are stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Consultants and Clinical Investigators under National Institute of 
Allergy and Infectious Diseases (NIAID) Investigational New Drug 
Applications.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Curricula vitae.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241, 289a.

PURPOSE(S):
    1. To maintain a record of the investigators under Investigational 
New Drug (IND) applications.
    2. To appoint consultants to the NIAID Institutional Review Board 
(IRB).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is

[[Page 60761]]

relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Stored in books.

RETRIEVABILITY:
    Retrieved by name.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, and 
procedural safeguards such as the following:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to NIAID staff whose duties 
require the use of such information. Authorized users are located in 
the Office of Clinical Research Affairs, Division of Microbiology and 
Infectious Diseases, NIAID. Other one-time and special access by other 
employees is granted on a need-to-know basis as specifically authorized 
by the system manager.
    2. Physical Safeguards: Building is locked during off-duty hours.
    3. Procedural safeguards: Access to files is strictly controlled by 
files staff. Records may be removed from files only at the request of 
the System Manager or other authorized employee.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1100-G. Refer to the NIH Manual Chapter for 
specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Office of Clinical Research Affairs, Division of 
Microbiology and Infectious Diseases, National Institute of Allergy and 
Infectious Diseases (NIAID), 6700-B Rockledge Drive, Room 3134, 
Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to: Privacy Act Coordinator, 
National Institute of Allergy and Infectious Disease (NIAID), 6700-B 
Rockledge Drive, Room 2143, Bethesda, MD 20892.
    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Individuals.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0118

SYSTEM NAME:
    Contracts: Professional Services Contractors, HHS/NIH/NCI.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Write to System Manager at the address below for the address of the 
Federal Records Center where records may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals under contract with the National Cancer Institute.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Professional services contracts.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241(d), 281.

PURPOSE(S):
    Used by staff for general administrative purposes to assure 
compliance with contract program requirements.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. In the event of litigation where the defendant is (a) the 
Department, any component of the Department, or any employee of the 
Department in his or her official capacity; (b) the United States where 
the Department determines that the claim, if successful, is likely to 
directly affect the operations of the Department or any of its 
components; or (c) any Department employee in his or her individual 
capacity where the Justice Department has agreed to represent such 
employee, the Department may disclose such records as it deems 
desirable or necessary to the Department of Justice to enable that 
Department to present an effective defense, provided such disclosure is 
compatible with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Stored in file folders.

RETRIEVABILITY:
    Retrieved by name.

SAFEGUARDS:
    1. Authorized Users: Access is limited to authorized personnel 
(system manager and staff).
    2. Physical Safeguards: Records are maintained in offices which are 
locked when not in use
    3. Procedural Safeguards: Access to files is strictly controlled by 
system manager and staff.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2600-A-4, which allows records to be destroyed 
after a maximum period of six years and three months after final 
payment. Refer to the NIH Manual Chapter for specific disposition 
instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    ARC Manager, Division of Cancer Treatment and Diagnosis (DCTD), 
National Cancer Institute (NCI),

[[Page 60762]]

Building 31, Room 3A44, 31 Center Drive, Bethesda, MD 20892.
    ARC Manager, Office of the Director (OD), National Cancer Institute 
(NCI), Building 31, Room 11A35, 31 Center Drive, Bethesda, MD 20892.
    ARC Manager, Executive Plaza (EP), National Cancer Institute (NCI), 
Building 6116, Room 220, 6116 Executive Boulevard, Bethesda, MD 20892.
    ARC Manager, Building 6116, National Cancer Institute (NCI), 6116 
Executive Boulevard, Room 200, Bethesda, MD 20892.
    ARC Manager, Division of Cancer Prevention (DCP), National Cancer 
Institute (NCI), Executive Plaza North, Room 3060, 6130 Executive 
Boulevard, Bethesda, MD 20892.
    ARC Manager, Division of Cancer Biology (DCB), National Cancer 
Institute (NCI), Executive Plaza North, Room 500, 6130 Executive 
Boulevard, Bethesda, MD 20892.
    ARC Manager, Division of Cancer Control and Population Sciences 
(DCCPS), National Cancer Institute (NCI), Executive Plaza North, Room 
3038, 6130 Executive Boulevard, Bethesda, MD 20892.
    ARC Manager, Building 41, National Cancer Institute (NCI), Building 
41, Room A101, 41 Medlars Drive, Bethesda, MD 20892.
    ARC Manager, Building 37, National Cancer Institute (NCI), Building 
37, Room 5A15, 37 Convent Drive, Bethesda, MD 20892.
    ARC Manager, Frederick Cancer Research and Development Center 
(FCRDC), National Cancer Institute (NCI), Building 578, Room 23, 
Frederick, MD 21702.
    ARC Manager, Division of Cancer Epidemiology and Genetics (DCEG), 
National Cancer Institute (NCI), Executive Plaza South, Room 8086, 6120 
Executive Boulevard, Bethesda, MD 20892.
    ARC Manager, Center for Cancer Research (CCR), National Cancer 
Institute (NCI), Building 31, Room 3A19, 31 Center Drive, Bethesda, MD 
20892.
    ARC Manager, Building 10A, National Cancer Institute (NCI), 
Building 10, Room 12N210, 10 Center Drive, Bethesda, MD 20892.
    ARC Manager, Building 10B, National Cancer Institute (NCI), 
Building 10, Room 12N210, 10 Center Drive, Bethesda, MD 20892.
    ARC Manager, Information Technology (IT), National Cancer Institute 
(NCI), Building 6116, Room 503, 6116 Executive Boulevard, Bethesda, MD 
20892.

NOTIFICATION PROCEDURE:
    Write to the appropriate System Manager listed above to determine 
if a record exists. The requester must also verify his or her identity 
by providing either a notarization of the request or a written 
certification that the requester is who he or she claims to be and 
understands that the knowing and willful request for acquisition of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought and the reasons for 
the correction, with supporting justification. The right to contest 
records is limited to information which is incomplete, irrelevant, 
incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Individuals in the system.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0121

SYSTEM NAME:
    International Activities: Senior International Fellowships Program, 
HHS/NIH/FIC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Division of International Training and Research, Fogarty 
International Center (FIC), Building 31, Room B2C39, 31 Center Drive, 
Bethesda, MD 20892.
    Write to System Manager at the address below for the address of the 
Federal Records Center where records from this system are stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Applicants for Senior International Fellowships.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Applications and associated records and reports.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 242e.

PURPOSE(S):
    For award and administration of fellowships to outstanding faculty 
members in mid-career from U.S biomedical research and educational 
institutions for study abroad.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Each fellow's home institution receives a notice of award and 
funding for the fellowship.
    2. Applications are made available to authorized employees and 
agents of the U.S., including the General Accounting Office for 
purposes of investigations, inspections and audits, and in appropriate 
cases, to the Department of Justice for proper action under civil and 
criminal laws.
    3. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    4. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    File folders and computer disks.

RETRIEVABILITY:
    Name and fellowship number.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as

[[Page 60763]]

appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, procedural 
safeguards such as the following:
    1. Authorized Users: Employees who maintain records in this system 
are instructed to grant regular access only to Fogarty International 
Center (FIC) program staff. Other one-time and special access by other 
employees is granted on a need-to-know basis as specifically authorized 
by the system manager.
    2. Physical Safeguards: The records are stored in locked file 
cabinets and offices are locked during off-duty hours.
    3. Procedural Safeguards: Access to files is strictly controlled by 
files staff. Records may be removed from files only at the request of 
the system manager or other authorized employees. For computerized 
records access is controlled by the use of security codes known to 
authorized users and access codes are changed periodically. The 
computer system maintains an audit record of all requests for access.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2300-320-7, which allows records to be destroyed 
after a maximum period of six years after the close of a case. Refer to 
the NIH Manual Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Division of International Training and Research, Fogarty 
International Center (FIC), Building 31, Room B2C39, 31 Center Drive, 
Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    Requests for notification of or access to records should be 
addressed to the System Manager, listed above. The requester must also 
verify his or her identity by providing either a notarization of the 
request or a written certification that the requester is who he or she 
claims to be and understands that the knowing and willful request for 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official under Notification Procedures above, and 
reasonably identify the record and specify the information to be 
contested, and state the corrective action sought and the reasons for 
the correction. The right to contest records is limited to information 
which is incomplete, irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Information obtained from applicants and persons supplying 
recommendations through the Center for Scientific Review.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0124

SYSTEM NAME:
    Administration: Pharmacology Research Associates, HHS/NIH/NIGMS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Director, PRAT Program, Pharmacological Sciences, National 
Institute of General Medical Sciences (NIGMS), Natcher Building, Room 
2AS43D, 45 Center Drive, Bethesda, MD 20892.
    Write to System Manager at the address below for the address of the 
Federal Records Center where records are stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Applicants for positions as Pharmacology Research Associates with 
the National Institute of General Medical Sciences (NIGMS) and current 
and former Pharmacology Research Associates.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Individual application forms, addresses, telephone numbers, lists 
of awards received, research keywords, preceptor and institute during 
time of fellowship for former fellows, academic transcripts, reprints 
and references, curricula vitae and salary adjustment memorandum for 
fellows.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 209.

PURPOSE(S):
    For review, award and administration of the Pharmacology Research 
Associate Program (PRAT).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    File folders.

RETRIEVABILITY:
    By name of applicant.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location and for the particular records maintained 
in each project. Each site implements personnel, physical, and 
procedural safeguards such as the following:
    1. Authorized Users: Employees who maintain the system are 
instructed to grant access only to authorized personnel (System manager 
and staff assigned to the program).
    2. Physical Safeguards: The records are maintained in locked file 
cabinets

[[Page 60764]]

when not in use and system location is locked during non-working hours.
    3. Procedural Safeguards: Access to files is strictly controlled by 
responsible individuals who have been instructed in the Privacy Act 
requirements. Records are returned to the locked cabinets when not in 
use.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2300-320-2(a). Refer to the NIH Manual Chapter 
for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, PRAT Program, Pharmacological Sciences, National 
Institute of General Medical Sciences (NIGMS), Natcher Building, Room 
2AS49K, 45 Center Drive, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to System Manager and 
provide the following information: applicant's name and date of 
application. The requester must also verify his or her identity by 
providing either a notarization of the request or a written 
certification that the requester is who he or she claims to be and 
understands that the knowing and willful request for acquisition of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above, and reasonably identify the record and specify the 
information to be contested, the corrective action sought. The right to 
contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Information obtained from applicants, university registrars, and 
persons supplying recommendations through the PRAT Program. Salary 
adjustment memos from preceptors. Information on former fellows 
obtained from former fellows.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0140

SYSTEM NAME:
    International Activities: International Scientific Researchers in 
Intramural Laboratories at the National Institutes of Health, HHS/NIH/
FIC/ORS/DIRS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Center for Information Technology (CIT), Building 12A, Room 3061, 
12 South Drive, Bethesda, Maryland 20892.
    Ancillary records are located in the Office of the Associate 
Director for Intramural Affairs, laboratories, administrative and 
personnel offices where participants are assigned. Write to System 
manager at the address below for the address of the Federal Records 
Center where records are stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Health scientists at all levels of their pre- and postdoctoral or 
equivalent research careers who are invited to the National Institutes 
of Health to conduct research related to their doctoral studies, for 
further postdoctoral training, or to conduct research in their 
biomedical specialties under the auspices of FIC's administration of 
International Activities. Most of these scientists are foreign, however 
some may be resident aliens .
    Individuals in these categories include the following: Visiting 
Scientists (i.e., Title 42 employees) and Foreign Special Experts (also 
employees) and Visiting Fellows, Guest Researchers, Exchange 
Scientists, International Research Fellows, Fogarty Scholars, and 
Special Volunteers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    History of fellowship, employment and/or stay at NIH; education, 
previous institution of affiliation, immigration data, and references. 
For payroll purposes, social security numbers are requested of all 
applicants accepted into the program.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 242l and Section 307 of the Public Health Service Act.

PURPOSE(S):
    To document the individual's presence at the NIH, to record 
immigration history of the individual in order to verify continued 
eligibility in existing programs, and to meet requirements in the code 
of Federal Regulations (8 CFR, ``Aliens and Nationality,'' and 22 CFR, 
``Foreign Relations'').

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Information is made available to authorized employees and agents 
of the U.S. Government including, but not limited to, the General 
Accounting Office, the Internal Revenue Service, the FBI and 
Immigration and Naturalization Service, Department of Justice, and the 
Department of State for purposes of investigations, inspections and 
audits.
    2. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of the individual.
    3. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has 
any interest in such litigation, and HHS determines that the use of 
such records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders, computer hard disks and tapes, 
and computer diskettes.

RETRIEVABILITY:
    By name, country of citizenship, country of birth, gender, 
fellowship case number, visa and immigration status, program category, 
NIH institute and lab, sponsor, degree attained, stipend or salary 
level, dates of stay at NIH, termination date, work address and 
telephone number, and home address.

[[Page 60765]]

SAFEGUARDS:
    A variety of safeguards is implemented for the various sets of 
records included under this system according to the sensitivity of the 
data they contain.
    1. Authorized Users: NIH administrative and personnel staff 
screened by FIC staff to access information on a need-to-know basis. 
Only FIC staff are authorized to add, change, or delete data. Access by 
other employees is granted on a need-to-know basis as specifically 
authorized by the system manager.
    2. Physical Safeguards: The records are maintained in file cabinets 
in offices that are locked during off-duty hours.
    3. Procedural Safeguards: Access to files is strictly controlled by 
files staff. Records may be removed from files only at the request of 
the system manager or other authorized employees. For computerized 
records, access is controlled by the use of security codes known only 
to authorized users; access codes are changed periodically. The 
computer system maintains an audit record of all requests for access.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2300-320, which allows records to be destroyed 
after a maximum period of six years after the close of a case. Refer to 
the NIH Manual Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS
    Director, Division of Intramural Research Services, Office of 
Research Services (ORS), Building 31, Room 3B65, 31 Center Drive, 
Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    Write to the System Manager to determine if a record exists. The 
requester must also verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedure. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official listed under Notification Procedure above, and 
reasonably identify the record, and specify the information to be 
contested, and state the corrective action sought and the reasons for 
the correction. The right to contest records is limited to information 
which is incomplete, irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Subject individuals and other Federal agencies.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0156

SYSTEM NAME:
    Records of Participants in Programs and Respondents in Surveys Used 
to Evaluate Programs of the Public Health Service, HHS/PHS/NIH/OD.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    This system of records is an umbrella system comprising separate 
sets of records located either in the organizations responsible for 
conducting evaluations or at the sites of programs or activities under 
evaluation. Locations include Public Health Service (PHS) facilities, 
or facilities of contractors of the PHS. Write to the appropriate 
System manager below for a list of current locations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system are those who provide 
information or opinions that are useful in evaluating programs or 
activities of the PHS other persons who have participated in or 
benefitted from PHS programs or activities; or other persons included 
in evaluation studies for purposes of comparison. Such individuals may 
include (1) participants in research studies; (2) applicants for and 
recipients of grants, fellowships, traineeships or other awards; (3) 
employees, experts and consultants; (4) members of advisory committees; 
(5) other researchers, health care professionals, or individuals who 
have or are at risk of developing diseases or conditions studied by 
PHS; (6) persons who provide feedback about the value or usefulness of 
information they receive about PHS programs, activities or research 
results; (7) persons who have received Doctorate level degrees from 
U.S. institutions; (8) persons who have worked or studied at U.S. 
institutions that receive(d) institutional support from PHS.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This umbrella system of records covers a varying number of separate 
sets of records used in different evaluation studies. The categories of 
records in each set depend on the type of program being evaluated and 
the specific purpose of the evaluation. In general, the records contain 
two types of information: (1) Information identifying subject 
individuals, and (2) information which enables PHS to evaluate its 
programs and services.
    1. Identifying information usually consists of a name and address, 
but it might also include a patient identification number, grant 
number, social security number, or other identifying number as 
appropriate to the particular group included in an evaluation study.
    2. Information used for evaluation varies according to the program 
evaluated. Categories of evaluative information include personal data 
and medical data on participants in clinical and research programs; 
personal data, publications, professional achievements and career 
history of researchers; and opinions and other information received 
directly from individuals in evaluation surveys and studies of PHS 
programs.
    The system does not include any master list, index or other central 
means of identifying all individuals whose records are included in the 
various sets of records covered by the system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Authority for this system comes from the authorities regarding the 
establishment of the National Institutes of Health, its general 
authority to conduct and fund research and to provide training 
assistance, and its general authority to maintain records in connection 
with these and its other functions (42 U.S.C. 203, 241, 289l-1 and 44 
U.S.C. 3101), and Section 301 and 493 of the Public Health Service Act.

[[Page 60766]]

PURPOSE(S):
    This system supports evaluation of the policies, programs, 
organization, methods, materials, activities or services used by PHS in 
fulfilling its legislated mandate for (1) conduct and support of 
biomedical research into the causes, prevention and cure of diseases; 
(2) support for training of research investigators; (3) communication 
of biomedical information.
    This system is not used to make any determination affecting the 
rights, benefits or privileges of any individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to HHS contractors and collaborating 
researchers, organizations, and State and local officials for the 
purpose of conducting evaluation studies or collecting, aggregating, 
processing or analyzing records used in evaluation studies. The 
recipients are required to protect the confidentiality of such records.
    2. Disclosure may be made to organizations deemed qualified by the 
Secretary to carry out quality assessments, medical audits or 
utilization review.
    3. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    4. The Department may disclose information from this system of 
records to the Department of Justice, to court or other tribunal, or to 
another party before such tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS or any of its components, is a party to 
litigation or has an interest in such litigation, and HHS determines 
that the use of such records by the Department of Justice, the 
tribunal, or the other party is relevant and necessary to the 
litigation and would help in the effective representation of the 
governmental party, provided, however, that in each case, HHS 
determines that such disclosure is compatible with the purpose for 
which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Data may be stored in file folders, bound notebooks, or computer-
accessible media (e.g., magnetic tapes, disks, cartridges, CD-ROMs, 
etc.).

RETRIEVABILITY:
    Information is retrieved by name and/or participant identification 
number within each evaluation study. There is no central collection of 
records in this system, and no central means of identifying individuals 
whose records are included in the separate sets of records that are 
maintained for particular evaluation studies.

SAFEGUARDS:
    A variety of safeguards are implemented for the various sets of 
records in this system according to the sensitivity of the data each 
set contains. Information already in the public domain, such as titles 
and dates of publications, is not restricted. However, sensitive 
information, such as personal or medical history or individually 
identified opinions, is protected according to its level of 
sensitivity. Records derived from other systems of records will be 
safeguarded at a level at least as stringent as that required in the 
original systems. Minimal safeguards for the protection of information 
which is not available to the general public include the following:
    1. Authorized Users: Regular access to information in a given set 
of records is limited to PHS or to contractor employees who are 
conducting, reviewing or contributing to a specific evaluation study. 
Other access is granted only on a case-by-case basis, consistent with 
the restrictions required by the Privacy Act (e.g., when disclosure is 
required by the Freedom of Information Act), as authorized by the 
system manager or designated responsible official.
    2. Physical Safeguards: Records are stored in closed or locked 
containers, in areas which are not accessible to unauthorized users, 
and in facilities which are locked when not in use. Records collected 
in each evaluation project are maintained separately from those of 
other projects. Sensitive records are not left exposed to unauthorized 
persons at any time. Sensitive data in machine-readable form may be 
encrypted.
    3. Procedural Safeguards: Access to records is controlled by 
responsible employees and is granted only to authorized individuals 
whose identities are properly verified. Data stored in mainframe 
computers is accessed only through the use of keywords known only to 
authorized personnel. When personal computers are used, magnetic media 
(e.g. diskettes, CD-ROMs, etc.) are protected as under Physical 
Safeguards. When data is stored within a personal computer (i.e., on a 
``hard disk''), the machine itself is treated as though it were a 
record, or records, under Physical Safeguards. Contracts for operation 
of this system of records require protection of the records in 
accordance with these safeguards; PHS project and contracting officers 
monitor contractor compliance.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1100-C-2. Refer to the NIH Manual Chapter for 
specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    See Appendix I.
    Policy coordination for this system is provided by: Acting 
Director, Office of Reports and Analysis, Office of Extramural 
Research, Office of the Director (OD), Building 1, Room 252, 1 Center 
Drive, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the official of the 
organization responsible for the evaluation, as listed in Appendix II. 
If you are not certain which component of PHS was responsible for the 
evaluation study, or if you believe there are records about you in 
several components of PHS, write to: NIH Privacy Act Officer, 6011 
Executive Boulevard, Room 601, Bethesda, MD 20892-7669.
    Requesters must provide the following information:
    1. Full name, and name(s) used while studying or employed;
    2. Name and location of the evaluation study or other PHS program 
in which the requester participated or the institution at which the 
requester was a student or employee, if applicable;
    3. Approximate dates of participation, matriculation or employment, 
if applicable.

[[Page 60767]]

    The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.
    An individual who requests notification of or access to a medical 
record shall, at the time the request is made, designate in writing, a 
responsible representative, who may be a physician, other health 
professional, or other responsible individual, who will be willing to 
review the record and inform the subject individual of its contents at 
the representative's discretion.
    A parent or guardian who requests notification of, or access to, a 
child's or incompetent person's medical record shall designate a family 
physician or other health professional (other than a family member) to 
whom the record, if any, will be sent. The parent or guardian must 
verify relationship to the child or incompetent person as well as his 
or her own identity.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely or irrelevant. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Information contained in these records is obtained directly from 
individual participants; from systems of records 09-25-0036, 
``Extramural Awards and Chartered Advisory Committees: IMPAC (Grants/
Contract Information/Cooperative Agreement Information/Chartered 
Advisory Committee Information), HHS/NIH/OER and HHS/NIH/CMO;'' 09-25-
0112, ``Grants and Cooperative Agreements: Research, Research Training, 
Fellowship and Construction Applications and Related Awards, HHS/NIH/
OD;'' NSF-6, ``Doctorate Record File,'' NSF-43, ``Doctorate Work 
History File'' (previously entitled NSF-43, ``Roster and Survey of 
Doctorate Holders in The United States'' and other records maintained 
by the operating programs of NIH; the National Academy of Sciences, 
professional associations such as the AAMC and ADA, and other 
contractors; grantees or collaborating researchers; or publicly 
available sources such as bibliographies.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.

Appendix I: System Managers

    Office of Reports and Analysis, Office of Extramural Research, 
Office of the Director (OD), Rockledge II, Room 6212, 6701 Rockledge 
Drive, Bethesda, MD 20892.
    Director, Office of Human Resource Management, Office of the 
Director (OD), Building 1, Room B160, 1 Center Drive, Bethesda, MD 
20892.
    Program Analyst, Office of Science and Technology, PSR, National 
Heart, Lung and Blood Institute (NHLBI), Building 31, Room 5A03, 31 
Center Drive, Bethesda, MD 20892-2482.
    Associate Director for Health Information Programs Development, 
National Library of Medicine (NLM), Building 38, Room 2S20, 8600 
Rockville Pike, Bethesda, MD 20894.
    Associate Director for Science Policy and Legislation, National 
Eye Institute (NEI), Building 31, Room 6A25, 31 Center Drive, 
Bethesda, MD 20892-2510.
    Public Health Educator, Office of Cancer Communications, 
National Cancer Institute (NCI), Building 31, Room 10A03, 31 Center 
Drive, Bethesda, MD 20892.
    Chief, Office of Planning, Analysis, National Institute on Aging 
(NIA), Building 31, Room 5C05, 31 Center Drive, Bethesda, MD 20892.
    Associate Director for Science Policy, Analysis, and 
Communication, National Institute of Child Health and Human 
Development (NICHD), Building 31, Room 2A18, 31 Center Drive, 
Bethesda, MD 20892.
    Chief, Science Policy and Planning Branch, National Institute on 
Deafness and Other Communication Disorders (NIDCD), Building 31, 
Room 3C27, 31 Center Drive, Bethesda, MD 20892-2320.
    Evaluation Officer, Office of Science Policy and Analysis, 
National Institute of Dental and Craniofacial Research (NIDCR), 
Building 31, Room 5B55, 31 Center Drive, Bethesda, MD 20892-2190.
    Program Analyst, Office of Program Planning and Evaluation, 
National Institute of Environmental Health Sciences (NIEHS), PO Box 
12233, Research Triangle Park, NC 27709.
    Chief, Office of Program Analysis and Evaluation, National 
Institute of General Medical Sciences (NIGMS), Natcher Building, 
Room 2AS55F, 45 Center Drive, Bethesda, MD 20892.
    Director, Division of Advanced Studies and Policy Analyses, 
Fogarty International Center (FIC), Building 16, Room 202, 16 Center 
Drive, Bethesda, MD 20892-6705.
    Information Officer, Center for Scientific Review (CSR), 
Rockledge II, Room 6160, 6701 Rockledge Drive, Bethesda, MD 20892.
    Director, Office of Science Policy and Public Liaison, National 
Center for Research Resources (NCRR), Rockledge II, Room 5046, 6701 
Rockledge Drive, Bethesda, MD 20892.
    Chief, Office of Planning, Analysis and Evaluation, National 
Institute of Nursing Research (NINR), Building 31, Room 5B09, 31 
Center Drive, Bethesda, MD 20892.
    Policy Analyst, Division of Policy and Education, Office of 
Research Integrity, U.S. Public Health Service, 5515 Security Lane, 
Suite 700, Rockwall II Building, Rockville, MD 20852.
    Contract Officer, National Institute of Mental Health (NIMH), 
6001 Executive Boulevard, Room 6107, Bethesda, MD 20892.
    Program Evaluation Team, Office of Scientific Affairs, National 
Institute on Alcohol Abuse and Alcoholism (NIAAA), Willco Building, 
Room 409, 6000 Executive Boulevard, Bethesda, MD 20892-7003.
    Evaluation Officer, Office of Science Policy and Operations, 
National Center for Complementary and Alternative Medicine (NCCAM), 
Democracy Plaza II, Room 401, 6707 Democracy Boulevard, Bethesda, MD 
20892-5475.
    Privacy Act Coordinator, National Institute of Biomedical 
Imaging and Bioengineering (NIBIB), Building 31, Room 1B37, 31 
Center Drive, Bethesda, MD 20892-2077.
    Privacy Act Coordinator, National Center on Minority Health and 
Health Disparities (NCMHD), Democracy Plaza II, Room 800, 6707 
Democracy Boulevard, Bethesda, MD 20892-5465.

Appendix II: Notification and Access Officials

    Acting Director, Office of Reports and Analysis, Office of 
Extramural Research, Office of the Director (OD), Building 1, Room 
252, 1 Center Drive, Bethesda, MD 20892.
    Director, Office of Human Resources Management, Office of the 
Director (OD), Building 1, Room B160, 1 Center Drive, Bethesda, MD 
20892.
    Privacy Act Coordinator, National Heart, Lung, and Blood 
Institute (NHLBI), Building 31, Room 5A33, 31 Center Drive, 
Bethesda, MD 20892.
    Assistant Director for Planning and Evaluation, National Library 
of Medicine (NLM), Building 38, Room 2S18, 8600 Rockville Pike, 
Bethesda, MD 20894.
    Program Evaluation Team, Office of Scientific Affairs, National 
Institute on Alcohol Abuse and Alcoholism (NIAAA), Willco Building, 
Room 409, 6000 Executive Boulevard, Bethesda, MD 20892-7003.
    Contract Officer, National Institute of Mental Health (NIMH), 
6001 Executive Boulevard, Room 6107, Bethesda, MD 20892.
    Executive Officer, National Eye Institute (NEI), Building 31, 
Room 6A03, 31 Center Drive, Bethesda, MD 20892-2510.
    Director, Division of Advanced Studies and Policy Analysis, 
Fogarty International Center (FIC), Building 16, Room 202, 16 Center 
Drive, Bethesda, MD 20892-6705.

[[Page 60768]]

    Information Officer, Center for Scientific Review (CSR), 
Rockledge II, Room 6160, 6701 Rockledge Drive, Bethesda, MD 20892.
    Director, Office of Science Policy and Public Liaison, National 
Center for Research Resources (NCRR), Rockledge II, Room 5046, 6701 
Rockledge Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Cancer Institute (NCI), 
Building 31, Room 10A30, 31 Center Drive, Bethesda, MD 20892.
09-25-0158

SYSTEM NAME:
    Administration: Records of Applicants and Awardees of the NIH 
Intramural Research Training Awards Program, HHS/NIH/OD/OIR/OE.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    This system is located in each of the intramural offices and 
laboratories where the Intramural Research Training Awards (IRTA) 
Fellow is located and assigned, including the respective Scientific 
Director's office, the administrative and personnel offices, and in 
Personnel branches responsible for administering the IRTA Program, and 
the Office of Education, Office of Intramural Research, Office of the 
Director, Building 2, Room 2E04, 2 Center Drive, Bethesda, MD 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Applicants for IRTA Fellowships, current IRTA Fellows, and former 
IRTA Fellows.

CATEGORIES OF RECORDS IN THE SYSTEM:
    These records contain information relating to education and 
training, employment history, scientific publications; research goals; 
letters of reference; and personal information such as name, date of 
birth, social security number, home address and citizenship; and 
information related to fellowship awards such as stipend levels, 
training assignments, training expenses and travel allowances.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 284(b)(1)(C), 286b-3, and 287c-1 authorizes PHS to make 
awards for biomedical research and research training.

PURPOSE(S):
    Records in this system are used to determine individuals' 
eligibility and evaluate their qualifications for IRTA Fellowships; to 
document the basis for management actions relating to Fellowships that 
are awarded; and to provide data for program evaluation.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to the Office of Human Resource 
Management for evaluation of NIH Personnel programs.
    2. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the written request of that individual.
    3. Disclosure may be made to the Department of Justice or to a 
court or other tribunal from this system of records, when (a) HHS, or 
any component thereof; or (b) any HHS employee in his or her official 
capacity; or (c) any HHS employee in his or her individual capacity 
where the Department of Justice (or HHS, where it is authorized to do 
so) has agreed to represent the employee; or (d) the United States or 
any agency thereof where HHS determines that the litigation is likely 
to affect HHS or any of its components, is a party to litigation or has 
an interest in such litigation, and HHS determines that the use of such 
records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.
    4. Disclosure may be made to a Federal, State or local agency 
maintaining civil, criminal or other pertinent records, such as current 
licenses, if necessary to obtain a record relevant to an agency 
decision concerning the selection or retention of a fellow.
    5. Disclosure may be made to a Federal agency, in response to its 
request, in connection with hiring or retention of an employee, the 
issuance of a security clearance, an investigation of an employee, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit by the requesting agency, to the extent that the record is 
relevant and necessary to the requesting agency's decision on the 
matter.
    Records may be disclosed to student volunteers, individuals working 
under a personal services contract, and other individuals performing 
functions for PHS who do not technically have the status of agency 
employees, if they need the records in the performance of their agency 
functions.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in file folders, and on magnetic tapes and disks 
and computer programs.

RETRIEVABILITY:
    Records are retrieved by name, social security number, or institute 
list number.

SAFEGUARDS:
    1. Authorized Users: Access is granted only to NIH scientists, 
administrative office staff, personnel staff and financial management 
staff directly involved in the administration of the IRTA Program.
    2. Physical Safeguards: File folders are kept in locked drawers or 
locked rooms when system personnel are not present.
    3. Procedural Safeguards: Access to file folders is controlled by 
system personnel. Records may be removed from the files only with the 
approval of the system manager or other authorized employees. Data 
stored in the automated system is accessed through the use of keywords 
known only to authorized personnel.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1 -``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 4000-E-3. Refer to the NIH Manual Chapter for 
specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Personnel/Principal or Senior Administrative Officers of the 
National
    Institutes of Health Institutes/Centers. Contact the individual 
listed under notification procedure for the name and address of the 
appropriate System Manager.

NOTIFICATION PROCEDURE:
    To determine if a record exists and where it is located, contact: 
Chief, Staffing Management Branch, Office of Human Resource Management, 
Building 31, Room 1C31, 31 Center Drive, Bethesda, MD 20892.
    The requestor must also verify his or her identity by providing 
either a

[[Page 60769]]

notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Write to the official specified under the Notification Procedures 
above, and reasonably identify the record and specify the information 
being contested, the corrective action sought, and your reasons for 
requesting the correction, along with supporting information to show 
how the record is untimely, incomplete, irrelevant or inaccurate. The 
right to contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Applicants, persons and institutions supplying references.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0160

SYSTEM NAME:
    United States Renal Data System (USRDS), HHS/NIH/NIDDK.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Records are located at contractor operated coordinating center. 
Write to the System manager at address below for address of current 
location. U.S. Renal Data System, Coordinating Center (CC), 914 South 
8th Street, Suite D-206, Minneapolis, MN 55404.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Persons with end-stage renal disease (ESRD), providers of ESRD 
services.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Health and medical record data; fiscal information; patient names, 
social security number, Centers for Medicare and Medical Services (CMS) 
beneficiary ID, patient demographic, epidemiologic and survival 
characteristics; physician provider characteristics; facility provider 
characteristics.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241a, 289c, as last amended by Pub. L. 100-607, November 
4, 1988 under the Health Omnibus Programs Extension of 1988.

PURPOSE(S):
    1. To design and implement a consolidated renal disease system that 
will provide the biostatistical, data management and analytical 
expertise necessary to characterize the total renal patient population 
and describe the distribution of patients by sociodemographic variables 
across treatment modalities.
    2. To report on the incidence, prevalence, and mortality rates of 
renal disease by primary diagnosis.
    3. To identify the modalities of treatment best suited to 
individual patients. To compare the various treatment alternatives to 
examine the prevention and progression of renal disease by morbidity, 
mortality, and quality of life criteria.
    4. To identify problems and opportunities for more focused 
investigations of renal research issues currently unaddressed by the 
consolidated data system.
    5. To share data with other PHS agencies and CMS for their use in 
research analysis and program administration.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure from the record of an individual may be made to the 
Department of Justice, or to a court or other tribunal, when (a) HHS, 
or any component thereof; or (b) any HHS employee in his or her 
official capacity; or (c) any HHS employee in his or her official 
capacity where the Department of Justice (or HHS, where it is 
authorized to do so) has agreed to represent the employee; or (d) the 
United States or any agency thereof where HHS determines that the 
litigation is likely to affect HHS or any of its components, is a party 
to litigation or has an interest in such litigation, and HHS determines 
that the use of such records by the Department of Justice, the court or 
other tribunal is relevant and necessary to the litigation and would 
help in the effective representation of the governmental party, 
provided, however, that in each case, HHS determines that such 
disclosure is compatible with the purpose for which the records were 
collected.
    2. Disclosure may be made to a Congressional office from the record 
of an individual in response to a written inquiry from the 
Congressional office made at the written request of the individual.
    3. Disclosure may be made to the HHS contractor for the purpose of 
collating, analyzing, aggregating or otherwise refining or processing 
records in this system for developing, modifying and/or manipulating 
ADP software. Data would also be disclosed to contractors incidental to 
consultation, programming, operation, user assistance, or maintenance 
for an ADP or telecommunications systems containing or supporting 
records in the system. The contractor shall be required to maintain 
Privacy Act safeguards with respect to such records.
    4. A record may be disclosed for a research purpose, when the 
Department: (A) Has determined that the use or disclosure does not 
violate legal or policy limitations under which the record was 
provided, collected, or obtained; (B) Has determined that the research 
purpose (1) cannot be reasonably accomplished unless the record is 
provided in individually identifiable form, and (2) warrants the risk 
to the privacy of the individual that additional exposure of the record 
might bring; (C) Has required the recipient to (1) establish reasonable 
administrative, technical, and physical safeguards to prevent 
unauthorized use or disclosure of the record, (2) remove or destroy the 
information that identifies the individual at the earliest time at 
which removal or destruction can be accomplished consistent with the 
purpose of the research project, unless the recipient has presented 
adequate justification of a research or health nature for retaining 
such information, and (3) make no further use or disclosure of the 
record except (a) in emergency circumstances affecting the health or 
safety of any individual, (b) for use in another research project, 
under these same conditions, and with written authorization of the 
Department, (c) for disclosure to a properly identified person for the 
purpose of an audit related to the research project, if information 
that would enable research subjects to be identified is removed or 
destroyed at the earliest opportunity consistent with the purpose of 
the audit, or (d) when required by law; (D) Has secured a written 
statement attesting to the recipients understanding of, and willingness 
to abide by these provisions.
    Records may be disclosed to student volunteers, individuals working 
under a personal services contract, and other individuals performing 
functions for PHS who do not technically have the status of agency 
employees, if they need the records in the performance of their agency 
functions.

[[Page 60770]]

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Electronic medium; selected hard copy backup.

RETRIEVABILITY:
    Information will be retrieved by patient identification number such 
as social security number and CMS beneficiary ID. Individual patient 
data provided only as noted above. Statistical data provided as noted 
above and to the general public as part of periodic published reports.

SAFEGUARDS:
    A variety of safeguards are implemented for the various sets of 
records in this system according to the sensitivity of the records:
    1. Authorized Users: Regular access is limited to National 
Institute of Diabetes and Digestive and Kidney Diseases (NIDDK), CMS 
and contract personnel who have a need for the data in performance of 
their duties as determined by the system manager.
    2. Physical Safeguards: Records are stored in areas where access is 
restricted to areas where data are maintained and processed; data tapes 
and hard copy data are stored in locked files in secured areas; 
terminal access controlled by user ID and keywords; off-site data 
backups in two locations--a remote area of the same building and a 
separate building; and fire protection secured by Halon fire 
extinguisher system and fire alarm system present in the computer room.
    3. Procedural Safeguards: Contractors who maintain records in this 
system are instructed to make no further disclosure of the records 
except as authorized by the system manager and permitted by the Privacy 
Act.
    Privacy Act requirements are specifically included in contracts and 
in agreements with grantees or collaborators participating in research 
activities supported by this system. HHS project directors, contract 
officers, and project officers oversee compliance with these 
requirements.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 3000-G-3(b), which allows records to be kept as 
long as they are useful in scientific research. Refer to the NIH Manual 
Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Epidemiology Program Director, National Institute of Diabetes and 
Digestive and Kidney Diseases (NIDDK), Division of Kidney, Urologic and 
Hematologic Diseases, Rockledge II, Room 615, 6701 Democracy Boulevard, 
Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
address noted above. Provide notarized signature as proof of identity. 
The request should include as much of the following information as 
possible: (a) Full name; (b) title of project individual participated 
in; and (c) approximate dates of participation.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
listings of accountable disclosures that have been made of their 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager at the address specified under 
notification procedures above and reasonably identify the record, 
specify the information being contested, and state the corrective 
action sought, with supporting information to show how the record is 
inaccurate, incomplete, untimely, or irrelevant. The right to contest 
records is limited to information which is incomplete, irrelevant, 
incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    The majority of health, medical, fiscal and other demographic 
information on patients and health care providers is from the end stage 
renal disease program of the Centers for Medicare and Medicaid Services 
(CMS). Additional data comes from other CMS Medicare patient records, 
the National Death Index, and other sources of non-Medicare ESRD 
patient records such as the NIH Continuous Ambulatory Peritoneal 
Dialysis (CAPD) Registry, the United Network of Organ Sharing (UNOS) 
transplant patients, the Veteran's Administration, and the Indian 
Health Service.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0166

SYSTEM NAME:
    Administration: Radiation and Occupational Safety and Health 
Management Information Systems, HHS/NIH/ORS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Radiation Safety Branch, Division of Safety, Office of Research 
Services (ORS), Building 21, Room 134, 21 Wilson Drive, Bethesda, MD 
20892.
    Occupational Safety and Health Branch, Division of Safety, Office 
of Research Services (ORS), Building 13, Room 3K04, 13 South Drive, 
Bethesda, Maryland 20892.
    Write to appropriate System Manager at the address below for the 
address of contractor locations, including the address of any Federal 
Records Center where records from this system may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Radiation Safety Branch (RSB): NIH employees using radioactive 
materials or radiation producing machinery, contractor employees who 
provide service to the Radiation Safety Branch and any other 
individuals who could potentially be exposed to radiation or 
radioactivity as a result of NIH operations and who, therefore, must be 
monitored in accordance with applicable regulations.
    Occupational Safety and Health Branch (OSHB): Individuals 
(including NIH employees and NIH service contract employees) who use or 
come into contact with potentially hazardous biological or chemical 
materials, and participants of occupational safety and health 
monitoring/surveillance programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Employee name, title, organizational affiliation, birth date, 
social security number (optional), work address, work telephone number, 
name of supervisor, and other necessary employment information; 
radiation/occupational safety and health training information; medical 
and technical information pertaining to safety and health related 
initiatives; research protocols and other related documents used to 
monitor and track radiation exposure and exposure to potentially 
hazardous biological or chemical materials; radiation materials usage 
data; and incident data.

[[Page 60771]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 241, regarding the general powers and duties of the 
Public Health Service relating to research and investigation; 5 U.S.C. 
7902 regarding agency safety programs; and 42 U.S.C. 2201, regarding 
general duties of the Nuclear Regulatory Commission including the 
setting of standards to cover the possession and use of nuclear 
materials in order to protect health.

PURPOSE(S):
    1. To provide adequate administrative controls to assure compliance 
with internal NIH policies, and applicable regulations of the 
Occupational Safety and Health Administration (OSHA), Department of 
Labor, and other Federal and/or State agencies which may establish 
health and safety requirements or standards. Ensure legal compliance 
with requirements of Nuclear Regulatory Commission to maintain internal 
and external radiation exposure data.
    2. To identify, evaluate and monitor use or contact (including 
incident follow-up) with: radiation (exposure maintained at lowest 
levels reasonable); biological and/or chemical (potentially hazardous 
materials). To monitor, track, and assess the use of personal 
protective equipment in the work place to ensure availability, 
effectiveness, and proper maintenance. To address emergent safety and 
health issues or concerns.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual
    2. Disclosure may be made to the Department of Justice or to a 
court or other tribunal from this system of records, when (a) HHS, or 
any component thereof; or (b) any HHS employee in his or her official 
capacity; or (c) any HHS employee in his or her individual capacity 
where the Department of Justice (or HHS, where it is authorized to do 
so) has agreed to represent the employee; or (d) the United States of 
any agency thereof where HHS determines that the litigation is likely 
to affect HHS or any of its components, is a party to litigation or has 
an interest in such litigation, and HHS determines that the use of such 
records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.
    3. Disclosure may be made to contractors for the purpose of 
processing or refining the records. Contracted services may include 
monitoring, testing, sampling, surveying, evaluating, transcription, 
collation, computer input, and other records processing. The contractor 
shall be required to maintain Privacy Act safeguards with respect to 
such records.
    4. Disclosure may be made to: (a) Officials of the United States 
Nuclear Regulatory Commission which, by Federal regulation, licenses, 
inspects and enforces the regulations governing the use of radioactive 
materials; and (b) OSHA, which provides oversight to ensure that safe 
and healthful work conditions are maintained for employees. Disclosure 
will also be permitted to other Federal and/or State agencies which may 
establish health and safety requirements or standards.
    5. Radiation exposure and/or training and experience history may be 
transferred to new employer.
    6. A record may be disclosed for a research purpose, when the 
Department: (A) Has determined that the use or disclosure does not 
violate legal or policy limitations under which the record was 
provided, collected, or obtained; (B) has determined that the research 
purpose (1) cannot be reasonably accomplished unless the record is 
provided in individually identifiable form, and (2) warrants the risk 
to the privacy of the individual that additional exposure of the record 
might bring; (C) has required the recipient to (1) establish reasonable 
administrative, technical, and physical safeguards to prevent 
unauthorized use or disclosure of the record, (2) remove or destroy the 
information that identifies the individual at the earliest time at 
which removal or destruction can be accomplished consistent with the 
purpose of the research project, unless the recipient has presented 
adequate justification of a research or health nature for retaining 
such information, and (3) make no further use or disclosure of the 
record except (a) in emergency circumstances affecting the health or 
safety of any individual, (b) for use in another research project, 
under these same conditions, and with written authorization of the 
Department, (c) for disclosure to a properly identified person for the 
purpose of an audit related to the research project, if information 
that would enable research subjects to be identified is removed or 
destroyed at the earliest opportunity consistent with the purpose of 
the audit, or (d) when required by law; (D) has secured a written 
statement attesting to the recipient's understanding of, and 
willingness to abide by these provisions.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained in file cabinets or in computer databases 
maintained by the RSB and OSHB. Records may be stored in file folders, 
binders, magnetic tapes, magnetic disks, optical disks and/or other 
types of data storage devices.

RETRIEVABILITY:
    Records are retrieved by name, social security number, office 
address, or unique RSB or OSHB assigned identification number.

SAFEGUARDS:
    1. Authorized Users: Employees who maintain this system are 
instructed to grant regular access only to RSB/OSHB staff, authorized 
contractor personnel, U.S. Nuclear Regulatory Commission Inspectors, 
Radiation Safety Committee Members, Biosafety Committee members, and 
other appropriate NIH administrative and management personnel with a 
need to know. Access to information is thus limited to those with a 
need to know.
    2. Physical Safeguards: Rooms where records are stored are locked 
when not in use. During regular business hours, rooms are unlocked but 
are controlled by on-site personnel. Individually identifiable records 
are kept in locked file cabinets or rooms under the direct control of 
the Project Director.
    3. Procedural Safeguards: Names and other identifying particulars 
are deleted when data from original records are encoded for analysis. 
Data stored in computers is accessed through the use of keywords known 
only to authorized users. All users of personal information in 
connection with the performance of their jobs (see Authorized Users, 
above) will protect information from public view and from unauthorized 
personnel entering an unsupervised office. The computer terminals are 
in secured areas and keywords needed to access data files will be 
changed frequently.
    4. Additional RSB Technical Safeguards: Computerized records are 
accessible only through a series of code or keyword commands available 
from and under direct control of the Project Director or his/her 
delegated representatives. The computer records are secured by a 
multiple level security system which is capable of controlling access 
to the individual data field level.

[[Page 60772]]

Persons having access to the computer database can be restricted to a 
confined application which only permits a narrow ``view'' of the data. 
Data on computer files is accessed by keyword known only to authorized 
users who are NIH or contractor employees involved in work for the 
program.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361): item 1300-B which applies to Division of Safety 
records. Refer to the NIH Manual Chapter for specific disposition 
instructions. Radiation exposure records are retained under item 1300-
B-10, which does not allow disposal at this time.

SYSTEM MANAGER(S) AND ADDRESS:
    Assistant Chief, Information Technology, Radiation Safety Branch, 
Division of Safety, Office of Research Services (ORS), National 
Institutes of Health, Building 21, Room 134, 21 Wilson Drive, Bethesda, 
Maryland 20892.
    Chief, Occupational Safety and Health Branch, Division of Safety, 
Office of Research Services (ORS), Building 13, Room 3K04, 13 South 
Drive, Bethesda, Maryland 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the appropriate System 
Manager as listed above. The requester must also verify his or her 
identity by providing either a notarization of the request or a written 
certification that the requester is whom he or she claims to be. The 
request should include: (a) Full name, and (b) appropriate dates of 
participation.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
an accounting of disclosure of their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the appropriate System Manager specified above and 
reasonably identify the record, specify the information to be 
contested, and state the corrective action sought with supporting 
documentation. The right to contest records is limited to information 
which is incomplete, irrelevant, incorrect, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Information is obtained from the subject individual, previous 
employers and educational institutions, contractors, safety and health 
monitoring/surveillance records, employee interviews, site visits, or 
other relevant NIH organizational components.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0167

SYSTEM NAME:
    National Institutes of Health (NIH) TRANSHARE Program, HHS/NIH/OD.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Employee Transportation Services Office, National Institutes of 
Health, Building 31, Room B3B08, 31 Center Drive, Bethesda, MD 20892.
    Recreation and Welfare Association Activities Desk, National 
Institutes of Health, Building 31, Room B1W30A, 31 Center Drive, 
Bethesda, MD 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    NIH employees who apply for and participate in the NIH TRANSHARE 
Program.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Name, home address, parking hanger permit number, unique computer 
identification number, NIH TRANSHARE commuter card number, NIH pay 
plan, grade level, office phone number, building and room, Institute/
Center designation, name of supervisor, commute mode to work, and type 
of fare media used.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 629 of Pub. L. 101-509, ``State or Local Government 
Programs Encouraging Employee Use of Public Transportation; Federal 
Agency Participation,'' found at 5 U.S.C. note prec. section 7901.

PURPOSE(S):
    1. To manage the NIH TRANSHARE Program, including receipt and 
processing of employee applications, and coordination of the fare media 
distribution to employees.
    2. To monitor the use of appropriated funds used to support the NIH 
TRANSHARE Program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation, and HHS 
determines that the use of such records by the Department of Justice, 
court or other tribunal is relevant and necessary to the litigation and 
would help in the effective representation of the governmental party, 
provided, however, that in each case HHS determines that such 
disclosure is compatible with the purpose for which the records were 
collected.
    3. NIH may disclose applicant's name, unique computer 
identification number, NIH TRANSHARE commuter card number, and type of 
participant's fare media to be disbursed to cashiers of the Recreation 
and Welfare Association of the National Institutes of Health, Inc. (R&W 
Association) who are responsible for distribution of fare media. 
Cashiers are required to maintain Privacy Act safeguards with respect 
to such records.
    4. Disclosure may be made to organizations deemed qualified by the 
Secretary to carry out quality assessments or utilization review.
    5. NIH may disclose statistical reports containing information from 
this system of records to city, county, State, and Federal Government 
agencies (including the General Accounting Office).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained in file folders and computer disks.

[[Page 60773]]

RETRIEVABILITY:
    Records are retrieved by name and NIH TRANSHARE commuter card 
number.

SAFEGUARDS:
    1. Authorized Users: Data on computer files is accessed by keyword 
known only to authorized users who are ETSO employees and cashiers of 
the R&W Association who are responsible for implementing the Program. 
Cashier access will be limited to applicant's name, unique computer 
identification number, NIH TRANSHARE computer card number, and type of 
fare media disbursed. Access to information is thus limited to those 
with a need to know.
    2. Physical Safeguards: Rooms where records are stored are locked 
when not in use. During regular business hours, rooms are unlocked but 
are controlled by on-site personnel.
    3. Procedural and Technical Safeguards: A password is required to 
access the terminal, and a data set name controls the release of data 
to only authorized users. All users of personal information in 
connection with the performance of their jobs (see Authorized Users, 
above) protect information from public view and from unauthorized 
personnel entering an unsupervised office.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1500-A-3. Records are retained for a maximum of 
two years following the last month of an employee's participation in 
the NIH TRANSHARE Program. Paper copies are destroyed by shredding. 
Computer files are destroyed by deleting the record from the file.

SYSTEM MANAGER(S) AND ADDRESS
    Traffic Management Specialist, Employee Transportation Service 
Officer, Division of Security Operations, Office of Research Services 
(ORS), Building 31, Room B3B08, 31 Center Drive, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager listed 
above. The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be. The request should 
include: (a) full name, and (b) appropriate dates of participation. The 
requester must also understand that the knowing and willful request for 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Write to the System Manager specified above to attain access to 
records and provide the same information as is required under the 
Notification Procedures. Requesters should also reasonably specify the 
record contents being sought. Individuals may also request an 
accounting of disclosure of their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager specified above and reasonably identify 
the record, specify the information to be contested, the corrective 
action sought, and your reasons for requesting the correction, along 
with supporting information to show how the record is inaccurate, 
incomplete, untimely or irrelevant. The right to contest records is 
limited to information which is incomplete, irrelevant, incorrect, or 
untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Subject individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0168

SYSTEM NAME:
    Invention, Patent, and Licensing Documents Submitted to the Public 
Health Service by its Employees, Grantees, Fellowship Recipients, and 
Contractors, HHS/NIH/OD.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Office of Technology Transfer, Office of Intramural Research, 
Office of the Director (OD), 6011 Executive Boulevard, Room 325, 
Bethesda, MD 20892.
    Office of Financial Management, Office of the Director (OD), 
Building 31, Room B1B55, 31 Center Drive, Bethesda, Maryland 20892.
    Office of Reports and Analysis, Office of Extramural Research, 
Office of the Director (OD), Building 1, Room 252, 1 Center Drive, 
Bethesda, MD 20892-2184.
    Public Health Service (PHS) Technology Development Coordinators and 
PHS Contract Attorneys retain files supplemental to the records 
maintained by the Office of Technology Transfer.
    Extramural Inventions and Technology Resources Branch, Office of 
Policy for Extramural Research Administration, Office of Extramural 
Research, Office of the Director (OD), Rockledge I, Room 1040, 6705 
Rockledge Drive, Bethesda, MD 20892-7980.
    Write to the System Manager at the address below for office 
locations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    PHS employees, grantees, fellowship recipients and contractors who 
have reported inventions, applied for patents, have been granted 
patents, and/or are receiving royalties from patents.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Inventor name, address, social security number (required if 
inventor is receiving royalties, otherwise optional), title and 
description of the invention, Employee Invention Report (EIR) number, 
Case/Serial Number, prior art related to the invention, evaluation of 
the commercial potential of the invention, prospective licensees' 
intended development of the invention, associated patent prosecution 
and licensing documents and royalty payment information.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    35 U.S.C. 200 and 15 U.S.C. 3710 provide authority to maintain the 
records; 37 CFR Part 401 ``Rights to Inventions Made by Nonprofit 
Organizations and Small Business Firms under Government Grants, 
Contracts, and Cooperative Agreements;'' 37 CFR Part 404 ``Licensing of 
Government Owned Inventions;'' and 45 CFR Part 7 ``Employee 
Inventions.''

PURPOSE(S):
    Records in this system are used to: (1) Obtain patent protection of 
inventions submitted by PHS employees; (2) monitor the development of 
inventions made by grantees, fellowship recipients and contractors and 
protect the government rights to patents made with NIH support; (3) 
grant licenses to patents obtained through the invention reports; and 
(4) provide royalty payments to PHS inventors, non-government 
contractors, and non-profit and educational institutions.

[[Page 60774]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. Disclosure may be made to the Department of Justice or to a 
court or other tribunal from this system of records, when (a) HHS, or 
any component thereof; or (b) any HHS employee in his or her official 
capacity; or (c) any HHS employee in his or her individual capacity 
where the Department of Justice (or HHS, where it is authorized to do 
so) has agreed to represent the employee; or (d) the United States or 
any agency thereof where HHS determines that the litigation is likely 
to affect HHS or any of its components, is a party to litigation or has 
an interest in such litigation, and HHS determines that the use of such 
records by the Department of Justice, court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case HHS determines that such disclosure is compatible 
with the purpose for which the records were collected. Disclosure may 
also be made to the Department of Justice to obtain legal advice 
concerning issues raised by the records in this system.
    3. In the event that a system of records maintained by this agency 
to carry out its functions indicates a violation or potential violation 
of law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule or order issued pursuant thereto, the relevant records 
in the system of records may be referred to the appropriate agency, 
whether Federal, State, or local, charged with enforcing or 
implementing the statute or rule, regulation or order issued pursuant 
thereto.
    4. NIH may disclose records to Department contractors and 
subcontractors for the purpose of collecting, compiling, aggregating, 
analyzing, or refining records in the system. Contractors maintain, and 
are also required to ensure that subcontractors maintain, Privacy Act 
safeguards with respect to such records.
    5. NIH may disclose information from this system of records for the 
purpose of obtaining patent protection for PHS inventions and licenses 
for these patents to: (a) Scientific personnel, both in this agency and 
other Government agencies, and in non-Governmental organizations such 
as universities, who possess the expertise to understand the invention 
and evaluate its importance as a scientific advance; (b) contract 
patent counsel and their employees and foreign contract personnel 
retained by the Department for patent searching and prosecution in both 
the United States and foreign patent offices; (c) all other Government 
agencies whom PHS contacts regarding the possible use, interest in, or 
ownership rights in PHS inventions; (d) prospective licensees or 
technology finders who may further make the invention available to the 
public through sale or use; (e) parties, such as supervisors of 
inventors, whom PHS contacts to determine ownership rights, and those 
parties contacting PHS to determine the Government's ownership; and (f) 
the United States and foreign patent offices involved in the filing of 
PHS patent applications.
    6. NIH will report to the Treasury Department, Internal Revenue 
Service (IRS), as taxable income, the amount of royalty payment paid to 
PHS inventors.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    The records will be stored in file folders, computer tapes and 
computer disks.

RETRIEVABILITY:
    Records are retrieved by name of the inventor, EIR number, or 
keywords relating to the nature of the invention, Case/Serial Number, 
Licensing Number, internal reference numbers, contractor, agency, 
Institute, and/or Center.

SAFEGUARDS:
    1. Authorized Users: Data on computer files is accessed by password 
known only to authorized users who are NIH or contractor employees 
involved in patenting and licensing of PHS inventions. Access to 
information is thus limited to those with a need to know.
    2. Physical Safeguards: Records are stored in a dedicated file room 
or in locking file cabinets in file folders. During normal business 
hours, OTT Records Management on-site contractor personnel regulate 
availability of the files. During evening and weekend hours the offices 
are locked and the building is closed.
    3. Procedural and Technical Safeguards: Data stored in computers 
will be accessed through the use of passwords known only to the 
authorized users. A password is required to access the database. All 
users of personal information in connection with the performance of 
their jobs (see Authorized Users, above) protect information, including 
confidential business information submitted by potential licensees, 
from public view and from unauthorized personnel entering an 
unsupervised office.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 1100-L, which allows records to be kept for a 
maximum of thirty years. Refer to the NIH Manual Chapter for specific 
disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Freedom of Information Act Coordinator, Office of Technology 
Transfer, Office of Intramural Research, Office of the Director (OD), 
6011 Executive Boulevard, Room 325, Bethesda, MD 20892.
    Office of Reports and Analysis, Office of Extramural Research, 
Office of the Director (OD), Building 1, Room 252, 1 Center Drive, 
Bethesda, Maryland 20892-2184.
    Extramural Inventions and Technology Resources Branch, Office of 
Policy for Extramural Research Administration, Office of Extramural 
Research, Office of the Director (OD), Rockledge I, 6705 Rockledge 
Drive, Room 1040, Bethesda, MD 20892-7980.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager listed 
above. The requester must also verify his or her identity by providing 
either a notarization of the request or a written certification that 
the requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine. The request should 
include: (a) Full name, and (b) appropriate identifying information on 
the nature of the invention.

[[Page 60775]]

RECORD ACCESS PROCEDURE:
    Write to the System Manager specified above to attain access to 
records and provide the same information as is required under the 
Notification Procedures. Requesters should also reasonably specify the 
record contents being sought. Individuals may also request an 
accounting of disclosure of their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager specified above and reasonably identify 
the record, specify the information to be contested, the corrective 
action sought, and your reasons for requesting the correction, along 
with supporting information to show how the record is inaccurate, 
incomplete, untimely or irrelevant. The right to contest records is 
limited to information which is incomplete, irrelevant, incorrect, or 
untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Inventors and other collaborating persons, grantees, fellowship 
recipients and contractors; other Federal agencies; scientific experts 
from non-Government organizations; contract patent counsel and their 
employees and foreign contract personnel; United States and foreign 
patent offices; prospective licensees; PHS Technology Development 
Coordinators, Internet and commercial databases, and third parties whom 
PHS contacts to determine individual invention ownership or Government 
ownership.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0169

SYSTEM NAME:
    Medical Staff-Credentials Files, HHS/NIH/CC.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Credentialing Services Office, Clinical Center (CC), Building 10, 
Room 1N204, 10 Center Drive, Bethesda, MD 20892-1192.
    Write to the System Manager at the address below for a list of 
Contractor locations, including the address of any Federal Records 
Center where records from this system may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who have been approved as members of the medical staff 
at the Warren G. Magnuson Clinical Center.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Medical staff names, date of birth, home address and telephone 
number, office address and telephone number, citizenship, visa 
information, appointment date, hospital-wide computer access 
privileges, Institute/Center designation, branch/lab, type of medical 
staff membership, privilege delineation, professional degree(s) 
including school of attendance and graduation dates, foreign medical 
examinations, specialty board certifications, licensing information 
(including state of licensure and license number), record of 
disciplinary actions, documentation of training, and admitting 
privileges.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority for collecting the requested information is contained 
in section 301 (42 U.S.C. 241) of the Public Health Service Act, as 
amended, outlining the authority of the Secretary to, within the Public 
Health Service (PHS), promote the coordination of various research and 
associated activities, including for purposes of study, admitting and 
treating individuals at PHS facilities. Section 402(b) of the Public 
Health Service Act (42 U.S.C. 282(b)), as amended, outlining the 
authority of the Director of the National Institutes of Health (NIH) 
with respect to the admission and treatment of individuals at NIH 
facilities for purposes of study.

PURPOSE(S):
    These records are used to: (1) Maintain information used in the 
credentialing and privileging of active medical staff members at the 
Warren G. Magnuson Clinical Center; (2) document patient care 
privileges for active members of the medical staff; (3) provide 
information about active and non-active members of the medical staff to 
authorized individuals; and (4) report to the National Practitioner 
Data Bank as required by the provisions of Title IV of Pub. L. 99-660, 
as amended.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the record 
of an individual in response to an inquiry from the congressional 
office made at the request of that individual.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation, and HHS 
determines that the use of such records by the Department of Justice, 
court or other tribunal is relevant and necessary to the litigation and 
would help in the effective representation of the governmental party, 
provided, however, that in each case HHS determines that such 
disclosure is compatible with the purpose for which the records were 
collected.
    3. In the event that a system of records maintained by this agency 
to carry out its functions indicates a violation or potential violation 
of law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule or order issued pursuant thereto, the relevant records 
in the system of records may be referred to the appropriate agency, 
whether Federal, State, or local, charged with enforcing or 
implementing the statute or rule, regulation or order issued pursuant 
thereto.
    4. NIH may disclose records to Department contractors and 
subcontractors for the purpose of collecting, compiling, aggregating, 
analyzing, or refining records in the system. Contractors maintain, and 
are also required to ensure that subcontractors maintain, Privacy Act 
safeguards with respect to such records.
    5. NIH may disclose information to representatives of the Joint 
Commission on Accreditation of Healthcare Organizations for the purpose 
of conducting quality assurance reviews and inspections of the Warren 
G. Magnuson Clinical Center credentialing policies and procedures.
    6. NIH may disclose information from this system of records to 
State medical boards for purposes of professional quality assurance 
activities.
    7. NIH may disclose information from this system of records to 
health care facilities for the purpose of verifying that an individual 
to whom they intend to grant medical staff or patient care privileges 
has or previously held such privileges at the Warren G. Magnuson 
Clinical Center.

[[Page 60776]]

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on paper forms in file folders and in electronic 
databases.

RETRIEVABILITY:
    Records are retrieved by name, date of birth, type of medical staff 
membership, Institute/Center and licensing status.

SAFEGUARDS:
    1. Authorized Users: Data on the computer network system is 
accessed by a password known only to authorized users who are NIH 
employees and contractor staff responsible for implementing the medical 
staff credentials data system. Access to information is thus limited to 
those with a need to know.
    2. Physical Safeguards: Rooms where records are stored are locked 
when not in use. During regular business hours rooms are unlocked but 
entry is controlled by on-site personnel.
    3. Procedural and Technical Safeguards: Access to files is strictly 
controlled by the system manager. Names and other identifying 
particulars are deleted when data from original records are encoded for 
analysis. Data stored in computers is accessed through a network system 
by use of a password known only to authorized users. All authorized 
users of personal information in connection with the performance of 
their jobs (see Authorized Users, above) protect information from 
public view and from unauthorized personnel entering an unsupervised 
office.
    These practices are in compliance with the standards of Chapter 45-
13 of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1B ``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 2300-293-4, ``Medical Staffs' Credential Files,'' 
which allows inactive records to be transferred to the Federal Records 
Center at five year intervals and to be destroyed after thirty years. 
Refer to the NIH Manual Chapter for specific disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief, Credentialing Services Office, Clinical Center, Building 10, 
Room 1N204, 10 Center Drive, Bethesda, MD 20892-1192.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
above address. The requester must provide tangible proof of identity 
(e.g., driver's license). If no identification papers are available, 
the requester must verify his or her identity by providing either a 
notarization of the request or a written certification that the 
requester is who he or she claims to be and understands that the 
knowing and willful request for acquisition of a record pertaining to 
an individual under false pretenses is a criminal offense under the 
Act, subject to a five thousand dollar fine.

RECORD ACCESS PROCEDURE:
    Write to the System Manager specified above to attain access to 
records and provide the same information as that required under the 
Notification Procedures. Requesters should also reasonably specify the 
record contents being requested. Individuals may also request an 
accounting of disclosure of their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager specified above and reasonably identify 
the record, specify the information to be contested, the corrective 
action sought, and your reasons for requesting the correction, along 
with supporting information to show how the record is inaccurate, 
incomplete, untimely or irrelevant. The right to contest records is 
limited to information which is incomplete, irrelevant, incorrect, or 
untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Subject individual.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0200

SYSTEM NAME:
    Clinical, Basic and Population-based Research Studies of the 
National Institutes of Health (NIH), HHS/NIH/OD.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Records are located at NIH and Contractor research facilities which 
collect or provide research data for this system. Contractors may 
include, but are not limited to: Research centers, clinics, hospitals, 
universities, medical schools, research institutions/foundations, 
national associations, commercial organizations, collaborating State 
and Federal Government agencies, and coordinating centers. A current 
list of sites, including the address of any Federal Records Center 
where records from this system may be stored, is available by writing 
to the appropriate Coordinator listed under Notification Procedure.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Adults and/or children who are the subjects of clinical, basic, or 
population-based research studies of the NIH. Individuals with disease. 
Individuals who are representative of the general population or of 
special groups including, but not limited to: normal controls, normal 
volunteers, family members and relatives; providers of services (e.g., 
health care and social work); health care professionals and educators, 
and demographic sub-groups as applicable, such as age, sex, ethnicity, 
race, occupation, geographic location; and groups exposed to real and/
or hypothesized risks (e.g., exposure to biohazardous microbial 
agents).

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains data about individuals as relevant to a 
particular research study. Examples include, but are not limited to: 
name, study identification number, address, relevant telephone numbers, 
social security number (voluntary), driver's license number, date of 
birth, weight, height, sex, race; medical, psychological and dental 
information, laboratory and diagnostic testing results; registries; 
social, economic and demographic data; health services utilization; 
insurance and hospital cost data, employers, conditions of the work 
environment, exposure to hazardous substances/compounds; information 
pertaining to stored biologic specimens (including blood, urine, tissue 
and genetic materials), characteristics and activities of health care 
providers and educators and trainers (including curricula vitae); and 
associated correspondence.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    ``Research and Investigation,'' ``Appointment and Authority of the 
Directors of the National Research Institutes,'' ``National Cancer 
Institute,'' ``National Eye Institute,'' ``National Heart, Lung and 
Blood Institute,'' ``National Institute on Aging,'' ``National

[[Page 60777]]

Institute on Alcohol Abuse and Alcoholism,'' ``National Institute on 
Allergy and Infectious Diseases,'' ``National Institute of Arthritis 
and Musculoskeletal and Skin Diseases,'' ``National Institute of Child 
Health and Human Development,'' ``National Institute on Deafness and 
Other Communication Disorders,'' ``National Institute of Dental and 
Craniofacial Research,'' ``National Institute of Diabetes, and 
Digestive and Kidney Diseases,'' ``National Institute of Drug Abuse,'' 
``National Institute of Environmental Health Sciences,'' ``National 
Institute of Mental Health,'' ``National Institute of Neurological 
Disorders and Stroke,'' and the ``National Human Genome Research 
Institute'' of the Public Health Service Act. (42 U.S.C. 241, 242, 248, 
281, 282, 284, 285a, 285b, 285c, 285d, 285e, 285f, 285g, 285h, 285i, 
285j, 285l, 285m, 285n, 285o, 285p, 285q, 287, 287b, 287c, 289a, 289c, 
and 44 U.S.C. 3101.)

PURPOSE(S):
    To document, track, monitor and evaluate NIH clinical, basic, and 
population-based research activities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. A record may be disclosed for a research purpose, when the 
Department: (A) Has determined that the use or disclosure does not 
violate legal or policy limitations under which the record was 
provided, collected, or obtained; e.g., disclosure of alcohol or drug 
abuse patient records will be made only in accordance with the 
restrictions of confidentiality statutes and regulations 42 U.S.C. 241, 
42 U.S.C. 290dd-2, 42 CFR part 2, and where applicable, no disclosures 
will be made inconsistent with an authorization of confidentiality 
under 42 U.S.C. 241 and 42 CFR part 2a; (B) has determined that the 
research purpose (1) cannot be reasonably accomplished unless the 
record is provided in individually identifiable form, and (2) warrants 
the risk to the privacy of the individual that additional exposure of 
the record might bring; (C) has required the recipient to (1) establish 
reasonable administrative, technical, and physical safeguards to 
prevent unauthorized use or disclosure of the record, (2) remove or 
destroy the information that identifies the individual at the earliest 
time at which removal or destruction can be accomplished consistent 
with the purpose of the research project, unless the recipient has 
presented adequate justification of a research or health nature for 
retaining such information, and (3) make no further use or disclosure 
of the record except (a) in emergency circumstances affecting the 
health or safety of any individual, (b) for use in another research 
project, under these same conditions, and with written authorization of 
the Department, (c) for disclosure to a properly identified person for 
the purpose of an audit related to the research project, if information 
that would enable research subjects to be identified is removed or 
destroyed at the earliest opportunity consistent with the purpose of 
the audit, or (d) when required by law; and (D) has secured a written 
statement attesting to the recipient's understanding of, and 
willingness to abide by, these provisions.
    2. Disclosure may be made to a Member of Congress or to a 
Congressional staff member in response to an inquiry of the 
Congressional office made at the written request of the constituent 
about whom the record is maintained.
    3. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice 
when: (a) The agency or any component thereof; or (b) any employee of 
the agency in his or her official capacity where the Department of 
Justice has agreed to represent the employee; or (c) the United States 
Government, is a party to litigation or has an interest in such 
litigation, and by careful review, the agency determines that the 
records are both relevant and necessary to the litigation and the use 
of such records by the Department of Justice is, therefore, deemed by 
the agency to be for a purpose that is compatible with the purpose for 
which the agency collected the records.
    4. Disclosure may be made to agency contractors, grantees, experts, 
consultants, collaborating researchers, or volunteers who have been 
engaged by the agency to assist in the performance of a service related 
to this system of records and who need to have access to the records in 
order to perform the activity. Recipients shall be required to comply 
with the requirements of the Privacy Act of 1974, as amended, pursuant 
to 5 U.S.C. 552a(m).
    5. Information from this system may be disclosed to Federal 
agencies, State agencies (including the Motor Vehicle Administration 
and State vital statistics offices, private agencies, and other third 
parties (such as current or prior employers, acquaintances, relatives), 
when necessary to obtain information on morbidity and mortality 
experiences and to locate individuals for follow-up studies. Social 
security numbers, date of birth and other identifiers may be disclosed: 
(1) To the National Center for Health Statistics to ascertain vital 
status through the National Death Index; (2) to the Health Care 
Financing Agency to ascertain morbidities; and (3) to the Social 
Security Administration to ascertain disabilities and/or location of 
participants. Social security numbers may also be given to other 
Federal agencies, and State and local agencies when necessary to 
locating individuals for participation in follow-up studies.
    6. Medical information may be disclosed in identifiable form to 
tumor registries for maintenance of health statistics, e.g., for use in 
research studies.
    7. PHS may inform the sexual and/or needle-sharing partner(s) of a 
subject individual who is infected with the human immunodeficiency 
virus (HIV) of their exposure to HIV, under the following 
circumstances: (1) The information has been obtained in the course of 
clinical activities at PHS facilities carried out by PHS personnel or 
contractors; (2) The PHS employee or contractor has made reasonable 
efforts to counsel and encourage the subject individual to provide the 
information to the individual's sexual or needle-sharing partner(s); 
(3) The PHS employee or contractor determines that the subject 
individual is unlikely to provide the information to the sexual or 
needle-sharing partner(s) or that the provision of such information 
cannot reasonably be verified; and (4) The notification of the 
partner(s) is made, whenever possible, by the subject individual's 
physician or by a professional counselor and shall follow standard 
counseling practices.
    PHS may disclose information to State or local public health 
departments, to assist in the notification of the subject individual's 
sexual and/or needle-sharing partner(s), or in the verification that 
the subject individual has notified such sexual or needle-sharing 
partner(s).
    8. Certain diseases and conditions, including infectious diseases, 
may be reported to appropriate representatives of State or Federal 
Government as required by State or Federal law.
    9. Disclosure may be made to authorized organizations which provide 
health services to subject individuals or provide third-party 
reimbursement or fiscal intermediary functions, for the purpose of 
planning for or providing such services, billing or collecting third-
party reimbursements.
    10. The Secretary may disclose information to organizations deemed 
qualified to carry out quality assessment, medical audits or 
utilization reviews.

[[Page 60778]]

    11. Disclosure may be made for the purpose of reporting child, 
elder or spousal abuse or neglect or any other type of abuse or neglect 
as required by State or Federal law.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records may be stored on index cards, file folders, computer tapes 
and disks (including optical disks), photography media, microfiche, 
microfilm, and audio and video tapes. For certain studies, factual data 
with study code numbers are stored on computer tape or disk, while the 
key to personal identifiers is stored separately, without factual data, 
in paper/computer files.

RETRIEVABILITY:
    During data collection stages and follow-up, retrieval is by 
personal identifier (e.g., name, social security number, medical record 
or study identification number, etc.). During the data analysis stage, 
data are normally retrieved by the variables of interest (e.g., 
diagnosis, age, occupation).

SAFEGUARDS:
    1. Authorized Users: Access to identifiers and to link files is 
strictly limited to the authorized personnel whose duties require such 
access. Procedures for determining authorized access to identified data 
are established as appropriate for each location. Personnel, including 
contractor personnel, who may be so authorized include those directly 
involved in data collection and in the design of research studies, 
e.g., interviewers and interviewer supervisors; project managers; and 
statisticians involved in designing sampling plans. Other one-time and 
special access by other employees is granted on a need-to-know basis as 
specifically authorized by the system manager. Researchers authorized 
to conduct research on biologic specimens will typically access the 
system through the use of encrypted identifiers sufficient to link 
individuals with records in such a manner that does not compromise 
confidentiality of the individual.
    2. Physical Safeguards: Records are either stored in locked rooms 
during off-duty hours, locked file cabinets, and/or secured computer 
facilities. For certain studies, personal identifiers and link files 
are separated and stored in locked files. Computer data access is 
limited through the use of key words known only to authorized 
personnel.
    3. Procedural Safeguards: Collection and maintenance of data is 
consistent with legislation and regulations in the protection of human 
subjects, informed consent, confidentiality, and confidentiality 
specific to drug and alcohol abuse patients where these apply. When 
anonymous data is provided to research scientists for analysis, study 
numbers which can be matched to personal identifiers will be 
eliminated, scrambled, or replaced by the agency or contractor with 
random numbers which cannot be matched. Contractors who maintain 
records in this system are instructed to make no further disclosure of 
the records. Privacy Act requirements are specifically included in 
contracts for survey and research activities related to this system. 
The OHS project directors, contract officers, and project officers 
oversee compliance with these requirements. Personnel having access are 
trained in Privacy Act requirements. Depending upon the sensitivity of 
the information in the record, additional safeguard measures may be 
employed.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 
1--``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361), item 3000-G-3, which allows records to be kept as long 
as they are useful in scientific research. Collaborative Perinatal 
Project records are retained in accordance with item 3000-G-4, which 
does not allow records to be destroyed. Refer to the NIH Manual Chapter 
for specific conditions on disposal or retention instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    See Appendix I for a listing of current System Managers. This 
system is for use by all NIH Institutes and Centers.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the appropriate IC 
Privacy Act Coordinator listed below. In cases where the requester 
knows specifically which System Manager to contact, he or she may 
contact the System Manager directly (See Appendix I). Notification 
requests should include: individual's name; current address; date of 
birth; date, place and nature of participation in specific research 
study; name of individual or organization administering the research 
study (if known); name or description of the research study (if known); 
address at the time of participation; and in specific cases, a 
notarized statement (some highly sensitive systems require two 
witnesses attesting to the individual's identity). A requester must 
verify his or her identity by providing either a notarization of the 
request or by submitting a written certification that the is who he or 
she claims to be and understands that the knowing and willful request 
for acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand dollar fine.
    Individuals will be granted direct access to their medical records 
unless the System Manager determines that such access is likely to have 
an adverse effect (i.e., could cause harm) on the individual. In such 
cases when the System Manager has determined that the nature of the 
record information requires medical interpretation, the subject of the 
record shall be requested to designate, in writing, a responsible 
representative who will be willing to review the record and inform the 
subject individual of its contents at the representative's discretion. 
The representative may be a physician, other health professional, or 
other responsible individual. In this case, the medical/dental record 
will be sent to the designated representative. Individuals will be 
informed in writing if the record is sent to the representative. This 
same procedure will apply in cases where a parent or guardian requests 
notification of, or access to, a child's or incompetent person's 
medical record. The parent or guardian must also verify (provide 
adequate documentation) their relationship to the child or incompetent 
person as well as his or her own identity to prove their relationship.
    If the requester does not know which Institute or Center Privacy 
Act Coordinator to contact for notification purposes, he or she may 
contact directly the NIH Privacy Act Officer at the following address: 
NIH Privacy Act Officer, Office of Management Assessment, 6011 
Executive Blvd., Room 601L, Rockville, MD 20852.

NIH Privacy Act Coordinators

    Associate Director for Disease Prevention, Office of the Director 
(OD), Building 1, Room 260, 1 Center Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, Clinical Center (CC), Building 10, Room 
1N208, 10 Center Drive, Bethesda, MD 20892.

[[Page 60779]]

    Privacy Act Coordinator, National Center for Complementary and 
Alternative Medicine (NCCAM), Building 31, Room 2B11, 31 Center Drive, 
Bethesda, MD 20892-2182.
    Privacy Act Coordinator, National Cancer Institute (NCI), Building 
31, Room 10A34, 31 Center Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Center on Minority Health and 
Health Disparities (NCMHD), Democracy Plaza II, Room 800, 6707 
Democracy Boulevard, Bethesda, MD 20892-5465.
    Privacy Act Coordinator, National Center for Research Resources 
(NCRR), Rockledge I, Room 5140, 6705 Rockledge Drive, Bethesda, MD 
20892.
    Privacy Act Coordinator, National Eye Institute (NEI), Building 31, 
Room 6A32, 31 Center Drive, Bethesda, MD 20892-2510.
    Privacy Act Coordinator, National Human Genome Research Institute 
(NHGRI), Building 10, 3C710, 10 Center Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Heart, Lung, and Blood Institute 
(NHLBI), Building 31, Room 5A33, 31 Center Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute on Aging (NIA), Gateway 
Building 31, Room 2C234, 7201 Wisconsin Avenue, Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute on Alcohol Abuse and 
Alcoholism (NIAAA), Willco Building, Room 400, 6000 Executive 
Boulevard, Bethesda, MD 20892-7003.
    Privacy Act Coordinator, National Institute of Allergy and 
Infectious Diseases (NIAID), 6700-B Rockledge Drive, Room 2143, 
Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Arthritis and 
Musculoskeletal and Skin Diseases (NIAMS), Natcher Building, Room 
5AS49, 45 Center Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Biomedical Imaging 
and Bioengineering (NIBIB), Building 31, Room 1B37, 31 Center Drive, 
Bethesda, MD 20892-2077.
    Privacy Act Coordinator, National Institute of Child Health and 
Human Development (NICHD), Building 31, Room 2A11, 31 Center Drive, 
Bethesda, MD 20892.
    Privacy Act Coordinator, Office of Extramural Affairs, National 
Institute on Drug Abuse (NIDA), Neuroscience Center, 6001 Executive 
Boulevard, Room 3158, Bethesda, MD 20892-9547.
    Privacy Act Coordinator, National Institute on Deafness and Other 
Communication Disorders (NIDCD), Building 31, Room 3C02, 31 Center 
Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Dental and 
Craniofacial Research (NIDCR), Natcher Building, Room 4AS25, 45 Center 
Drive, Bethesda, MD 20892-6401.
    Privacy Act Coordinator, National Institute of Diabetes and 
Digestive and Kidney Disease (NIDDK), Building 31, Room 9A47, 31 Center 
Drive, Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Environmental Health 
Sciences (NIEHS), PO Box 12233, Research Triangle Park, NC 27709.
    Privacy Act Coordinator, National Institute of General Medical 
Sciences (NIGMS), Natcher Building, Room 2AN32, 45 Center Drive, 
Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Mental Health 
(NIMH), Neuroscience Center, 6001 Executive Boulevard, Room 8102, 
Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Neurological 
Disorders and Stroke (NINDS), Building 31, Room 8A33, 31 Center Drive, 
Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Nursing Research 
(NINR), Rockledge II, Room 710, 6701 Rockledge Drive, Bethesda, MD 
20892.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should reasonably 
specify the record contents being sought. An individual may also 
request an accounting of disclosures of his/her record, if any.

CONTESTING RECORD PROCEDURE:
    Contact the appropriate official at the address specified under 
Notification Procedure, and reasonably identify the record, specify the 
information being contested, and state corrective action sought, with 
supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    The system contains information obtained directly from the subject 
individual by interview (face-to-face or telephone), written 
questionnaire, or by other tests, recording devices or observations, 
consistent with legislation and regulation regarding informed consent 
and protection of human subjects. Information is also obtained from 
other sources, including but not limited to: referring medical 
physicians, mental health/alcohol/drug abuse or other health care 
providers; hospitals; organizations providing biological specimens; 
relatives; guardians; schools; and clinical medical research records.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.

Appendix I: System Manager(s) and Address(es)

    Associate Director for Disease Prevention, Office of the 
Director (OD), Building 1, Room 260, 1 Center Drive, Bethesda, MD 
20892.
    Computer Systems Analyst, Division of Cancer Treatment and 
Diagnosis, National Cancer Institute (NCI), Executive Plaza North, 
Room 344, 6130 Executive Boulevard, Bethesda, MD 20892.
    American Burkitt's Lymphoma Registry, Division of Cancer 
Etiology, National Cancer Institute (NCI), Executive Plaza North, 
Suite 434, 6130 Executive Boulevard, Bethesda, MD 20892.
    Chief, Genetic Epidemiology Branch, Division of Cancer 
Epidemiology and Genetics, National Cancer Institute (NCI), 
Executive Plaza South, Room 7122, 6120 Executive Boulevard, 
Bethesda, MD 20892-7236.
    Program Director, Research Resources, Biological Carcinogenesis 
Branch, Division of Cancer Etiology, National Cancer Institute 
(NCI), Executive Plaza North, Room 540, 6130 Executive Boulevard, 
Bethesda, MD 20892.
    Chief, Environmental Epidemiology Branch, Division of Cancer 
Etiology, National Cancer Institute (NCI), Executive Plaza North, 
Room 443, 6130 Executive Boulevard, Bethesda, MD 20892.
    Associate Director, Surveillance Program, Division of Cancer 
Prevention, National Cancer Institute (NCI), Executive Plaza North, 
Room 343K, 6130 Executive Boulevard, Bethesda, MD 20892.
    Head, Biostatistics and Data Management Section, Center for 
Cancer Research, National Cancer Institute (NCI), Building 6116, 
Room 702, 6116 Executive Boulevard, Bethesda, MD 20892.
    Chief, Clinical Research Branch, Center for Cancer Research, 
Frederick Cancer Research and Development Center, National Cancer 
Institute (NCI), 501 W. 7th Street, Room 3, Frederick, MD 21702.
    Deputy Branch Chief, Navy Hospital, NCI-Naval Medical Oncology 
Branch, Center for Cancer Research, National Cancer Institute (NCI), 
Building 8, Room 5101, Bethesda, MD 20814.
    Chief, Pharmaceutical Management Branch, Cancer Therapy 
Evaluation Program, Division of Cancer Treatment and Diagnosis, 
National Cancer Institute (NCI), Executive Plaza North, Room 804, 
6130 Executive Boulevard, Bethesda, MD 20892.
    Director, Extramural Clinical Studies, Frederick Cancer Research 
and Development Center, National Cancer Institute (NCI), Fort 
Detrick, Frederick, MD 21702.
    Clinical Operations Manager, National Eye Institute (NEI), 
Building 10, Room 10S224, 10 Center Drive, Bethesda, MD 20892.
    Director, Division of Biometry and Epidemiology, National Eye 
Institute (NEI), Building 31, Room 6A52, 31 Center Drive, Bethesda, 
MD 20892.

[[Page 60780]]

    Associate Director, Office of Clinical Affairs, National Heart, 
Lung, and Blood Institute (NHLBI), Building 10, Room 8C104,10 Center 
Drive, Bethesda, MD 20892-1754.
    Senior Scientific Advisor, Office of the Director, Division of 
Epidemiology and Clinical Applications, National Heart, Lung, and 
Blood Institute (NHLBI), Federal Building, Room 220, 7550 Wisconsin 
Avenue, Bethesda, MD 20892.
    Chief Laboratory of Epidemiology, Demography and Biometry, 
National Institute on Aging (NIA), Gateway Building, Room 3C309, 
7201 Wisconsin Avenue, Bethesda, MD 20892.
    Chief, Research Resources Branch, Intramural Research Program, 
National Institute on Aging (NIA), 5600 Nathan Shock Drive, 
Baltimore, MD 21224.
    Clinical Director, National Institute on Aging (NIA), 5600 
Nathan Shock Drive, Baltimore, MD 21224.
    Deputy Director, Division of Biometry and Epidemiology, National 
Institute on Alcohol Abuse and Alcoholism (NIAAA), Willco Building, 
Room 514, 6000 Executive Boulevard, Bethesda, MD 20892-7003.
    Deputy Director, Division of Clinical and Prevention Research, 
National Institute on Alcohol Abuse and Alcoholism (NIAAA), Willco 
Building, Room 505, 6000 Executive Boulevard, Bethesda, MD 20892-
7003.
    Chief, Respiratory Viruses Section, Laboratory of Infectious 
Diseases, National Institute of Allergy and Infectious Diseases 
(NIAID), Building 7, Room 106, 7 Memorial Drive, Bethesda, MD 20892.
    Chief, Hepatitis Virus Section, Laboratory of Infectious 
Diseases, National Institute of Allergy and Infectious Diseases 
(NIAID), Building 7, Room 202, 7 Memorial Drive, Bethesda, MD 20892.
    Chief, Biometry Branch, Division of Microbiology and Infectious 
Diseases, National Institute of Allergy and Infectious Diseases 
(NIAID), 6700-B Rockledge Drive, Room 3120, Bethesda, MD 20892.
    Clinical Director, National Institute of Arthritis and 
Musculoskeletal and Skin Diseases (NIAMS), Building 10, Room 9S205, 
10 Center Drive, Bethesda, MD 20892.
    Chief, Contracts Management Branch, National Institute of Child 
Health and Human Development (NICHD), Executive Plaza North, Room 
7A07, 6130 Executive Boulevard, Bethesda, MD 20892.
    Director of Intramural Research, National Institute on Deafness 
and Other Communication Disorders (NIDCD), Building 31, Room 3C02, 
31 Center Drive, Bethesda, MD 20892.
    Chief, Scientific Programs Branch, National Institute on 
Deafness and Other Communication Disorders (NIDCD), Executive Plaza 
South, Room 400C, 6120 Executive Boulevard, Bethesda, MD 20892-7180.
    Clinical Director, National Institute of Dental and Craniofacial 
Research (NIDCR), Building 10, Room 1N117, 10 Center Drive, 
Bethesda, MD 20892-1191.
    Chief, Scientific Review Branch, National Institute of Dental 
and Craniofacial Research (NIDCR), Building 10, Room 1N117, 10 
Center Drive, Bethesda, MD 20892-1191.
    Research Psychologist, Gene Therapy and Therapeutics Branch, 
National Institute of Dental and Craniofacial Research (NIDCR), 
Building 10, Room 1N105, 10 Center Drive, Bethesda, MD 20892-1190.
    Chief, Clinical Investigations, National Institute of Diabetes 
and Digestive and Kidney Diseases (NIDDK), Building 10, Room 9N222, 
10 Center Drive, Bethesda, MD 20892.
    Chief, Phoenix Clinical Research Section, National Institute of 
Diabetes and Digestive and Kidney Diseases (NIDDK), Phoenix Area 
Indian Hospital, Room 541, 4212 North 16th Street, Phoenix, AZ 
85016.
    Chief, Diabetes Research Section, Division of Diabetes, 
Endocrinology, and Metabolic Diseases, National Institute of 
Diabetes and Digestive and Kidney Disease (NIDDK), Natcher Building, 
Room 5AN18G, 45 Center Drive, Bethesda, MD 20892-6600.
    Privacy Act Coordinator, Office of Extramural Affairs, National 
Institute on Drug Abuse (NIDA), 6001 Executive Boulevard, Room 3158, 
Bethesda, MD 20892-9547.
    Chief, Epidemiology Branch, National Institute of Environmental 
Health Sciences (NIEHS), PO Box 12233, Research Triangle Park, NC 
27709.
    Director, Intramural Research Program, National Institute of 
Mental Health (NIMH), Building 10, Room 4N224, 10 Center Drive, 
Bethesda, MD 20892.
    Privacy Act Coordinator, National Institute of Mental Health 
(NIMH), Neuroscience Center, Room 8102, 6001 Executive Boulevard, 
Bethesda, MD 20982.
    Privacy Act Coordinator, National Institute of Neurological 
Disorders and Stroke (NINDS), Building 31, Room 8A33, 31 Center 
Drive, Bethesda, MD 20892.
    Chief, Epilepsy Branch, National Institute of Neurological 
Disorders and Stroke (NINDS), Neuroscience Center, 6001 Executive 
Boulevard, Suite 2110, Bethesda, MD 20892-9523.
    Assistant Director, Clinical Neurosciences Program, Division of 
Intramural Research, National Institute of Neurological Disorders 
and Stroke (NINDS), Building 10, Room 5N234, 10 Center Drive, 
Bethesda, MD 20892.
    Acting Chief, Laboratory of Central Nervous Systems Studies, 
Intramural Research Program, National Institute of Neurological 
Disorders and Stroke (NINDS), Building 36, Room 4A21, 36 Convent 
Drive, Bethesda, MD 20892-4123.
    Clinical Director, National Human Genome Research Institute 
(NHGRI), Building 10, Room 10C101D, 10 Center Drive, Bethesda, MD 
20892.
    Deputy Director, Division of Extramural Research, National 
Institute of Neurological Disorders and Stroke (NINDS), Neuroscience 
Center, Room 3307, 6001 Executive Boulevard, Bethesda, MD 20892.
    Director, Office of Clinical and Regulatory Affairs, Division of 
Extramural Research and Training, Democracy Plaza II, Room 401, 6707 
Democracy Boulevard, Bethesda, MD 20892-5475.
    Privacy Act Coordinator, National Institute of Biomedical 
Imaging and Bioengineering (NIBIB), Building 31, Room 1B37, 31 
Center Drive, Bethesda, MD 20892-2077.
    Privacy Act Coordinator, National Center on Minority Health and 
Health Disparities (NCMHD), Democracy Plaza II, Room 800, 6707 
Democracy Boulevard, Bethesda, MD 20892-5465.
09-25-0202

SYSTEM NAME:
    Patient Records on PHS Beneficiaries (1935-1974) and Civilly 
Committed Drug Abusers (1967-1976) Treated at the PHS Hospitals in Fort 
Worth, Texas, or Lexington, Kentucky, HHS/NIH/NIDA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Intramural Research Program, National Institute on Drug Abuse 
(NIDA), National Institutes of Health, Johns Hopkins Bayview Medical 
Center, P.O. Box 5180, Baltimore, Maryland 21224.
    Federal Records Center, 1557 St. Joseph Avenue, East Point, GA 
30344.
    Washington National Records Center, 4205 Suitland Road, Washington, 
D.C. 20409.
    Iron Mountain, 8200 Preston Court, Suite One, Jessup, MD 20794.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Civilly committed narcotic addicts (1967-1976) and adult PHS 
beneficiaries (1935-1974) treated at either the PHS hospital in Fort 
Worth, Texas, or Lexington, Kentucky.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Administrative records, such as treatment admission and release 
dates, name and address, and other demographic data; medical records, 
such as, but not limited to, medical history information, drug abuse/
use data as well as treatment information, any laboratory tests, etc.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Narcotic Addict Rehabilitation Act of 1966, and Narcotic Addict 
Rehabilitation Amendments of 1971, Titles I and III (42 U.S.C. 3411 et 
seq. and 28 U.S.C. 2901 et seq.), and Public Health Service Act, 
Sections 321-326, 341(a) and (c) (42 U.S.C. 248-253, 257(a) and (c)).

PURPOSE(S):
    The records were collected originally to monitor the individual's 
progress while being treated at either of two PHS hospitals and to 
ensure continuity of that care. These systems are now inactive. The 
records are used to respond to requests from subject individuals (or 
his/her designated representative) to (1) establish eligibility for 
certain Federal benefits for the

[[Page 60781]]

individual or his/her dependent(s), and (2) provide information to 
subsequent health care providers at the request of the individual 
regarding medical treatment received to ensure continuity of care.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records at National Institute on Drug Abuse (NIDA) are on microfilm 
and contain only part of the admission and discharge information. The 
microfilm is stored in a file cabinet in a locked room. Records sent to 
Federal Records Center are stored in GSA-approved storage containers.

RETRIEVABILITY:
    The administrative records and microfilm are filed by patient name. 
The medical records are filed either by patient name or by patient's 
hospital number with a cross-reference list at NIDA matching number to 
name.

SAFEGUARDS:
    1. Authorized Users: Only the System Manager and designated staff.
    2. Physical Safeguards: The microfilm is in a room which has 
limited access, or stored at a security coded warehouse. The room is 
located in a building with a 24-hour security patrol/television 
surveillance system. Sign in and out procedures are used at all times. 
The warehouse has security access; records can only be retrieved by the 
System Manager or designated staff using a confidential code number. 
The warehouse is patrolled on a 24-hour basis with television 
surveillance.
    3. Procedural Safeguards: Only the System Manager and his/her staff 
have access to the microfilm information and have been trained in 
accordance with the Privacy Act.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    All administrative and medical records have been retired to a 
Federal Records Center. The records collected under the Narcotic Addict 
Rehabilitation Act of 1966 will be destroyed when they are 25 years 
old, which will be in 2001 because the last patient was released from 
treatment in 1976. The PHS beneficiaries' records will be destroyed at 
the same time. The records will be shredded in 2003 upon written 
request from the system manager.

SYSTEM MANAGER(S) AND ADDRESS:
    Medical Records Officer, Intramural Research Program, National 
Institute on Drug Abuse (NIDA), Johns Hopkins Bayview Medical Center, 
Box 5180, Baltimore, MD 21224.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
address above. An individual may learn if a record exists about himself 
or herself upon written request with a notarized signature. The request 
should include, if known: Patient hospital record number, full name or 
any alias used, patient's address during treatment, birth date, veteran 
status (if applicable) and approximate dates in treatment, and social 
security number.
    An individual who requests notification of a medical record shall, 
at the time the request is made, designate in writing a responsible 
representative who will be willing to review the record and inform the 
individual of its content at the representative's discretion.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. An individual may also 
request an accounting of disclosures of his/her record, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above, and reasonably identify the record, specify the 
information being contested, and state the corrective action sought, 
with supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    Patients; patients' drug treatment program counselors; court 
records; hospital personnel.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0203

SYSTEM NAME:
    National Institute on Drug Abuse, Intramural Research Program, 
Federal Prisoner and Non-Prisoner Research Files, HHS/NIH/NIDA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Intramural Research Program, National Institute on Drug Abuse 
(NIDA), P.O. Box 5180, Baltimore, MD 21224.
    NIDA Warehouse, 5550 Eastern Avenue, Baltimore, MD 21224.
    Quest, Pathology Building, 1901 Silver Spring Road, Baltimore, MD 
21227.
    Federal Records Center, 1557 St. Joseph Avenue, East Point, GA 
30344.
    Washington National Records Center, 4205 Suitland Road, Washington, 
DC 20409.
    NOVA, Johns Hopkins Bayview Medical Center, Building C, 5500 Nathan 
Shock Drive, Baltimore, MD 21224.
    Iron Mountain, 8200 Preston Court, Suite One, Jessup, MD 20794.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Volunteers, adult males (from 1968 to present), adult females 
(beginning in l985) and adolescents (ages 13-18, beginning in 1983) and 
children (neonate to 12 beginning in 1989). Clinical research projects 
conducted at the Addiction Research Center (ARC). This system also 
includes records on adult Federal prisoners involved in research 
projects at ARC when located at Lexington, Kentucky, from 1968-1976, 
and some records from system 09-30-0020 to be used for statistical 
research only.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records involved are administrative, medical and 
research records.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Health Service Act, Section 301(a) (42 U.S.C. 241(a)); 
Sections 341(a) and 344(d) (42 U.S.C. 257(a) and 260(d)); Sections 503 
and 515 (42 U.S.C. 290aa-2 and 290cc). These sections authorize the 
conduct of research in all areas of drug abuse.

PURPOSE(S):
    1. To collect and maintain a data base for research activities at 
NIDA/IRP.
    2. To enable Federal drug abuse researchers to evaluate and monitor 
the subjects' health during participation in a research project. The 
areas of research include, but are not limited to, biomedical, 
clinical, behavioral, pharmacological, psychiatric, psycho social, 
epidemiological, etiological,

[[Page 60782]]

statistical, treatment and prevention of narcotic addiction and drug 
abuse.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. The National Institute on Drug Abuse (NIDA) uses a contractor to 
recruit volunteers and to screen these individuals for their 
acceptability to participate in specific research projects, and limits 
the contractor's access to the records to these procedures. NIDA also 
uses a contractor to perform routine medical laboratory tests on blood 
and urine samples. These routine tests verify that the subject is in 
good health. Both contractors disclose records from this system only to 
NIDA and are required to maintain Privacy Act safeguards with respect 
to such records.
    2. (a) PHS may inform the sexual and/or needle-sharing partner(s) 
of a subject individual who is infected with the human immunodeficiency 
virus (HIV) of their exposure to HIV, under the following 
circumstances: (1) The information has been obtained in the course of 
clinical activities at PHS facilities carried out by PHS personnel or 
contractors; (2) The PHS employee or contractor has made reasonable 
efforts to counsel and encourage the subject individual to provide the 
information to the individual's sexual or needle-sharing partner(s); 
(3) The PHS employee or contractor determines that the subject 
individual is unlikely to provide the information to the sexual or 
needle-sharing partner(s) or that the provision of such information 
cannot reasonably be verified; and (4) The notification of the 
partner(s) is made, whenever possible, by the subject individual's 
physician or by a professional counselor and shall follow standard 
counseling practices.
    (b) PHS may disclose information to State or local public health 
departments, to assist in the notification of the subject individual's 
sexual and/or needle-sharing partner(s), or in the verification that 
the subject individual has, notified such sexual or needle-sharing 
partner(s).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Data may be stored in file folders or on an internal EISnet, CDS, 
computer disk, magnetic tape, or microfilm.

RETRIEVABILITY:
    Administrative and medical records are indexed and retrieved by the 
subject's name and identification code number. Research records are 
indexed and retrieved by the subject's name and identification code 
number.

SAFEGUARDS:
    1. Authorized Users: Only authorized NIDA Intramural Research 
Program staff are allowed access to these files.
    2. Physical Safeguards: Files and file rooms are locked after 
business hours. Building has electronic controlled entry at all times 
with a 24-hour guard/television surveillance system. The computer 
terminals are in a further secured area.
    3. Procedural Safeguards: All users of personal information in 
connection with the performance of their jobs protect information from 
unauthorized personnel. Access codes to the research records are 
available only to the Principal Investigator and his/her research team. 
Access to the records is strictly limited to those staff members 
trained in accordance with the Privacy Act. The contractor staff 
members are required to secure the information in accordance with the 
Privacy Act. Project Officer and contracting officials will monitor 
contractor compliance.
    4. Access to the Clinical Data Warehouse (EISnet): The NIDA IRP 
computerized medical and research record is strictly limited. All staff 
must be authorized to use the system and be granted an access code 
(user name and password) by the system sponsor (NIDA, IRP Chief of 
Biomedical Informatics). Passwords are required to be changed every six 
months. Access is limited by job classification and is on a need to 
know basis only. Data entered is time and date stamped by the staff 
member's name. Data is not altered once entered. While logged into the 
system, the name of the staff member is displayed on the screen. An 
activity log of each use is kept. Data is backed up on a daily basis.
    5. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook.
    In addition, because much of the data collected in these research 
projects are sensitive and confidential, special safeguards have been 
established. Certificates of confidentiality have been issued under 
Protection of Identity--Research Subjects Regulations (42 CFR part 2a) 
to those projects initiated since February 1980. This authorization 
enables persons engaged in research on mental health, including 
research on the use and effect of psychoactive drugs, to protect the 
privacy of research subjects by withholding their names or other 
identifying characteristics from all persons not connected with the 
conduct of the research. Persons so authorized may not be compelled in 
any Federal, State, or local civil, criminal, administrative, 
legislative, or other proceeding to identify such individuals. In 
addition, these records are subject to 42 CFR part 2, the 
Confidentiality of Alcohol and Drug Abuse Patient Records Regulations 
(42 CFR 2.56), which state: ``Where the content of patient records has 
been disclosed pursuant to these regulations for the purpose of 
conducting scientific research * * * information contained therein 
which would directly or indirectly identify any patient may not be 
disclosed by the recipient thereof either voluntarily or in response to 
any legal process whether Federal or State.''

RETENTION AND DISPOSAL:
    Records will be disposed of in accordance with the NIH Records 
Control Schedule, i.e., when the records are ten years old or no longer 
required for administrative or research purposes.

SYSTEM MANAGER(S) AND ADDRESS:
    Medical Records Officer, Intramural Research Program, National 
Institute on Drug Abuse (NIDA), Johns Hopkins Bayview Medical Center, 
Building C, P.O. Box 5180, Baltimore, MD 21224.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
address above. Provide a notarized signature as proof of identity. This 
can be waived if the request is made through official Federal, state, 
or local channels. The request should include the patient's register 
number and/or the number of years of incarceration (for prisoner 
subjects), full name at time of participation in the research project, 
date(s) of research participation, and title of research project or 
name of drug being studied. An individual who requests notification of 
a medical record shall, at the time the request is made, designate in 
writing a responsible representative who will be willing to review the 
record and inform the subject individual of its contents at the 
representative's discretion. A parent or legal guardian who requests 
notification of an adolescent's record shall designate a family 
physician or other health professional (other than a family member) of 
the Addiction Research Center staff to whom the record, if any, will be 
sent. The parent or legal guardian must verify in writing the 
relationship to the adolescent as well as his/her own identity.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably

[[Page 60783]]

specify the record contents being sought. An individual may also 
request an accounting of disclosures that have been made of his/her 
records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above and reasonably identify the record, specify the 
information being contested, and state the corrective action sought and 
reasons for requesting the correction, along with supporting 
information to show how the record is inaccurate, incomplete, untimely, 
or irrelevant.

RECORD SOURCE CATEGORIES:
    The individual; observations and medical recordings (such as blood 
pressure, dosage of compound administered, etc.) made by the Principal 
investigator and his/her research team; system of records number 09-30-
0020; drug treatment programs; Bureau of Prisons; case workers; 
psychiatrists; research laboratories; and pharmacies and hospitals. 
Many of these records are confidential and privileged communication is 
guaranteed under Section 344(d) of the PHS Act.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0207

SYSTEM NAME:
    Subject-Participants in Pharmacokinetic Studies on Drugs of Abuse 
and on Treatment Medications, HHS/NIH/NIDA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    University of California, San Francisco, Langley Porter Psychiatric 
Institute, San Francisco, CA 94143.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Normal, healthy adults who voluntarily participate in studies on 
the pharmacokinetics and pharmacodynamics of psychoactive drugs at 
Langley Porter Psychiatric Institute, during the period September 1987 
through September 2005.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Research records on each subject-participant contain the following 
information: name; clinician's records including medical history, 
laboratory test results, physical examinations, psychological profile, 
and drug use profile; drug study data including records of drugs 
administered, exposures to radioactivity, and drug reactions; and date 
of study in which the subject participated.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Health Service Act, Sections 301(a), 503 and 405 (42 U.S.C. 
241 and 284).

PURPOSE(S):
    The primary purpose of this system is to support research on the 
pharmacokinetics and pharmacodynamics of drugs of abuse as well as 
treatment drugs. The term ``pharmacokinetics'' refers to the manner in 
which the human body processes a drug. ``Pharmacodynamics'' refers to 
the manner in which the drug affects the human body.
    The clinical investigator used data of a medical nature that is 
contained in the system to make determinations regarding drug dosages 
and/or radiochemical exposures appropriate to the individual human 
subject-participants, in order to preserve and protect the health of 
each. The system also provides baseline data for studying the drug 
effects.
    The Food and Drug Administration (FDA) also may use the records in 
routine inspections FDA conducts in accordance with its 
responsibilities to develop standards on the composition, quality, 
safety, and efficacy of drugs administered to humans, and to monitor 
experimental usage of drugs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. We may disclose to a congressional office the record of an 
individual in response to a verified inquiry from the congressional 
office made at the written request of the individual.
    2. NIH contractors, use the records in this system to accomplish 
the research purpose for which the records are collected. The 
contractors are required to maintain Privacy Act safeguards with 
respect to such records.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    The contractor maintains the records on paper in file folders.

RETRIEVABILITY:
    The contractor indexes and retrieves the records by the subject-
participant's name.

SAFEGUARDS:
    1. Authorized Users: Only the contract Project Director and his/her 
research team and the Federal Project Officer and his/her support staff 
have access to these records.
    2. Physical Safeguards: The contractor keeps all records in a 
locked metal file cabinet in premises with limited accessibility. Only 
the clinical investigator (Project Director) has the key to the locked 
files.
    3. Procedural Safeguards: Only the contract staff have access to 
the files. Persons other than subject participants who request 
individually identifiable data from a record, must provide written 
consent from the subject participant permitting the requested 
disclosure. The only exception would be for disclosure to persons or 
organizations permitted by the Privacy Act, Section 3(B) to obtain 
personally identifiable data.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook. In addition, the contract staff 
complies with contractor's (University of California, San Francisco) 
standard procedures for safeguarding data.

RETENTION AND DISPOSAL:
    The records will be kept for at least two years after FDA approves 
the new drug application for the study medication or the IND is 
withdrawn. At that time, the NIDA project officer will authorize in 
writing the clinical investigators to destroy the records by shredding 
or burning.

SYSTEM MANAGER(S) AND ADDRESS:
    Project Officer, Pharmacokinetic Studies on Drugs of Abuse, 
Medications Development Division, National Institute on Drug Abuse 
(NIDA), Neuroscience Center, Room 4123, 6001 Executive Boulevard, 
Bethesda, MD 20892-9551.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager listed 
above.
    Provide the following information: subject-participant's full name 
and a letter of request (or permission, if the requester is not the 
subject-participant) with notarized signature of the individual who is 
the subject of the record, approximate date(s) of experiment(s) in 
which the individual participated, and drug name (if known). In 
addition, an individual who requests notification of, or access to, a 
medical record shall, at the time the request is made, designate in 
writing a responsible

[[Page 60784]]

representative who will be willing to review the record and inform the 
subject individual of its content at the representative's discretion.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. An individual may also 
request an accounting of disclosures of his/her record, if any.

CONTESTING RECORD PROCEDURE:
    Contact the System Manager at the address above and reasonably 
identify the record, specify the information to be contested, the 
corrective action sought, with supporting information to show how the 
record is inaccurate, incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    The subject-participants and the contractor personnel conducting 
the research studies.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0208

SYSTEM NAME:
    Drug Abuse Treatment Outcome Study (DATOS), HHS/NIH/NIDA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Research Triangle Institute, Center for Social Research and Policy 
Analysis, Research Triangle Park, NC 27709.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Voluntary adult clients of Federally-funded treatment programs, 
including Treatment Alternative Street Crime (TASC) Programs of the 
Department of Justice, who requested to be included in TOPS from 1979 
through 1986. New data collected from voluntary adults/adolescent 
clients of public and private funded-treatment programs beginning in 
1991 and will continue through 1997.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories are: demographic data, treatment outcome data, 
treatment process data, client locator information, and personal 
identifiers (name and assigned numerical identifier).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Health Service Act, Sections 301 and 405 (42 U.S.C. 241 and 
284.)

PURPOSE(S):
    The purpose of the system is to compile information on drug abusers 
in drug abuse treatment programs in order to derive information on the 
treatment environments and abusers' behaviors and characteristics 
subsequent to treatment. Researchers and drug abuse service providers 
may use the aggregate data to address issues and generate hypotheses to 
understand better the interactions among the client and community.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Within the restrictions set forth in HHS regulations concerning 
the confidentiality of drug abuse patient records (42 CFR 2.56), we may 
disclose a record for a research purpose, when the Department: (a) Has 
determined that the use or disclosure does not violate legal or policy 
limitations under which the record was provided, collected, or 
obtained; (b) has determined that the research purpose (1) cannot be 
reasonably accomplished unless the record is provided in individually 
identifiable form, and (2) warrants the risk to the privacy of the 
individual that additional exposure of the record might bring; (c) has 
required the recipient to (1) establish reasonable administrative, 
technical, and physical safeguards to prevent unauthorized use or 
disclosure of the record, (2) remove or destroy the information that 
identifies the individual at the earliest time at which removal or 
destruction can be accomplished consistent with the purpose of the 
research project, unless the recipient has presented adequate 
justification of a research or health nature for retaining such 
information, and (3) make no further use or disclosure of the record 
except: (A) In emergency circumstances affecting the health or safety 
of any individual, (B) for use in another research project, under these 
same conditions, and with written authorization of the Department, (C) 
for disclosure to a properly identified person for the purpose of an 
audit related to the research project, if information that would enable 
research subjects to be identified is removed or destroyed at the 
earliest opportunity consistent with the purpose of the audit, or (D) 
when required by law; (d) has secured a written statement attesting to 
the recipient's understanding of, and willingness to, abide by these 
provisions.
    2. The Research Triangle Institute, an NIH contractor, uses the 
records in this system to accomplish the research purpose for which the 
records are collected. In the event of followup studies or continuation 
studies because the contract has been terminated for convenience by the 
Government, we may disclose records in this system to a subsequent NIH 
contractor. We would require the new contractor to maintain Privacy Act 
safeguards with respect to such records.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Interview forms, magnetic tapes, and disks.

RETRIEVABILITY:
    Records are indexed and retrieved by unique alpha numerical 
identifier. In order to relate the data collected to specific 
individuals, one must use the link file discussed under Safeguards.

SAFEGUARDS:
    1. Authorized Users: Contractor personnel, the agency project 
officer, and agency employees whose duties require the use of the 
information in the system.
    2. Physical Safeguards: The data management task leader, the 
project leader, or the project director provide technical supervision 
of all data collection and processing activities. Individually 
identified forms are stored in a secure, vault-like room provided for 
this purpose. Authorized personnel have access to the room by one 
locked door with controlled entry, i.e., only on the written authority 
of the professional staff member in charge. Computerized records are 
kept in a vault area with limited accession.
    3. Procedural Safeguards: Because some of the data collected in 
this study, such as data on drug use, are sensitive and confidential, 
special safeguards have been established. A Certificate of 
Confidentiality has been issued under 42 CFR part 2a. This 
authorization enables persons engaged in research on mental health, 
including research on the use and effect of psychoactive drugs, to 
protect the privacy of research subjects by withholding the names or 
other identifying characteristics from all persons not connected with 
the conduct of the research. Persons so authorized may not be compelled 
in any Federal, State, or local civil, criminal, administrative, 
legislative, or other proceedings to identify such individuals. In 
addition, these records are subject to 42 CFR part 2, the 
Confidentiality of Alcohol and Drug Abuse Patient Records Regulations 
(42 CFR 2.56), which state: ``Where the content of patient records has 
been disclosed pursuant to (these regulations) for the purpose of 
conducting scientific research * * *. information contained

[[Page 60785]]

therein which would directly or indirectly identify any patient may not 
be disclosed by the recipient thereof either voluntarily or in response 
to any legal process whether Federal or State.''
    Another safeguard is that the forms containing subject 
identification information for client followup and data matching 
purposes do not include any reference to the purpose of the study.
    Identification and location information is kept separate from any 
information that would suggest that the respondent has been in a drug 
treatment program.
    Information on completed forms is entered immediately on the 
computer. Completed forms and computerized data are released only to 
authorized persons. Only aggregate data are provided and used in the 
preparation of necessary and appropriate reports.
    A link file system is used. This system has three components: (1) 
Personal information, (2) data base information, and (3) the link file, 
which contains identifying number pairs which can be used to match data 
with individuals. The advantage of this system is that the data base 
can be used directly for report generation, etc., without the use of 
decrypting subroutines or access to the personal information or 
matching link files.
    In addition, the computer center being utilized has developed an 
extensive security system to protect computer account codes and data. 
This system is described in a publication that is available from the 
System manager upon request.
    We do not anticipate any disclosure of individually identifiable 
information to other persons or organizations within the Department of 
Health and Human Services. Nor does the contractor provide individually 
identification information to the Department of Justice, with which 
NIDA has a cooperative agreement for this study.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook. In addition, project staff complies 
with the contractor's (Research Triangle Institute) standard procedures 
for safeguarding data.
    The contractor provides only aggregate information to NIDA.

RETENTION AND DISPOSAL:
    The contractor destroys interview forms by shredding or burning 
immediately after contractor staff have completed and verified direct 
entry on magnetic tape or disk storage. The contractor will destroy 
individual identification and location data by shredding or burning, 
under the explicit written authorization of the System manager, which 
is anticipated to be no longer than five years after the termination of 
the study unless the information is needed for research purposes. We 
will retain aggregate data tapes for research purposes. These tapes 
will not have any individually identifiable information. In accordance 
with the NIH Records Control Schedule, these tapes will be retained for 
five years after completion of the project (approximately 2002). At 
that time, the tapes will be retired to the Federal Records Center and 
destroyed when they are ten years old or when they are no longer needed 
for research purposes.

SYSTEM MANAGER(S) AND ADDRESS:
    Drug Abuse Treatment Outcome Study (DATOS), Project Officer, 
Services Research Branch, Division of Epidemiology, Services, and 
Prevention Research, National Institute on Drug Abuse (NIDA), 
Neuroscience Center, Room 4222, 6001 Executive Boulevard, Bethesda, MD 
20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
address above. An individual may learn if a record exists about 
himself/herself upon written request, with notarized signature. The 
request should include, if known, name of the researcher, location of 
the research site, approximate date of data collection, any alias used, 
and subject identification number.
    An individual who requests notification of a medical record shall, 
at the time the request in made, designate in writing a responsible 
representative who will be willing to review the record and inform the 
subject individual of its contents at the representative's discretion.
    A parent or legal guardian who requests notification of an 
adolescent's record shall designate a family physician or other health 
professional (other than a family member) of the Division of Clinical 
Research staff to whom the record, if any, will be sent. The parent or 
legal guardian must verify in writing the relationship to the 
adolescent as well as his/her own identity.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. An individual may also 
request an accounting of disclosures of his/her record, if any.
    Persons other than subject individuals, who request individually 
identifiable data from a record must provide written consent from the 
subject individual permitting the requested disclosure. The only 
exception (if not in conflict with confidentiality regulations) would 
be for disclosure to persons or organizations permitted by the Privacy 
Act, section 3(b), to obtain personally identifiable data.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above and reasonably identify the record, specify the 
information being contested, the corrective action sought, with 
supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    Research subjects, and staff in participating drug abuse treatment 
programs, written clinical evaluations, counselors, psychiatrists, 
psychotherapists, family members, research assistants, hospitals.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0209

SYSTEM NAME:
    Subject-Participants in Drug Abuse Research Studies on Drug 
Dependence and in Research Supporting Investigational New Drug and New 
Drug Applications, HHS/NIH/NIDA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Veterans Administration Hospital, Cooperative Studies Program, 
Department of Veterans Medical Center, Perry Point, MD 21902.
    Division of Treatment Research and Development, National Institute 
on Drug Abuse (NIDA), Neuroscience Center, Room 4123, 6001 Executive 
Boulevard, Bethesda, MD 20892.
    Division of Intramural Research Programs, National Institute on 
Drug Abuse (NIDA), 4940 Eastern Avenue, Baltimore, MD 21224.
    Write to the System Manager at the address below for the address of 
any new locations where records from this system may be stored.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Voluntary clients of Federally funded and other drug abuse 
treatment

[[Page 60786]]

programs who have requested to receive investigational new or marketed 
drugs, such as but not limited to, naltrexone, levo-alpha 
acetylmethadol (LAAM), buprenorphine, disulfiram, selegiline, 
bupropion, and GBR-12909 as part of their treatment. Data collection 
will continue through calendar year 2010.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Demographic data, treatment outcome data, treatment process data, 
client locator information, and personal identifiers (name and assigned 
numerical identifier).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Health Service Act, Sections 301, 464p, and 405 (42 U.S.C. 
241, and 284).

PURPOSE(S):
    1. To maintain information on the safety and effectiveness of drugs 
for treatment of drug dependence with or without abuse potential in 
various treatment environments and modalities and changes in the 
behavior and characteristics of drug abusers who received these 
substances as part of their treatment regimen.
    2. To provide data required by the Food and Drug Administration 
(FDA) to support research on drug dependence, Investigational New Drug 
Applications (INDs) and potential New Drug Applications (NDAs) for 
various drugs, and to treat drug dependence with or without abuse 
potential. A new drug application is a notice to FDA that a 
pharmaceutical company believes they have enough data to demonstrate 
the safety and efficacy of a substance to satisfy FDA for marketing the 
substance. FDA may also use the records in routine inspections that FDA 
conducts in accordance with its responsibilities to develop standards 
on the composition, quality, safety and efficacy of drugs administered 
to humans, and to monitor experimental usage of drugs.
    3. To conduct research on the pharmacology, toxicology, and 
behavioral characteristics of drugs of abuse alone or in combination 
with proposed treatment drugs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    NIH contractor(s) and/or interagency collaborators (i.e. Department 
of Veteran's Affairs) use the records in the system to accomplish the 
research and development purposes for which the records were collected. 
In the event of a followup study or continuation study, the responsible 
project officer may disclose records in this system to a subsequent NIH 
contractor(s). Any new contractor(s) is and would be required to 
maintain Privacy Act safeguards with respect to such records and to 
comply with the confidentiality restrictions of 42 CFR part 2.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Interview and assessment forms, video tapes, magnetic tapes, disks 
and microfiche in boxes in closed cabinets in a locked room with 
limited accessibility.

RETRIEVABILITY:
    The records are indexed and retrieved by subject-participant's name 
code (i.e., initials--not name) and unique numerical identifier. In 
order to relate the data collected to specific individuals, however, 
one must use the link file discussed under safeguards.

SAFEGUARDS:
    1. Authorized Users: For all of the studies, the System Manager or 
Federal Project Officer and only authorized contract staff have access 
to the records (computerized and hard copy files) in the system. The 
contractor provides only aggregate data in reports to NIDA, FDA, or the 
public. Only the NIDA personnel mentioned previously and selected 
authorized contract staff, have access to the stored records. A 
certificate of confidentiality is issued to researchers conducting 
these studies under 42 CFR, part 2, Protection of Identity--Research 
Subjects. This authorization enables persons engaged in research on 
mental health, including research on the use and effect of psychoactive 
drugs, to protect the privacy of research subjects by withholding the 
names or other identifying characteristics from all persons not 
connected with the conduct of the research. Persons so authorized may 
not be compelled in any Federal, State or local civil, criminal, 
administrative, legislative, or other proceedings to identify such 
individuals. These regulations do not prohibit voluntary disclosure by 
the researcher. However, the records of these studies also are subject 
to 42 CFR part 2, the Confidentiality of Alcohol and Drug Abuse Patient 
Records Regulations (42 CFR part 56), which state: Where the content of 
patient records has been disclosed. Pursuant to (these regulations) for 
the purpose of conducting scientific research * * * information 
contained therein which would directly or indirectly identify any 
patient may not be disclosed by the recipient thereof either 
voluntarily of in response to any legal process whether Federal or 
State.'' The contractor's institutional review board reviewed and 
approved the safeguards described above in accordance with 45 CFR part 
46 on the Protection of Human Subjects.
    2. Physical Safeguards: For the study records, the contractor(s) 
stored individually identified forms in a locked room with controlled 
entry, i.e., only on written authority of the professional staff member 
in charge of data handling and processing). The contractor staff enters 
the collected information onto computer systems or disks as soon after 
contact with the subject-participant as possible, and stores the 
computerized records in a secured area with access limited as above.
    For the study records, NIDA stores any individually identified 
forms in a lockable cabinet in a secure room. Only authorized NIDA 
personnel (i.e., select members of the Division of Treatment Research 
and Development professional staff and their support staff have access 
to the room with controlled entry. The room is in a building which has 
a 24-hour guard/television surveillance system and has controlled entry 
(picture identification sign in and out procedures) before and after 
normal working hours.
    Another safeguard for these studies is that the forms containing 
subject identification information do not include any reference to the 
purpose of the study. The identification information is separate from 
any information that would suggest that the respondent is or has been 
in a drug abuse treatment program. In addition, the computer centers 
being utilized for data analyses have developed an extensive security 
system to protect computer account codes and data.
    3. Procedural Safeguards: Access to the computerized records of the 
studies is protected by a computerized password routine which is 
changed
    periodically. In addition, the project staff complies with the 
contractor's standard procedures for safeguarding data. The link file 
system that identifies individuals with personal data has three 
components: (1) Identification information, (2) data base information, 
and (3) the link file, which contains identifying number pairs which 
match data with individuals. The advantage of this system is that one 
may use the baseline data directly for report generation, etc., without 
using the subroutines or accessing the personal information or link 
files.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS

[[Page 60787]]

General Administration Manual, sbull I11``Safeguarding Records 
Contained in Systems of Records,'' supplementary Chapter PHS hf: 45-13, 
and the HHS Automated Information Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    NIDA will destroy identifiable information by shredding or burning 
when it is no longer needed for analysis or research purposes; then the 
tapes, and/or other electronic media, will be erased. NIDA will destroy 
individual identification and match-up information from other studies 
by shredding or burning five years after FDA completes the review and 
approves the new drug applications or when they are no longer needed 
for research purposes.
    NIDA will retain the aggregate data tapes, and/or other electronic 
media, and/or paper records from studies for research purposes. These 
tapes will not have any individually identifiable information. In 
accordance with the FDA regulations governing new drug applications, 
the aggregate tapes will be retained for at least two years after FDA 
approves the new drug applications or the IND is withdrawn. At that 
time, the tapes will be retired to the Federal Records Center and 
destroyed when they are five years old or when they are no longer 
needed for research purposes.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief, Regulatory Affairs Branch, Division of Treatment Research 
and Development, National Institute on Drug Abuse (NIDA), Neuroscience 
Center, Room 4123, 6001 Executive Boulevard, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    An individual may determine if a record exists about himself/
herself upon written request, with notarized signature if request is 
made by mail, or with suitable identification if request is made in 
person, to the appropriate system manager at the address above. The 
following information should be included, if known: subject-
participant's full name and a letter of request with notarized 
signature of the subject-participant of the record, any alias used, 
subject-participant's identification number, name of the researcher, 
name of clinic or research center, name of substance, and approximate 
date of study participation.
    An individual who requests notification of a medical record must, 
at the time the request is made, designate in writing a responsible 
representative who will be willing to review the record and inform the 
subject individual of its contents at the representative's discretion.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. An individual may also 
request an accounting of disclosures of his/her record, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above and reasonably identify the record, specify the 
information being contested, the corrective action sought, with 
supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    Research subject-participants, staff in the participating drug 
abuse treatment programs, written clinical evaluations, private 
physicians, counselors, psychiatrists, psychotherapists, family 
members, research assistants, and hospital records.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0210

SYSTEM NAME:
    Shipment Records of Drugs of Abuse to Authorized Researchers, HHS/
NIH/NIDA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Chemistry and Physiological Systems Research Branch (CPSRB), 
Division of Neuroscience and Behavioral Research, National Institute on 
Drug Abuse (NIDA), Neuroscience Center, Room 4282, 6001 Executive 
Boulevard, Bethesda, MD 20892-9555.
    Research Triangle Institute, Research Triangle Park, NC 27709.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individual researchers and organizations who are registered with 
the Drug Enforcement Administration (DEA), Department of Justice (DOJ), 
some since 1966, and who have voluntarily submitted documentation to 
the National Institute on Drug Abuse (NIDA) in order to obtain, through 
the NIDA Drug Supply Program (DSP), drugs of abuse for use in a 
research project.

CATEGORIES OF RECORDS IN THE SYSTEM:
    While the records in this system are research project-related, they 
support the eligibility of individual researchers to receive drugs of 
abuse. Types of information contained in the records are: researcher's 
name, curricula vitae, research protocol, DEA and (if applicable) 
Nuclear Regulatory Commission registration numbers (when a radio 
labeled compound is requested and shipped), business address (location 
of research project) and telephone number, summary of research 
project(s), requests for substance(s), name and amount of each compound 
requested and shipped, dates material is shipped and received, shipment 
numbers, and order form numbers.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Health Service Act, sections 301, and 405 (42 U.S.C. 241 and 
284); Controlled Substances Act of 1970 (21 U.S.C. 801 et seq.); Atomic 
Energy Act of 1954, as amended, section 81 (42 U.S.C 2111); and Energy 
Reorganization Act of 1974, section 201 (42 U.S.C. 5841).

PURPOSE(S):
    To facilitate operation of DSP which is a centralized research 
support service through which the United States Government supplies to 
the national and international scientific community for research 
purposes, most Schedule I and many Schedule II-V controlled and 
noncontrolled substances as specified in the Controlled Substances Act 
(CSA) of 1970 (21 U.S.C. 801 et seq.). Controlled substances are 
chemicals and other substances, and their immediate precursors, that 
the Attorney General has determined to have such potential for abuse as 
to warrant regulation under the CSA. Some of these substances are radio 
labeled materials. Radio labeled materials are substances to which a 
small amount of radioactivity is added for use in various studies, such 
as drug metabolism and mechanisms of drug actions.
    This system of records was established to facilitate DSP by 
enabling NIDA:
    1. To verify that requests for drugs of abuse, some of which are 
radio labeled, are from authorized individuals/organizations for use in 
a research project;
    2. To verify that the amounts of the materials requested by 
researchers for animal, in vivo, and in vitro research are justified 
and available;
    3. To supply controlled substances in amounts approved by the Food 
and Drug Administration (FDA) to researchers conducting research with 
human subjects;
    4. To ship these materials securely in accordance with CSA and the 
Atomic Energy Act; and

[[Page 60788]]

    5. To maintain records of these transactions.
    FDA also may use the records in routine inspections in accordance 
with FDA's responsibilities to develop standards on the composition, 
safety, and efficacy of drugs administered to humans, and to monitor 
experimental usage of drugs.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. We may disclose the record of an individual to a congressional 
office in response to a verified inquiry from the congressional office 
made at the written request of the individual.
    2. We may disclose information to DEA, DOJ, to enable DEA to carry 
out its responsibilities as described in the Controlled Substances Act 
of 1970.
    3. An NIH contractor routinely uses the records in this system to 
ship controlled substances to authorized recipients. Such contractor is 
required to maintain Privacy Act safeguards with respect to these 
records.
    4. An NIH contractor may have access to the records in this system 
in the performance of its software modification/correction tasks 
specified in its contract. Such contractor is required to maintain 
Privacy Act safeguards with respect to these records.
    5. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice, 
or to a court or other tribunal, when (a) HHS, or any component 
thereof; or (b) any HHS employee in his or her official capacity; or 
(c) any HHS employee in his or her individual capacity where the 
Department of Justice (or HHS, where it is authorized to do so) has 
agreed to represent the employee; or (d) the United States or any 
agency thereof where HHS determines that the litigation is likely to 
affect HHS or any of its components, is a party to litigation or has an 
interest in such litigation, and HHS determines that the use of such 
records by the Department of Justice, the court or other tribunal is 
relevant and necessary to the litigation and would help in the 
effective representation of the governmental party, provided, however, 
that in each case, HHS determines that such disclosure is compatible 
with the purpose for which the records were collected.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    NIDA maintains ``hard copy'' records in file folders and automated 
records on computer disk.

RETRIEVABILITY:
    Authorized NIDA and contractor personnel index and retrieve the 
computerized records by a researcher code number assigned by a computer 
program at the time a new record is established. Authorized NIDA 
personnel index and retrieve ``hard copy'' records by researcher's 
name. NIDA maintains a computerized, alphabetical cross-reference list 
that matches names and numbers.

SAFEGUARDS:
    1. Authorized Users: The Chief, CPSR Branch and his or her support 
staff, program assistant and clerk-typist, and the contracts' project 
directors and their support staffs have access to the records.
    2. Physical Safeguards: The ``hard copy'' records and main computer 
are physically located at the Neuroscience Center, Bethesda, Maryland. 
The computerized records are kept in a room with limited admittance. 
The room is locked after working hours. The ``hard copy'' records are 
stored in locked file cabinets in a room with very limited admittance. 
This room is also locked after working hours. The Neuroscience Center 
has a 24-hour guard patrol service.
    3. Procedural Safeguards: The terminals are housed in a secured 
work area with limited admittance. Contract personnel use a password 
identification system to obtain access; NIDA changes the passwords 
periodically.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    NIDA maintains an individual's record for five years after the 
researcher's last request for, or shipment of, a drug of abuse. We 
consider the record inactive after that, and erase it from the computer 
disk by a delete routine. The delete routine automatically deletes the 
computerized cross-reference as well. We destroy the ``hard copy'' 
record by shredding. The system is checked once a year for inactive 
records.

SYSTEM MANAGER(S) AND ADDRESS:
    Program Director, Drug Supply Program, Chemistry and Physiological 
Systems Research Branch, Division of Neuroscience and Behavioral 
Research, National Institute on Drug Abuse (NIDA), Neuroscience Center, 
Room 4282, 6001 Executive Boulevard, Bethesda, MD 20892-9555.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
address above. An individual may learn if a record exists about himself 
or herself upon written request. The request should include the 
researcher's name and business address at the time of last shipment. 
The request must be signed in ink by the individual researcher. 
Verifiable proof of identity is required.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. An individual may also 
request an accounting of disclosures of his/her record, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above and reasonably identify the record, specify the 
information being contested, the corrective action sought, with 
supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    Initial source is the individual researcher. Some of the DEA 
registration information provided by a researcher is verified through a 
DEA computer check. FDA provides information concerning type and amount 
of controlled substance(s) to be shipped to an individual researcher 
for research projects involving human subjects.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0211

SYSTEM NAME:
    Intramural Research Program Records of In- and Out-Patients with 
Various Types of Alcohol Abuse and Dependence, Relatives of Patients 
with Alcoholism, and Healthy Volunteers, HHS/NIH/NIAAA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    A list of specific project sites is available from the System 
Manager.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    In- and out-patients with alcohol abuse and dependence, alcohol-
induced organic brain syndromes; their relatives; and healthy 
volunteers.

[[Page 60789]]

CATEGORIES OF RECORDS IN THE SYSTEM:
    Research data of wide variety including biochemical measures, 
psychophysiological and psychological tests, questionnaires, clinical 
and behavioral observations and interviews, physical examinations, and 
correspondence.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Health Service Act, as amended, sections 301 (42 U.S.C. 241) 
and 510 (42 U.S.C. 290bb). These sections authorize the conduct of 
general health research and research into alcoholism and alcohol abuse.

PURPOSE(S):
    These records are used for diagnosis and treatment of patients with 
alcohol abuse and dependence and related conditions; behavioral 
research relating to the causes, diagnoses, and treatment of 
addictions; and basic research on behavioral and biological processes.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Records in this system are covered by section 527 of the Public 
Health Service Act (42 U.S.C. 290ee-3) and 42 CFR, chapter I, 
subchapter A, part 2, on confidentiality of alcohol and drug abuse 
patient records. In accordance with these regulations, the records are 
confidential and may only be disclosed with the written consent of the 
patient with specific restrictions, and without the patient's consent 
in the following instances: (1) To medical personnel to the extent 
necessary to meet a bona fide emergency; (2) to qualified personnel for 
the purpose of conducting scientific research; or (3) if authorized by 
an appropriate order of a court of competent jurisdiction granted after 
application showing good cause therefore, after certain considerations, 
and with appropriate safeguards. Routine uses of information in this 
system are limited to the following:
    1. A record may be disclosed for a research purpose, when the 
Department: (a) Has determined that the use or disclosure does not 
violate legal or policy limitations under which the record was 
provided, collected, or obtained; (b) Has determined that the research 
purpose: (1) Cannot be reasonably accomplished unless the record is 
provided in individually identifiable form, and (2) warrants the risk 
to the privacy of the individual that additional exposure of the record 
might bring; (c) has required the recipient to--(1) establish 
reasonable administrative, technical, and physical safeguards to 
prevent unauthorized use or disclosure of the record, and (2) remove or 
destroy the information that identifies the individual at the earliest 
time at which removal or destruction can be accomplished consistent 
with the purpose of the research project, unless the recipient has 
presented adequate justification of a research or health nature for 
retaining such information, and (3) make no further use or disclosure 
of the record except--(A) in emergency circumstances affecting the 
health or safety of any individual, (B) for use in another research 
project, under these same conditions, and with written authorization of 
the Department, (C) for disclosure to a properly identified person for 
the purpose of an audit related to the research project, if information 
that would enable research subjects to be identified is removed or 
destroyed at the earliest opportunity consistent with the purpose of 
the audit, or (D) when required by law; (d) has secured a written 
statement attesting to the recipient's understanding of, and 
willingness to abide by these provisions.
    2. Disclosure may be made to a congressional office from the record 
of an individual in response to a verified inquiry from the 
congressional office at the written request of that individual, in 
accordance with 42 CFR, chapter I, subchapter A, part 2. Records may be 
disclosed to student volunteers, individuals working under a personal 
services contract, and other individuals performing functions for PHS 
who do not technically have the status of agency employees, if they 
need the records in the performance of their agency functions.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records may be stored in file folders, on index cards, computer 
tapes and disks, microfiche, microfilm and audio and video tapes. 
Normally the factual data, with study code numbers, are stored on 
computer tape or disk, while the key to personal identifiers is stored 
separately, without factual data, in paper files.

RETRIEVABILITY:
    During data collection stages and followup, retrieval by personal 
identifier (e.g., name or medical record number) is necessary. During 
the data analysis stage, data are normally retrieved by variables of 
interest, e.g., age, diagnosis, etc.

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for the particular records maintained in each project. 
Depending on the sensitivity of the project, additional safeguards may 
be added.
    1. Authorized Users: Only NIAAA medical and research staff have 
access to these records, as authorized by the system manager.
    2. Physical Safeguards: Records are stored in locked rooms, locked 
file cabinets, and/or secured computer facilities. Personal identifiers 
and link codes are separated as much as possible and stored in locked 
files.
    3. Procedural Safeguards: Collection and maintenance of data are 
consistent with legislation and regulations for protection of human 
subjects, informed consent, confidentiality, and confidentiality 
specific to drug and alcohol abuse patients. Computer data access is 
limited through the use of key words, a series of account numbers, and 
passwords which are changed frequently and known only to authorized 
personnel.
    4. Implementation Guidelines: These practices are in compliance 
with the standards of Chapter 45-13 of the HHS General Administration 
Manual, ``Safeguarding Records Contained in Systems of Records,'' 
supplementary Chapter PHS hf: 45-13, and the HHS Automated Information 
Systems Security Program Handbook.

RETENTION AND DISPOSAL:
    Records are held for five years after completion of the project, 
retired to a Federal Records Center, and subsequently disposed of after 
ten years.

SYSTEM MANAGER(S) AND ADDRESS:
    Clinical Director, Laboratory of Clinical Studies, Division of 
Intramural Clinical and Biological Research, National Institute on Drug 
Abuse (NIDA), Building 10, Room 3B-19, 10 Center Drive, Bethesda, MD 
20892.

NOTIFICATION PROCEDURE:
    To determine if a record exists, write to the System Manager at the 
address above. Provide notarized signature as proof of identity. The 
request should include as much of the following information as 
possible: (a) Full name; (b) nature of illness (if any); (c) title of 
study; (d) name of researcher conducting study. An individual who 
requests notification of or access to a medical/dental record shall, at 
the time the request is made, designate in writing a responsible 
representative who will be willing to review the record and inform the 
subject individual of its contents at the representative's discretion.
    A parent or guardian who requests notification of child's/
incompetent

[[Page 60790]]

 person's record shall at the time the request is made designate a 
family physician or other health professional (other than a family 
member) to whom the record, if any, will be sent. The designee will 
receive the record in all cases and upon review will determine whether 
the record should be made available to the parent or guardian.

RECORD ACCESS PROCEDURE:
    Same as Notification Procedures. Requesters should also reasonably 
specify the record contents being sought. Individuals may also request 
an accounting of disclosures of their records, if any.

CONTESTING RECORD PROCEDURE:
    Contact the official at the address specified under Notification 
Procedures above and reasonably identify the record, specify the 
information being contested, and state the corrective action sought, 
with supporting information to show how the record is inaccurate, 
incomplete, untimely, or irrelevant.

RECORD SOURCE CATEGORIES:
    Information gathered from individuals under study, either patient 
or normal subject, contract surveys, hospital records, medical and 
nursing staff notes, and from Privacy Act system of records 09-25-0099, 
``Clinical Research: Patient Medical Records, HHS/NIH/CC.''

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.
09-25-0213

SYSTEM NAME:
    Administration: Employee Conduct Investigative Records, HHS/NIH/OD/
OM/OA/OMA.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Office of Management Assessment, Office of Administration, Office 
of Management, Office of the Director (OD), 6011 Executive Boulevard, 
Room 601, Bethesda, MD 20892-7669.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who are alleged or suspected to have violated NIH or 
Departmental regulations or Federal statutes and are: personnel 
employed by the Federal Government who are under a career, career 
conditional, or other type of appointment; personnel working under 
Intergovernmental Personnel Act assignments; Guest Researchers; 
Volunteers; Individuals on Temporary Appointments (including student 
appointments); Fogarty International Center Scholars; Staff Fellows; 
Intramural Research Training Award Fellows; IC Fellowship Award 
Recipients; Visiting Associates, Scientists, and Fellows; Commissioned 
Corps; individuals who receive funding through or have responsibility 
for NIH sponsored grants, contracts, or cooperative agreements and 
other individuals who transact or seek to transact business with NIH or 
HHS or use the facilities of those agencies.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system includes records relating to correspondence concerning 
an individual's employment status or conduct while employed by or 
working at NIH. Examples of these records include: Correspondence from 
employees, members of Congress and members of the public alleging 
misconduct by an official of NIH. It also contains reports of 
investigations to resolve allegations of misconduct or violations of 
statutes, with related exhibits of statements, affidavits or records 
obtained during the investigation; reports of action taken by 
management; decisions on any misconduct substantiated by the 
investigation; and reports of legal action resulting from violations of 
statutes referred for prosecution.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 302; 42 U.S.C. 203, 282; 44 U.S.C. 3101; E.O. 10450

PURPOSE(S):
    To document reviews and investigations undertaken by the Office of 
Management Assessment, NIH to provide management or the Office of 
Inspector General, Office of the Secretary, HHS with information needed 
to take action to resolve complaints of misconduct or alleged 
violations of statutes, regulations, policies, or the terms and 
conditions of funding.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a Member of Congress or to a 
Congressional staff member in response to an inquiry of the 
Congressional office made at the written request of the constituent 
about whom the record is maintained, if the disclosure does not 
compromise the investigative activities of the Office of Management 
Assessment.
    2. The Department of Health and Human Services (HHS) may disclose 
information from this system of records to the Department of Justice 
when: (a) The agency or any component thereof; or (b) any employee of 
the agency in his or her official capacity where the Department of 
Justice has agreed to represent the employee; or (c) the United States 
Government, is a party to litigation or has an interest in such 
litigation, and by careful review, the agency determines that the 
records are both relevant and necessary to the litigation and the use 
of such records by the Department of Justice is therefore deemed by the 
agency to be for a purpose that is compatible with the purpose for 
which the agency collected the records.
    3. Disclosure may be made to a court or adjudicative body in a 
proceeding when: (a) The agency or any component thereof; or (b) any 
employee of the agency in his or her official capacity; or (c) any 
employee of the agency in his or her individual capacity where the 
agency has agreed to represent the employee; or (d) the United states 
Government, is a party to the proceeding or has an interest in such 
proceeding, and by careful review, the agency determines that the 
records are both relevant and necessary to the proceeding and the use 
of such records is therefore deemed by the agency to be for a purpose 
that is compatible with the purpose for which the agency collected the 
records.
    4. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule, or order 
issued pursuant thereto, disclosure may be made to the appropriate 
agency, whether Federal, foreign, State, local, or tribal, or other 
public authority responsible for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, if 
the information disclosed is relevant to any enforcement, regulatory, 
investigative or prosecutorial responsibility of the receiving entity.
    5. Disclosure may be made to a Federal, State, local, foreign, or 
tribal or other public authority of any portion of this system of 
records that contains information relevant to the retention of an 
employee, the retention of a security clearance, the letting of a 
contract, or the issuance or retention of a license, grant, or other 
benefit. The other agency or licensing organization may then make a 
request supported by the written consent of the individual for the 
entire record if it so chooses. No disclosure

[[Page 60791]]

will be made unless the information has been determined to be 
sufficiently reliable to support a referral to another office within 
the agency or to another Federal agency for criminal, civil, 
administrative, personnel, or regulatory action.
    6. Disclosure may be made to Federal, State, local or foreign 
agency maintaining, civil, criminal, or other relevant enforcement 
records, or other pertinent records, or to another public authority or 
professional organization, if necessary to obtain information relevant 
to an investigation concerning the retention of an employee or other 
personnel action, the issuance or retention of a security clearance, 
the letting of a contract, or the issuance or retention of a grant, or 
other benefit.
    7. Where Federal agencies having the power to subpoena other 
Federal agencies' records, such as the Internal Revenue Service or the 
Civil Rights Commission, issue a subpoena to the Department for records 
in this system of records, the Department is authorized to make such 
records available.
    8. Disclosure may be made to agency contractors, experts, or 
consultants who have been engaged by the agency to assist in the 
performance of a service related to this system of records and who need 
to have access to the records in order to perform the activity. 
Recipients shall be required to comply with the requirements of the 
Privacy Act of 1974, as amended, pursuant to 5 U.S.C. 552a(m).
    9. Disclosure may be made in the course of employee discipline or 
competence determination proceedings.
    10. Disclosure may be made to representatives of an awardee of an 
NIH grant, contract, or cooperative agreement that is the subject of an 
investigation by Office of Management Assessment, NIH.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on paper forms in file folders, file cards, 
magnetic tapes, magnetic disks, optical disks and/or other types of 
data storage devices.

RETRIEVABILITY:
    Records are retrieved by a unique classification number; name of 
the victim, accused, or complainant, date of birth, social security 
number; and by the nature of the incident and/or time of occurrence.

SAFEGUARDS:
    1. Authorized Users: Data on computer files is accessed by keyword 
known only to authorized users who are Office of Management Assessment 
employees or contractor staff who have a need for the data in the 
performance of their duties as determined by the system manager.
    2. Physical Safeguards: Access to the restricted office area 
containing the rooms where records are stored is controlled through the 
use of door locks. Only authorized users have the keys to these locks. 
During regular business hours, rooms in this restricted area are 
unlocked but entry is controlled by on-site personnel. Rooms where 
records are stored are locked when not in use. Individually 
identifiable records are kept in locked file cabinets or in locked 
rooms under the direct control of the system manager or his/her 
delegated representatives.
    3. Procedural and Technical Safeguards: Computer records are 
accessible only through a series of code or keyword commands available 
from and under direct control of the system manager or his/her 
delegated representatives. These records are secured by a multiple-
level security system which is capable of controlling access to the 
individual data field level. Persons having access to the computer 
database can be restricted to a confined application which permits only 
a narrow ``view'' of the data. All authorized users of personal 
information in connection with the performance of their jobs (see 
Authorized Users, above) protect information from public view and from 
unauthorized personnel entering an unsupervised area/office. These 
practices are in compliance with the standards of Chapter 45-13 of the 
HHS General Administration Manual, supplementary Chapter PHS hf: 45-13, 
the Department's Automated Information Systems Security Program 
Handbook, and the National Institute of Standards and Technology 
Federal Information Processing Standards (FIPS Pub. 41 and FIPS Pub. 
31).

RETENTION AND DISPOSAL:
    Records are retained and disposed of under the authority of the NIH 
Records Control Schedule contained in Manual Chapter 1743, Appendix 1--
``Keeping and Destroying Records'' (HHS Records Management Manual, 
Appendix B-361): item 1700-A-4, which allows records to be kept 
permanently when involving extensive litigation; five years for minor 
infractions or improprieties when final recommendation is that no 
action be taken, or 20 years for all other. Refer to the NIH Manual 
Chapter for specific retention and disposition instructions.

SYSTEM MANAGER(S) AND ADDRESS:
    Director, Office of Management Assessment, Office of 
Administration, Office of Management, Office of the Director (OD), 6011 
Executive Boulevard, Room 601, MSC 7669, Bethesda, Maryland 20892-7669.

NOTIFICATION PROCEDURE:
    This system is exempt from the notification requirements. However, 
consideration will be given to requests addressed to the system manager 
listed above. The requestor must verify his or her identity by 
providing either a notarization of the request or a written 
certification that the requestor is who he or she claims to be and 
understands that the knowing and willful request for acquisition of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Act, subject to a five thousand dollar fine. The 
request should include: (a) Full name, (b) address, and, (c) year of 
records in question.

RECORD ACCESS PROCEDURE:
    This system is exempt from the access requirements. However, 
consideration will be given to requests addressed to the System Manager 
listed above. The requestor must verify his or her identity by 
providing either a notarization of the request or a written 
certification that the requestor is who he or she claims to be and 
understands that the knowing and willful request for acquisition of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Act, subject to a five thousand dollar fine. The 
request should include: (a) full name, (b) address, and, (c) year of 
records in question. Requesters should also reasonably specify the 
record contents being sought. Although the system is exempt, 
individuals may, upon request, receive records from this system and an 
accounting of disclosure of their records, if the system manager 
determines that disclosure would not compromise the investigative 
activities of the Office of Management Assessment, NIH.

CONTESTING RECORD PROCEDURE:
    Exempt. However, consideration will be given requests addressed to 
the System Manager. Requests for corrections should reasonably identify 
the record and specify the information being contested, and state the 
corrective action sought with supporting information. The right to 
contest records is limited to information which is incomplete, 
irrelevant, incorrect, or untimely (obsolete).

[[Page 60792]]

RECORD SOURCE CATEGORIES:
    Departmental and other Federal, State, and local government 
records; subjects of investigations, complaints, witnesses; documents 
and other material furnished by non-government sources; and personal 
observations by the investigator.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    This system has been exempted pursuant to 5 U.S.C. 552a(k)(2) of 
the Privacy Act from the access, notification, correction, and 
amendment provisions of the Privacy Act (5 U.S.C. 552a(c)(3), (d)(1)-
(4), (e)(1), (e)(4)(G) and (H) and (f)), because it consists of 
investigatory material compiled for law enforcement purposes. 
Individual access to these files could impair investigations and alert 
subjects of investigations that their activities are being scrutinized, 
thereby allowing them time to take measures to prevent detection of 
illegal action or to escape prosecution. Disclosure of investigative 
techniques/procedures and the existence and identity of confidential 
sources of information could jeopardize investigative activities. 
However, any individual who has been denied any right, privilege, or 
benefit for which he/she would otherwise be entitled or be eligible, as 
a result of the maintenance of such material, will be given access to 
the material, except to the extent that the disclosure of the material 
would reveal the identity of a source who furnished information to the 
Government under an express promise that the identity of such source 
would be held in confidence. The system is also exempted from (k)(5) of 
the Privacy Act in order to allow the agency to exempt from individual 
access, investigatory materials compiled for the purpose of determining 
suitability, eligibility, or qualification for federal employment or 
financial assistance if release of the material would disclose the 
identity of a confidential source who furnished information to the 
Government under an express promise that the identity of the source 
would be held in confidence.
09-25-0216

SYSTEM NAME:
    Administration: NIH Electronic Directory, HHS/NIH.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Records are maintained in databases located within the NIH computer 
facilities and the files of NIH functional offices required to identify 
individuals in order to manage the federal resources and authorities 
assigned to them. A current list of sites, including the address of any 
Federal Records Center where records from this system may be stored, is 
available by writing the system manager listed under Notification 
Procedure below.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Users of NIH resources and services including but not limited to: 
current and past NIH employees, contractors, tenants of NIH facilities, 
participants in the NIH visiting programs, registered users of NIH 
computer facilities, grantees, reviewers, council members, 
collaborators, vendors, and parking permit holders. This system does 
not cover patients and visitors to the NIH Clinical Center.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system is a source system that provides identification data to 
a variety of directory services at NIH that share comparable 
information and assign or relate dedicated federal resources to 
individuals. This system provides for a central directory that allows 
NIH to manage NIH corporate business processes and electronic commerce. 
The types of personal information in this directory are necessary to 
ensure the accurate identification of individuals doing business in or 
with the National Institutes of Health. The types of personal 
information included in this directory are: Name, alias names, date of 
birth, place of birth, social security number, gender, home address, 
home phone number, home FAX number, personal pager number, personal 
mobile phone number, personal email address, emergency contacts, 
photograph, digitized written signature, digitized biometrics, and NIH-
assigned unique identifier. Public data refers to non-sensitive 
information readily available to the general public (e.g., name, 
building, room number, and work phone). Non-public data refers to 
sensitive/confidential information or data for which access is limited 
to appropriate staff with a valid need-to-know in the performance of 
their official job duties, or as outlined in the routine uses for 
disclosure (e.g., social security number, gender, home address, date of 
birth, place of birth).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301 and 302, 44 U.S.C. 3101 and 3102, Executive Order 
9397.

PURPOSE(S):
    The purpose is to establish a consolidated and centrally 
coordinated electronic directory to support e-government of 
administrative business processes; allow effective controls over the 
creation, maintenance and use of records in the conduct of current 
business; provide for effective management of costs, operation and 
interconnectivity of NIH information systems; provide the required 
structure for network security; and provide an accurate source of 
directory information at the NIH. Data collected is used to build an 
NIH centralized source identification directory and provides for 
directory security system authentication and authorization and supports 
NIH corporate business processes and electronic commerce. This system 
of records enables NIH to reliably identify individuals and those 
federal resources assigned to them. A NIH unique identifier (UID) will 
be assigned to each individual to permit identification of a single 
person with their descriptive information and resources throughout 
their career.
    This system allows for the creation of accurate records for 
individuals in the NIH directory and ensures that duplicate data files 
are compared, corrected and combined for accuracy, thus eliminating 
redundancy. It is the central point of coordination for other automated 
systems that manage or track resources, particularly information 
security systems.

INTERNAL USE AND ACCESS TO PERSONAL INFORMATION
    Internal use and access to the personal information in this system 
will be limited to those with a valid need-to-know in the performance 
of their official duties. Typical internal uses of the system, 
including categories of users, uses of the data collected and the need 
for such use are as follows:
    1. Trans-NIH Human Resource Personnel, Administrative Officers, and 
administrative technicians, will access all public and non-public 
records for employees and/or NIH affiliates within their scope of 
responsibility to access/track staffing information such as personal/
work contact information, physical location, and/or any other 
information to facilitate current NIH administrative business 
processes.
    2. Information Resources Management staff and Space and Facility 
Management personnel will have access to view public data (building 
location and work phone information) to coordinate access for, and the 
allocation of, telecommunication resources and building space/access.
    3. Supervisors, Administrative Officers and Administrative

[[Page 60793]]

Technicians will have access to emergency contact information to enable 
them to contact someone in the event of an emergency.
    4. NIH central services staff, NIH police, and NIH management will 
access both public and non-public data to coordinate/track employee 
data required for other NIH business processes such as card key access, 
ID badges, parking permits, library resources, census information 
gathered for reporting requirements, employee development, training, 
campus security, and other administrative processes.
    5. NIH Security Officers, or other incident response personnel will 
have access to public/non-public data where NIH deems it necessary for 
official investigations or security incidents involving suspected 
intrusion, illegal activity, or unauthorized/unethical misuse of the 
system of records or data therein.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    1. Disclosure may be made to a congressional office from the 
records of an individual in response to an inquiry from the 
congressional office made at the request of that individual.
    2. Disclosure may be made to representatives of the General 
Services Administration or the National Archives and Records 
Administration who are conducting records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    3. Disclosure may be made to agency contractors, experts, 
consultants, or volunteers who have been engaged by the agency to 
assist in the performance of a service related to this system of 
records and who need to have access to the records in order to perform 
the activity. Recipients are required to maintain Privacy Act 
safeguards with respect to these records.
    4. Disclosure may be made to respond to a Federal agency's request 
made in connection with the hiring or retention of an employee, the 
letting of a contract or issuance of a security clearance, grant, 
license, or other benefit by the requesting agency, but only to the 
extent that the information disclosed is relevant and necessary to the 
requesting agency's decision on the matter.
    5. Disclosure may be made to the Department of Justice, or to a 
court or other adjudicative body, from this system of records when (a) 
HHS, or any component thereof; or (b) any HHS officer or employee in 
his or her official capacity; or (c) any HHS officer or employee in his 
or her individual capacity where the Department of Justice (or HHS, 
where it is authorized to do so) has agreed to represent the officer or 
employee; or (d) the United States or any agency thereof where HHS 
determines that the proceeding is likely to affect HHS or any of its 
components, is a party to the proceeding or has any interest in the 
proceeding, and HHS determines that the records are relevant and 
necessary to the proceeding and would help in the effective 
representation of the governmental party.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are maintained on electronic media such as computer tape 
and disk and/or hard-copy. Automated records are stored in controlled 
computer areas. Both manual and computerized records will be maintained 
in accordance with the standards of Chapter 45-13 of the HHS General 
Administration Manual, ``Safeguarding Records Contained in Systems of 
Records'', supplementary Chapter PHS hf: 45-13, and the Department's 
Automated Information System Security Program Handbook.

RETRIEVABILITY:
    Records are indexed and retrieved by: name, unique identifier, 
alias names, and social security number.

SAFEGUARDS:
    1. Authorized Users: Non-public data on computer files is accessed 
by keyword known only to authorized users who are NIH employees or 
contractor staff who have a legitimate operational responsibility to 
access the data in the performance of their duties as determined by the 
System Manager. Staff are only granted access to those directories or 
fields for which they have operational responsibilities. User activity 
is recorded. Occurrences of non-routine user or operator activity are 
recorded. Public data is controlled by user-defined view via a web-
based look-up table. View of public data is accessible and controlled 
via the NIH network.
    2. Physical Safeguards: Physical access to the computer systems 
where records are stored is controlled through the use of door locks 
and alarms.
    3. Procedural and Technical Safeguards: Access to the non-public 
data will be controlled through: password protection, user 
authentication, and system administration procedures for user access. 
User name and password authentication procedures are in place to 
protect non-public data from public view, and to prevent unauthorized 
personnel from accessing data. Logical access controls, based on job 
function, are in place to authorize and/or restrict the user activity 
and view of the data. Persons having access to data are restricted to a 
field-by-field confined user interface that permits a controlled, or 
narrow ``view'' of the data. Sensitive data transferred between NIH 
source databases is secured through encryption or similar manner. 
Digital certificates and automated user audit trail capabilities have 
been incorporated to ensure data integrity and to detect evidence of 
data tampering.
    These practices are in compliance with standards of Chapter 45-13 
of the HHS General Administration Manual, ``Safeguarding Records 
Contained in Systems of Records'', supplementary Chapter PHS hf: 45-13, 
and the Department's Automated Information Systems Security Program 
Handbook.

RETENTION AND DISPOSAL:
    Records may be retired to a Federal Records Center and subsequently 
disposed of in accordance with the NIH Records Control Schedule. The 
Records Control Schedule and disposal standard for these records may be 
obtained by writing to the System Manager at the address below.

SYSTEM MANAGER(S) AND ADDRESS:
    Chiquita Bennett, Clinical Center (CC), Building 10, Room 1C280, 10 
Center Drive, Bethesda, MD 20892.
    Ann Ellis, Clinical Center (CC), Building 10, Room B1L410B, 10 
Center Drive, Bethesda, MD 20892.
    Edith Smith, Center for Information Technology (CIT), Fernwood 
Building, Room 2NW06F, Bethesda, MD 20892.
    Maria Miller, Center for Information Technology (CIT), Fernwood 
Building, Room 2NW06E, Bethesda, MD 20892.
    Nadel Griffith, Center for Scientific Review (CSR), Democracy Plaza 
I, Room 3028, 6701 Rockledge Drive, Bethesda, MD 20892.
    Marilyn Cuzzolina, Center for Scientific Review (CSR), Democracy 
Plaza I, Room 3028, 6701 Rockledge Drive, Bethesda, MD 20892.
    Sharon Nieberding, Office of Administrative Management and 
International Services, Fogarty International Center (FIC), Building 
31, Room B2C08, 31 Center Drive, Bethesda, MD 20892-2220.
    Allison Wise, Office of Administrative Operations, National Center 
for Complementary and Alternative Medicine (NCCAM), Building 31, Room 
2B11, 31 Center Drive, Bethesda, MD 20892-2182.

[[Page 60794]]

    Mike Tucker, National Cancer Institute (NCI), 6116 Executive 
Boulevard, Room 609, Bethesda, MD 20892.
    Mike Floyd, National Cancer Institute (NCI), 6116 Executive 
Boulevard, Room 609, Bethesda, MD 20892.
    Dorothy Keys, National Center for Research Resources (NCRR), 
Rockledge I, Room 6070, 6705 Rockledge Drive, Bethesda, MD 20892.
    Matthew Burr, National Eye Institute (NEI), Building 31, Room 6A19, 
31 Center Drive, Bethesda, MD 20892.
    Patricia Hylla, National Human Genome Research Institute (NHGRI), 
Building 49, Room 3A38, 49 Convent Drive, Bethesda, MD 20892.
    Christina Roark, National Heart, Lung, and Blood Institute (NHLBI), 
Democracy Plaza I, Room 7021, 6701 Rockledge Drive, Bethesda, MD 20892-
7921.
    Agnes Slamen, National Institute on Aging (NIA), Gerontology 
Research Center, Johns Hopkins Bayview Campus, 5600 Nathan Shock Drive, 
Room 1E14A, Baltimore, MD 21224.
    Gwen Proctor, National Institute on Aging (NIA), Gerontology 
Research Center, Johns Hopkins Bayview Campus, 5600 Nathan Shock Drive, 
Room 1E14A, Baltimore, MD 21224.
    Andrea Hobbs, National Institute of (NIAAA), Building 31, Room 
1B40, 31 Center Drive, Bethesda, MD 20892.
    Lennita Lawson, National Institute of Allergy and Infectious 
Disease (NIAID), Building 31, Room 7A19, 31 Center Drive, Bethesda, MD 
20892.
    Kai Lakeman, National Institute of Allergy and Infectious Disease 
(NIAID), Building 31, Room 7A19, 31 Center Drive, Bethesda, MD 20892.
    Andrea Ricche, National Institute of Arthritis and Musculoskeletal 
and Skin Diseases (NIAMS), Natcher Building, Room 5AS51, 45 Center 
Drive, Bethesda, MD 20892.
    Ruby Akomeah, National Institute of Biomedical Imaging and 
Bioengineering (NIBIB), Building 31, Room 1B37, 31 Center Drive, 
Bethesda, MD 20892.
    Ivelisse Rodriguez, National Institute of Biomedical Imaging and 
Bioengineering (NIBIB), Building 31, Room 1B37, 31 Center Drive, 
Bethesda, MD 20892.
    Ruth Maraio, National Institute of Child Health and Human 
Development (NICHD), Rockledge I, Room 800, 6705 Rockledge Drive, 
Bethesda, MD 20892.
    Donna Tolson, National Institute of Drug Abuse (NIDA), Neuroscience 
Center, Room 512, 6001 Executive Boulevard, Bethesda, MD 20892.
    Anne Sumner, National Institute on Deafness and Other Communication 
Disorders (NIDCD), Building 31, Room 3C21, 31 Center Drive, Bethesda, 
MD 20892.
    Kathleen Maguire, National Institute of Dental and Craniofacial 
Research (NIDCR), Natcher Building, Room 4AN12, 45 Center Drive, 
Bethesda, MD 20892.
    Anne Robertson, National Institute of Diabetes and Digestive and 
Kidney Diseases (NIDDK), Democracy Plaza II, Room 909, 6707 Democracy 
Boulevard, Bethesda, MD 20892.
    Linda Mongelli, National Institute of Diabetes and Digestive and 
Kidney Diseases (NIDDK), Building 10, Room 9N208, 10 Center Drive, 
Bethesda, MD 20892.
    Donna Byrd, National Institute of Environmental Health Sciences 
(NIEHS), PO Box 12233, Research Triangle Park, NC 27709.
    Gail Grosman, National Institute of General Medical Sciences 
(NIGMS), Natcher Building, Room 3AN32, 45 Center Drive, Bethesda, MD 
20892.
    Crystal James, National Institute of General Medical Sciences 
(NIGMS), Natcher Building, Room 3AS25A, 45 Center Drive, Bethesda, MD 
20892.
    Pam Fitzgerald, National Institute of Mental Health (NIMH), 
Building 31, Room 2B34, 31 Center Drive, Bethesda, MD 20892.
    Vicki Dobbins, National Institute of Medical Health (NIMH), 
Building 31, Room 2B34, 31 Center Drive, Bethesda, MD 20892-9657.
    Debbie Jarman, Privacy Act Coordinator, National Institute of 
Neurological Disorders (NINDS), Building 31, Room 8A33, 31 Center 
Drive, Bethesda, MD 20892.
    Ana Ferreira, National Institute of Nursing Research (NINR), 
Building 31, Room 5B19A, 31 Center Drive, Bethesda, MD 20892.
    Patricia Williams, National Library of Medicine (NLM), Building 38, 
Room 2W05, 8600 Rockville Pike, Bethesda, MD 20894.
    Sandy Freund, Office of the Director (OD), 6011 Executive 
Boulevard, Room 325, Bethesda, MD 20892.
    Dinah Huffer, Office of Research Services (ORS), Building 31, Room 
4B30, 31 Center Drive, Bethesda, MD 20892.

NOTIFICATION PROCEDURE:
    Write to the System Manager listed above. The requester must verify 
his or her identity by providing either a notarization of the request 
or a written certification that the requester is who he or she claims 
to be and understands that the knowing and willful request for 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense under the Act, subject to a five 
thousand-dollar fine. The request should include: (a) Full name, and 
(b) address, and (c) year of records in question.

RECORD ACCESS PROCEDURE:
    Write to the System Manager specified above to attain access to 
records and provide the same information as is required under the 
Notification Procedures. Requester should also reasonably specify the 
record content being sought. Individuals may also request an accounting 
of disclosure of their records, if any.

CONTESTING RECORD PROCEDURE:
    Address a petition for amendment to the System Manager. All 
requests must be in writing. The individual must identify himself/
herself, specify the system of records from which the records are 
retrieved, the particular records to be corrected or amended, whether 
seeking an addition to or a deletion or substitution for the records, 
and the reason for requesting correction or amendment of the record.

RECORD SOURCE CATEGORIES:
    NIH employees, contractors, and other persons who are using or 
performing services on behalf of the NIH, and the NIH human resource 
databases (i.e., Human Resource Database (HRDB), Fellowship Payment 
System (FPS), J.E. Fogarty Database of Foreign Visiting Scientists 
(JEFIC), NIH Telecommunications Database (TELCOM), Parking and 
Identification Database (PAID), E-mail Directory and Forwarding Service 
(PH directory), and the Integrated Time and Attendance System (ITAS)).

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.

[FR Doc. 02-23965 Filed 9-25-02; 8:45 am]
BILLING CODE 4140-01-P