[Federal Register Volume 83, Number 186 (Tuesday, September 25, 2018)]
[Notices]
[Pages 48459-48461]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-20821]


=======================================================================
-----------------------------------------------------------------------

NATIONAL TRANSPORTATION SAFETY BOARD

[Docket No. NTSB-CIO-2017-0005]


Privacy Act of 1974; System of Records

AGENCY: National Transportation Safety Board (NTSB).

ACTION: Notice of a new System of Records.

-----------------------------------------------------------------------

SUMMARY: The NTSB is notifying the public about a new Privacy Act 
System of Records for its Medical Investigation Catalog System 
(MEDICS). MEDICS includes electronically held personally identifiable 
health information about individuals involved in transportation 
accidents and incidents that the NTSB investigates.

DATES: Comments are due by October 25, 2018. Unless the NTSB determines 
that comments warrant a revision to the routine uses, new routine uses 
will be applicable October 25, 2018.

ADDRESSES: You may send written comments, identified by docket number 
NTSB-CIO-2017-0005, using any of the following methods:
    1. Federal eRulemaking Portal: Go to http://www.regulations.gov and 
follow the instructions for sending your comments electronically.
    2. Mail: Mail comments concerning this notice to Melba D. Moye, 
CIO-40, National Transportation Safety Board, 490 L'Enfant Plaza SW, 
Washington, DC 20594-2000.
    3. Fax: (202) 558-4290, Attention: Melba D. Moye.
    4. Hand Delivery: 6th Floor, National Transportation Safety Board, 
CIO-40, 490 L'Enfant Plaza SW, Washington, DC, between 9 a.m. and 4:30 
p.m., Monday through Friday, except Federal holidays.
    Instructions: All comments received must contain the agency name 
and docket number for this System of Records. All comments received 
will be posted without change to http://www.regulations.gov, including 
any personal information provided.

FOR FURTHER INFORMATION CONTACT: Melba D. Moye, Office of Chief 
Information Officer, Records Management Division, (202) 314-6551.

SUPPLEMENTARY INFORMATION: The NTSB first published a System of Records 
Notice for MEDICS on May 19, 2017. 82 FR 23075. The NTSB received and 
incorporated input from the Office of Management and Budget (OMB), and 
it is now re-publishing the SORN.
    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the NTSB 
notes that the descriptions below reference the Chief of the NTSB's 
Records Management Division. Individuals may request access to or 
amendment of records pertaining to themselves by contacting the Chief 
of the NTSB's Records Management Division, or the Chief's designee.
SYSTEM NAME AND NUMBER:
    Medical Investigation Catalog System (MEDICS) NTSB-33.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    National Transportation Safety Board, Office of Chief Information 
Officer, 490 L'Enfant Plaza SW, Washington, DC 20594.

SYSTEM MANAGER(S):
    Chief Medical Officer(s), Office of Research and Engineering, 
National Transportation Safety Board, 490 L'Enfant Plaza SW, 
Washington, DC 20594, (202) 314-6031.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    49 U.S.C. chapter 11 and 49 CFR parts 802 and 831.

PURPOSE(S) OF THE SYSTEM:
    The purpose of MEDICS is to securely receive and store 
investigative health information records. The NTSB is an independent 
federal agency responsible for determining the probable cause of 
transportation accidents or incidents, conducting transportation safety 
research, promoting transportation safety, and assisting victims of 
transportation accidents and their families. In support of the agency's 
statutory mandate, NTSB investigators, medical officers, and staff 
review health information records to (1) determine the facts or 
circumstances of an accident or incident; (2) determine the probable 
cause of an accident or incident; (3) evaluate human performance or 
survival factors issues arising during an accident or incident 
investigation; (4) provide victim and family assistance following an 
accident or incident; (5) carry out special studies and investigations 
about transportation safety (including avoiding personal injury); and/
or (6) examine techniques and methods of accident or incident 
investigation, and publish recommended procedures for accident or 
incident investigations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    MEDICS records contain personally identifiable information (PII), 
which may include health information as defined below, of individuals 
such as operators, crewmembers, occupants, and bystanders involved in 
transportation accidents or incidents investigated or studied by the 
NTSB, as well as related PII of individuals responsible for providing 
their medical care.

CATEGORIES OF RECORDS IN THE SYSTEM:
    MEDICS contains electronically recorded PII, including health 
information, which means any information that--
    (A) Is created or received by a health care provider, health plan, 
public health authority, employer, life insurer, school or university, 
health care clearinghouse, or federal, state, or local agency; and
    (B) Relates to the past, present, or future physical or mental 
health or condition of an individual; the provision of health care to 
an individual; and/or the past, present, or future payment for the 
provision of health care to an individual.
    MEDICS may also contain electronically recorded health information, 
as described by paragraph B above, from individuals, families, or other 
entities, whether created or received by or from one of the entities 
described in paragraph A above, and

[[Page 48460]]

from accident sites and wreckage. For the NTSB's purposes, health 
information includes any record of medical conditions or care, for 
example, notes from a health care provider; medical certification 
documentation such as Federal Aviation Administration blue ribbon files 
and commercial driver's license long forms; results of any drug or 
toxicology tests; radiology images; autopsy reports; laboratory 
reports; prehospital patient care reports; ambulance run sheets or 
patient care reports; pharmacy records; billing and insurance 
information; results from a search of a prescription monitoring 
program; and any other official record related to an individual's 
health or health care.

RECORD SOURCE CATEGORIES:
    Health information is obtained from health care providers, 
insurers, employers, individuals, family members of accident victims, 
and the accident site and wreckage. The NTSB may also obtain health 
information from other federal, state, or local agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS, AND THE PURPOSES OF SUCH USES:
    In addition to the disclosures permitted under the Privacy Act, 5 
U.S.C. 552a(b), the NTSB is establishing twelve routine uses under 
which the NTSB may disclose records contained in this system of records 
without the consent of the subject individual if the disclosure is 
compatible with the purpose for which the record was collected.
    1. Records may be disclosed to a participant in an NTSB 
investigation, appointed pursuant to 49 CFR 831.11 to provide suitable 
technical expertise and assist in establishing the facts and 
circumstances of an accident. Participants may include representatives 
from operators or manufacturers involved in accidents or incidents, as 
well as representatives from federal, state, and local agencies. 
Participation is governed by 49 CFR part 831, and section 831.13 
prohibits participants from further disseminating the information.
    2. Records may be disclosed to other medical consultants or 
contractors not named under routine use number 1, as appropriate to 
enable consultation related to an NTSB investigation.
    3. Records may be disclosed to a foreign government agency acting 
as an accredited representative to an NTSB investigation pursuant to 
Annex 13 of the International Convention on Civil Aviation, and any 
technical advisor assisting the accredited representative.
    4. Records may be disclosed to a foreign government agency when the 
NTSB is acting as an accredited representative to the foreign 
government agency's investigation pursuant to Annex 13 of the 
International Convention on Civil Aviation.
    5. Records may be disclosed to the public in a docket or report for 
an accident investigation, or in a safety study report. The NTSB is 
required to inform the public of the facts, circumstances, and probable 
cause of accidents, and to publish findings in safety studies and 
reports. 49 U.S.C. 1116, 1131(e). The NTSB will disclose a record or 
part of a record in a public docket or report only if (1) the subject 
of the record's actions or decision making may have contributed to an 
accident or may be related to a safety hazard; (2) disclosure is 
reasonably necessary to support a finding, conclusion, and/or probable 
cause determination, or safety recommendation; and (3) the NTSB 
determines that the public's and the NTSB's interest in disclosure 
outweighs the individual's privacy interest.
    6. When information indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order issued pursuant thereto, records may be 
disclosed to the appropriate agency, whether federal, foreign, state, 
local, or tribal, or other public authority responsible for enforcing, 
investigating or prosecuting such violation or charged with enforcing 
or implementing the statute, rule, regulation, or order issued pursuant 
thereto, if the information disclosed is relevant to any enforcement, 
regulatory, investigative or prosecutory responsibility of the 
receiving entity. This routine use allows for disclosures other than 
those provided by the Privacy Act exemption for law enforcement 
activities, 5 U.S.C. 552a(b)(7). The law enforcement exemption requires 
the head of the agency requesting disclosure to make a written request 
specifying the records requested and the relevant law enforcement 
activity. The NTSB must be able to disclose a record relevant to a 
potential violation of law without a request from the agency to whom 
records are disclosed because the NTSB may be the first to discover the 
potential violation of law, and the NTSB must be able to confer with 
other agencies about whether it will relinquish investigative priority 
pursuant to 49 U.S.C. 1131(a)(2).
    7. Records may be disclosed to a federal, foreign, state, local, or 
tribal agency that (1) performs safety related functions; (2) is not a 
participant to an NTSB investigation as described in routine use number 
1; and (3) is not conducting an investigation, enforcement action, or 
prosecution as described in routine use number 6, if the NTSB 
determines that disclosure would enable the receiving agency to take 
corrective action or address a safety risk.
    8. Records may be disclosed to an agency or organization that 
regulates, oversees, licenses, or accredits healthcare providers or 
organizations if the NTSB determines that a provider's conduct or 
decision-making may warrant corrective action or creates a safety risk.
    9. Records may be disclosed to the Department of Justice, or in a 
proceeding before a court, adjudicative body, or other administrative 
body before which the NTSB is authorized to appear, when (1) the NTSB, 
or any component thereof; (2) any employee of the NTSB in his or her 
official capacity; (3) any employee of the NTSB in his or her 
individual capacity whom the Department of Justice or the NTSB has 
agreed to represent; or (4) the United States is a party to litigation 
or has an interest in such litigation, and the NTSB determines that the 
records are both relevant and necessary to the litigation and the use 
of such records is deemed by the NTSB to be for a purpose that is 
compatible with the purpose for which the records were collected.
    10. Records may be disclosed to the National Archives and Records 
Administration or General Services Administration for records 
management inspections conducted under 44 U.S.C. 2904, 2906.
    11. Records may be disclosed to appropriate agencies, entities, and 
persons when (1) the NTSB suspects or has confirmed that there has been 
a breach of the system of records; (2) the NTSB has determined that as 
a result of the suspected or confirmed breach there is a risk of harm 
to individuals, the NTSB (including its information systems, programs, 
and operations), the Federal Government, or national security; and (3) 
the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the NTSB's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    12. Records may be disclosed to another Federal agency or Federal 
entity, when the NTSB determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1)

[[Page 48461]]

responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    MEDICS records are primarily maintained electronically in a 
database. Some paper records may also be kept, and their location will 
be identified in the database. Paper records whose location is 
identified in MEDICS will be secured in a locked file cabinet, a secure 
office, or both, and will be searchable only by NTSB accident 
investigation number, not by PII. Paper records that are uploaded to 
MEDICS are destroyed. The database may be accessed from NTSB approved 
computers. In the future, the database may become accessible from any 
computer that provides for an authorized user's authentication.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Once an authorized user accesses MEDICS with his or her user ID and 
password, the MEDICS system is searchable by NTSB accident or incident 
number, accident city, accident state, accident country, and an 
individual's name, age, and date of birth.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    MEDICS records that are disclosed in the NTSB's public docket 
pursuant to routine use number 5 will be retained permanently. All 
other MEDICS records will be destroyed one year after the conclusion of 
the investigation or safety study to which the record relates, unless 
required to be retained under another record retention statute, 
regulation or court order.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    NTSB headquarters is guarded and monitored by security personnel, 
cameras, a Physical Access Control System (PACS), and other physical 
security measures. The computerized records contained within MEDICS are 
maintained in a secure, password-protected, encrypted computer system. 
Access to and use of these records are limited to NTSB employees and 
contractors whose official duties require such access. NTSB personnel 
may access the records only when access is relevant to (1) determining 
the facts or circumstances of an accident or incident; (2) determining 
the probable cause of an accident or incident; (3) evaluating human 
performance or survival factors issues arising during an accident or 
incident investigation; (4) providing victim and family assistance 
following an accident or incident; (5) carrying out special studies and 
investigations about transportation safety (including avoiding personal 
injury); and/or (6) examining techniques and methods of accident or 
incident investigation, and periodically publishing recommended 
procedures for accident or incident investigations. Electronic records 
are protected from unauthorized access through password identification 
procedures, limited access, firewalls and other system-based protection 
methods. This system conforms to all applicable Federal laws and 
regulations, as well as NTSB policies and standards, as they relate to 
information security and data privacy. Access is limited by user roles. 
Participants to an investigation may access only the records relevant 
to that accident, while NTSB Medical Officers will have access to all 
records. MEDICS will identify the location of paper records, which will 
be stored in a locked cabinet, a secured office, or both.

RECORD ACCESS PROCEDURE:
    Individuals wishing to access information about themselves in this 
system of records may contact the Chief, Records Management Division, 
National Transportation Safety Board, 490 L'Enfant Plaza SW, 
Washington, DC 20594. Individuals must comply with NTSB regulations 
regarding the Privacy Act, 49 CFR part 802, and must furnish the 
following information for their records to be located and identified:

    1. Full name(s).
    2. Date of birth.
    3. If known, the date and location of the accident, incident, or 
occurrence, or the NTSB investigation identifier(s) for the 
investigation(s) in which the NTSB created or obtained the record.
    4. Signature.

CONTESTING RECORD PROCEDURE:
    Individuals wishing to amend their records should contact the 
agency office identified in the Record Access Procedure section and 
furnish such identifying information described in that section to 
identify the records to be amended. Individuals seeking amendment of 
their records must also follow the agency's Privacy Act regulations, 49 
CFR part 802. Where the requested amendment implicates information 
provided by a third-party source, the agency will refer the individual 
to the source from which the agency obtained the information. The NTSB 
is not authorized to amend records from non-agency sources. 
Additionally, the NTSB is not authorized to direct a non-agency source 
to change or alter records. Because medical practitioners may provide 
differing but equally valid medical judgments and opinions when making 
medical evaluations of an individual's health status, review of 
requests from individuals seeking amendment of their medical records, 
beyond administrative correction such as association of a medical 
record with an incorrect individual, may be limited to consideration of 
including the differing opinion in the record rather than attempting to 
determine whether the original opinion is accurate.

NOTIFICATION PROCEDURE:
    Individuals wishing to inquire about whether this system of records 
contains information about them may contact the agency office listed in 
the Record Access Procedure section, and provide the identifying 
information described in that section.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    82 FR 23075.

    Dated: September 20, 2018.
Robert L. Sumwalt, III,
Chairman.
[FR Doc. 2018-20821 Filed 9-24-18; 8:45 am]
 BILLING CODE 7533-01-P