[Federal Register Volume 84, Number 193 (Friday, October 4, 2019)]
[Notices]
[Pages 53221-53227]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-21412]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

[Docket No. DOT-OST-2019-0138]


Privacy Act of 1974; Department of Transportation (DOT), Federal 
Motor Carrier Safety Administration (FMCSA) DOT/FMCSA 009--National 
Registry of Certified Medical Examiners (National Registry) System of 
Records

AGENCY: Office of the Departmental Chief Information Officer, Office of 
the Secretary of Transportation, DOT.

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation proposes to update and reissue a current Department of 
Transportation's system of records titled, ``Department of 
Transportation Federal Motor Carrier Safety Administration 009--
National Registry of Certified Medical Examiners System of Records.'' 
This system of records allows the Department of Transportation/Federal 
Motor Carrier Safety Administration to collect and maintain records on 
Medical Examiners registering on the National Registry website and 
applying for Federal Motor Carrier Safety Administration Medical 
Examiner certification, certified Medical Examiner designated 
administrative assistants and authorized representatives who have 
registered on the National Registry to perform reporting functions on 
behalf of a certified Medical Examiner, and commercial motor vehicle 
drivers examined by Federal Motor Carrier Safety Administration 
certified Medical Examiners listed on the National Registry. The 
categories of records collected and maintained in this system include 
several pieces of personally identifiable information as detailed in 
the ``Categories of Records in the System'' section of this system of 
records notice. The information for the record subjects is collected 
and used as part of the process of establishing and maintaining a 
current national registry of Medical Examiners that are certified by 
FMCSA to perform medical examinations of interstate commercial motor 
vehicle drivers and issue Medical Examiner's Certificates as outlined 
in the Safe, Accountable, Flexible, Efficient Transportation Equity 
Act: A Legacy for Users (SAFETEA-LU). The specifics regarding the 
information collected and how the Agency uses the information is more 
thoroughly detailed below and in the associated Privacy Impact 
Assessment on DOT's website at https://www.transportation.gov/privacy.
    In addition to non-substantive changes to simplify the formatting 
and text of the previously published notice, we are revising this 
notice to reflect the following changes resulting from publication of 
the Medical Examiner's Certification Integration final rule (80 FR 
22790) and the Process for Department of Veterans Affairs (VA) 
Physicians to be Added to the National Registry of Certified Medical 
Examiners final rule (83 FR 26846). These changes include inclusion of 
additional information in the categories of records to address 
information collected using the CMV Driver Medical Examination Results 
Form, MCSA-5850 (2126-0006), addition of the Fixing America's Surface 
Transportation (FAST) Act, Public Law 114-94, as an authority for the 
system, addition of one new routine use for the sharing of CMV driver 
information to State Driver's Licensing Agencies, deletion of four 
routine uses duplicative of Department-wide general routine uses, and 
reduction in the retention disposition for records maintained in this 
system.
    This updated system will be included in the Department of 
Transportation's inventory of record systems.

DATES: Written comments should be submitted on or before November 4, 
2019. The Department may publish an amended SORN in light of any 
comments received. This new system will be effective November 4, 2019.

ADDRESSES: You may submit comments, identified by docket number DOT-
OST-2019-0138 by any of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001.
     Hand Delivery or Courier: West Building Ground Floor, Room 
W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday 
through Friday, except Federal Holidays.
     Fax: (202) 493-2251.
    Instructions: You must include the agency name and docket number 
DOT-OST-2019-0138. All comments received will be posted without change 
to http://www.regulations.gov, including any personal information 
provided.
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if

[[Page 53222]]

submitted on behalf of an association, business, labor union, etc.). 
You may review DOT's complete Privacy Act statement in the Federal 
Register published on April 11, 2000 (65 FR 19477-78), or you may visit 
http://DocketsInfo.dot.gov.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: 
    For general questions please contact: Charles A. Horan III, 
Director, Office of Carrier, Driver, and Vehicle Safety Standards, 
Federal Motor Carrier Safety Administration, Department of 
Transportation, Washington, DC 20590, 202.366.2362, 
[email protected].
    For privacy issues please contact: Claire W. Barrett, Departmental 
Chief Privacy Officer, Privacy Office, Department of Transportation, 
Washington, DC 20590; [email protected]; or 202.527.3284.

SUPPLEMENTARY INFORMATION: 

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Transportation (DOT)/Federal Motor Carrier Safety 
Administration (FMCSA) proposes to update and reissue a current DOT 
system of records titled, ``Department of Transportation Federal Motor 
Carrier Safety Administration DOT/FMCSA 009--National Registry of 
Certified Medical Examiners (National Registry) System of Records.'' 
This system of records is being updated as a result of changes to and 
use of the records collected through the publication of the Medical 
Examiner's Certification Integration final rule (80 FR 22790). This 
system of records collects information under the Paperwork Reduction 
Act using the commercial motor vehicle (CMV) Driver Medical Examination 
Results Form, MCSA-5850 (electronic), Office of Management and Budget 
(OMB) Control No. 2126-0006, under the information collection titled 
``Medical Qualification Requirements.''
    FMCSA developed the National Registry to improve highway safety and 
driver health by focusing on Medical Examiner (ME) performance through 
requiring MEs to be trained and certified to determine effectively 
whether a CMV driver's health meets the Federal Motor Carrier Safety 
Regulations (FMCSRs). The MEs must demonstrate an understanding of the 
physical qualifications standards in the FMCSRs and how they relate to 
the medical demands of operating a CMV and how to apply those standards 
in a uniform and consistent manner when making the determination 
whether an individual driver meets the standards.
    To be listed as a certified ME on the National Registry, an ME must 
be licensed, certified, or registered to perform medical examinations 
in accordance with applicable State laws and regulations, register on 
the National Registry website, successfully complete required training 
on FMCSA's physical qualification standards and guidelines, and pass a 
certification test. Once certified, MEs are listed on FMCSA's National 
Registry website where their contact information and national registry 
number is made available to assist CMV drivers in locating and 
contacting FMCSA certified MEs.
    All interstate CMV drivers are required to obtain their Medical 
Examiner's Certificates (MECs) from a certified ME listed on the 
National Registry. Therefore, once certified, MEs perform medical 
examinations on interstate CMV drivers who are required to receive a 
medical examination at least once every two years. Certified MEs and 
their designated Medical Examiner Administrative Assistants (MEAAs) 
transmit driver medical examination results to FMCSA via the CMV Driver 
Medical Examination Results Form, MCS. A-5850 (2126-0006), once a 
month, view previously submitted CMV driver medical examination 
results, and edit the ME's contact information. Other authorized 
representatives designated by the certified ME are only able to 
simultaneously upload (bulk upload) multiple CMV Driver Medical 
Examination Results from their medical system to the National Registry. 
FMCSA uses the CMV driver medical examination results (MEC information) 
to monitor ME competence and performance in evaluating the CMV driver 
health and fitness and to detect irregularities in examination 
procedures.
    As part of the Medical Examiner's Certification Integration final 
rule, beginning June 22, 2018, the FMCSA certified ME or his or her 
designated MEAA will be required to transmit to FMCSA, through the 
National Registry, by midnight (local time) of the next calendar day 
following the exam, the results of all CMV driver medical examinations 
that they have performed in accordance with the FMCSRs, via the CMV 
Driver Medical Examination Results Form, MCSA-5850. In addition, 
certified MEs will be allowed to transmit to FMCSA, through the 
National Registry, the results of all CMV driver medical examinations 
that they have performed in accordance with the FMCSRs with any 
applicable State variances, via the CMV Driver Medical Examination 
Results Form, MCSA-5850. As a result of these added collections, the 
driver's address, optional email address, and results of examinations 
performed in accordance with the FMCSRs with any applicable State 
variances, have been added to the CMV Driver Medical Examination 
Results Form, MCSA-5850. For commercial driver's license (CDL) holders, 
FMCSA will electronically transmit MEC information from the National 
Registry to the State Driver's Licensing Agencies (SDLAs) for 
examinations conducted in accordance with the FMCSRs as well as those 
in accordance with the FMCSRs with any applicable State variances. 
FMCSA will also electronically transmit medical variance information 
for all CMV drivers from the National Registry to the SDLAs.
    We are updating this system of records notice to reflect non-
substantive changes to simplify the formatting and text of the 
previously published notice and to reflect the following changes:

Categories of Records

     Added collection of the CMV driver's address for the 
Agency to contact the driver regarding their certification during the 
oversight and audit process for the program. This has been added to the 
CMV Driver Medical Examination Results Form, MCSA-5850 (2126-0006).
     Added optional collection of CMV driver's email address 
for general correspondence with the driver regarding his/her 
certification. This has been added to the CMV Driver Medical 
Examination Results Form, MCSA-5850 (2126-0006).
     Added optional collection of CMV driver examination 
results when performed in accordance with the FMCSRs with any 
applicable State variances for electronic transmission at the request 
of several States. This has been added to the CMV Driver Medical 
Examination Results Form, MCSA-5850 (2126-0006).
     Added the issued and expiration dates for medical 
variances for electronic transmission to the SDLAs and posting to the 
driver's record.

Authority

     Added the Fixing America's Surface Transportation Act 
(FAST Act) as an authority for the system. The FAST Act requires that 
the Department establish a process that allows veteran operators to 
obtain their DOT medical certification exams from a Department of 
Veterans

[[Page 53223]]

Affairs physician. Information maintained on Medical Examiners and CMV 
drivers obtained through these processes would be the same as that for 
other examiners and drivers. Although the details of this process will 
not be finalized until publication of the final rule, the FAST Act 
requires that a process be established, and thus, we are including the 
FAST Act authority in this SORN in anticipation of the eventual 
establishment of the process mandated by the FAST Act and inclusion of 
this information in this system.

Routine Uses of Records Maintained in the System

     Added a routine use for the electronic transfer of MEC 
information for commercial driver's license (CDL) holders and medical 
variance information for all CMV drivers from the National Registry to 
the SDLAs for posting to the driver's record. This includes information 
collected from both the ME and the CMV driver. This routine use is 
compatible with the purposes of the system as it allows State and 
Federal enforcement officials to be able to view the most current and 
accurate information regarding the medical status of the CDL holder, 
all information on the MEC, and the medical variance information to 
include the issued and expiration dates.
     Deleted four routine uses addressing sharing records with 
contractors and oversight bodies because they are duplicative of the 
Department's general routine uses applicable to all systems.

Retention and Disposal

     Reduced the retention and disposal of information 
collected to retain records for the least amount of time necessary and 
to maintain consistency with the FMCSRs (49 CFR 383.73(j)(ii) and 
391.43(i))
    This updated system will be included in DOT's inventory of record 
systems.

II. Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records Notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information).
    In accordance with 5 U.S.C. 552a(r), DOT has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    Department of Transportation Federal Motor Carrier Safety 
Administration DOT/FMCSA 009--National Registry of Certified Medical 
Examiners (National Registry)

SECURITY CLASSIFICATION:
    Unclassified, Sensitive.

SYSTEM LOCATION:
    Records are maintained by FMCSA, U.S. Department of Transportation, 
1200 New Jersey Avenue SE, Washington, DC 20590.

SYSTEM MANAGER AND ADDRESS:
    Director, Office of Carrier, Driver and Vehicle Safety, (202) 366-
2362, [email protected], Federal Motor Carrier Safety 
Administration, U.S. Department of Transportation, 1200 New Jersey 
Avenue SE, Washington, DC 20590.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Safe, Accountable, Flexible, Efficient Transportation Equity 
Act: A Legacy for Users (SAFETEA-LU) sections 4116(a) (codified as 
amended at 49 U.S.C. 31149) and 4116(b) (codified as amended at 49 
U.S.C. 31136(a)(3)). Fixing America's Surface Transportation Act (FAST 
Act), Public Law 114-94.

PURPOSE(S) OF THE SYSTEM:
    The National Registry program is designed to produce trained, 
certified medical examiners who fully understand the medical standards 
in the Federal Motor Carrier Safety Regulations (FMCSRs), to create a 
registry of these trained and certified medical examiners, and to 
ensure that the most current and accurate information regarding the 
medical status of CMV drivers is known.
    This system of records allows the DOT/FMCSA to collect and maintain 
records on MEs registering on the National Registry website and 
applying for FMCSA ME certification, designated MEAAs and authorized 
representatives who have registered on the National Registry to perform 
reporting functions on behalf of a certified ME, and CMV drivers 
examined by FMCSA certified MEs listed on the National Registry.
    The purpose of this system and how FMCSA uses the information 
collected and maintained in the National Registry system is described 
below by categories of individuals covered by the system.
    Information collected from MEs registering on the National Registry 
website and applying for FMCSA ME certification:
    FMCSA compares the ME's contact and medical licensing information 
provided by the ME during registration to the State's medical licensing 
data in order to ensure the data provided by the ME is valid.
    FMCSA uses ME contact and employer information to communicate with 
the ME regarding their information in the National Registry and their 
application and certification status.
    FMCSA uses ME contact information, medical licensing information, 
training information, certification testing information, and 
identification information to evaluate the ME's eligibility for 
certification. In addition, FMCSA may request and review ME supporting 
documentation for eligibility of certification. FMCSA also reviews the 
ME certification test answers in order to validate the test grade and 
score provided by the test center and to ensure that the test center 
properly graded and scored the test.
    FMCSA uses the ME's contact and employer information to list 
eligible FMCSA certified MEs on the National Registry website where the 
general public can search for certified MEs.
    Information collected from designated MEAAs and authorized 
representatives who have registered on the National Registry to perform 
reporting functions on behalf of a certified ME:
    The FMCSA uses designated MEAA's and authorized representatives' 
contact and employer information to communicate with the designated 
MEAA or authorized representative regarding their information in the 
National Registry.
    Information collected from CMV drivers examined by FMCSA certified 
MEs listed on the National Registry:
    FMCSA uses the CMV driver's medical examination results (MEC 
information) to monitor certified ME competence and performance in 
evaluating the CMV driver's health and to detect irregularities in 
examination procedures.
    FMCSA uses the CMV driver's identity information and state driver's 
license information to analyze the relationship between the driver's

[[Page 53224]]

medical examination results and public safety.
    FMCSA uses the CMV driver's medical examination results, ME 
determination, and medical variance information to periodically review 
a representative sample of the Medical Examination Report (MER) Forms 
associated with the name and numerical identifiers of applicants 
transmitted for errors, omissions, or other indications of improper 
certification.
    FMCSA uses the CMV driver's identity information to contact the 
driver regarding their certification during the oversight and audit 
process for the program as well as for general correspondence with the 
driver.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered by this system of records 
include:
     Medical examiners (MEs) registering on the National 
Registry website and applying for FMCSA ME certification.
     ME Administrative Assistants (MEAAs) and authorized 
representatives who have registered on the National Registry and been 
designated by a certified ME to perform reporting functions on behalf 
of the ME.
     Commercial motor vehicle (CMV) drivers examined by FMCSA 
certified MEs listed on the National Registry.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The National Registry of Certified Medical Examiners system 
collects, processes, transmits, and stores the following types of 
information:
    ME Personally Identifiable Information (PII) Collection for 
Registration and Certification Process
     Contact Information/Place of Business (physical location 
where ME will perform licensed CMV driver medical examinations)
    [cir] Full name (first, last, middle initial)
    [cir] Primary email address
    [cir] Business name
    [cir] Business address
    [cir] Business telephone number
    [cir] Business fax number (optional)
    [cir] Business email address (optional)
    [cir] Business website address (optional)
    [cir] Business hours of operation (optional)
     Employer Information
    [cir] Employer name
    [cir] Employer address
    [cir] Employer telephone number
    [cir] Employer fax number (optional)
    [cir] Employer email address (optional)
     Medical Licensing Information (used to validate medical 
credentials)
    [cir] Medical profession
    [cir] License, certificate or registration number
    [cir] Medical license State of issue
    [cir] Medical license expiration date
    ME PII Collection for Certification Training
     Training Information
    [cir] Provider name
    [cir] Training provider address or website (optional)
    [cir] Date training completed
    [cir] Training expiration date
    [cir] Organization that accredited the training (optional)
    [cir] Type of training (optional)
    ME PII Collection for Certification Testing
     Identity Verification Information
    [cir] Type of ME photo ID
    [cir] Expiration date of ME photo ID
    [cir] National registry number issued by FMCSA
    [cir] Medical credential or license
    [cir] Training certification
     Test Information
    [cir] Test delivery organization name
    [cir] Test delivery organization ID
    [cir] Test center name
    [cir] Test center ID
    [cir] Test type
    [cir] Test ID
    [cir] Date of certification test
    [cir] Certification test questions
    [cir] Certification test answers
    [cir] Test center grade (pass fail)
    [cir] Test center score (numeric)
    ME PII Collection Regarding Certification Decision/Status
     Test Results
    [cir] FMCSA test grade (pass/fail)
    [cir] FMCSA test score (numeric)
    MEAAs PII Collection to Register with the National Registry System
     Identity Information
    [cir] Full name (first, last, middle initial)
    [cir] National registry number issued by FMCSA
     ME Business Relationship
    [cir] Business address
    [cir] Business telephone number
    [cir] Business email address
    [cir] Business website link information
    [cir] Name of certified ME that designated the AA
    [cir] National registry number of certified ME that designated the 
AA
    CMV Drivers PII Collection for Reporting Medical Examination 
Results to the National Registry System via the MCSA-5850
     Identity Verification Information
    [cir] Full name (first, last, middle initial)
    [cir] Date of birth
    [cir] Driver's mailing address
    [cir] Driver's email address (optional)
     State Driver's License Information
    [cir] License number
    [cir] License issuing State
    [cir] CDL status
     Medical Examination Results
    [cir] Date of examination
    [cir] Examination Result (medically qualified in accordance with 
the FMCSRs, medically qualified in accordance with the FMCSRs and any 
applicable State variances, medically unqualified, pending 
determination, incomplete examination)
    [cir] Medical Examiner's Certificate expiration date
    [cir] Driver restrictions/variances
    [cir] Driver waiver/exemption type
    CMV Driver PII Collection for Medical Variances (exemptions, skills 
performance evaluation certificates and grandfathered exemptions)
     Identity Verification Information
    [cir] Full name (first, last, middle initial)
    [cir] Date of Birth
     Medical Variance Information
    [cir] Type
    [cir] Issue date
    [cir] Expiration date

RECORD SOURCE CATEGORIES:
    Information about the ME is obtained from the ME during the 
registration and certification process. Information about the MEAA is 
obtained from the MEAA during the registration process. Information 
about any authorized representative providing bulk upload services is 
obtained from the representative during the application process. 
Information about the CMV driver is provided by the driver at the time 
of medical examination to the ME.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOT as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    System-Specific Routine Uses
    1. To State Medical Boards for the purposes of verifying ME license 
information and status. (State Medical Boards are the authoritative 
repositories for ME license information and, as such, already have 
access to ME licensing information and the verification of the same by 
the Department does not constitute a disclosure under the Privacy Act. 
This Routine Use is included in this Notice in an effort by the 
Department to be transparent to the public regarding the way it which 
it will use personal information maintained in the National Registry 
system of records.)
    2. To the test centers who use ME identification information, 
contact information, medical licensing information, employer contact 
information, and training information to

[[Page 53225]]

verify the ME's identity and eligibility to take the ME certification 
test and to transmit certification test information to the National 
Registry.
    3. To FMCSA certified MEs or designated MEAAs and authorized 
representatives to submit/update CMV driver medical examination results 
data to FMCSA for CMV driver examinations they have conducted and to 
search for previous CMV driver medical examination results.
    4. To the general public to perform searches on the National 
Registry website for the purpose of locating and contacting FMCSA 
certified MEs.
    5. To the SDLAs medical examination results (MEC information) of 
CLP/CDL applicants/holders and medical variance information 
(exemptions, skills performance evaluation certificates and 
grandfathered exemptions) for all CMV drivers, for posting to the 
driver's record.
    Department General Routine Uses
    6. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration (NARA) in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    7. DOT may make available to another agency or instrumentality of 
any government jurisdiction, including State and local governments, 
listings of names from any system of records in DOT for use in law 
enforcement activities, either civil or criminal, or to expose 
fraudulent claims, regardless of the stated purpose for the collection 
of the information in the system of records. These enforcement 
activities are generally referred to as matching programs because two 
lists of names are checked for match using automated assistance. This 
routine use is advisory in nature and does not offer unrestricted 
access to systems of records for such law enforcement and related 
antifraud activities. Each request will be considered on the basis of 
its purpose, merits, cost effectiveness and alternatives using 
Instructions on reporting computer matching programs to the Office of 
Management and Budget, OMB, Congress, and the public, published by the 
Director, OMB, dated September 20, 1989.
    8. DOT may disclose records from this system, as a routine use, to 
the Office of Government Information Services for the purpose of (a) 
resolving disputes between FOIA requesters and Federal agencies and (b) 
reviewing agencies' policies, procedures, and compliance in order to 
recommend policy changes to Congress and the President.
    9. DOT may disclose records from the system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    10. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1) of the Privacy Act.
    11. DOT may disclose from this system, as a routine use, records 
consisting of, or relating to, terrorism information (6 U.S.C. 
485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law 
enforcement information (Guideline 2 Report attached to White House 
Memorandum, ``Information Sharing Environment'', November 22, 2006) to 
a Federal, State, local, tribal, territorial, foreign government and/or 
multinational agency, either in response to its request or upon the 
initiative of the Component, for purposes of sharing such information 
as is necessary and relevant for the agencies to detect, prevent, 
disrupt, preempt, and mitigate the effects of terrorist activities 
against the territory, people, and interests of the United States of 
America, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 
(October 25, 2005).
    OMB-Required Routine Uses
    12. In the event that a system of records maintained by DOT to 
carry out its functions indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program pursuant thereto, the 
relevant records in the system of records may be referred, as a routine 
use, to the appropriate agency, whether Federal, State, local or 
foreign, charged with the responsibility of investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto.
    13. A record from this system of records may be disclosed, as a 
routine use, to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to a DOT decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant or other 
benefit.
    14. A record from this system of records may be disclosed, as a 
routine use, to a Federal agency, in response to its request, in 
connection with the hiring or retention of an employee, the issuance of 
a security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    15. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when--(a) DOT, or any 
agency thereof, or (b) Any employee of DOT or any agency thereof in 
his/her official capacity, or (c) Any employee of DOT or any agency 
thereof in his/her individual capacity where DOT has agreed to 
represent the employee, or (d) The United States or any agency thereof, 
where DOT determines that the proceeding is likely to affect the United 
States, is a party to the proceeding or has an interest in such 
proceeding, and DOT determines that use of such records is relevant and 
necessary in the proceeding, provided, however, that in each case, DOT 
determines that disclosure of the records in the proceeding is a use of 
the information contained in the records that is compatible with the 
purpose for which the records were collected.
    16. Routine Use for Disclosure for Use in Litigation. It shall be a 
routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when--(a) DOT, or any agency thereof, or (b) Any employee of 
DOT or any agency thereof, in his/her official capacity, or (c) Any 
employee of DOT or any agency thereof, in his/her individual capacity 
where the Department of Justice has agreed to represent the employee, 
or (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case,

[[Page 53226]]

DOT determines that disclosure of the records in the litigation is a 
use of the information contained in the records that is compatible with 
the purpose for which the records were collected.
    17. Disclosure may be made to a Congressional office from the 
record of an individual in response to an inquiry from the 
Congressional office made at the request of that individual. In such 
cases, however, the Congressional office does not have greater rights 
to records than the individual. Thus, the disclosure may be withheld 
from delivery to the individual where the file contains investigative 
or actual information or other materials which are being used, or are 
expected to be used, to support prosecution or fines against the 
individual for violations of a statute, or of regulations of the 
Department based on statutory authority. No such limitations apply to 
records requested for Congressional oversight or legislative purposes; 
release is authorized under 49 CFR 10.35(9).
    18. DOT may disclose records from the system, as a routine use to 
appropriate agencies, entities, and persons when (1) DOT suspects or 
has confirmed that there has been a breach of the system of records, 
(2) DOT has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, DOT (including its 
information systems, programs, and operations), the Federal Government, 
or national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with DOT's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    19. DOT may disclose records from the system, as a routine use to 
another Federal agency or Federal entity, when DOT determines that 
information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach. DOT may disclose records from this system, as a 
routine use, to the Office of Government Information Services for the 
purpose of (a) resolving disputes between FOIA requesters and Federal 
agencies and (b) reviewing agencies' policies, procedures, and 
compliance in order to recommend policy changes to Congress and the 
President.
    20. DOT may disclose records from this system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    21. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1), of the Privacy Act. 15. DOT 
may disclose from this system, as a routine use, records consisting of, 
or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland 
security information (6 U.S.C. 482(f)(1)), or Law enforcement 
information (Guideline 2 Report attached to White House Memorandum, 
``Information Sharing Environment, November 22, 2006) to a Federal, 
State, local, tribal, territorial, foreign government and/or 
multinational agency, either in response to its request or upon the 
initiative of the Component, for purposes of sharing such information 
as is necessary and relevant for the agencies to detect, prevent, 
disrupt, preempt, and mitigate the effects of terrorist activities 
against the territory, people, and interests of the United States of 
America, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004, (Pub. L. 108-458) and Executive Order, 13388 
(October 25, 2005).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored electronically and/or on paper in 
secure facilities. Electronic records may be stored on magnetic disc, 
tape, digital media, DVD, and CD-ROM.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by searching using the following fields:
     ME name, ME city and state, ME zip code, business name, 
employer name, medical profession, and/or national registry number.
     MEAA name, name of designating certified ME, national 
registry number of designating certified ME, and/or national registry 
number.
     CMV driver's last name, and exam start and end date range.

RETENTION AND DISPOSAL:
    In an effort to retain records for the least amount of time 
necessary and to maintain consistency with the FMCSRs (49 CFR 
383.73(j)(ii) and 391.43(i)), the DOT has updated the retention and 
disposal schedule to reduce the amount of time records are retained 
from a range of 16 and 60 years to a range of one to six years 
depending on the record type and purpose. Records will be retained and 
disposed in accordance with the National Registry of Certified Medical 
Examiners, #DAA-0557-2015-0001, approved by the National Archives and 
Records Administration (NARA) on February 16, 2016. The categories of 
records stored has been streamlined to provide a clear description of 
the records covered by the National Registry system of records. Below 
are the categories in the approved schedule. Details can be found by 
searching and viewing the approved schedule referenced above on the 
NARA website, http://www.archives.gov.
    1. Records of Certified MEs will be retained for the time the ME is 
on the National Registry plus 6 years following removal from the 
National Registry.
    2. Records of MEs that are registered but have not completed the 
certification process or are ineligible for certification by DOT will 
be retained for 6 years following removal from the National Registry.
    3. Records of MEAAs and third parties designated by a certified ME 
will be retained for 1 year from the date the individual is no longer 
authorized to perform duties in the National Registry system on behalf 
of the Certified ME.
    4. Records of CMV Drivers will be retained concurrent with the 
records of the ME who performed the driver's medical examination.
    5. National Registry PII and MER Records of CMV Drivers will be 
retained for 3 years from the date the medical examination report 
records are provided to FMCSA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DOT automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to records in this system is limited to those 
individuals who have a need to know the information for the performance 
of their official duties and who have appropriate clearances or 
permissions.

[[Page 53227]]

    FMCSA ensures that PII in the National Registry system is protected 
by reasonable security safeguards against loss or unauthorized access, 
destruction, usage, modification, or disclosure. These safeguards 
incorporate standards and practices required for Federal information 
systems under the Federal Information System Management Act and are 
detailed in Federal Information Processing Standards Publication 200, 
Minimum Security Requirements for Federal Information and Information 
Systems, dated March 2006, NIST Special Publication 800-53 Rev. 3, and 
Recommended Security Controls for Federal Information Systems and 
Organizations, dated August 2009. FMCSA has a comprehensive information 
security program that contains management, operational, and technical 
safeguards that are appropriate for the protection of PII. These 
safeguards are designed to achieve the following objectives:
     Ensure the security, integrity, and confidentiality of PII
     Protect against any reasonably anticipated threats or 
hazards to the security or integrity of PII
     Protect against unauthorized access to or use of PII
    The National Registry is more thoroughly in the associated Privacy 
Impact Assessment (PIA). The PIA can be found on the DOT Privacy 
website at http://transportation.gov/privacy. This updated system will 
be included in DOT's inventory of record systems.

RECORD ACCESS PROCEDURES:
    See ``Notification procedure'' above.

CONTESTING RECORD PROCEDURES:
    See ``Notification procedure'' above.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the DOT FOIA officer whose contact 
information can be found at http://www.transportation.gov/foia under 
``Contact Us.'' If an individual believes more than one component 
maintains Privacy Act records concerning him or her, the individual may 
submit the request to the Departmental Freedom of Information Act 
Office, U.S. Department of Transportation, Room W94-122, 1200 New 
Jersey Ave. SE, Washington, DC 20590, ATTN: Privacy Act request.
    When seeking records about yourself from this system of records or 
any other Departmental system of records your request must conform with 
the Privacy Act regulations set forth in 49 CFR part 10. You must sign 
your request, and your signature must either be notarized or submitted 
under 28 U.S.C. 1746, a law that permits statements to be made under 
penalty of perjury as a substitute for notarization. While no specific 
form is required, you may obtain forms for this purpose from the Chief 
Freedom of Information Act Officer, http://www.transportation.gov/foia 
or 202.366.4542. In addition you should provide the following:
    An explanation of why you believe the Department would have 
information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created;
     Provide any other information that will help the FOIA 
staff determine which DOT component agency may have responsive records; 
and
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

HISTORY:
    77 FR 24247--April 23, 2012.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

    Issued in Washington, DC, on September 27, 2019.
Claire W. Barrett,
Departmental Chief Privacy Officer.
[FR Doc. 2019-21412 Filed 10-3-19; 8:45 am]
 BILLING CODE 4910-9X-P