[Federal Register Volume 85, Number 237 (Wednesday, December 9, 2020)]
[Notices]
[Pages 79224-79227]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-27051]


=======================================================================
-----------------------------------------------------------------------

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION


Privacy Act of 1974; System of Records

AGENCY: National Aeronautics and Space Administration (NASA).

ACTION: Notice of a Modified System of Records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, the 
National Aeronautics and Space Administration is issuing public notice 
of its proposal to significantly alter a previously noticed system of 
records NASA Health Information Management System/NASA 10HIMS. This 
notice incorporates locations and NASA standard routine uses, as 
appropriate, that NASA has previously published separately from, and 
cited by reference in, this and other NASA systems of records notices. 
This notice further clarifies and crystalizes this system of records; 
updates records access, notification, and contesting procedures; 
enhances one and adds one new routine uses, as set forth below under 
the caption SUPPLEMENTARY INFORMATION.

DATES: Submit comments within 30 calendar days from the date of this 
publication. The changes will take effect at the end of that period, if 
no adverse comments are received.

ADDRESSES: Patti F. Stockman, Privacy Act Officer, Office of the Chief 
Information Officer, National Aeronautics and Space Administration 
Headquarters, Washington, DC 20546-0001, (202) 358-4787, [email protected].

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Patti F. 
Stockman, (202) 358-4787, [email protected].

[[Page 79225]]


SUPPLEMENTARY INFORMATION: 
    This system notice includes both minor and substantial revisions to 
NASA's existing system of records notice. This notice clarifies that 
NASA's purpose for this system of records is to ensure a healthy 
workforce and working environment. It adds a field by which records may 
be retrieved, and records access, notification, and contesting 
procedures consistent with NASA Privacy Act regulations; adds new 
locations to reflect the location of NASA pandemic contact tracing 
records that identify individuals who have contracted infectious 
diseases and others they have potentially exposed in the NASA 
workplace; and incorporates, as appropriate, information formerly 
published separately in the Federal Register as Appendix A, Location 
Numbers and Mailing Addresses of NASA Installations at which Records 
are Located. It incorporates, in whole, NASA Standard Routine uses 
heretofore published by NASA as Appendix B and cited within individual 
system notices. This notice modifies categories of individuals covered 
and categories of records to be more precise. Finally, this notice 
expands routine use number 2 for contingency medical mission support; 
and revises NASA's Standard Routine Use 6 and adds a new standard 
routine use number 9, both to permit disclosure of information to 
another federal agency or entity to permit their response to a breach 
or address of harm caused by a breach.

Cheryl Parker,
Federal Register Liaison Officer.

SYSTEM NAME AND NUMBER:
    Health Information Management System, NASA 10HIMS.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Records of Medical Clinics/Units and Environmental Health Offices 
are maintained at:
    Mary W. Jackson NASA Headquarters, National Aeronautics and Space 
Administration (NASA), Washington, DC 20546-0001;
    Ames Research Center (NASA), Moffett Field, CA 94035-1000;
    Armstrong Flight Research Center (NASA), P.O. Box 273, Edwards, CA 
93523-0273;
    John H. Glenn Research Center at Lewis Field (NASA), 21000 
Brookpark Road, Cleveland, OH 44135-3191;
    Goddard Space Flight Center (NASA), Greenbelt, MD 20771-0001;
    Lyndon B. Johnson Space Center (NASA), Houston, TX 77058-3696;
    John F. Kennedy Space Center (NASA), Kennedy Space Center, FL 
32899-0001;
    Langley Research Center, (NASA), Hampton, VA 23681-2199;
    George C. Marshall Space Flight Center (NASA), Marshall Space 
Flight Center, AL 35812-0001;
    John C. Stennis Space Center (NASA), Stennis Space Center, MS 
39529-6000;
    Michoud Assembly Facility (NASA), P.O. Box 29300, New Orleans, LA 
70189; and
    Wallops Flight Facility (NASA), Wallops Island, VA 23337.
    Electronic records are also hosted at:
    CORITY Chicago Data Center, 341 Haynes Drive, in Wood Dale, 
Illinois 60191;
    Salesforce Government Cloud in Ashburn, Virginia; and
    Salesforce Disaster Recovery Center in Elk Grove Village, Illinois.

SYSTEM AND SUBSYSTEM MANAGER(S):
    Chief Health and Medical Officer at NASA Headquarters (see System 
Location above for address).
    Subsystem Managers:
    Director Health and Medical Systems, Occupational Health at NASA 
Headquarters (see System Location above for address);
    Chief, Space Medicine Division at NASA Johnson Space Center (see 
System Location above for address);
    Occupational Health Contracting Officer Representatives at NASA 
Ames Research Center, (see System Location above for address);
    NASA Armstrong Flight Research Center (see System Location above 
for address);
    NASA Goddard Space Flight Center (see System Location above for 
address);
    NASA Kennedy Space Center (see System Location above for address);
    NASA Langley Research Center (see System Location above for 
address);
    NASA Glenn Research Center (see System Location above for address);
    NASA Marshall Space Flight Center (see System Location above for 
address);
    NASA Jet Propulsion Laboratory (see System Location above for 
address);
    NASA Stennis Space Center (see System Location above for address);
    Michoud Assembly Facility (NASA) (see System Location above for 
address); and
    Wallops Flight Facility (NASA) (see System Location above for 
address).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 7901--Health service programs;
    51 U.S.C. 20113 (a)--Powers of the Administration in performance of 
functions to make and promulgate rules and regulations;
    44 U.S.C. 3101--Records management by agency heads; general duties;
    42 CFR part 2--Confidentiality of substance use disorder patient 
records.

PURPOSE(S) OF THE SYSTEM:
    In order to ensure a healthy environment and workforce, information 
in this system of records is maintained on anyone receiving (1) exams 
for general wellness, (2) occupational clearances or determination of 
fitness for duty, (3) behavioral health assistance, (4) workplace 
surveillance for potential human exposure within NASA to communicable 
diseases and hazards such as noise and chemical exposure, repetitive 
motion, and (5) first aid or medical care for onsite illness or 
injuries through a NASA clinic outreach.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains information on (1) NASA employees and 
applicants; (2) employees from other agencies and military detailees 
working at NASA; (3) active or retired astronauts and active astronaut 
family members; (4) other space flight personnel on temporary or 
extended duty at NASA; (5) contractor personnel; (6) Space Flight 
Participants and those engaged in commercial use of NASA facilities, 
(7) civil service and contractor family members; and (8) visitors to 
NASA Centers who use clinics or ambulance services for emergency or 
first-aid treatment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system contain demographic data and private health 
information:
    (1) Wellness records including but not limited to exams provided 
for continuing healthcare, documentation of immunizations and other 
outreach records.
    (2) Fitness for duty and/or exposure exams/surveillance including 
but not limited to ergonomics, hazardous materials, radiation, noise, 
communicable diseases and other applicable longitudinal surveillance.
    (3) Qualification records including the use of offsite or onsite 
exams to determine suitability for duties.
    (4) Behavioral health and employee assistance records.
    (5) Records of first aid, contingency response, or emergency care, 
including ambulance transportation.

RECORD SOURCE CATEGORIES:
    The information in this system of records is obtained from 
individuals themselves, physicians, and previous medical records of 
individuals.

[[Page 79226]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. Under the following 
routine uses that are unique to this system of records, information in 
this system may be disclosed: (1) To external medical professionals and 
independent entities to support internal and external reviews for 
purposes of medical quality assurance; (2) to private or other 
government health care providers for consultation, referral, or mission 
medical contingency support; (3) to the Office of Personnel Management, 
Occupational Safety and Health Administration, and other Federal or 
State agencies as required in accordance with the Federal agency's 
special program responsibilities; (4) to insurers for referrals or 
reimbursement; (5) to employers of non-NASA personnel in support of the 
Mission Critical Space Systems Personnel Reliability Program; (6) to 
international partners for mission support and continuity of care for 
their employees pursuant to NASA Space Act agreements; (7) to non-NASA 
personnel performing research, studies, or other activities through 
arrangements or agreements with NASA; (8) to the public of pre-space 
flight information having mission impact concerning an individual 
crewmember, limited to the crewmember's name and the fact that a 
medical condition exists; (9) to the public, limited to the 
crewmember's name and the fact that a medical condition exists, if a 
flight crewmember is, for medical reasons, unable to perform a 
scheduled public event following a space flight mission/landing; (10) 
to the public to advise of medical conditions arising from accidents, 
consistent with NASA regulations; and (12) in accordance with standard 
routine uses as set forth here.
    In addition, the following routine uses of information contained in 
SORs are standard for many NASA systems and are compatible with the 
purpose for which the Agency collected the information. They are NASA 
Standard Routine Uses.
    Standard Routine Use No. 1--In the event this system of records 
indicates a violation or potential violation of law, whether civil, 
criminal, or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule or order 
issued pursuant thereto, the relevant records in the SOR may be 
referred to the appropriate agency, whether Federal, State, local or 
foreign, charged with the responsibility of investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation or order issued pursuant thereto.
    Standard Routine Use No. 2--A record from this SOR may be disclosed 
to a Federal, State, or local agency maintaining civil, criminal, or 
other relevant enforcement information or other pertinent information, 
such as current licenses, if necessary to obtain information relevant 
to an agency decision concerning the hiring or retention of an 
employee, the issuance of a security clearance, the letting of a 
contract, or the issuance of a license, grant, or other benefit.
    Standard Routine Use No. 3--A record from this SOR may be disclosed 
to a Federal agency, in response to its request, in connection with the 
hiring or retention of an employee, the issuance of a security 
clearance, the reporting of an investigation of an employee, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit by the requesting agency, to the extent that the information is 
relevant and necessary to the requesting agency's decision on the 
matter.
    Standard Routine Use No. 4--A record from this system may be 
disclosed to the Department of Justice when (a) the Agency, or any 
component thereof; or (b) any employee of the Agency in his or her 
official capacity; or (c) any employee of the Agency in his or her 
individual capacity where the Department of Justice or the Agency has 
agreed to represent the employee; or (d) the United States, where the 
Agency determines that litigation is likely to affect the Agency or any 
of its components, is a party to litigation or has an interest in such 
litigation, and the use of such records by the Department of Justice or 
the Agency is deemed by the Agency to be relevant and necessary to the 
litigation.
    Standard Routine Use No. 5--A record from this system may be 
disclosed in a proceeding before a court or adjudicative body before 
which the agency is authorized to appear, when: (a) The Agency, or any 
component thereof; or (b) any employee of the Agency in his or her 
official capacity; or (c) any employee of the Agency in his or her 
individual capacity where the Agency has agreed to represent the 
employee; or (d) the United States, where the Agency determines that 
litigation is likely to affect the Agency or any of its components, is 
a party to litigation or has an interest in such litigation, and the 
use of such records by the Agency is deemed to be relevant and 
necessary to the litigation.
    Standard Routine Use No. 6--A record from this SOR may be disclosed 
to appropriate agencies, entities, and persons when (1) NASA suspects 
or has confirmed that there has been a breach of the system of records; 
(2) NASA has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, NASA (including its 
information systems, programs, and operations), the Federal Government, 
or national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with NASA's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    Standard Routine Use No. 7--A record from this system may be 
disclosed to contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the federal government, when 
necessary to accomplish an Agency function related to this system of 
records.
    Standard Routine Use No. 8--A record from this system may be 
disclosed to a Member of Congress or staff acting upon the Member's 
behalf when the Member or staff requests the information on behalf of, 
and at the request of, the individual who is the subject of the record.
    Standard Routine Use No. 9--A record from this system may be 
disclosed to another Federal agency or Federal entity, when NASA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in multiple formats including paper, digital, 
micrographic, photographic, and as medical recordings such as 
electrocardiograph tapes, x-rays and strip charts.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved from the system by the individual's name, 
date of birth, or unique assigned Numbers.

[[Page 79227]]

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in Agency files and destroyed in accordance 
with NASA Records Retention Schedule 1, Item 126, and NASA Records 
Retention Schedule 8, Item 57.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are maintained on secure NASA servers and protected in 
accordance with all Federal standards and those established in NASA 
regulations at 14 CFR 1212.605. Additionally, server and data 
management environments employ infrastructure encryption technologies 
both in data transmission and at rest on servers. Electronic messages 
sent within and outside of the Agency that convey sensitive data are 
encrypted and transmitted by staff via pre-approved electronic 
encryption systems as required by NASA policy. Approved security plans 
are in place for information systems containing the records in 
accordance with the Federal Information Security Management Act of 2014 
(FISMA) and OMB Circular A-130, Management of Federal Information 
Resources. Only authorized personnel requiring information in the 
official discharge of their duties are authorized access to records 
through approved access or authentication methods. Access to electronic 
records is achieved only from workstations within the NASA Intranet, or 
remotely via a secure Virtual Private Network (VPN) connection 
requiring two-factor token authentication using NASA-issued computers 
or via employee PIV badge authentication from NASA-issued computers. 
The CORITY Chicago Data Center and Salesforce Government Cloud and 
Disaster Recovery Center maintain documentation and verification of 
commensurate safeguards in accordance with FISMA, NASA Procedural 
Requirements (NPR) 2810.1A, and NASA ITS-HBK-2810.02-05. Non-electronic 
records are secured in locked rooms or files.

RECORD ACCESS PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

CONTESTING RECORD PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

NOTIFICATION PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    15-101, 80 FR 214, pp. 68568-68572.

[FR Doc. 2020-27051 Filed 12-8-20; 8:45 am]
BILLING CODE 7510-13-P