[Federal Register Volume 87, Number 7 (Tuesday, January 11, 2022)]
[Notices]
[Pages 1405-1409]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-28122]


-----------------------------------------------------------------------

COURT SERVICES AND OFFENDER SUPERVISION AGENCY


Privacy Act of 1974; System of Records

AGENCY: Court Services and Offender Supervision Agency.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, Court Services and Offender Supervision Agency (hereafter 
``CSOSA'' or ``Agency'') is issuing a public notice of its intent to 
create the Court Services and Offender Supervision Agency Privacy Act 
system of records, ``Personal Health and Religious Information.'' This 
system of records maintains personal health and religious information 
collected in response to reasonable accommodation requests for 
disability (or medical) or religious exception; a public health 
emergency or similar health and safety incident, such as a pandemic, 
epidemic, or man-made emergency; and/or any other lawful collection of 
health-related information or data that is necessary to ensure a safe 
and healthy environment for individuals who are occupying CSOSA 
facilities, attending CSOSA-sponsored events, or otherwise engaged in 
official business on behalf of the Agency, including but not limited to 
Executive Order 12564, Drug Free Federal Workplace (Sept. 15, 1986), 
Occupational Safety and Health Administration (OSHA) compliance, Office 
of Workers' Compensation Programs (OWCP) claims, leave administration, 
disability retirement, medically-related decisions such as fitness-for-
duty decisions, and health and wellness programs. The system of records 
will assist the Agency in the collection, storing, dissemination, and 
disposal of personal health and religious information collected and 
maintained by the Agency.

DATES: This new system will be effective upon publication. New or 
modified routine uses will be effective February 10, 2022. Submit 
comments on or before February 10, 2022.

ADDRESSES: You may send comments by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected].
     U.S. Mail or Hand-Delivery: Office of General Counsel, 800 
North Capitol Street NW, Suite 702, Washington, DC 20001.
    Instructions: All submissions received must include the agency 
name. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Sheila Stokes, Senior Agency Official 
for Privacy, 800 North Capitol Street NW, 7th Floor, Washington, DC 
20002, [email protected] or phone number (202) 220-5797.

SUPPLEMENTARY INFORMATION:

I. Background

    CSOSA maintains the ``Personal Health and Religious Information'' 
system of records. CSOSA is committed to providing all staff (political 
appointees, employees, detailees, contractors, consultants, interns, 
applicants, and volunteers), visitors, and occupants of its facilities 
with a safe and healthy environment. To ensure and maintain the safety 
of all occupants during standard operations and public health 
emergencies or similar health and safety incidents, such as a pandemic, 
epidemic, or man-made emergency, CSOSA may develop and institute 
additional safety measures that

[[Page 1406]]

require the collection of personal health information. CSOSA is also 
committed to providing reasonable accommodation for disability 
(medical) to qualified CSOSA and Pretrial Services Agency (PSA) staff 
and applicants and religious exceptions to qualified CSOSA staff and 
applicants pursuant to Section 501 of the Rehabilitation Act of 1973, 
as amended and Title VII of the Civil Rights Act of 1964, unless doing 
so would cause undue hardship. CSOSA is also committed to complying 
with Executive 14043, Requiring Coronavirus Disease 2019 Vaccination 
for Federal Employees (Sept. 9, 2021), which requires Federal agencies 
to collect staff health information related to the Coronavirus 2019 
(hereafter ``COVID-19). CSOSA may develop and institute additional 
measures that require the collection of personal health information.
    CSOSA will collect reasonable accommodation requests for disability 
(or medical) for CSOSA and the PSA staff (including political 
appointees, employees, applicants, detailees, contractors, consultants, 
interns, and volunteers) and religious exceptions for CSOSA staff 
(including political appointees, employees, detailees, contractors, 
consultants, interns, applicants, and volunteers).\1\ In response to 
public health emergencies, such as a pandemic or epidemic, CSOSA may 
collect health related information (including but not limited to 
vaccination status and proof of vaccination status) for CSOSA staff 
(including political appointees, employees, detailees, contractors, 
consultants, interns, applicants, and volunteers) necessary to ensure a 
safe and healthy environment.
---------------------------------------------------------------------------

    \1\ Pretrial Services Agency's religious exceptions and 
accommodations will be covered by a separate SORN.
---------------------------------------------------------------------------

    CSOSA is also committed to complying with the law, rules, and 
regulations associated with collecting personal health information 
related to (including but not limited to) Executive Order 12564, Drug 
Free Federal Workplace (Sept. 15, 1986), Occupational Safety and Health 
Administration (OSHA) compliance, Office of Workers' Compensation 
Programs (OWCP) claims, leave administration, disability retirement, 
medically-related decisions such as fitness-for-duty decisions, and 
health and wellness programs.
    Information will be collected, maintained, and disclosed in 
accordance with applicable law, regulations, and statutes, including, 
but not limited to, the Privacy Act of 1974, the Rehabilitation Act of 
1973, the Genetic Information Nondiscrimination Act of 2008, Title VII 
of the Civil Rights Act of 1964, the Executive Order 14043, Requiring 
Coronavirus Disease 2019 Vaccination for Federal Employees (Sept. 9, 
2021) and regulations and guidance published by the U.S. Occupational 
Safety and Health Administration, the U.S. Equal Employment Opportunity 
Commission, the U.S. Department of Labor, and the U.S. Centers for 
Disease Control and Prevention, the Office of Management and Budget, 
Safer Federal Workforce Taskforce, or other relevant entities. This 
newly established system will be included in the CSOSA inventory of 
record systems.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of CSOSA by complying 
with Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The ``Personal Health and Religious Information'' system 
of records notice is published in its entirety below. In accordance 
with 5 U.S.C. 552a(r), CSOSA has provided a report of this system of 
records to the Office of Management and Budget and to Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your address, phone number, email 
address, or any other personal information in your comment, may be made 
publicly available at any time. While you may request to withhold your 
personally identifiable information from public review, we cannot 
guarantee we will be able to do so.

SYSTEM NAME:
    CSOSA, Personal Health and Religious Information.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is maintained by the Court Services and Offender 
Supervisor Agency at 800 North Capitol Street NW, 7th Floor, 
Washington, DC 20002.

SYSTEM MANAGER(S) AND ADDRESS:
    The system manager is the Office of Information Technology located 
at 800 North Capitol Street, 6th Floor NW, Washington, DC 20002.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The authority to collect this information derives from section 501 
of the Rehabilitation Act of 1973, as amended. The substantive 
standards of the Americans with Disabilities Act of 1990, as amended 
(42 U.S.C. 12101 et seq.) apply to the Federal Government through the 
Rehabilitation Act. (29 U.S.C. 791 et seq.). Additional authority is 
derived from title VII of the Civil Rights Act of 1964. Additional 
authority is derived from 5 U.S.C. chapters 11 and 79, and in 
discharging the functions directed under Executive Order 14043, 
Requiring Coronavirus Disease 2019 Vaccination for Federal Employees 
(Sept. 9, 2021), we are authorized to collect this information. The 
authority for the system of records notice (SORN) associated with this 
collection of information, also includes 5 U.S.C. chapters 33 and 63 
and Executive Order 12196, Occupational Safety and Health Program for 
Federal Employees (Feb. 26, 1980). U.S.C. chapters 11 and 79, and in 
discharging the functions directed under Executive Order 14043, 
Requiring Coronavirus Disease 2019 Vaccination for Federal Employees 
(Sept. 9, 2021), Reg. 74815 (Nov. 30, 2015); 5 U.S.C. chapters 33 and 
63; Executive Order 12196, Occupational Safety and Health Program for 
Federal Employees (Feb. 26, 1980).

PURPOSE(S) OF THE SYSTEM:
    The primary purpose of the system is to collect, maintain, use, and 
disseminate personal health and religious information collected by the 
Agency. Records in this system of records are maintained for a variety 
of purposes, which include the following:

[[Page 1407]]

    (a) To ensure that records required to be retained on a long-term 
basis to meet the mandates of law, Executive Order, or regulations 
(e.g., the Department of Labor's Occupational Safety and Health 
Administration (OSHA) and OWCP regulations), are so maintained;
    (b) To comply with the Rehabilitation Action of 1973, as amended 
and Title VII of the Civil Rights Act of 1964 in processing reasonable 
accommodation requests based on disability (medical) or religious 
exception;
    (c) To comply with Executive Order 14043, Requiring Coronavirus 
Disease 2019 Vaccination for Federal Employees (Sept. 9, 2021), and 
applicable implementation guidance to determine the appropriate health 
and safety protocols for employees related to the COVID-19;
    (d) To comply with Executive Order 12564, Drug Free Federal 
Workplace (Sept. 15, 1986), and applicable guidance to ensure the 
proper and accurate operation of the agency's employee drug testing 
program.
    (e) To comply with the Occupational Safety and Health 
Administration (OSHA) laws, rules, regulations, and associated 
requirements related to employee's reporting of on-the-job injuries 
and/or unhealthy or unsafe working conditions, including the reporting 
of such conditions to OSHA and actions taken by that agency and to 
provide a method for evaluating quality of health care rendered and 
job-health-protection including engineering protection provided, 
protective equipment worn, workplace monitoring, and medical exam 
monitoring required by OSHA or by good practice.
    (f) To comply with the law, rules, regulations, and associated 
requirements related to claims filed the U.S. Department of Labor's 
Office of Workers' Compensation Programs (OWCP);
    (g) To comply with the laws, rules, regulations, and associated 
requirements related to disability retirement claims, leave 
administration (including but not limited to sick leave, extended sick 
leave, the Voluntary Annual Leave Program, Family Medical Leave Act 
(FMLA), or COVID-related leave), and/or to ensure that all relevant, 
necessary, accurate, and timely data are available to support any 
medically-related employment decisions affecting the subject of the 
records (e.g., in connection with fitness-for-duty and disability 
retirement decisions).
    (h) To enable evaluation of the effectiveness of employee health 
and wellness programs.
    The system enables CSOSA to electronically log, track, and manage 
personal health and religious information.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered include but are not limited to CSOSA and PSA 
political appointees, employees, detailees, contractors, consultants, 
interns, applicants, and volunteers, or any family member, health 
professional, or other person making a request as a representative of 
the same.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The personal health and information records may contain some or all 
of the following records: Reasonable accommodation requests, including 
medical records, notes, religious affiliation, or records made during 
consideration of requests, and decisions on requests. These records may 
contain general personal data, including but not limited to the 
political appointee's, employee's, detailee's, contractor's, 
consultant's, intern's, applicant's, and volunteer's name, date of 
birth, social security number, religion, maiden name, place of birth, 
financial information, alias, home address, medical information, 
gender, telephone number, military service, age, email address, 
physical characteristics, race/ethnicity, and/or education. These 
records may also contain work-related data, including but not limited 
to occupation, telephone number, salary, job title, email address, work 
history, work address, business associates, and/or program office to 
which the employee is assigned. Additional records maintained in this 
system may include:
    a. Medical records, forms, and reports completed or obtained when 
an individual applies for a Federal job and is subsequently employed;
    b. Medical records, forms, and reports completed during employment 
as a condition of employment, either by the employing agency or by 
another agency, State or local government entity, or a private sector 
entity under contract to the employing agency;
    c. Records pertaining and resulting from the testing of the 
employee for use of illegal drugs under Executive Order 12564. Such 
records may be retained by the agency (e.g., by the agency Medical 
Review Official) or by a contractor laboratory. This includes records 
of negative results, confirmed or unconfirmed positive test results, 
and documents related to the reasons for testing or other aspects of 
test results.
    d. Reports of on-the-job injuries and medical records, forms, and 
reports generated as a result of the filing of a claim for Workers' 
Compensation, whether the claim is accepted or not. (The official OWCP 
claim file is not covered by this system; rather, it is part of the 
Department of Labor's Office of Workers' Compensation Program (OWCP) 
system of records.)
    e. All other medical records, forms, and reports created on an 
employee during his/her period of employment, including any retained on 
a temporary basis (e.g., those designated to be retained only during 
the period of service with a given agency) and those designated for 
long-term retention (i.e., those retained for the entire duration of 
Federal service and for some period of time after).
    f. Records resulting from participation in agency-sponsored health 
promotion and wellness activities, including health risk appraisals, 
biometric testing, health coaching, disease management, behavioral 
management, preventive services, fitness programs, and any other 
activities that could be considered part of a comprehensive worksite 
health and wellness program.

RECORD SOURCE CATEGORIES:
    Records in this system are obtained directly from the political 
appointee, employee, detailee, contractor, consultant, intern, 
applicant, and volunteer, or any family member, health professional, or 
other person making such a request as a representative of the same; 
therefore, the accuracy is ensured by collecting the information from 
the source who may be required to certify under penalty of perjury that 
the information is true and accurate to the best of their knowledge.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside CSOSA as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To Members of Congress or their staff on behalf of and at the 
request of the individuals who is the subject of the record or at the 
request of or on behalf of their constituents.
    B. To another Federal agency or a party in litigation before a 
court or in an administrative proceeding being conducted by a Federal 
agency, when the Government is a party to the judicial or 
administrative proceeding, and such information is the subject of a 
court order directing disclosure or deemed by CSOSA to be relevant and 
necessary to the litigation.

[[Page 1408]]

    C. At the initiative of CSOSA, to a law enforcement agency under 
the control of the United States for investigation or prosecution where 
a record indicates a violation or suspected violation of law.
    D. By the National Archives and Records Administration (NARA) in 
records management and inspections under the authority of 44 U.S.C. 
2904 and 2906.
    E. To disclose information to the Department of Justice or in a 
proceeding before a court, adjudicative body, or other administrative 
body before which CSOSA is authorized to appear when:
    (1) CSOSA, or any component thereof; or
    (2) Any employee of CSOSA in his or her official capacity; or
    (3) Any employee of CSOSA in his or her individual capacity where 
the Department of Justice or CSOSA has agreed to represent the 
employee; or
    (4) Any employee of CSOSA in his or her individual capacity where 
CSOSA has agreed to represent the employee; or
    (5) The United States, where the CSOSA determines that litigation 
is likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or CSOSA is deemed by CSOSA to be 
relevant and necessary to the litigation.
    F. To disclose information to officials of the Merit Systems 
Protection Board or the Office of the Special Counsel, when requested 
in connection with appeals, special studies of the civil service and 
other merit systems, review of OPM rules and regulations, 
investigations of alleged or possible prohibited personnel practices, 
and such other functions as promulgated in 5 U.S.C. 1205 and 1206, or 
as may be authorized by law.
    G. To disclose information to the U.S. Equal Employment Opportunity 
Commission when requested in connection with investigations into 
alleged or possible discrimination practices in the Federal sector, 
examination of Federal affirmative employment programs, compliance by 
Federal agencies with the Uniform Guidelines of Employee Selection 
Procedures, or other functions vested in the Commission.
    H. To disclose information to the Federal Labor Relations Authority 
or its General Counsel when requested in connection with investigations 
of allegations of unfair labor practices of matters before the Federal 
Service Impasses Panel.
    I. To disclose information to the Office of Management and Budget 
at any stage of the legislative coordination and clearance process in 
connection with private relief legislation as set forth in OMB circular 
No. A-19.
    J. To authorized contractors, vendors, grantees, or volunteers 
performing or working on a contract, service, grant, cooperative 
agreement, or job for CSOSA or the Federal government that is in the 
performance of a Federal duty to which the information is deemed 
relevant.
    K. To disclose to a requesting Federal agency, information in 
connection with the hiring, retention, separation, or retirement of an 
employee; the issuance of a security clearance; the reporting of an 
investigation of an employee; the letting of a contract; the 
classification of a job; or the issuance of a license, grant, or other 
benefit by the requesting agency, to the extent that CSOSA determines 
that the information is relevant and necessary to the requesting 
party's decision on the matter.
    L. To an appeal, grievance, hearing, or complaints examiner; an 
equal opportunity investigator, arbitrator, or mediator; and an 
exclusive representative or other person authorized to investigate or 
settle a grievance, complaint, or appeal filed by an individual who is 
the subject of the record.
    M. For Data Breach and Mitigation Response to provide information 
to appropriate agencies, entities, and persons when;
    (1) CSOSA suspects or has confirmed that there has been a breach of 
the system of records; (2) CSOSA has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
CSOSA (including its information systems, programs, and operations), 
the Federal Government, or national security; and (3) the disclosure 
made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with CSOSA's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    N. To provide information to another Federal agency or Federal 
entity, when CSOSA determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach, or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs and operations), the Federal Government, or national security, 
resulting from a suspected or confirmed breach.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system of records are stored electronically or on 
paper in secure facilities. Electronic records are stored on CSOSA's 
secure network or cloud-based software using the Federal Risk and 
Authorization Management Program (FedRAMP) approved platform.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information covered by this system of records notice may be 
retrieved by the name of the individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    a. Medical Qualification and Eligibility Determination Records. 
Temporary. Destroy immediately after final determination has been 
issued. This disposition instruction is mandatory; deviations are not 
allowed.
    b. Occupational Individual Medical Case Files. Temporary: Destroy 
30 Years after employee separation or when the Official Personnel 
Folder is destroyed, whichever is longer.
    c. Non-Occupational Individual Medical Case Files. Temporary: 
Destroy 10 Years after the most recent encounter, but longer retention 
is authorized if needed for business use.
    d. Employees Drug Test Plans, Procedures and Scheduling Records. 
Temporary. Destroy when 3 years old or when superseded or obsolete.
    e. Employees Drug Test Results. (Positive). Temporary. Destroy when 
the employee leaves the agency or when 3 years old, whichever is 
longer.
    f. Employees Drug Test Results. (Negative). Temporary. Destroy when 
3 years old.
    g. Workers Compensation Records. Temporary: Destroy 3 years after 
compensation ceases or when deadline for filing a claim has passed.
    h. Non-Occupational Health and Wellness Program Records. Temporary: 
Destroy 3 Years after the project/activity/or transaction is completed 
or superseded, but longer retention is authorized if needed for 
business use.
    i. Reasonable Accommodation Case Files. Temporary. Destroy 3 years 
after employee separation from the agency or all appeals are concluded 
whichever is later, but longer retention is authorized if required for 
business use.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access and improper use

[[Page 1409]]

through administrative, technical, and physical security measures. 
Technical security safeguards within CSOSA include restrictions on 
computer access to authorized individuals who have a legitimate need to 
know the information; required use of strong passwords that are 
frequently changed; multi-factor authentication for remote access and 
access to many CSOSA network components; use of encryption for certain 
data types and transfers; firewalls and intrusion detection 
applications; and regular review of security procedures and best 
practices to enhance security. Physical safeguards include restrictions 
on building access to authorized individuals, security guard service, 
and maintenance of records in lockable offices and filing cabinets. 
Describe the administrative, technical, and physical safeguards, e.g., 
locked cabinets, locked rooms, passwords, audit trail, electronic data 
encryption, security, privacy and record management training that are 
in place to ensure the records are not accessed, used or disclosed in 
an unauthorized manner.

RECORD ACCESS PROCEDURES:
    Individuals requesting access to their individual records should 
send a signed, written inquiry to the System Manager identified above.

CONTESTING RECORD PROCEDURES:
    Individuals contesting the content of records about themselves 
contained in this system of records should follow the Notification 
Procedure below.

NOTIFICATION PROCEDURES:
    Individuals requesting notification of the existence of records on 
themselves or requesting access to their individual records must send a 
signed, written inquiry to Sheila Stokes, Senior Agency Official for 
Privacy, 800 North Capitol Street NW, 7th Floor, Washington, DC 20002, 
[email protected] or phone number (202) 220-5797. The request 
envelope (or subject line) and letter should both be clearly marked 
``PRIVACY ACT INQUIRY.'' A request for notification must meet the 
requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Sheila Stokes,
General Counsel.
[FR Doc. 2021-28122 Filed 1-10-22; 8:45 am]
BILLING CODE 3129-04-P