[Federal Register Volume 88, Number 194 (Tuesday, October 10, 2023)]
[Notices]
[Pages 69961-69964]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-22412]


=======================================================================
-----------------------------------------------------------------------

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

[NOTICE: (23-104)]


Privacy Act of 1974; System of Records

AGENCY: National Aeronautics and Space Administration (NASA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, the 
National Aeronautics and Space Administration is issuing public notice 
of its proposal to modify a previously noticed system of records NASA 
Health Information Management System/NASA 10HIMS. Modifications are 
described below under the caption SUPPLEMENTARY INFORMATION.

DATES: Submit comments within 30 calendar days from the date of this 
publication. The changes will take effect at the end of that period, if 
no adverse comments are received.

ADDRESSES: Bill Edwards-Bodmer, Privacy Act Officer, Office of the 
Chief Information Officer, National Aeronautics and Space 
Administration Headquarters, Washington, DC 20546-0001, (757) 864-7998, 
[email protected].

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Bill 
Edwards-Bodmer, (757) 864-7998, [email protected].

SUPPLEMENTARY INFORMATION: This notice incorporates revised NASA 
Standard Routine Uses, removes two electronic system locations, and 
includes minor editorial changes.

William Edwards-Bodmer,
NASA Privacy Act Officer.

SYSTEM NAME AND NUMBER:
    Health Information Management System, NASA 10HIMS.

[[Page 69962]]

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records of Medical Clinics/Units and Environmental Health Offices 
are maintained at:
     Mary W. Jackson NASA Headquarters, National Aeronautics 
and Space Administration (NASA), Washington, DC 20546-0001
     Ames Research Center (NASA), Moffett Field, CA 94035-1000
     Armstrong Flight Research Center (NASA), PO Box 273, 
Edwards, CA 93523-0273
     John H. Glenn Research Center at Lewis Field (NASA), 21000 
Brookpark Road, Cleveland, OH 44135-3191
     Goddard Space Flight Center (NASA), Greenbelt, MD 20771-
0001
     Lyndon B. Johnson Space Center (NASA), Houston, TX 77058-
3696
     John F. Kennedy Space Center (NASA), Kennedy Space Center, 
FL 32899-0001
     Langley Research Center, (NASA), Hampton, VA 23681-2199
     George C. Marshall Space Flight Center (NASA), Marshall 
Space Flight Center, AL 35812-0001
     John C. Stennis Space Center (NASA), Stennis Space Center, 
MS 39529-6000
     Michoud Assembly Facility (NASA), PO Box 29300, New 
Orleans, LA 70189
     Wallops Flight Facility (NASA), Wallops Island, VA 23337
    Electronic records are also hosted at:
     CORITY Amazon Web Services (AWS) US East region, 410 Terry 
Avenue North, Seattle, WA 98109

SYSTEM AND SUBSYSTEM MANAGER(S):
    Chief Health and Medical Officer at NASA Headquarters (see System 
Location above for address).
    Subsystem Managers:
     Director Health and Medical Systems, Occupational Health 
at NASA Headquarters (see System Location above for address);
     Chief, Space Medicine Division at NASA Johnson Space 
Center (see System Location above for address);
     Occupational Health Contracting Officer Representatives at 
NASA Ames Research Center, (see System Location above for address);
     NASA Armstrong Flight Research Center (see System Location 
above for address);
     NASA Goddard Space Flight Center (see System Location 
above for address);
     NASA Kennedy Space Center (see System Location above for 
address);
     NASA Langley Research Center (see System Location above 
for address);
     NASA Glenn Research Center (see System Location above for 
address);
     NASA Marshall Space Flight Center (see System Location 
above for address);
     NASA Jet Propulsion Laboratory (see System Location above 
for address);
     NASA Stennis Space Center (see System Location above for 
address);
     Michoud Assembly Facility (NASA) (see System Location 
above for address); and
     Wallops Flight Facility (NASA) (see System Location above 
for address).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
     5 U.S.C. 7901--Health service programs;
     51 U.S.C. 20113 (a)--Powers of the Administration in 
performance of functions to make and promulgate rules and regulations;
     44 U.S.C. 3101--Records management by agency heads; 
general duties;
     42 CFR part 2--Confidentiality of substance use disorder 
patient records.

PURPOSE(S) OF THE SYSTEM:
    In order to ensure a healthy environment and workforce, information 
in this system of records is maintained on anyone receiving (1) exams 
for general wellness, (2) occupational clearances or determination of 
fitness for duty, (3) behavioral health assistance, (4) workplace 
surveillance for potential human exposure within NASA to communicable 
diseases and hazards such as noise and chemical exposure, repetitive 
motion, and (5) first aid or medical care for onsite illness or 
injuries through a NASA clinic outreach.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains information on (1) NASA employees and 
applicants; (2) employees from other agencies and military detailees 
working at NASA; (3) active or retired astronauts and active astronaut 
family members; (4) other space flight personnel on temporary or 
extended duty at NASA; (5) contractor personnel; (6) Space Flight 
Participants and those engaged in commercial use of NASA facilities, 
(7) civil service and contractor family members; and (8) visitors to 
NASA Centers who use clinics or ambulance services for emergency or 
first-aid treatment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system contain demographic data and private health 
information:
    (1) Wellness records including but not limited to exams provided 
for continuing healthcare, documentation of immunizations and other 
outreach records.
    (2) Fitness for duty and/or exposure exams/surveillance including 
but not limited to ergonomics, hazardous materials, radiation, noise, 
communicable diseases and other applicable longitudinal surveillance.
    (3) Qualification records including the use of offsite or onsite 
exams to determine suitability for duties.
    (4) Behavioral health and employee assistance records.
    (5) Records of first aid, contingency response, or emergency care, 
including ambulance transportation.

RECORD SOURCE CATEGORIES:
    The information in this system of records is obtained from 
individuals themselves, physicians, and previous medical records of 
individuals.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. Under the following 
routine uses that are unique to this system of records, information in 
this system may be disclosed: (1) to external medical professionals and 
independent entities to support internal and external reviews for 
purposes of medical quality assurance; (2) to private or other 
government health care providers for consultation, referral, or mission 
medical contingency support; (3) to the Office of Personnel Management, 
Occupational Safety and Health Administration, and other Federal or 
State agencies as required in accordance with the Federal agency's 
special program responsibilities; (4) to insurers for referrals or 
reimbursement; (5) to employers of non-NASA personnel in support of the 
Mission Critical Space Systems Personnel Reliability Program; (6) to 
international partners for mission support and continuity of care for 
their employees pursuant to NASA Space Act agreements; (7) to non-NASA 
personnel performing research, studies, or other activities through 
arrangements or agreements with NASA; (8) to the public of pre-space 
flight information having mission impact concerning an individual 
crewmember, limited to the crewmember's name and the fact that a 
medical condition exists; (9) to the public, limited to the 
crewmember's name and the fact that a medical condition exists, if a 
flight crewmember is, for medical reasons, unable to perform a 
scheduled public event following a space flight mission/landing; and 
(10) to the public to advise

[[Page 69963]]

of medical conditions arising from accidents, consistent with NASA 
regulations.
    In addition, information may be disclosed under the following NASA 
Standard Routine Uses, which are standard for many NASA systems and are 
compatible with the purpose for which the Agency collected the 
information:
    1. Law Enforcement--When a record on its face, or in conjunction 
with other information, indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order, disclosure may be made to the appropriate 
agency, whether Federal, foreign, State, local, or tribal, or other 
public authority responsible for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order, if NASA determines by 
careful review that the records or information are both relevant and 
necessary to any enforcement, regulatory, investigative or prosecutive 
responsibility of the receiving entity.
    2. Certain Disclosures to Other Agencies--A record from this SOR 
may be disclosed to a Federal, State, or local agency maintaining 
civil, criminal, or other relevant enforcement information or other 
pertinent information, such as current licenses, if necessary, to 
obtain information relevant to a NASA decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    3. Certain Disclosures to Other Federal Agencies--record from this 
SOR may be disclosed to a Federal agency, in response to its request, 
for a matter concerning the hiring or retention of an employee, the 
issuance of a security clearance, the reporting of an investigation of 
an employee, the letting of a contract, or the issuance of a license, 
grant, or other benefit by the requesting agency, to the extent that 
the information is relevant and necessary to the requesting agency's 
decision on the matter.
    4. Department of Justice--A record from this SOR may be disclosed 
to the Department of Justice when (a) NASA, or any component thereof; 
or (b) any employee of NASA in his or her official capacity; or (c) any 
employee of NASA in his or her individual capacity where the Department 
of Justice has agreed to represent the employee; or (d) the United 
States, where NASA determines that litigation is likely to affect NASA 
or any of its components, is a party to litigation or has an interest 
in such litigation, and by careful review, the use of such records by 
the Department of Justice is deemed by NASA to be relevant and 
necessary to the litigation.
    5. Courts--A record from this SOR may be disclosed in an 
appropriate proceeding before a court, grand jury, or administrative or 
adjudicative body, when NASA determines that the records are relevant 
and necessary to the proceeding; or in an appropriate proceeding before 
an administrative or adjudicative body when the adjudicator determines 
the records to be relevant and necessary to the proceeding.
    6. Response to an Actual or Suspected Compromise or Breach of 
Personally Identifiable Information--A record from this SOR may be 
disclosed to appropriate agencies, entities, and persons when (1) NASA 
suspects or has confirmed that there has been a breach of the system of 
records; (2) NASA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, NASA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with NASA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    7. Contractors--A record from this SOR may be disclosed to 
contractors, grantees, experts, consultants, students, volunteers, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish a NASA function related to this SOR. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to NASA employees.
    8. Members of Congress--A record from this SOR may be disclosed to 
a Member of Congress or to a Congressional staff member in response to 
an inquiry of the Congressional office made at the written request of 
the constituent about whom the record is maintained.
    9. Disclosures to Other Federal Agencies in Response to an Actual 
or Suspected Compromise or Breach of Personally Identifiable 
Information--A record from this SOR may be disclosed to another Federal 
agency or Federal entity, when NASA determines that information from 
this system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    10. National Archives and Records Administration--A record from 
this SOR may be disclosed as a routine use to the officers and 
employees of the National Archives and Records Administration (NARA) 
pursuant to records management inspections being conducted under the 
authority of 44 U.S.C. 2904 and 2906.
    11. Audit--A record from this SOR may be disclosed to another 
agency, or organization for purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in multiple formats including paper, digital, 
micrographic, photographic, and as medical recordings such as 
electrocardiograph tapes, x-rays and strip charts.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved from the system by the individual's name, 
date of birth, or unique assigned Patient Identification Numbers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in Agency files and destroyed in accordance 
with NASA Records Retention Schedule 1, Items 126 and 127, and NASA 
Records Retention Schedule 8, Item 57.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are maintained on secure servers and protected in 
accordance with all Federal standards and those established in NASA 
regulations at 14 CFR 1212.605. Additionally, server and data 
management environments employ infrastructure encryption technologies 
both in data transmission and at rest on servers. Electronic messages 
sent within and outside of the Agency that convey sensitive data are 
encrypted and transmitted by staff via pre-approved electronic 
encryption systems as required by NASA policy. Approved security plans 
are in place for information systems containing the records in 
accordance with the Federal Information Security Management Act

[[Page 69964]]

of 2014 (FISMA) and OMB Circular A-130, Management of Federal 
Information Resources. Only authorized personnel requiring information 
in the official discharge of their duties are authorized access to 
records through approved access or authentication methods. Access to 
electronic records is achieved only from workstations within the NASA 
Intranet, or remotely via a secure Virtual Private Network (VPN) 
connection requiring two-factor token authentication using NASA-issued 
computers or via employee PIV badge authentication from NASA-issued 
computers. The CORITY AWS Data Center and Salesforce Government Cloud 
and Disaster Recovery Center maintain documentation and verification of 
commensurate safeguards in accordance with FISMA, NASA Procedural 
Requirements (NPR) 2810.1A, and NASA ITS-HBK-2810.02-05. Non-electronic 
records are secured in locked rooms or files.

RECORD ACCESS PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

CONTESTING RECORD PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

NOTIFICATION PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    2020-27051, 85 FR 79224, pp. 79224-79227.

[FR Doc. 2023-22412 Filed 10-6-23; 8:45 am]
BILLING CODE 7510-13-P