System of Records AGENCY: NATIONAL AERONAUTICS

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

Privacy Act of 1974; System of Records

AGENCY: NATIONAL AERONAUTICS AND SPACE ADMINISTRATION (NASA)

ACTION: Notice of a Modified System of Records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public notice of its proposal to significantly alter a previously noticed system of records NASA Health Information Management System/NASA

10HIMS. This notice incorporates locations and NASA standard routine uses, as appropriate, that NASA has previously published separately from, and cited by reference in, this and other

NASA systems of records notices. This notice further clarifies and crystalizes this system of records; updates records access, notification, and contesting procedures; enhances one and adds two one new routine uses, as set forth below under the caption SUPPLEMENTARY

INFORMATION.

DATES: Submit comments within 30 calendar days from the date of this publication. The changes will take effect at the end of that period, if no adverse comments are received.

ADDRESSES: Patti F. Stockman, Privacy Act Officer, Office of the Chief Information Officer,

National Aeronautics and Space Administration Headquarters, Washington, DC 20546-0001,

(202) 358-4787, NASA-PAOfficer@nasa.gov.

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Patti F.

Stockman, (202) 358–4787, [email protected].

SUPPLEMENTARY INFORMATION: This system notice includes both minor and substantial revisions to NASA’s existing system of records notice. This notice clarifies that NASA’s purpose for this system of records is to ensure a healthy workforce and working environment. It updates adds a field by which records retreivabilitymay be retrieved, and records access, notification, and contesting procedures Commented [OIRAPB1]: There appears to be a typo. consistent with NASA Privacy Act regulations; adds new locations to reflect wherethe location of NASA pandemic contact tracing records that identify individuals who have contracted infectious diseases and others they have potentially exposed in the NASA workplacewill reside; and incorporates, as appropriate, information formerly published separately in the Federal

Register as Appendix A, Location Numbers and Mailing Addresses of NASA Installations at which Records are Located. It incorporates, in whole, NASA Standard Routine uses heretofore published by NASA as Appendix B and cited within individual system notices. This notice modifies categories of individuals covered and categories of records to be more precise. Finally, this notice expands routine use number 2 for contingency medical mission support; and revises

NASA’s Standard Routine Use 6 and adds a new adds two new routine uses: routine use number

11, to allow necessary dissemination of information for pandemic contact tracing; and a new

NASA standard routine use number 9, both to permit disclosure of information to another federal agency or entity to permit their response to a breach or address of harm caused by a breach.

Jeff Seaton

Acting NASA Chief Information Officer

SYSTEM NAME AND NUMBER: Health Information Management System, NASA 10HIMS

SECURITY CLASSIFICATION: None

SYSTEM LOCATION: Records of Medical Clinics/Units and Environmental Health Offices are maintained at:

Mary W. Jackson NASA Headquarters, National Aeronautics and Space Administration

(NASA), Washington, DC 20546-0001;

Ames Research Center (NASA), Moffett Field, CA 94035-1000;

Armstrong Flight Research Center (NASA), PO Box 273, Edwards, CA 93523-0273;

John H. Glenn Research Center at Lewis Field (NASA), 21000 Brookpark Road, Cleveland, OH

44135-3191;

Goddard Space Flight Center (NASA), Greenbelt, MD 20771-0001;

Lyndon B. Johnson Space Center (NASA), Houston, TX 77058-3696;

John F. Kennedy Space Center (NASA), Kennedy Space Center, FL 32899-0001;

Langley Research Center, (NASA), Hampton, VA 23681-2199;

George C. Marshall Space Flight Center (NASA), Marshall Space Flight Center, AL 35812-

0001;

John C. Stennis Space Center (NASA), Stennis Space Center, MS 39529-6000;

Michoud Assembly Facility (NASA), PO Box 29300, New Orleans, LA 70189; and

Wallops Flight Facility (NASA), Wallops Island, VA 23337.

Electronic records are also hosted at:

CORITY Chicago Data Center, 341 Haynes Drive, in Wood Dale, Illinois 60191;

Salesforce Government Cloud in Ashburn, Virginia; and

Salesforce Disaster Recovery Center in Elk Grove Village, Illinois. SYSTEM AND SUBSYSTEM MANAGER(S):

Chief Health and Medical Officer at NASA Headquarters (see System Location above for address).

Subsystem Managers:

Director Health and Medical Systems, Occupational Health at NASA Headquarters (see System

Location above for address);

Chief, Space Medicine Division at NASA Johnson Space Center (see System Location above for address);

Occupational Health Contracting Officer Representatives at NASA Ames Research Center, (see

System Location above for address);

NASA Armstrong Flight Research Center (see System Location above for address);

NASA Goddard Space Flight Center (see System Location above for address);

NASA Kennedy Space Center (see System Location above for address);

NASA Langley Research Center (see System Location above for address);

NASA Glenn Research Center (see System Location above for address);

NASA Marshall Space Flight Center (see System Location above for address);

NASA Jet Propulsion Laboratory (see System Location above for address);

NASA Stennis Space Center (see System Location above for address);

Michoud Assembly Facility (NASA) (see System Location above for address); and

Wallops Flight Facility (NASA) (see System Location above for address).

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 USC § 7901 – Health service programs; 51 U.S.C. § 20113 (a) – Powers of the Administration in performance of functions to make and Commented [SP(2]: Edits of this section respond to OMB COMMENT: promulgate rules and regulations; What kinds of activities does this include? For example, the supplementary information refers to contact tracing, but it doesn’t define what exactly that means and under what 44 U.S.C. § 3101 – Records management by agency heads; general duties; circumstances that would be done. Please be specific about what contact tracing means and the context in which it would 42 CFR Part 2 – Confidentiality of substance use disorder patient records. be used. Commented [SP(3]: NASA RESPONSE TO OIRA: PURPOSE(S) OF THE SYSTEM: Discussed this with Kirsten Moncada. Contact tracing is a function of every NASA occupational clinic as part of wellness programs. This very small segment of records In order to ensure a healthy environment and workforce, information in this system of records is specifically for COVID-19 tracing records will be stored separately, which necessitated the update to locations. While this represents a novel effort, the records generated will be maintained on anyone receiving (1) exams for general wellness, (2) occupational clearances or miniscule in comparison to the larger set of 10HIMS records. To elaborate on every circumstance under which we could determination of fitness for duty, (3) behavioral health assistance, (4) workplace surveillance for create a record would make an excessively voluminous SORN. potential human exposure within NASA to communicable diseases and hazards such as disease Commented [OIRAPB4]: The supplementary information and routine uses still reference contact tracing. If that term is used anywhere in the document, it should be defined, so that tracking within NASA,such as noise and chemical exposure, repetitive motion, and (5) first aid it is clear what that means. If another activity referenced in the purpose covers what is intended by “contact tracing,” then that term may not be necessary. or medical care for onsite illness or injuries. through a NASA clinic outreach. Commented [SP(5]: See Routine Use 11 that now defines the activity. Per early discussions with Kirsten, we’re CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: cautious to not provide a detailed explanation of this set of records that represent such a miniscule piece of all 10HIMS This system contains information on (1) NASA employees and applicants; (2) employees from records. Commented [OIRAPB6]: It sounds like disease tracking is other agencies and military detailees working at NASA; (3) active or retired astronauts and a hazard, given the way this sentence is worded. Commented [OIRAPB7]: It sounds like disease tracking is active astronaut family members; (4) other space flight personnel on temporary or extended duty a hazard, given the way this sentence is worded. Commented [OIRAPB8]: Are there non-civil service at NASA; (5) contractor personnel; (6) Space Flight Participants and those engaged in employees covered by the system (e.g., political appointees)? Commented [SP(9]: SEE EDITS commercial use of NASA facilities, (7) civil service and contractor family members; and (8) Commented [SP(10]: By deleting “civil service,” “employees” would include political appointees from NASA visitors to NASA Centers who use clinics or ambulance services for emergency or first-aid and other agencies. OGC does not recommend singling them out. treatment. Commented [OIRAPB11]: Only “individuals” as defined in the Privacy Act should be included here. To confirm, is it... CATEGORIES OF RECORDS IN THE SYSTEM: Commented [SP(12]: PLEASE SEE EDITS TO THIS SECTION. ... Records in this system contain demographic data and private health information: Commented [OIRAPB13]: If it’s possible that these people are citizens or lawful permanent residents, then the original language can remain. Regardless, the last sentence ... (1) Wellness records including but not limited to exams provided for continuing healthcare, Commented [SP(14]: Have removed International Partners entirely. Everyone else is a citizen or legal resident. documentation of immunizations and other outreach records. Commented [OIRAPB15R14]: If there are International Partners or others who were previously listed who may be citizens or lawful permanent residents and therefore may be ... (2) Fitness for duty and/or exposure exams/surveillance including but not limited to ergonomics, hazardous materials, radiation, noise, communicable diseases and other applicable longitudinal surveillance.

(3) Qualification records including the use of offsite or onsite exams to determine suitability for duties.

(4) Behavioral health and employee assistance records.

(5) Records of first aid, contingency response, or emergency care, including ambulance transportation.

RECORD SOURCE CATEGORIES:

The information in this system of records is obtained from individuals themselves, physicians, and previous medical records of individuals.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING Commented [OIRAPB16]: Are all of the routine uses included in this section? Please clarify that the 12 routine uses listed in the first paragraph of this section are routine CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: uses themselves. Commented [SP(17]: See edited lead-in to these unique Any disclosures of information will be compatible with the purpose for which the Agency routine uses for HIMS, and the new lead-in for Standard Routine Uses. collected the information. Under the following routine uses that are unique to this system of records, information in this system may be disclosed:

(1) to external medical professionals and independent entities to support internal and external reviews for purposes of medical quality assurance; (2) to private or other government health care providers for consultation, referral, or mission medical contingency support; (3) to the Office of

Personnel Management, Occupational Safety and Health Administration, and other Federal or

State agencies as required in accordance with the Federal agency's special program responsibilities; (4) to insurers for referrals or reimbursement; (5) to employers of non-NASA personnel in support of the Mission Critical Space Systems Personnel Reliability Program; (6) to international partners for mission support and continuity of care for their employees pursuant to

NASA Space Act agreements; (7) to non-NASA personnel performing research, studies, or other Commented [SP(18]: SHARI’S COMMENT: This routine use is designed for research arrangement or National Academies. I do not think this would include contractors activities through arrangements or agreements with NASA and for mutual benefit; (8) to the performing work on our behalf. Not always mutual benefit. See 11 public of pre-space flight information having mission impact concerning an individual Commented [SP(19]: DELETED per apparent concurrence by Dr. Michaud with Shari’s recommendation. crewmember, limited to the crewmember's name and the fact that a medical condition exists; (9) to the public, limited to the crewmember's name and the fact that a medical condition exists, if a flight crewmember is, for medical reasons, unable to perform a scheduled public event following a space flight mission/landing; (10) to the public to advise of medical conditions arising from accidents, consistent with NASA regulations; (11) to contractors and others assisting with or impacted by NASA’s pandemic contact tracing efforts, and (12) in accordance with standard Commented [OIRAPB20]: How is this routine use different from standard routine use 7? routine uses as set forth here. Commented [SP(21]: Routine Use 7 is designed for research arrangements or National Academies for purposes in line with NASA life sciences mission work. For example, In addition, Tthe following routine uses of information contained in SORs are standard for many NASA partners with the Texas Medical Center in cutting edge medical research; TMC is the largest life sciences NASA systems and are compatible with the purpose for which the Agency collected the destination in the world. We also partnered with world- renowned Dr. Michael DeBaky in his vascular and cardio research. information. They are NASA Standard Routine Uses. This new routine use is narrowly specific release to entities engaged solely due to pandemic tracing. For example, release to contractors who may have employees discovered Standard Routine Use No. 1—In the event this system of records indicates a violation or via our tracing activities to have been exposed to the virus or other disease, as opposed to needing access to medical potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by records because they are doing research. Commented [OIRAPB22R21]: The original question still general statute or particular program statute, or by regulation, rule or order issued pursuant applies. It appears that standard routine use 7 is broader and encompasses this more specific routine use. If your agency and your counsel agree, we recommend deleting this more thereto, the relevant records in the SOR may be referred to the appropriate agency, whether specific routine use.

Also, the description of contact tracing may be useful to Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting include in the supplementary information section, where the term is first used. such violation or charged with enforcing or implementing the statute, or rule, regulation or order issued pursuant thereto. Standard Routine Use No. 2—A record from this SOR may be disclosed to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

Standard Routine Use No. 3— A record from this SOR may be disclosed to a Federal agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency’s decision on the matter.

Standard Routine Use No. 4—A record from this system may be disclosed to the Department of

Justice when a) the Agency, or any component thereof; or b) any employee of the Agency in his or her official capacity; or c) any employee of the Agency in his or her individual capacity where the Department of Justice or the Agency has agreed to represent the employee; or d) the United

States, where the Agency determines that litigation is likely to affect the Agency or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the Agency is deemed by the Agency to be relevant and Commented [OIRAPB23]: But, if you think we should necessary to the litigation provided, however, that in each case it has been determined that the interpret our routine use #7 more broadly to include this, we’ll defer to your opinion. By definition, a routine use is compatible with the purpose disclosure is compatible with the purpose for which the records were collected. for which records were collected. Adding this caveat suggests that other routine uses are not compatible. We Standard Routine Use No. 5—A record from this system may be disclosed in a proceeding recommend against making such a distinction. Commented [OIRAPB24R23]: Is the red text applicable before a court or adjudicative body before which the agency is authorized to appear, when: a) to this routine use and the associated comment? It appears it may be related to the comments on the previous page. The Agency, or any component thereof; or b) any employee of the Agency in his or her official Commented [SP(25]: OGC asks if EOP is recommending that all agencies delete this prescribed wording. If so, counsel is amenable to deleting, but would prefer that OMB capacity; or c) any employee of the Agency in his or her individual capacity where the Agency rescind the dated memo that directed this wording. Commented [OIRAPB26]: We do tend to recommend removing it when we see it, but we defer to your agency. has agreed to represent the employee; or d) the United States, where the Agency determines that litigation is likely to affect the Agency or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the Agency is deemed to be relevant and necessary to the litigation, provided, however, that in each case, the Agency has determined that the disclosure is compatible with the purpose for which the records were collected. Commented [SP(27]: See above response

Standard Routine Use No. 6—A record from this SOR may be disclosed to appropriate agencies, entities, and persons when (1) NASA suspects or has confirmed that there has been a breach of the system of records; (2) NASA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NASA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with

NASA’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

Standard Routine Use No. 7—A record from this system may be disclosed to contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the federal government, when necessary to accomplish an Agency function related to this system of records.

Standard Routine Use No. 8—A record from this system may be disclosed to a Member of

Congress or staff acting upon the Member’s behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

Standard Routine Use No. 9—A record from this system may be disclosed to another Federal agency or Federal entity, when NASA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the

Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in multiple formats including paper, digital, micrographic, photographic, and as medical recordings such as electrocardiograph tapes, x-rays and strip charts.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved from the system by the individual's name, date of birth, or unique assigned

Numbers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained in Agency files and destroyed in accordance with NASA Records

Retention Schedule 1, Item 126, and NASA Records Retention Schedule 8, Item 57.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are maintained on secure NASA servers and protected in accordance with all Federal standards and those established in NASA regulations at 14 CFR 1212.605. Additionally, server and data management environments employ infrastructure encryption technologies both in data transmission and at rest on servers. Electronic messages sent within and outside of the Agency that convey sensitive data are encrypted and transmitted by staff via pre-approved electronic encryption systems as required by NASA policy. Approved security plans are in place for information systems containing the records in accordance with the Federal Information Security

Management Act of 2014 (FISMA) and OMB Circular A-130, Management of Federal

Information Resources. Only authorized personnel requiring information in the official discharge of their duties are authorized access to records through approved access or authentication methods. Access to electronic records is achieved only from workstations within the NASA Intranet, or remotely via a secure Virtual Private Network (VPN) connection requiring two-factor token authentication using NASA-issued computers or via employee PIV badge authentication from NASA-issued computers. The CORITY Chicago Data Center and

Salesforce Government Cloud and Disaster Recovery Center maintain documentation and verification of commensurate safeguards in accordance with FISMA, NASA Procedural

Requirements (NPR) 2810.1A, and NASA ITS-HBK-2810.02-05. Non-electronic records are secured in locked rooms or files.

RECORD ACCESS PROCEDURES: Commented [OI28]: Where are the system and subsystem managers listed above? We recommend using titles that are In accordance with 14 CFR part 1212, Privacy Act – NASA Regulations, information may be more specific than System Manager. Commented [SP(29]: We list specific their titles under obtained by contacting in person or in writing the system or subsystem manager listed above at SYSTEM AND SUBSYSTEM MANAGERS above rather than repeating them all here. the location where the records are created and/or maintained. Requests must contain the Commented [OI30]: Per Circular A-130, agencies shall “take steps to eliminate unnecessary collection, maintenance, identifying data concerning the requester, e.g., first, middle and last name; date of birth; and use of Social Security numbers, and explore alternatives to the use of Social Security numbers as a personal identifier.” description and time periods of the records desired. NASA Regulations also address contesting We would recommend minimizing collection of SSNs and against including SSNs in an e.g. clause. contents and appealing initial determinations regarding records access. Commented [SP(31]: DONE. We will not require SSNs to find records. Frankly, NASA rarely has PA requests for PA CONTESTING RECORD PROCEDURES: records. Commented [OIRAPB32]: This should reflect what is in In accordance with 14 CFR part 1212, Privacy Act – NASA Regulations, information may be your agency’s Privacy Act regulations. If it does not, please amend. obtained by contacting in person or in writing the system or subsystem manager listed above at Commented [SP(33]: This language is consistent with our regs. the location where the records are created and/or maintained. Requests must contain the Commented [OI34]: Where are the system and subsystem managers listed above? We recommend using titles that are identifying data concerning the requester, e.g., first, middle and last name; date of birth; more specific than System Manager. Commented [SP(35]: In the section titled SYSTEM AND description and time periods of the records desired. NASA Regulations also address contesting SUBSYSTEM MANAGERS. There we do use specific titles rather than repeating them all in each of these sections. contents and appealing initial determinations regarding records access. Commented [OIRAPB36]: Is there a reason this section does not cite NASA’s Privacy Act implementation rules? NOTIFICATION PROCEDURES: Commented [SP(37]: We have cited it in this identical statement in each of the sections RECORDS ACCESS, CONTESTING, AND NOTIFICATION, per ORIA recommendation. In accordance with 14 CFR part 1212, Privacy Act – NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at Commented [OIRAPB38]: What does “cognizant” mean in this context? the location where the records are created and/or maintained. Requests must contain the Commented [OIRAPB39]: Where are the system and subsystem managers listed above? We recommend using identifying data concerning the requester, e.g., first, middle and last name; date of birth; titles that are more specific than System Manager. description and time periods of the records desired. NASA Regulations also address contesting Commented [OIRAPB40]: Per Circular A-130, agencies shall “take steps to eliminate unnecessary collection, maintenance, and use of Social Security numbers, and contents and appealing initial determinations regarding records access. explore alternatives to the use of Social Security numbers as a personal identifier.” EXEMPTIONS PROMULGATED FOR THE SYSTEM: None We would recommend minimizing collection of SSNs and against including SSNs in an e.g. clause. HISTORY: 15-101, 80 FR 214, pp. 68568-68572