[Federal Register Volume 88, Number 109 (Wednesday, June 7, 2023)]
[Notices]
[Pages 37301-37305]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-12155]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

[Docket No. DOT-OST-2022-0117]


Privacy Act of 1974; System of Records

AGENCY: Office of the Departmental Chief Information Officer, Office of 
the Secretary of Transportation, DOT.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation (DOT), Federal Aviation Administration (FAA), proposes 
to establish a new system of records titled, ``DOT/FAA 856 Airmen 
Medical Records.'' 14 Code of Federal Regulations (CFR) 61.23 Medical 
Certificates: Requirement and Duration specify operations requiring 
medical certificates. Collectively, for the purposes of this system of 
records notice, individuals required to obtain medical certificates are 
referred to as applicants. This Notice covers records maintained for 
the required airmen medical certification process which is initiated by 
the airman medical certificate application. In addition to the initial 
medical records obtained at time of certification, FAA also maintains 
information on post-certification medical changes including failed drug 
and substance abuse testing results that could disqualify certificated 
airmen. Finally, this system of records supports regulatory enforcement 
activities and other legal actions, such as denial of medical 
certifications, so records including, but not limited to, pre-
decisional notes in airmen medical files, are exempted from certain 
access and disclosure requirements of the Privacy Act of 1974.

DATES: Submit comments on or before July 7, 2023. The Department may 
publish an amended systems of records notice considering any comments 
received. This new system will be effective immediately upon 
publication. The routine uses will be effective July 7, 2023.

ADDRESSES: You may submit comments, identified by docket number 2022-
0117 by any of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001.
     Hand Delivery or Courier: West Building Ground Floor, Room 
W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday 
through Friday, except Federal Holidays.
     Fax: (202) 493-2251.
    Instructions: You must include the agency name and docket number 
DOT-OST-2022-0117. All comments received will be posted without change 
to http://www.regulations.gov, including any personal information 
provided.
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.).
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: For questions, please contact: Karyn 
Gorman, Departmental Chief Privacy Officer, Privacy Office, Department 
of Transportation, Washington, DC 20590; [email protected]; or 202-366-
3140.

SUPPLEMENTARY INFORMATION: 

Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, DOT/FAA 
proposes to issue a new system of records notice titled, DOT/FAA 856 
``Airmen Medical Records'' (hereafter referred to as ``Notice'').

Airmen Medical Certification Process

    Records maintained in this system of records were previously 
covered under DOT/FAA 847, Aviation Records on Individuals (75 FR 
68849--November 9, 2010). To provide the public with greater 
transparency and accountability to its business processes and data 
collection, FAA created this new Notice to more precisely consolidate 
records with similar purpose, authorities, categories of individuals, 
sources of information, and retention timeframes. This system of 
records covers all facets of the medical clearance process for airmen 
and non-FAA Air Traffic Control Specialists (ATCSs) with privileges 
under specific certifications. This Notice solely covers airmen and 
non-

[[Page 37302]]

FAA ATCSs as FAA ATCSs' medical clearances are covered under the Office 
of Personnel Management (OPM)/Government (GOVT)-10 Employee Medical 
File System Records SORN (80 FR 74815--November 30, 2015).
    The airmen medical certification process includes applicants for 
medical certificates, FAA Office of Aerospace Medicine (AAM) employees 
and contractors, and Aviation Medical Examiners (AMEs). Applicants 
consist of airmen and ATCSs who electronically submit the airman 
medical certificate application to apply for FAA medical certification. 
Applicants then select AMEs who are private physicians designated by 
FAA to conduct medical examinations. These AMEs review applicants' 
medical history and complete the requisite physical examinations. The 
examination results are integrated into the airman medical certificate 
application. Any issues or concerns regarding the medical examinations 
are directed by AMEs to FAA AAM employees to resolve. The employees 
also perform duties such as processing completed medical applications 
and issuing medical certificates. When requested by applicants or FAA 
AAM, external medical consultants, clinics and hospitals conduct 
certain testing, such as psychological or cardiac evaluations, and 
submit their medical findings to FAA AAM for inclusion in the airmen 
files.
    This system of records covers airmen medical records associated 
with the required medical certification process and includes airman 
medical history, physical examinations, various specialized medical 
exams, such as psychiatric and/or psychological testing, vision and 
hearing exams, cardiology reports, and diagnostic laboratory testing 
and imaging studies. Other records in the airmen medical file include 
items such as substance abuse violations committed by certificated 
airmen. These types of records are obtained through DOT employer 
requirements and through the National Drivers' Registry and are used to 
help determine whether or not the airman is eligible to hold an airman 
medical certificate. Additional medical records are provided by 
external physicians, hospitals and other clinicians, if there are 
changes to the airman's medical history, for review in case this 
negatively impacts the medical certificate holder. Pathological and 
toxicological records resulting from aviation mishaps involving medical 
certificate holders are also incorporated into the airman's file. 
Records that support FAA legal actions (i.e., revocation of medical 
certifications), such as pre-decisional notes in airmen medical files 
that are incorporated into investigatory files, are exempted from 
certain access and disclosure requirements of the Privacy Act of 1974, 
pursuant to 5 U.S.C. 552a(k)(2).
    DOT has included both system specific and departmental general 
routine uses, as they align with the purpose of this system of records 
to support decision-making and regulatory enforcement activities 
related to medical certification of airmen. As recognized by the Office 
of Management and Budget (OMB) in its Privacy Act Implementation 
Guidance and Responsibilities (65 FR 19746 (July 9, 1975)), the routine 
uses include proper and necessary uses of information in the system, 
even if such uses occur infrequently. The system specific routine uses 
include the following:
    1. Sharing of information with the National Transportation Safety 
Board (NTSB) for purposes of investigating accidents and incidents 
involving certificated airmen;
    2. Sharing with the general public information relating to an 
individual's eligibility for medical certification, requests for 
exemptions from medical requirements, and requests for review of 
certificate denials;
    3. Sharing personal information of airmen with other federal 
agencies for the purpose of verifying the accuracy and completeness of 
medical information provided to FAA;
    4. Sharing past medical certification history with AMEs, so they 
may render the best medical certification decision regarding airmen;
    5. Providing information about airmen to Federal, State, local and 
Tribal law enforcement agencies when engaged in an official 
investigation in which an airman is involved;
    6. Sharing records of an individual's positive drug test result, 
alcohol test result of 0.04 or greater breath alcohol concentration, or 
refusal to submit to testing required under a DOT-required testing 
program, available to third parties, including employers and 
prospective employers of such individuals. Such records will also 
contain the names and titles of individuals who, in their commercial 
capacity, administer the drug and alcohol testing programs of aviation 
entities; and
    7. Providing information about airmen to Federal, State, local, and 
Tribal law enforcement, national security or homeland security agencies 
whenever such agencies are engaged in the performance of threat 
assessments affecting the safety of transportation or national 
security.

Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records Notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information). In accordance with 5 U.S.C. 552a(r), DOT has provided a 
report of this system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    DOT/FAA 856 Airmen Medical Records

SECURITY CLASSIFICATION:
    Sensitive, unclassified

SYSTEM LOCATION:
    Federal Aviation Administration, Office of Information Technology, 
Enterprise Data Center (AIT-EDC), Mike Monroney Aeronautical Center, 
6500 S MacArthur Blvd., Oklahoma City, OK 73169. Federal Aviation 
Administration, Office of Information Technology, Enterprise Data 
Center (AIT-EDC), William J. Hughes Technical Center, Atlantic City, NJ 
08405.

SYSTEM MANAGER(S):
    Manager, Aerospace Medical Certification Division, AAM-300, Federal 
Aviation Administration, Civil Aerospace Medical Institute, 6500 S 
MacArthur Blvd., Oklahoma City, OK 73169; (405) 954-4821.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    49 U.S.C. 40101, 40113, 44701 and 44703.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system is to facilitate the medical fitness 
decision-making process for medical certifications and to support 
regulatory

[[Page 37303]]

enforcement activities as it relates to medical certification.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and previous applicants for medical certificates.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records maintained in this system consist of 
applicant personal records which include the following: names; social 
security number (full or pseudo-SSN); address; phone number; email 
address; date of birth; citizenship; physical characteristics (eye 
color, hair color, height and weight); gender; employer; arrests, 
convictions and/or administrative history (with explanations), and 
authorization to National Driver Register (NDR) to provide FAA with 
driving record results. Applicant medical history and examination 
records consist of names of prescriptions, near vision contacts (Y/N), 
medical history (check boxes for applicable conditions), healthcare 
professionals visited (name, address, type of professional, reason), 
medical examination findings and notes, hearing, vision, blood 
pressure, pulse, urine test results, electrocardiogram, other tests 
given, comments on medical history and findings, and statement of 
demonstrated ability (SODA) serial number. Health professional records 
consist of name and contact information (address and phone number), and 
AME serial number in the case of AMEs. Other medical records may 
include substance abuse test results or refusals to submit to testing, 
pathological and toxicological records (if applicable), unique 
identifiers/reference numbers, such as pathology index (PI), 
certificate number, applicant identification number (ID), medical 
identification number (MID), and federal tracking number (FTN). 
Finally, FAA employee information consists of name and examiner 
designation number.

RECORD SOURCE CATEGORIES:
    Information is collected directly from the applicants and AMEs, FAA 
employees, and when authorized by the applicants, from external 
sources, such as the NDR, hospitals and physicians/clinicians.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to other disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside of DOT as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
System Specific Routine Use
    1. To the National Transportation Safety Board (NTSB), entire 
records related to the medical suitability of specific airmen for 
purposes of aircraft investigation responsibilities and regulatory 
enforcement activities as it relates to medical certification.
    2. To the general public, upon request, records such as information 
relating to an individual's physical status or condition used to 
determine statistically the validity of FAA medical standards; and 
information relating to an individual's eligibility for medical 
certification, requests for exemptions from medical requirements, and 
requests for review of certificate denials.
    3. To other federal agencies, personally identifiable information 
about airmen for the purpose of verifying the accuracy and completeness 
of medical information provided to FAA in connection with applications 
for airmen medical certification.
    4. To Aviation Medical Examiners (AMEs), past airmen medical 
certification history data on a routine basis so that AMEs may render 
the best medical certification decision.
    5. To Federal, State, local and Tribal law enforcement agencies, 
information about airmen when engaged in an official investigation in 
which an airman is involved;
    6. To third parties, including employers and prospective employers 
of such individuals, records of an individual's positive drug test 
result, alcohol test result of 0.04 or greater breath alcohol 
concentration, or refusal to submit to testing required under a DOT-
required testing program. Such records will also contain the names and 
titles of individuals who, in their commercial capacity, administer the 
drug and alcohol testing programs of aviation entities; and
    7. To Federal, State, local, and Tribal law enforcement, national 
security or homeland security agencies, information about airmen 
whenever such agencies are engaged in the performance of threat 
assessments affecting the safety of transportation or national 
security.
Departmental Routine Uses
    8. In the event that a system of records maintained by DOT to carry 
out its functions indicates a violation or potential violation of law, 
whether civil, criminal or regulatory in nature, and whether arising by 
general statute or particular program pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether Federal, State, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    9. A record from this system of records may be disclosed, as a 
routine use, to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to a DOT decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant or other 
benefit.
    10. A record from this system of records may be disclosed, as a 
routine use, to a Federal agency, in response to its request, in 
connection with the hiring or retention of an employee, the issuance of 
a security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    11a. Routine Use for Disclosure for Use in Litigation. It shall be 
a routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when (a) DOT, or any agency thereof, or (b) Any employee of 
DOT or any agency thereof, in his/her official capacity, or (c) Any 
employee of DOT or any agency thereof, in his/her individual capacity 
where the Department of Justice has agreed to represent the employee, 
or (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case, DOT determines that 
disclosure of the records in the litigation is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    11b. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when (a)

[[Page 37304]]

DOT, or any agency thereof, or (b) Any employee of DOT or any agency 
thereof in his/her official capacity, or (c) Any employee of DOT or any 
agency thereof in his/her individual capacity where DOT has agreed to 
represent the employee, or (d) The United States or any agency thereof, 
where DOT determines that the proceeding is likely to affect the United 
States, is a party to the proceeding or has an interest in such 
proceeding, and DOT determines that use of such records is relevant and 
necessary in the proceeding, provided, however, that in each case, DOT 
determines that disclosure of the records in the proceeding is a use of 
the information contained in the records that is compatible with the 
purpose for which the records were collected.
    12. The information contained in this system of records will be 
disclosed to the Office of Management and Budget, OMB in connection 
with the review of private relief legislation as set forth in OMB 
Circular No. A-19 at any stage of the legislative coordination and 
clearance process as set forth in that Circular.
    13. Disclosure may be made to a Congressional office from the 
record of an individual in response to an inquiry from the 
Congressional office made at the request of that individual. In such 
cases, however, the Congressional office does not have greater rights 
to records than the individual. Thus, the disclosure may be withheld 
from delivery to the individual where the file contains investigative 
or actual information or other materials which are being used, or are 
expected to be used, to support prosecution or fines against the 
individual for violations of a statute, or of regulations of the 
Department based on statutory authority. No such limitations apply to 
records requested for Congressional oversight or legislative purposes; 
release is authorized under 49 CFR 10.35(9).
    14. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    15. Routine Use for disclosure to the Coast Guard and to 
Transportation Security Administration. A record from this system of 
records may be disclosed as a routine use to the Coast Guard and to the 
Transportation Security Administration if information from this system 
was shared with either agency when that agency was a component of the 
Department of Transportation before its transfer to the Department of 
Homeland Security and such disclosure is necessary to accomplish a DOT, 
TSA or Coast Guard function related to this system of records.
    16. DOT may make available to another agency or instrumentality of 
any government jurisdiction, including State and local governments, 
listings of names from any system of records in DOT for use in law 
enforcement activities, either civil or criminal, or to expose 
fraudulent claims, regardless of the stated purpose for the collection 
of the information in the system of records. These enforcement 
activities are generally referred to as matching programs because two 
lists of names are checked for match using automated assistance. This 
routine use is advisory in nature and does not offer unrestricted 
access to systems of records for such law enforcement and related 
antifraud activities. Each request will be considered on the basis of 
its purpose, merits, cost effectiveness and alternatives using 
Instructions on reporting computer matching programs to the Office of 
Management and Budget, OMB, Congress, and the public, published by the 
Director, OMB, dated September 20, 1989.
    17. It shall be a routine use of the information in any DOT system 
of records to provide to the Attorney General of the United States, or 
his/her designee, information indicating that a person meets any of the 
disqualifications for receipt, possession, shipment, or transport of a 
firearm under the Brady Handgun Violence Prevention Act. In case of a 
dispute concerning the validity of the information provided by DOT to 
the Attorney General, or his/her designee, it shall be a routine use of 
the information in any DOT system of records to make any disclosures of 
such information to the National Background Information Check System, 
established by the Brady Handgun Violence Prevention Act, as may be 
necessary to resolve such dispute.
    18a. To appropriate agencies, entities, and persons when (1) DOT 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOT has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOT (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DOT's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    18b. To another Federal agency or Federal entity, when DOT 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    19. DOT may disclose records from this system, as a routine use, to 
the Office of Government Information Services for the purpose of (a) 
resolving disputes between FOIA requesters and Federal agencies and (b) 
reviewing agencies' policies, procedures, and compliance in order to 
recommend policy changes to Congress and the President.
    20. DOT may disclose records from this system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    21. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under section (b)(1) of the Privacy Act.
    22. DOT may disclose from this system, as a routine use, records 
consisting of, or relating to, terrorism information (6 U.S.C. 
485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or law 
enforcement information (Guideline 2 Report attached to White House 
Memorandum, ``Information Sharing Environment, November 22, 2006) to a 
Federal, State, local, tribal, territorial, foreign government and/or 
multinational agency, either in response to its request or upon the 
initiative of the Component, for purposes of sharing such information 
as is necessary and relevant for the agencies to detect, prevent, 
disrupt, preempt, and mitigate the effects of terrorist activities 
against the territory, people, and interests of the United States of 
America, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 
(October 25, 2005).

[[Page 37305]]

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system of records are stored in hard copy format in 
a secure facility and in an electronic database system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Applicant medical records in this system are primarily retrieved by 
name, SSN, and unique identifiers/reference numbers, such as PI, MID, 
FTN, applicant ID, and certificate number.

POLICIES AND PRACTICE FOR RETENTION AND DISPOSAL OF RECORDS:
    A new National Archives and Records Administration (NARA) records 
schedule requesting 100-year retention for airmen medical certification 
records is being developed. The FAA will treat these records as 
permanent records until it receives an approval of record disposition 
authority from NARA. Any previous schedules attributed to this record 
type are superseded.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DOT automated 
systems security and access policies. Strict controls have been imposed 
to minimize the risk of compromising the information that is being 
stored. Access to records in this system is limited to those 
individuals who have a need to know the information for the performance 
of their official duties and who have appropriate clearances or 
permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking notification of whether this system of records 
contains information about them may contact the System Manager at the 
address provided in the section ``System Manager.'' When seeking 
records about yourself from this system of records or any other 
Departmental system of records your request must conform to the Privacy 
Act regulations set forth in 49 CFR part 10. You must sign your request 
and your signature must either be notarized or submitted under 28 
U.S.C. 1746, a law that permits statements to be made under penalty of 
perjury as a substitute for notarization. If your request is seeking 
records pertaining to another living individual, you must include a 
statement from that individual certifying his/her agreement for you to 
access his/her records.

CONTESTING RECORD PROCEDURE:
    See ``Record Access Procedures'' above.

NOTIFICATION PROCEDURE:
    See ``Record Access Procedures'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Records that support FAA legal actions (i.e., revocation of medical 
certifications), such as pre-decisional notes in airmen medical files 
that are incorporated into investigatory files, are exempted from 
certain access and disclosure requirements of the Privacy Act of 1974, 
pursuant to 5 U.S.C. 552a(k)(2).

HISTORY:
    None.

    Issued in Washington, DC.
Karyn Gorman,
Departmental Chief Privacy Officer.
[FR Doc. 2023-12155 Filed 6-6-23; 8:45 am]
BILLING CODE 4910-9X-P


