83 FR 42667 - Privacy Act of 1974; System of Records

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Federal Register Volume 83, Issue 164 (August 23, 2018)

Page Range		42667-42672
FR Document		2018-18290
In accordance with the requirements of the Privacy Act of 1974, as amended (the Act), the Department of Health and Human Services (HHS) is providing notice of the establishment of a new system of records, System No. 09-90-1701, HHS Insider Threat Program Records. The new system of records will cover records about individuals, retrieved by personal identifier, which are compiled and used by the Department's Office of Security and Strategic Information (OSSI), within the Immediate Office of the Secretary (IOS), to administer the Department's insider threat program. Because the records in this system of records include investigatory material compiled for law enforcement purposes and information classified in the interest of national security, elsewhere in today's Federal Register HHS has published a Notice of Proposed Rulemaking (NPRM) to exempt this system of records from certain requirements of the Privacy Act, pursuant to subsections (k)(1) and (k)(2) of the Act. The system of records is more fully described in the SUPPLEMENTARY INFORMATION section of this notice and in the System of Records Notice (SORN) published in this notice.
Federal Register, Volume 83 Issue 164 (Thursday, August 23, 2018)
[Federal Register Volume 83, Number 164 (Thursday, August 23, 2018)]
[Notices]
[Pages 42667-42672]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2018-18290]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES


Privacy Act of 1974; System of Records

AGENCY: Office of Security and Strategic Information (OSSI), Immediate 
Office of the Secretary (IOS), Department of Health and Human Services 
(HHS).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended (the Act), the Department of Health and Human Services 
(HHS) is providing notice of the establishment of a new system of 
records, System No. 09-90-1701, HHS Insider Threat Program Records. The 
new system of records will cover records about individuals, retrieved 
by personal identifier, which are compiled and used by the Department's 
Office of Security and Strategic Information (OSSI), within the 
Immediate Office of the Secretary (IOS), to administer the Department's 
insider threat program. Because the records in this system of records 
include investigatory material compiled for law enforcement purposes 
and information classified in the interest of national security, 
elsewhere in today's Federal Register HHS has published a Notice of 
Proposed Rulemaking (NPRM) to exempt this system of records from 
certain requirements of the Privacy Act, pursuant to subsections (k)(1) 
and (k)(2) of the Act. The system of records is more fully described in 
the SUPPLEMENTARY INFORMATION section of this notice and in the System 
of Records Notice (SORN) published in this notice.

DATES: This system of records is applicable August 23, 2018 with the 
exception of the routine uses and exemptions. Written comments on the 
SORN should be submitted by September 24, 2018. If HHS receives no 
significant adverse comment within the specified comment period, the 
routine uses will be applicable on September 24, 2018. If any timely 
significant adverse comment is received, HHS will publish a revised 
system of records. The exemptions will be applicable following 
publication of a Final Rule.

ADDRESSES: The public should address written comments on the proposed 
system of records to [email protected] or to the HHS Office of 
Security and Strategic Information (OSSI), 200 Independence Avenue SW, 
Washington, DC 20201.

FOR FURTHER INFORMATION CONTACT: General questions about the system of 
records may be submitted to Michael Schmoyer, Ph.D., Assistant Deputy

[[Page 42668]]

Secretary for National Security, by telephone, email, or mail, at (202) 
690-5756 or [email protected] or at HHS Office of Security and 
Strategic Information (OSSI), 200 Independence Avenue SW, Washington, 
DC 20201.

SUPPLEMENTARY INFORMATION: Each federal agency is mandated by 
Presidential Executive Order 13587, issued October 7, 2011, to 
establish an insider threat detection and prevention program to ensure 
the security of classified networks and the responsible sharing and 
safeguarding of classified information consistent with appropriate 
protections for privacy and civil liberties. The order states in 
section 2.1:

    The heads of agencies that operate or access classified computer 
networks shall have responsibility for appropriately sharing and 
safeguarding classified information on computer networks. As part of 
this responsibility, they shall implement an insider threat 
detection and prevention program consistent with guidance and 
standards developed by the Insider Threat Task Force established in 
section 6 of this order.

    A threat need not be directed at classified information to threaten 
classified networks. Consequently, insider threats include any of the 
following: Attempted or actual espionage, subversion, sabotage, 
terrorism, or extremist activities directed against the Department and 
its personnel, facilities, information resources, and activities; 
unauthorized use of or intrusion into automated information systems; 
unauthorized disclosure of classified, controlled unclassified, 
sensitive, or proprietary information to technology; indicators of 
potential insider threats or other incidents that may indicate 
activities of an insider threat; and other threats to the Department, 
such as indicators of potential for workplace violence or misconduct.
    The records that OSSI will compile to administer HHS' insider 
threat program may be from any HHS component, office, program, record 
or source, and may include records pertaining to information security, 
personnel security, or systems security. The records covered under 
System No. 09-90-1701 include investigatory material compiled for law 
enforcement purposes and information classified in the interest of 
national security. Accordingly, HHS has published a Notice of Proposed 
Rulemaking (NPRM) in today's Federal Register to exempt such material 
in the new system of records from certain Privacy Act requirements, 
based on subsections (k)(1) and (k)(2) of the Act.
    The Insider Threat Program system of records includes investigatory 
material compiled for law enforcement purposes and information 
classified in the interest of national security. While OSSI does not 
perform criminal law enforcement activity as its principal function, 
OSSI may compile in System No. 09-90-1701 material obtained from other 
agencies or components which perform as their principal function 
activities pertaining to the enforcement of criminal laws, and which 
have exempted their records from certain Privacy Act requirements, 
based on 5 U.S.C. 552a(j)(2). All other investigatory material compiled 
for law enforcement purposes is eligible to be exempted from certain 
Privacy Act requirements based on 5 U.S.C. 552a(k)(2). Information 
classified in the interest of national security is eligible to be 
exempted from certain Privacy Act requirements, based on 5 U.S.C. 
552a(k)(1). The Department's NPRM published in today's Federal Register 
proposes to establish these exemptions for System No. 09-90-1701:
     Law enforcement investigatory material compiled in this 
system of records that is from another system of records in which such 
material was exempted from access and other requirements of the Privacy 
Act (the Act) based on 5 U.S.C. 552a(j)(2) will be exempt in this 
system of records on the same basis (5 U.S.C. 552a(j)(2)) and from the 
same requirements as in the source system. The requirements from which 
records described in 5 U.S.C. 552a(j)(2) are eligible to be exempted 
are: (c)(3)-(4); (d)(1)-(4); (e)(1)-(3), (e)(4)(G)-(I), (e)(5), (e)(8), 
(e)(12); (f); (g); and (h).
     All other law enforcement investigatory material in System 
No. 09-90-1701 will be exempt, based on 5 U.S.C. 552a(k)(2), from the 
requirements in subsections (c)(3), (d)(1)-(4), (e)(1), (e)(4)(G)-(I), 
and (f) of the Act. However, if any individual is denied a right, 
privilege, or benefit to which the individual would otherwise be 
entitled by Federal law or for which the individual would otherwise be 
eligible, access will be granted, except to the extent that the 
disclosure would reveal the identity of a source who furnished 
information to the Government under an express promise of 
confidentiality.
     Information in this system of records that is classified 
in the interest of national security will be exempt, based on 5 U.S.C. 
552a(k)(1), from the requirements in subsections (c)(3), (d)(1)-(4), 
(e)(1), (e)(4)(G)-(I), and (f) of the Act.
    Note that this system of records does not cover investigatory 
material compiled solely for the purpose of determining suitability, 
eligibility, or qualification for federal civilian employment, military 
service, federal contracts, or access to classified information. Such 
material is covered by other HHS systems of records (i.e., 09-90-0002 
with respect to HHS Office of Inspector General determinations, and 09-
90-0020 as to all other HHS determinations) which have been exempted 
from access and other Privacy Act requirements based on 5 U.S.C. 
552a(k)(5).
SYSTEM NAME AND NUMBER
    HHS Insider Threat Program Records, 09-90-1701

SECURITY CLASSIFICATION:
    Classified and unclassified.

SYSTEM LOCATION:
    HHS Office of Security and Strategic Information (OSSI), 200 
Independence Avenue SW, Washington, DC 20201.

SYSTEM MANAGER(S):
    Assistant Deputy Secretary for National Security, HHS Office of 
Security and Strategic Information (OSSI), 200 Independence Avenue SW, 
Washington, DC 20201.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    E.O. 13587, Structural Reforms To Improve the Security of 
Classified Networks and the Responsible Sharing and Safeguarding of 
Classified Information (Oct. 7, 2011).
    Presidential Memorandum, National Insider Threat Policy and Minimum 
Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012).
    Intelligence Reform and Terrorism Prevention Act of 2004, Public 
Law 108-458, 118 Stat. 3638; Intelligence Authorization Act for FY 
2010, Public Law 111-259, 124 Stat. 2654.
    28 U.S.C. 535, Investigation of Crimes Involving Government 
Officers and Employees; Limitations; 50 U.S.C. 3381, Coordination of 
Counterintelligence Activities; E.O. 10450, Security Requirements for 
Government Employment (Apr. 17, 1953); E.O. 12333, United States 
Intelligence Activities (as amended); E.O. 12829, National Industrial 
Security Program; E.O. 12968, Access to Classified Information (Aug. 2, 
1995); E.O. 13467, Reforming Processes Related to Suitability for 
Government Employment, Fitness for Contractor Employees, and 
Eligibility for Access to Classified National Security Information 
(June 30, 2008); E.O. 13488, Granting Reciprocity on Excepted Service 
and Federal Contractor Employee Fitness and Reinvestigating Individuals 
in

[[Page 42669]]

Positions of Public Trust (Jan. 16, 2009); E.O. 13526, Classified 
National Security Information (Dec. 29, 2009).
    44 U.S.C. 3554, Federal Agency Responsibilities; 44 U.S.C. 3557, 
National Security Systems. E.O. 12333, United States Intelligence 
Activities (Dec. 4, 1981); E.O. 13556, Controlled Unclassified 
Information (Nov. 4, 2010); E.O. 13526, Classified National Security 
Information (Dec. 29, 2009); E.O. 13388, Further Strengthening the 
Sharing of Terrorism Information To Protect Americans (Oct. 25, 2005); 
E.O. 13587, Structural Reforms to Improve the Security of Classified 
Information Networks and Responsible Sharing and Safeguarding of 
Classified Information (Oct. 7, 2011); E.O. 12829, National Industrial 
Security Program (Jan. 6, 1993); E.O. 13549, Classified National 
Security Information Programs for State, Local, Tribal, and Private 
Sector Entities (Aug. 18, 2010); E.O. 13636, Improving Critical 
Infrastructure Cybersecurity (Feb. 12, 2013); Committee on National 
Security Systems Directive 504, Directive on Protecting NSS from 
Insider Threat (Feb. 4, 2014); Committee on National Security Systems 
Directive 505, Supply Chain Risk Management (SCRM) (Mar. 7, 2012); 
Committee on National Security Systems Instruction 4009, Committee on 
National Security Systems (CNSS) Glossary (Apr. 6, 2015); Presidential 
Decision Directive/NSC-12 Security Awareness and Reporting of Foreign 
Contacts (Aug. 5, 1993); HHS Residual Standards of Conduct, 45 CFR part 
73 (May 20, 2015); Statement of Organization, Functions, and 
Delegations of Authority for the Office of Security and Strategic 
Information, 71 FR 71004 (Nov. 28, 2012); HHS Counterintelligence and 
Insider Threat Policy (July 13, 2015); OS Policy for Special Monitoring 
of Employee Use of Information Technology Resources (Nov. 7, 2013); HHS 
Policy for Handling Security Incidents Related to the Potential 
Unauthorized Disclosure of Classified National Security Information 
(June 20, 2013); HHS Counterintelligence and Insider Threat Policy 
(July 7, 2015); HHS Policy for Handling Security Incidents Related to 
the Potential Unauthorized Disclosure of Classified National Security 
Information (June 20, 2013).

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system is to support a program of insider threat 
detection and prevention that is consistent with guidance and standards 
developed by the National Insider Threat Task Force, ensures the 
responsible sharing and safeguarding of information, and provides 
appropriate privacy and civil liberties protections. Records will be 
used on a need-to-know basis to manage insider threat matters; 
facilitate inside threat investigations and activities associated with 
counterintelligence and counterespionage complaints, inquiries and 
investigations; identify threats to Department resources, including 
threats to the Department's personnel, facilities, and information 
assets (including, in particular, classified networks and information); 
track tips and referrals of potential insider threats to internal and 
external partners; provide information for statistical reports; and 
meet other insider threat program requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system are HHS 
insiders, defined as any person with authorized access to any HHS 
resource to include personnel, facilities, information, equipment, 
networks or systems. Such persons include present and former HHS 
employees, members of joint task forces under the purview of HHS, 
contractors, detailees, assignees, interns, visitors, and guests.
    For the purposes of this system of records, sensitive information 
includes information classified pursuant to Executive Orders 13526, 
12829, and 13549 and unclassified information that requires 
safeguarding or dissemination controls pursuant to and consistent with 
law, regulations, and U.S. Government-wide policies falling under the 
program established by Executive Order 13556.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system will include these categories of records:
    A. Records derived from lawful HHS security investigations, 
including authorized physical, personnel, and communications security 
investigations, and information systems security analysis and 
reporting, such as:
     Responses to information requested by official 
questionnaires (e.g., SF 86 Questionnaire for National Security 
Positions) that include: Full name, former names and aliases; date and 
place of birth; social security number; height and weight; hair and eye 
color; gender; ethnicity and race; biometric data; mother's maiden 
name; personal identity verification (PIV) number; current and former 
home and work addresses, phone numbers, and email addresses; employment 
history; military record information; selective service registration 
record; residential history; education history and degrees earned; 
names of associates and references with their contact information; 
citizenship information; passport information; driver's license 
information; identifying numbers from access control passes or 
identification cards; criminal history; civil court actions; prior 
personnel security eligibility, investigative, and adjudicative 
information, including information collected through continuous 
evaluation; mental health history; records related to drug or alcohol 
use; financial record information; credit reports; the name, date and 
place of birth, social security number, and citizenship information for 
spouse or cohabitant; the name and marriage information for current and 
former spouse(s); the citizenship, name, date and place of birth, and 
address for relatives;
     Reports furnished to HHS or collected by HHS in connection 
with personnel security investigations, continuous evaluation for 
eligibility for access to classified information, and insider threat 
detection programs operated by HHS pursuant to Federal laws and 
Executive Orders and HHS policies, including information derived from: 
Responses to information requested on foreign contacts and activities; 
association records; information on loyalty to the United States;
     Records relating to the management and operation of HHS 
personnel and physical security, including information derived from: 
Personnel security adjudications and financial disclosure filings; 
nondisclosure agreements; document control registries; courier 
authorization requests; derivative classification unique identifiers; 
requests for access to sensitive compartmented information (SCI); 
security violation files; travel records; foreign contact reports; 
briefing and debriefing statements for special programs, positions 
designated as sensitive; polygraph examination results; logs of 
computer activities on all HHS information technology (IT) systems or 
any IT systems accessed by HHS personnel with security clearances; 
facility access records; and
     Reports of investigation regarding security violations, 
including: Individual statements or affidavits and correspondence; 
incident reports; drug test results; investigative records of a 
criminal, civil, or administrative nature; letters, emails, memoranda 
and reports; exhibits, evidence, statements, and affidavits; inquiries 
relating to suspected security violations; and recommended remedial 
actions for possible security violations.
    B. Summaries or reports about potential insider threats, from:

[[Page 42670]]

     Reports of investigation regarding security violations, 
including: Statements, declarations, affidavits and correspondence; 
incident reports; investigative records of a criminal, civil or 
administrative nature; letters, emails, memoranda, and reports; 
exhibits and evidence; and, recommended remedial or corrective actions 
for security violations; reports about potential insider threats 
regarding: Personnel user names and aliases, levels of network access, 
audit data, information regarding misuse of HHS devices, information 
regarding unauthorized use of removable media, and logs of printer, 
copier, and facsimile machine use;
     Information collected through user activity monitoring, 
which is the technical capability to observe and record the actions and 
activities of all users, at any time, on a computer network monitored 
by HHS, even if not controlled by HHS, thereof in order to deter, 
detect, and mitigate insider threats as well as to support authorized 
investigations. Such information may include key strokes, screen 
captures, and content transmitted via email, chat, or data import or 
export;
     Reports about potential insider threats from records of 
usage of government telephone systems, including the telephone number 
initiating the call, the telephone number receiving the call, and the 
date and time of the call;
     Payroll information, travel vouchers, benefits 
information, credit reports, equal employment opportunity complaints, 
performance evaluations, disciplinary files, training records, 
substance abuse and mental health records of individuals undergoing law 
enforcement action or presenting an identifiable imminent threat, 
counseling statements, outside work and activities requests, and 
personal contact records; and
     Particularly sensitive or protected information, including 
information held by special access programs, law enforcement, inspector 
general, or other investigative sources or programs. Access to such 
information may require additional approval by the senior HHS official 
who is responsible for managing and overseeing the program.
    C. Information related to investigative or analytical efforts by 
HHS insider threat program personnel, including:
     Identifying threats to HHS personnel, property, 
facilities, and information; information obtained from Intelligence 
Community members, the Federal Bureau of Investigation, or from other 
agencies or organizations about individuals known or suspected of being 
engaged in conduct constituting, preparing for, aiding, or relating to 
an insider threat, including espionage or unauthorized disclosure of 
classified national security information;
     Publicly available information, such as information 
regarding: Arrests and detentions; real property; bankruptcy; liens or 
holds on property; vehicles; licensure (including professional and 
pilot's licenses, firearms and explosive permits); business licenses 
and filings; and from social media;
     Information provided by record subjects and individual 
members of the public; and
     Information provided by individuals who report known or 
suspected insider threats.
    D. Reports about potential insider threats obtained through the 
management and operation of the HHS Operating or Staff Division insider 
threat programs, including:
     Documentation pertaining to investigative or analytical 
efforts by HHS insider threat program personnel to identify threats to 
HHS personnel, property, facilities, and information;
     Records collated to examine information technology events 
and other information that could reveal potential insider threat 
activities; and
     Travel records.
    E. Reports about potential insider threats obtained from other 
Federal Government sources, including:
     Documentation obtained from Intelligence Community 
members, the Federal Bureau of Investigation, or from other agencies or 
organizations pertaining to individuals known or suspected of being 
engaged in conduct constituting, preparing for, aiding, or relating to 
an insider threat, including espionage or unauthorized disclosure of 
classified national security information; and
     Intelligence reports and database query results relating 
to individuals covered by this system.

RECORD SOURCE CATEGORIES:
    Information in the system will be received from Department 
officials, employees, contractors, and other individuals who are 
associated with or represent HHS; officials from other foreign, 
federal, tribal, state, and local government agencies and 
organizations; non-government, commercial, public, and private agencies 
and organizations; complainants, informants, suspects, and witnesses; 
and from relevant records, including counterintelligence and security 
databases and files; personnel security databases and files; HHS human 
resources databases and files; Office of the Chief Information Officer 
and information assurance databases and files; information collected 
through user activity monitoring; HHS telephone usage records; federal, 
state, tribal, territorial, and local law enforcement and investigatory 
records; Inspector General records; available U.S. Government 
intelligence and counterintelligence reporting information and analytic 
products pertaining to adversarial threats; other Federal agencies; and 
publicly available information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    HHS may disclose records about an individual from this system of 
records to parties outside HHS, without the individual's prior written 
consent, pursuant to these routine uses:
    1. Records may disclosed to agency contractors, consultants, or 
others who have been engaged by the agency to assist with 
accomplishment of an HHS function relating to the purposes of this 
system of records and who need to have access to the records in order 
to assist HHS.
    2. Records may be disclosed to any person, organization, or 
governmental entity in order to notify them of a serious terrorist 
threat for the purpose of guarding against or responding to the threat.
    3. Records may be disclosed to third parties during the course of 
an investigation to the extent necessary to obtain information 
pertinent to the investigation
    4. Records may be disclosed to a federal, state, or local agency, 
or other appropriate entities or individuals, or through established 
liaison channels to selected foreign governments, in order to enable 
the intelligence agency with the relevant authority and responsibility 
for the matter to carry out its responsibilities under the National 
Security Act of 1947 as amended, the CIA act of 1949 as emended, 
Executive Order 12333 or any successor order, applicable national 
security directives, or classified implementing procedures approved by 
the Attorney General and promulgated pursuant to such statutes, orders 
or directives.
    5. Factual information the disclosure of which would be in the 
public interest and which would not constitute an unwarranted invasion 
of personal privacy may be disclosed to the news media or the general 
public.
    6. Where a record, either alone or in conjunction with other 
information, indicates a violation or potential violation of law, 
whether civil, criminal, or regulatory in nature, and whether

[[Page 42671]]

arising by general statute or by regulation, rule, or order issued 
pursuant thereto, the relevant records in the system of records may be 
referred, as a routine use, to the agency concerned, whether federal, 
state, local, tribal, territorial, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, or the rule, 
regulation, or order issued pursuant thereto.
    7. Records may be disclosed to an appropriate federal, state, 
local, tribal, territorial, foreign, or international agency, if the 
information is relevant and necessary to a requesting agency's decision 
concerning the hiring or retention of an individual, or issuance of a 
security clearance, license, contract, grant, delegation or designation 
of authority, or other benefit, or if the information is relevant and 
necessary to a HHS decision concerning the hiring or retention of an 
employee, the issuance of a security clearance, the reporting of an 
investigation of an employee, the letting of a contract, or the 
issuance of a license, grant, delegation or designation of authority, 
or other benefit and disclosure is appropriate to the proper 
performance of the official duties of the person making the request.
    8. Records may be disclosed to the Department of Justice (DOJ) or 
to a court or other tribunal when:
    a. HHS or any of its components; or
    b. any employee of HHS acting in the employee's official capacity; 
or
    c. any employee of HHS acting in the employee's individual capacity 
where the DOJ or HHS has agreed to represent the employee; or
    d. the United States Government, is a party to a proceeding or has 
an interest in such proceeding and the disclosure of such records is 
deemed by the agency to be relevant and necessary to the proceeding.
    9. Records may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of that individual.
    10. Records may be disclosed to representatives of the National 
Archives and Records Administration during records management 
inspections conducted pursuant to 44 U.S.C. 2904 and 2906.
    11. Records may be disclosed to appropriate agencies, entities, and 
persons when (1) HHS suspects or has confirmed that there has been a 
breach of the system of records, (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the federal government, or national security, and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    12. Records may be disclosed to another federal agency or federal 
entity, when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.
    13. Records may be disclosed to the U.S. Department of Homeland 
Security (DHS) if captured in an intrusion detection system used by HHS 
and DHS pursuant to a DHS cybersecurity program that monitors internet 
traffic to and from federal government computer networks to prevent a 
variety of types of cybersecurity incidents.
    The disclosures authorized by publication of the above routine uses 
pursuant to 5 U.S.C. 552a(b)(3) are in addition to the following 
disclosures which HHS may make based on other authorizations:
     Disclosures authorized by the subject individual's prior 
written consent pursuant to 5 U.S.C. 552a(b). For example, another 
agency conducting a background investigation or assessment may request 
information from this system of records using the consent form that the 
subject individual signed.
     Disclosures authorized directly in the Privacy Act at 5 
U.S.C. 552a(b)(1), (2) and (b)(4)-(11). For example, another agency 
conducting a law enforcement activity may request information from this 
system of records by making the request in accordance with 5 U.S.C. 
552a(b)(7).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records will be stored in hard copy files and electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records will be retrieved by an individual record subject's name, 
SSN, or PIV identification number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records in this system of records are covered by National 
Archives and Records Administration General Records Schedule 5.6, items 
230 and 240. Records determined to be associated with an insider threat 
or to have potential to be associated with an insider threat are 
destroyed 25 years after the date the threat was discovered, but a 
longer retention is authorized if required for business use. User 
attributable data collected to monitor user activities on a network to 
enable insider threat programs and activities to identify and evaluate 
anomalous activity, identify and assess misuse or exploitation, or 
support authorized inquiries and investigations, is destroyed five 
years after an inquiry was opened, but a longer retention is authorized 
if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Safeguards will conform to the HHS Information Security and Privacy 
Program, http://www.hhs.gov/ocio/securityprivacy/index.html. 
Information will be safeguarded in accordance with applicable laws, 
rules and policies, including the HHS Information Technology Security 
Program Handbook, all pertinent National Institutes of Standards and 
Technology (NIST) publications, and OMB Circular A-130, Managing 
Information as a Strategic Resource. Records will be protected from 
unauthorized access through appropriate administrative, physical, and 
technical safeguards. These safeguards include protecting the 
facilities where records are stored or accessed with security guards, 
badges and cameras; securing hard-copy records in locked file cabinets, 
file rooms or offices during off-duty hours; controlling access to 
physical locations where records are maintained and used by means of 
combination locks and identification badges issued only to authorized 
users; limiting access to electronic databases to authorized users 
based on roles and two-factor authentication (user ID and password), 
using a secured operating system protected by encryption, firewalls, 
and intrusion detection systems, requiring encryption for records 
stored on removable media, and training personnel in Privacy Act and 
information security requirements. Records that are eligible for 
destruction will be disposed of using secure destruction methods 
prescribed by NIST SP 800-88.

[[Page 42672]]

RECORD ACCESS PROCEDURES:
    An individual seeking access to records about him or her in this 
system of records should submit an access request to the System Manager 
identified in the ``System Manager'' section of this SORN, and must 
follow the access procedures contained in the HHS Privacy Act 
regulations, 45 CFR part 5b (currently located in section 5b.5). The 
individual's right of access under the Privacy Act will be subject to 
the exemptions promulgated for this system of records. Records compiled 
in reasonable anticipation of a civil action or proceeding are excluded 
from the Privacy Act access requirement in all systems of records as 
provided in 5 U.S.C. 552a(d)(5).

CONTESTING RECORD PROCEDURES:
    An individual seeking to amend a record about him or her in this 
system of records should submit an amendment request to the System 
Manager indicated in the ``System Manager'' section of this SORN, and 
must follow the correction/amendment procedures contained in the HHS 
Privacy Act regulations, 45 CFR part 5b (currently located in section 
5b.7). The individual's right of amendment will be subject to the 
exemptions promulgated for this system of records.

NOTIFICATION PROCEDURES:
    An individual who wishes to know if this system contains records 
about him or her should submit a notification request to the System 
Manager indicated in the ``System Manager'' section of this SORN, and 
must follow the notification procedures contained in the HHS Privacy 
Act regulations, 45 CFR part 5b (currently located in section 5b.5). 
The individual's right to notification will be subject to the 
exemptions promulgated for this system of records.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Upon completion of the Department's pending rulemaking (i.e., when 
a Final Rule has been published in the Federal Register and has become 
effective based on the Notice of Proposed Rulemaking published 
elsewhere in today's Federal Register), this system of records will be 
exempt from access and other requirements of the Privacy Act, as 
follows:
     Material compiled in this system of records that is from 
another system of records in which such material was exempted from 
access and other requirements of the Privacy Act (the Act) based on 5 
U.S.C. 552a(j)(2) will be exempt in this system of records on the same 
basis (5 U.S.C. 552a(j)(2)) and from the same requirements as in the 
source system. The requirements from which records described in 5 
U.S.C. 552a(j)(2) are eligible to be exempted are: (c)(3)-(4); (d)(1)-
(4); (e)(1)-(3), (e)(4)(G)-(I), (e)(5), (e)(8), (e)(12); (f); (g); and 
(h).
     All other law enforcement investigatory material in System 
No. 09-90-1701 will be exempt, based on 5 U.S.C. 552a(k)(2), from the 
requirements in subsections (c)(3), (d)(1)-(4), (e)(1), (e)(4)(G)-(I), 
and (f) of the Act. However, if any individual is denied a right, 
privilege, or benefit to which the individual would otherwise be 
entitled by Federal law or for which the individual would otherwise be 
eligible, access will be granted, except to the extent that the 
disclosure would reveal the identity of a source who furnished 
information to the Government under an express promise of 
confidentiality.
     Information in this system of records that is classified 
in the interest of national security will be exempt, based on 5 U.S.C. 
552a(k)(1), from the requirements in subsections (c)(3), (d)(1)-(4), 
(e)(1), (e)(4)(G)-(I), and (f) of the Act.

HISTORY:
    None.

    Dated: June 29, 2018.
Michael Schmoyer,
Assistant Deputy Secretary for National Security.
[FR Doc. 2018-18290 Filed 8-22-18; 8:45 am]
 BILLING CODE 4151-17-P
Federal Register / Vol. 83, No. 164 / Thursday, August 23, 2018 / Notices 42667

discussions and does not provide Title III of the Public Health Service DEPARTMENT OF HEALTH AND
guidance or reflect FDA’s current Act. HUMAN SERVICES
thinking on this subject. The workshop During the September 2018 meetings,
report was posted on FDA’s website on Privacy Act of 1974; System of
NACNHSC will continue its discussion
July 11, 2018. Records
from the May 15, 2018, meeting to
II. Electronic Access develop recommendations on the AGENCY: Office of Security and Strategic
current NHSC focus areas and finalize Information (OSSI), Immediate Office of
Persons may obtain the summary the Secretary (IOS), Department of
policy recommendations to the
report at https://www.fda.gov/ Health and Human Services (HHS).
RegulatoryInformation/LawsEnforced Secretary and the HRSA Administrator.
The current circumstances to strengthen ACTION: Notice of a new system of
byFDA/SignificantAmendmentstothe
the healthcare workforce and NHSC’s records.
FDCAct/FDARA/ucm598050.htm.
role in the expansion and improvement
Dated: August 17, 2018. SUMMARY: In accordance with the
of access to quality opioid and requirements of the Privacy Act of 1974,
Leslie Kux, substance use disorder treatment in
Associate Commissioner for Policy. as amended (the Act), the Department of
rural and underserved areas is an Health and Human Services (HHS) is
[FR Doc. 2018–18232 Filed 8–22–18; 8:45 am] important opportunity for NACNHSC to providing notice of the establishment of
BILLING CODE 4164–01–P add its voice. For this reason, a new system of records, System No.
NACNHSC will develop comprehensive 09–90–1701, HHS Insider Threat
policy recommendations and a Program Records. The new system of
DEPARTMENT OF HEALTH AND framework to articulate a clear vision records will cover records about
HUMAN SERVICES and mission statement that aligns with individuals, retrieved by personal
National Advisory Council on the the BHW and HRSA strategic plan. An identifier, which are compiled and used
National Health Service Corps agenda will be posted on the NACNHSC by the Department’s Office of Security
website prior to the meeting. Agenda and Strategic Information (OSSI), within
AGENCY: Health Resources and Service items are subject to change as priorities the Immediate Office of the Secretary
Administration (HRSA), Department of dictate. (IOS), to administer the Department’s
Health and Human Services (HHS). Members of the public will have the insider threat program. Because the
ACTION: Notice of meeting. opportunity to provide comments. Oral records in this system of records include
investigatory material compiled for law
comments will be honored in the order
SUMMARY: The National Advisory enforcement purposes and information
they are requested and may be limited
Council on the National Health Service classified in the interest of national
as time allows. Requests to make oral security, elsewhere in today’s Federal
Corps (NACNHSC) has scheduled a
comments or provide written comments Register HHS has published a Notice of
public meeting. Information about
NACNHSC and the agenda for this to the NACNHSC should be sent to Proposed Rulemaking (NPRM) to
meeting can be found on the NACNHSC Monica-Tia Bullock by email at exempt this system of records from
website at https://nhsc.hrsa.gov/about/ MBullock@hrsa.gov at least 3 business certain requirements of the Privacy Act,
national-advisory-council-nhsc/ days prior to the meeting. Council pursuant to subsections (k)(1) and (k)(2)
index.html. members are given copies of all written of the Act. The system of records is
statements submitted from the public. more fully described in the
DATES: September 17, 2018, 9:00 a.m.– Any further public participation will be SUPPLEMENTARY INFORMATION section of
5:00 p.m. ET, and September 18, 2018, solely at the discretion of the Chair, this notice and in the System of Records
9:00 a.m.–2:30 p.m., E.T. with approval of the DFO. Registration Notice (SORN) published in this notice.
ADDRESSES: This meeting will be held in through the designated contact for the DATES: This system of records is
person and will offer virtual access public comment session is required. applicable August 23, 2018 with the
through teleconference and webinar. Individuals who plan to attend and exception of the routine uses and
The address for the meeting is 5600 need special assistance or another exemptions. Written comments on the
Fishers Lane, Room 5W37, Rockville, reasonable accommodation should SORN should be submitted by
Maryland 20857. notify Monica-Tia Bullock using the September 24, 2018. If HHS receives no
• Conference call-in number: 1–800– email address listed above at least 10 significant adverse comment within the
238–9007; passcode: 155333. business days prior to the meeting. specified comment period, the routine
• Webinar link is https:// Since this meeting occurs in a federal uses will be applicable on September
hrsa.connectsolutions.com/nacnhsc. government building, attendees must go 24, 2018. If any timely significant
FOR FURTHER INFORMATION CONTACT: through a security check to enter the adverse comment is received, HHS will
Diane Fabiyi-King, Designated Federal building. Non-U.S. Citizen attendees publish a revised system of records. The
Official (DFO), Division of National must notify HRSA of their planned exemptions will be applicable following
Health Service Corps, HRSA, 5600 attendance at least 10 business days publication of a Final Rule.
Fishers Lane, Room 14N110, Rockville, prior to the meeting in order to facilitate ADDRESSES: The public should address
Maryland 20857; 301–443–3609; or their entry into the building. All written comments on the proposed
DFabiyi-King@hrsa.gov. attendees are required to present system of records to insiderthreat@
SUPPLEMENTARY INFORMATION: government-issued identification prior hhs.gov or to the HHS Office of Security
daltland on DSKBBV9HB2PROD with NOTICES

NACNHSC consults, advises, and makes to entry. and Strategic Information (OSSI), 200
recommendations to the HHS Secretary Independence Avenue SW, Washington,
and the HRSA Administrator with Amy P. McNulty, DC 20201.
respect to their responsibilities. Acting Director, Division of the Executive FOR FURTHER INFORMATION CONTACT:
NACNHSC also reviews and comments Secretariat. General questions about the system of
on regulations promulgated by the [FR Doc. 2018–18143 Filed 8–22–18; 8:45 am] records may be submitted to Michael
Secretary under Subpart II, Part D of BILLING CODE 4165–15–P Schmoyer, Ph.D., Assistant Deputy

VerDate Sep<11>2014 19:43 Aug 22, 2018 Jkt 244001 PO 00000 Frm 00032 Fmt 4703 Sfmt 4703 E:\FR\FM\23AUN1.SGM 23AUN1
42668 Federal Register / Vol. 83, No. 164 / Thursday, August 23, 2018 / Notices

Secretary for National Security, by The Insider Threat Program system of determining suitability, eligibility, or
telephone, email, or mail, at (202) 690– records includes investigatory material qualification for federal civilian
5756 or insiderthreat@hhs.gov or at HHS compiled for law enforcement purposes employment, military service, federal
Office of Security and Strategic and information classified in the contracts, or access to classified
Information (OSSI), 200 Independence interest of national security. While OSSI information. Such material is covered
Avenue SW, Washington, DC 20201. does not perform criminal law by other HHS systems of records (i.e.,
SUPPLEMENTARY INFORMATION: Each enforcement activity as its principal 09–90–0002 with respect to HHS Office
federal agency is mandated by function, OSSI may compile in System of Inspector General determinations,
Presidential Executive Order 13587, No. 09–90–1701 material obtained from and 09–90–0020 as to all other HHS
issued October 7, 2011, to establish an other agencies or components which determinations) which have been
insider threat detection and prevention perform as their principal function exempted from access and other Privacy
program to ensure the security of activities pertaining to the enforcement Act requirements based on 5 U.S.C.
classified networks and the responsible of criminal laws, and which have 552a(k)(5).
sharing and safeguarding of classified exempted their records from certain
Privacy Act requirements, based on 5 SYSTEM NAME AND NUMBER
information consistent with appropriate
U.S.C. 552a(j)(2). All other investigatory HHS Insider Threat Program Records,
protections for privacy and civil
material compiled for law enforcement 09–90–1701
liberties. The order states in section 2.1:
purposes is eligible to be exempted from
The heads of agencies that operate or certain Privacy Act requirements based SECURITY CLASSIFICATION:
access classified computer networks shall on 5 U.S.C. 552a(k)(2). Information Classified and unclassified.
have responsibility for appropriately sharing classified in the interest of national
and safeguarding classified information on SYSTEM LOCATION:
computer networks. As part of this
security is eligible to be exempted from
certain Privacy Act requirements, based HHS Office of Security and Strategic
responsibility, they shall implement an
insider threat detection and prevention on 5 U.S.C. 552a(k)(1). The Information (OSSI), 200 Independence
program consistent with guidance and Department’s NPRM published in Avenue SW, Washington, DC 20201.
standards developed by the Insider Threat today’s Federal Register proposes to
SYSTEM MANAGER(S):
Task Force established in section 6 of this establish these exemptions for System
order. No. 09–90–1701: Assistant Deputy Secretary for
• Law enforcement investigatory National Security, HHS Office of
A threat need not be directed at Security and Strategic Information
material compiled in this system of
classified information to threaten (OSSI), 200 Independence Avenue SW,
records that is from another system of
classified networks. Consequently, Washington, DC 20201.
records in which such material was
insider threats include any of the
exempted from access and other AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
following: Attempted or actual
requirements of the Privacy Act (the
espionage, subversion, sabotage, E.O. 13587, Structural Reforms To
Act) based on 5 U.S.C. 552a(j)(2) will be
terrorism, or extremist activities Improve the Security of Classified
exempt in this system of records on the
directed against the Department and its Networks and the Responsible Sharing
same basis (5 U.S.C. 552a(j)(2)) and from
personnel, facilities, information and Safeguarding of Classified
the same requirements as in the source
resources, and activities; unauthorized system. The requirements from which Information (Oct. 7, 2011).
use of or intrusion into automated records described in 5 U.S.C. 552a(j)(2) Presidential Memorandum, National
information systems; unauthorized are eligible to be exempted are: (c)(3)– Insider Threat Policy and Minimum
disclosure of classified, controlled (4); (d)(1)–(4); (e)(1)–(3), (e)(4)(G)–(I), Standards for Executive Branch Insider
unclassified, sensitive, or proprietary (e)(5), (e)(8), (e)(12); (f); (g); and (h). Threat Programs (Nov. 21, 2012).
information to technology; indicators of • All other law enforcement Intelligence Reform and Terrorism
potential insider threats or other investigatory material in System No. 09– Prevention Act of 2004, Public Law
incidents that may indicate activities of 90–1701 will be exempt, based on 5 108–458, 118 Stat. 3638; Intelligence
an insider threat; and other threats to U.S.C. 552a(k)(2), from the requirements Authorization Act for FY 2010, Public
the Department, such as indicators of in subsections (c)(3), (d)(1)–(4), (e)(1), Law 111–259, 124 Stat. 2654.
potential for workplace violence or (e)(4)(G)–(I), and (f) of the Act. However, 28 U.S.C. 535, Investigation of Crimes
misconduct. if any individual is denied a right, Involving Government Officers and
The records that OSSI will compile to privilege, or benefit to which the Employees; Limitations; 50 U.S.C. 3381,
administer HHS’ insider threat program individual would otherwise be entitled Coordination of Counterintelligence
may be from any HHS component, by Federal law or for which the Activities; E.O. 10450, Security
office, program, record or source, and individual would otherwise be eligible, Requirements for Government
may include records pertaining to access will be granted, except to the Employment (Apr. 17, 1953); E.O.
information security, personnel extent that the disclosure would reveal 12333, United States Intelligence
security, or systems security. The the identity of a source who furnished Activities (as amended); E.O. 12829,
records covered under System No. 09– information to the Government under an National Industrial Security Program;
90–1701 include investigatory material express promise of confidentiality. E.O. 12968, Access to Classified
compiled for law enforcement purposes • Information in this system of Information (Aug. 2, 1995); E.O. 13467,
and information classified in the records that is classified in the interest Reforming Processes Related to
interest of national security. of national security will be exempt, Suitability for Government
daltland on DSKBBV9HB2PROD with NOTICES

Accordingly, HHS has published a based on 5 U.S.C. 552a(k)(1), from the Employment, Fitness for Contractor
Notice of Proposed Rulemaking (NPRM) requirements in subsections (c)(3), Employees, and Eligibility for Access to
in today’s Federal Register to exempt (d)(1)–(4), (e)(1), (e)(4)(G)–(I), and (f) of Classified National Security Information
such material in the new system of the Act. (June 30, 2008); E.O. 13488, Granting
records from certain Privacy Act Note that this system of records does Reciprocity on Excepted Service and
requirements, based on subsections not cover investigatory material Federal Contractor Employee Fitness
(k)(1) and (k)(2) of the Act. compiled solely for the purpose of and Reinvestigating Individuals in

VerDate Sep<11>2014 19:43 Aug 22, 2018 Jkt 244001 PO 00000 Frm 00033 Fmt 4703 Sfmt 4703 E:\FR\FM\23AUN1.SGM 23AUN1
Federal Register / Vol. 83, No. 164 / Thursday, August 23, 2018 / Notices 42671

arising by general statute or by (including its information systems, POLICIES AND PRACTICES FOR RETENTION AND
regulation, rule, or order issued programs, and operations), the federal DISPOSAL OF RECORDS:
pursuant thereto, the relevant records in government, or national security, and The records in this system of records
the system of records may be referred, (3) the disclosure made to such are covered by National Archives and
as a routine use, to the agency agencies, entities, and persons is Records Administration General
concerned, whether federal, state, local, reasonably necessary to assist in Records Schedule 5.6, items 230 and
tribal, territorial, or foreign, charged connection with HHS’s efforts to 240. Records determined to be
with the responsibility of investigating respond to the suspected or confirmed
associated with an insider threat or to
or prosecuting such violation or charged breach or to prevent, minimize, or
have potential to be associated with an
with enforcing or implementing the remedy such harm.
insider threat are destroyed 25 years
statute, or the rule, regulation, or order 12. Records may be disclosed to
issued pursuant thereto. after the date the threat was discovered,
another federal agency or federal entity, but a longer retention is authorized if
7. Records may be disclosed to an when HHS determines that information
appropriate federal, state, local, tribal, required for business use. User
from this system of records is attributable data collected to monitor
territorial, foreign, or international reasonably necessary to assist the
agency, if the information is relevant user activities on a network to enable
recipient agency or entity in (1) insider threat programs and activities to
and necessary to a requesting agency’s responding to a suspected or confirmed
decision concerning the hiring or identify and evaluate anomalous
breach or (2) preventing, minimizing, or
retention of an individual, or issuance activity, identify and assess misuse or
remedying the risk of harm to
of a security clearance, license, contract, exploitation, or support authorized
individuals, the recipient agency or
grant, delegation or designation of inquiries and investigations, is
entity (including its information
authority, or other benefit, or if the destroyed five years after an inquiry was
systems, programs, and operations), the
information is relevant and necessary to opened, but a longer retention is
federal government, or national security,
a HHS decision concerning the hiring or authorized if required for business use.
resulting from a suspected or confirmed
retention of an employee, the issuance breach.
of a security clearance, the reporting of ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
13. Records may be disclosed to the SAFEGUARDS:
an investigation of an employee, the U.S. Department of Homeland Security
letting of a contract, or the issuance of (DHS) if captured in an intrusion Safeguards will conform to the HHS
a license, grant, delegation or detection system used by HHS and DHS Information Security and Privacy
designation of authority, or other benefit pursuant to a DHS cybersecurity Program, http://www.hhs.gov/ocio/
and disclosure is appropriate to the program that monitors internet traffic to securityprivacy/index.html. Information
proper performance of the official duties and from federal government computer will be safeguarded in accordance with
of the person making the request. networks to prevent a variety of types of applicable laws, rules and policies,
8. Records may be disclosed to the cybersecurity incidents. including the HHS Information
Department of Justice (DOJ) or to a court Technology Security Program
The disclosures authorized by
or other tribunal when: Handbook, all pertinent National
a. HHS or any of its components; or publication of the above routine uses
pursuant to 5 U.S.C. 552a(b)(3) are in Institutes of Standards and Technology
b. any employee of HHS acting in the
addition to the following disclosures (NIST) publications, and OMB Circular
employee’s official capacity; or
c. any employee of HHS acting in the which HHS may make based on other A–130, Managing Information as a
employee’s individual capacity where authorizations: Strategic Resource. Records will be
the DOJ or HHS has agreed to represent • Disclosures authorized by the protected from unauthorized access
the employee; or subject individual’s prior written through appropriate administrative,
d. the United States Government, is a consent pursuant to 5 U.S.C. 552a(b). physical, and technical safeguards.
party to a proceeding or has an interest For example, another agency conducting These safeguards include protecting the
in such proceeding and the disclosure of a background investigation or facilities where records are stored or
such records is deemed by the agency to assessment may request information accessed with security guards, badges
be relevant and necessary to the from this system of records using the and cameras; securing hard-copy
proceeding. consent form that the subject individual records in locked file cabinets, file
9. Records may be disclosed to a signed. rooms or offices during off-duty hours;
congressional office from the record of • Disclosures authorized directly in controlling access to physical locations
an individual in response to a written the Privacy Act at 5 U.S.C. 552a(b)(1), where records are maintained and used
inquiry from the congressional office (2) and (b)(4)–(11). For example, another by means of combination locks and
made at the written request of that agency conducting a law enforcement identification badges issued only to
individual. activity may request information from authorized users; limiting access to
10. Records may be disclosed to this system of records by making the electronic databases to authorized users
representatives of the National Archives request in accordance with 5 U.S.C. based on roles and two-factor
and Records Administration during 552a(b)(7). authentication (user ID and password),
records management inspections using a secured operating system
conducted pursuant to 44 U.S.C. 2904 POLICIES AND PRACTICES FOR STORAGE OF protected by encryption, firewalls, and
and 2906. RECORDS: intrusion detection systems, requiring
11. Records may be disclosed to Records will be stored in hard copy encryption for records stored on
daltland on DSKBBV9HB2PROD with NOTICES

appropriate agencies, entities, and files and electronic media. removable media, and training
persons when (1) HHS suspects or has personnel in Privacy Act and
confirmed that there has been a breach POLICIES AND PRACTICES FOR RETRIEVAL OF information security requirements.
of the system of records, (2) HHS has RECORDS: Records that are eligible for destruction
determined that as a result of the Records will be retrieved by an will be disposed of using secure
suspected or confirmed breach there is individual record subject’s name, SSN, destruction methods prescribed by NIST
a risk of harm to individuals, HHS or PIV identification number. SP 800–88.

VerDate Sep<11>2014 19:43 Aug 22, 2018 Jkt 244001 PO 00000 Frm 00036 Fmt 4703 Sfmt 4703 E:\FR\FM\23AUN1.SGM 23AUN1
42672 Federal Register / Vol. 83, No. 164 / Thursday, August 23, 2018 / Notices

RECORD ACCESS PROCEDURES: system. The requirements from which Agenda: To review and evaluate grant
An individual seeking access to records described in 5 U.S.C. 552a(j)(2) applications.
records about him or her in this system are eligible to be exempted are: (c)(3)– Place: National Institute on Aging,
of records should submit an access (4); (d)(1)–(4); (e)(1)–(3), (e)(4)(G)–(I), Gateway Building, Suite 2W200, 7201
Wisconsin Avenue, Bethesda, MD 20892.
request to the System Manager (e)(5), (e)(8), (e)(12); (f); (g); and (h).
Contact Person: Greg Bissonette, Ph.D.,
identified in the ‘‘System Manager’’ • All other law enforcement
Scientific Review Officer, National Institute
section of this SORN, and must follow investigatory material in System No. 09– on Aging, National Institutes of Health,
the access procedures contained in the 90–1701 will be exempt, based on 5 Gateway Building, Suite 2W200, 7201
HHS Privacy Act regulations, 45 CFR U.S.C. 552a(k)(2), from the requirements Wisconsin Avenue, Bethesda, MD 20892,
part 5b (currently located in section in subsections (c)(3), (d)(1)–(4), (e)(1), 301–402–1622, bissonettegb@mail.nih.gov.
5b.5). The individual’s right of access (e)(4)(G)–(I), and (f) of the Act. However, (Catalogue of Federal Domestic Assistance
under the Privacy Act will be subject to if any individual is denied a right, Program Nos. 93.866, Aging Research,
the exemptions promulgated for this privilege, or benefit to which the National Institutes of Health, HHS)
system of records. Records compiled in individual would otherwise be entitled Dated: August 17, 2018.
reasonable anticipation of a civil action by Federal law or for which the
Melanie J. Pantoja,
or proceeding are excluded from the individual would otherwise be eligible,
access will be granted, except to the Program Analyst, Office of Federal Advisory
Privacy Act access requirement in all
Committee Policy.
systems of records as provided in 5 extent that the disclosure would reveal
the identity of a source who furnished [FR Doc. 2018–18174 Filed 8–22–18; 8:45 am]
U.S.C. 552a(d)(5).
information to the Government under an BILLING CODE 4140–01–P
CONTESTING RECORD PROCEDURES:
express promise of confidentiality.
An individual seeking to amend a • Information in this system of
record about him or her in this system records that is classified in the interest DEPARTMENT OF HEALTH AND
of records should submit an amendment of national security will be exempt, HUMAN SERVICES
request to the System Manager indicated based on 5 U.S.C. 552a(k)(1), from the
in the ‘‘System Manager’’ section of this National Institutes of Health
requirements in subsections (c)(3),
SORN, and must follow the correction/ (d)(1)–(4), (e)(1), (e)(4)(G)–(I), and (f) of Center for Scientific Review; Notice of
amendment procedures contained in the the Act. Closed Meeting
HHS Privacy Act regulations, 45 CFR
part 5b (currently located in section HISTORY:
Pursuant to section 10(d) of the
5b.7). The individual’s right of None. Federal Advisory Committee Act, as
amendment will be subject to the Dated: June 29, 2018. amended, notice is hereby given of the
exemptions promulgated for this system Michael Schmoyer, following meeting.
of records. Assistant Deputy Secretary for National The meeting will be closed to the
NOTIFICATION PROCEDURES: Security. public in accordance with the
An individual who wishes to know if [FR Doc. 2018–18290 Filed 8–22–18; 8:45 am] provisions set forth in sections
this system contains records about him BILLING CODE 4151–17–P 552b(c)(4) and 552b(c)(6), Title 5 U.S.C.,
or her should submit a notification as amended. The grant applications and
request to the System Manager indicated the discussions could disclose
in the ‘‘System Manager’’ section of this DEPARTMENT OF HEALTH AND confidential trade secrets or commercial
SORN, and must follow the notification HUMAN SERVICES property such as patentable material,
procedures contained in the HHS and personal information concerning
National Institutes of Health
Privacy Act regulations, 45 CFR part 5b individuals associated with the grant
(currently located in section 5b.5). The National Institute on Aging; Notice of applications, the disclosure of which
individual’s right to notification will be Closed Meeting would constitute a clearly unwarranted
subject to the exemptions promulgated invasion of personal privacy.
for this system of records. Pursuant to section 10(d) of the
Name of Committee: Center for Scientific
Federal Advisory Committee Act, as Review Special Emphasis Panel; PAR Panel
EXEMPTIONS PROMULGATED FOR THE SYSTEM: amended, notice is hereby given of the Shared Instruments: NMR Spectrometers and
Upon completion of the Department’s following meeting. X-ray Crystallography Equipment.
pending rulemaking (i.e., when a Final The meeting will be closed to the Date: September 20–21, 2018.
Rule has been published in the Federal public in accordance with the Time: 8:00 a.m. to 5:00 p.m.
Register and has become effective based provisions set forth in sections Agenda: To review and evaluate grant
on the Notice of Proposed Rulemaking 552b(c)(4) and 552b(c)(6), Title 5 U.S.C., applications.
published elsewhere in today’s Federal as amended. The grant applications and Place: National Institutes of Health, 6701
Register), this system of records will be the discussions could disclose Rockledge Drive, Bethesda, MD 20892,
exempt from access and other confidential trade secrets or commercial (Virtual Meeting).
requirements of the Privacy Act, as property such as patentable material, Contact Person: David R Jollie, Ph.D.,
follows: Scientific Review Officer, Center for
and personal information concerning
Scientific Review, National Institutes of
• Material compiled in this system of individuals associated with the grant Health, 6701 Rockledge Drive, Room 4150,
records that is from another system of applications, the disclosure of which MSC 7806, Bethesda, MD 20892, (301)–435–
daltland on DSKBBV9HB2PROD with NOTICES

records in which such material was would constitute a clearly unwarranted 1722, jollieda@csr.nih.gov.
exempted from access and other invasion of personal privacy. (Catalogue of Federal Domestic Assistance
requirements of the Privacy Act (the Name of Committee: National Institute on Program Nos. 93.306, Comparative Medicine;
Act) based on 5 U.S.C. 552a(j)(2) will be Aging Special Emphasis Panel; Aspirin and 93.333, Clinical Research, 93.306, 93.333,
exempt in this system of records on the Aging. 93.337, 93.393–93.396, 93.837–93.844,
same basis (5 U.S.C. 552a(j)(2)) and from Date: October 11, 2018. 93.846–93.878, 93.892, 93.893, National
the same requirements as in the source Time: 12:00 p.m. to 4:00 p.m. Institutes of Health, HHS)

VerDate Sep<11>2014 19:43 Aug 22, 2018 Jkt 244001 PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 E:\FR\FM\23AUN1.SGM 23AUN1
Document Created: 2018-08-23 00:34:09
Document Modified: 2018-08-23 00:34:09
Category		Regulatory Information
Collection		Federal Register
sudoc Class		AE 2.7: GS 4.107: AE 2.106:
Publisher		Office of the Federal Register, National Archives and Records Administration
Section		Notices
Action		Notice of a new system of records.
Dates		This system of records is applicable August 23, 2018 with the exception of the routine uses and exemptions. Written comments on the SORN should be submitted by September 24, 2018. If HHS receives no significant adverse comment within the specified comment period, the routine uses will be applicable on September 24, 2018. If any timely significant adverse comment is received, HHS will publish a revised system of records. The exemptions will be applicable following publication of a Final Rule.
Contact		General questions about the system of records may be submitted to Michael Schmoyer, Ph.D., Assistant Deputy Secretary for National Security, by telephone, email, or mail, at (202) 690-5756 or [email protected] or at HHS Office of Security and Strategic Information (OSSI), 200 Independence Avenue SW, Washington, DC 20201.
FR Citation		83 FR 42667