Privacy Act of 1974; Proposed Exempt New System of Records, 52043-52047 [2012-20884]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• National Institutes of Health

[Federal Register Volume 77, Number 167 (Tuesday, August 28, 2012)]
[Notices]
[Pages 52043-52047]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-20884]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

National Institutes of Health


Privacy Act of 1974; Proposed Exempt New System of Records

AGENCY: National Institutes of Health (NIH), Department of Health and 
Human Services (DHHS).

ACTION: Notification of a proposed exempt new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended (Privacy Act), the National Institutes of Health (NIH) 
is proposing to establish an exempt new system of records, 09-25-0223, 
``NIH Records Related to Research Misconduct Proceedings, HHS/NIH.'' 
The new system will contain records pertaining to individual 
respondents who are the subject of research misconduct allegations or 
proceedings governed by the Public Health Service (PHS) Policies on 
Research Misconduct (``PHS Policies on Research Misconduct''), 42 CFR 
Part 93 (``Part 93''). Because this is a law enforcement investigatory 
system, NIH has published a Notice of Proposed Rulemaking to exempt the 
system from certain requirements of the Privacy Act; specifically, the 
provisions pertaining to providing an accounting of disclosures, access 
and amendment, notification, and agency procedures and rules.

DATES: The new system of records will be effective on the date of 
publication of this notice, with the exception of the routine uses and 
the requested exemptions. The routine uses will become effective on 
October 12, 2012. As detailed in the related rulemaking notices 
published elsewhere in the Federal Register, unless revised or 
withdrawn in response to comments, the requested exemptions will become 
effective 135 days after publication of the rulemaking notices. Submit 
either electronic or written comments regarding this notice by October 
12, 2012. The NIH has sent a Report of the Proposed Exempt New System 
to the Congress and to the Office of Management and Budget (OMB).

ADDRESSEES: You may submit comments, identified by the Privacy Act 
System of Records Number (Ex. 09-25-0223), by any of the following 
methods:
     Federal eRulemaking Portal: https://regulations.gov. Follow 
the instructions for submitting comments.
     Email: plak@mail.nih.gov and include PA SOR number (Ex. 
09-25-0223) in the subject line of the message.
     Phone: (301) 402-6201 (not a toll-free number).
     Fax: (301) 402-0169.
     Mail: NIH Privacy Act Officer, Office of Management 
Assessment, National Institutes of Health, 6011 Executive Boulevard, 
Suite 601, MSC 7669, Rockville, Maryland 20892.
     Hand Delivery/Courier: 6011 Executive Boulevard, Suite 
601, MSC 7669, Rockville, Maryland 20892.
    Comments received will be available for inspection and copying at 
this same address from 9:00 a.m. to 3:00 p.m., Monday through Friday, 
Federal holidays excepted.

FOR FURTHER INFORMATION, CONTACT: NIH Privacy Act Officer, Office of 
Management Assessment (OMA), Office of the Director (OD), National 
Institutes of Health (NIH), 6011 Executive Boulevard, Suite 601, MSC 
7669, Rockville, Maryland 20892, or telephone (301) 402-6201 (not a 
toll-free number).

SUPPLEMENTARY INFORMATION: NIH is establishing the ``NIH Records 
Related to Research Misconduct Proceedings'' system. The new system 
will be used by NIH to ensure that research misconduct proceedings are 
carried out in accordance with the NIH Intramural Research Program 
Policies and Procedures for Research Misconduct Proceedings (``NIH 
Policy''), 42 CFR Part 93, and other applicable Federal statutes and 
regulations; enable NIH to inform Institute/Center (IC), NIH, Office of 
Research Integrity (ORI), Public Health Service (PHS), and Department 
of Health and Human Services (DHHS) agency officials who have a need 
for the records in the performance of their duties, of the status and 
results of research misconduct proceedings; and enable NIH to notify, 
consult with, and provide assistance to other Federal, State, local, or 
Tribal government agencies to permit them to take action to protect the 
health and safety of the public, to promote the integrity of NIH- and 
PHS-supported research, to

[[Page 52044]]

conserve public funds, or to pursue potential violations of civil and 
criminal statutes. The system is more thoroughly detailed below and in 
an associated rulemaking document that outlines the exemptions proposed 
for the system and the reasons for exempting the system from certain 
provisions of the Privacy Act.

    Dated: June 29, 2012.
Colleen Barros,
Deputy Director for Management, National Institutes of Health.
SYSTEM NUMBER:
    09-25-0223

SYSTEM NAME:
    NIH Records Related to Research Misconduct Proceedings, HHS/NIH

SECURITY CLASSIFICATION:
    Unclassified

SYSTEM LOCATION:
    This system of records will be located in National Institutes of 
Health (NIH) facilities and/or in the facilities of contractors and/or 
other affiliates working on behalf of NIH. Specific location:
    Office of Intramural Research (OIR), National Institutes of Health 
(NIH), 9000 Rockville Pike, Bethesda, Maryland 20892.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system will contain records about individuals who are the 
subject of research misconduct allegations or proceedings, referred to 
as ``respondents.'' The Public Health Service (PHS) Policies on 
Research Misconduct (``PHS Policies on Research Misconduct''), 42 CFR 
Part 93 (``Part 93''), define the term ``respondent'' to mean ``the 
person against whom an allegation of research misconduct is directed or 
who is the subject of a research misconduct proceeding.'' 42 CFR 
93.225. This definition has also been incorporated into the NIH 
Intramural Research Program Policies & Procedures for Research 
Misconduct Proceedings (``NIH Policy''). Other individuals who may be 
involved in research misconduct allegations or proceedings (e.g., 
complainants, witnesses) are not record subjects for purposes of this 
system.
    Consistent with the NIH's responsibilities under Part 93 and the 
NIH Policy, this system notice applies to alleged or actual research 
misconduct (fabrication, falsification, or plagiarism in proposing, 
performing, or reviewing research, or in reporting research results) 
involving research: (1) Carried out in NIH facilities by any person; 
(2) funded by the NIH Intramural Research Program (IRP) in any 
location; or (3) undertaken by an NIH employee or trainee as part of 
his or her official NIH duties or NIH training activities, regardless 
of location. A person who, at the time of the alleged or actual 
research misconduct, was employed by, was an agent of, or was 
affiliated by contract, agreement, or other arrangement with NIH, is 
subject to the NIH Policy and covered by this system if, for example, 
he or she is involved in: (1) NIH- or PHS-supported biomedical or 
behavioral research; (2) NIH- or PHS-supported biomedical or behavioral 
research training programs; (3) NIH- or PHS-supported activities that 
are related to biomedical or behavioral research or research training, 
such as the operation of tissue and data banks and the dissemination of 
research information; (4) plagiarism of research records produced in 
the course of NIH- or PHS-supported research, research training or 
activities related to that research or research training; or (5) an 
application or proposal for NIH or PHS support for biomedical or 
behavioral research, research training or activities related to that 
research or research training, such as the operation of tissue and data 
banks and the dissemination of research information (regardless of 
whether it is approved or funded).
    The term ``research misconduct'' is defined to mean ``fabrication, 
falsification, or plagiarism in proposing, performing, or reviewing 
research, or in reporting research results.'' ``Fabrication'' is 
defined to mean ``making up data or results and recording or reporting 
them.'' ``Falsification'' is ``manipulating research materials, 
equipment, or processes, or changing or omitting data or results such 
that the research is not accurately represented in the research 
record.'' ``Plagiarism'' is ``the appropriation of another person's 
ideas, processes, results, or words without giving appropriate 
credit.'' Research misconduct does not include honest error or 
differences of opinion. 42 CFR 93.103.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains records related to research misconduct 
proceedings. The term ``research misconduct proceeding'' is defined in 
Part 93 and the NIH Policy to mean ``any actions related to alleged 
research misconduct,'' including, but not limited to, allegation 
assessments, inquiries, investigations, oversight reviews by the Office 
of Research Integrity (ORI) of the U.S. Department of Health and Human 
Services (DHHS, HHS or Department), hearings, and administrative 
appeals.
    The records include all information that NIH receives or generates 
in overseeing or conducting research misconduct proceedings, including 
the implementation of research misconduct findings, and all information 
that NIH submits to, or receives from, ORI or other institutions under 
Part 93. This information includes, but is not necessarily limited to 
information about respondents (this may include social security 
numbers), complainants, and witnesses; the nature of the allegations; 
the NIH or PHS funding involved, including grant numbers; the offices, 
Institutes, Centers, and officials responsible for conducting the 
actions that are part of the research misconduct proceeding; the 
documentation used in the assessment, inquiry, and investigation, 
including relevant research data and materials, applications, proposals 
and documentation related to review and award actions, reports, 
abstracts, manuscripts and publications by the respondent(s) and other 
relevant reports, abstracts, manuscripts and publications; 
correspondence; memoranda of telephone calls, summaries of interviews 
and transcripts or recordings of interviews; statistical, scientific, 
and forensic analyses; interim and final reports; and records of 
findings, administrative actions, and appeal proceedings, if any.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The legal authorities to operate and maintain this Privacy Act 
records system are Sections 301, 401, 402, and 405 of the Public Health 
Service Act (42 U.S.C. 241, 281, 282, and 284); 5 U.S.C. 301; 44 U.S.C. 
3101; and 42 CFR part 93.

PURPOSE(S):
    NIH personnel and any contractors assisting them will use 
information from this system, on a need-to-know basis, for the 
following purposes:
    1. To enable NIH and its Institutes and Centers (``ICs'') to 
protect the health and safety of the public, to promote the integrity 
of NIH- or PHS-supported research, and to conserve public funds;
    2. To enable NIH to discharge effectively its responsibilities in 
managing the NIH intramural research program and in the award and 
administration of research and training grants, cooperative agreements, 
and contracts;
    3. To ensure that research misconduct proceedings are carried out 
in accordance with the NIH Policy, 42 CFR Part 93, and other applicable 
Federal statutes and regulations;

[[Page 52045]]

    4. To enable NIH to inform other IC, NIH, ORI, PHS, and other HHS 
agency officials who have a need for the records in the performance of 
their duties, of the status and results of research misconduct 
proceedings; and
    5. To enable NIH to notify, consult with, and provide assistance to 
other Federal, State, local, or Tribal governmental agencies to permit 
them to take action to protect the health and safety of the public, to 
promote the integrity of NIH- and PHS-supported research, to conserve 
public funds, or to pursue potential violations of civil and criminal 
statutes.

ROUTINE USES DISCLOSURES MADE OUTSIDE OF THE DEPARTMENT OF HEALTH AND 
HUMAN SERVICES (HHS OR DEPARTMENT) OF RECORDS MAINTAINED IN THE SYSTEM, 
INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
    A ``routine use'' is defined in 45 CRF 5b.1(j) to mean ``the 
disclosure of a record outside the Department, without the consent of 
the subject individual, for a purpose which is compatible with the 
purpose for which the record was collected.'' The routine uses for 
which NIH will disclose information from this system of records are as 
follows:
    1. Disclosure may be made to any person able to obtain information 
or provide information or assistance in a research misconduct 
proceeding or related proceeding. Recipients of disclosures under this 
routine use may include: Experts asked to perform statistical, forensic 
or other analyses or otherwise to provide assistance; institutions with 
which the respondent(s) was previously or is currently affiliated; 
Federal, State, local, and Tribal governmental agencies; the 
respondent(s); the complainant(s); witnesses; and organizations or 
individuals acting on behalf of those institutions, agencies, and 
individuals; provided, however, in each case NIH determines whether 
limited disclosures, confidentiality statements, contractual 
commitments to comply with the requirements of the Privacy Act of 1974, 
or similar measures are needed to protect the privacy of respondent(s), 
complainant(s), witnesses, research subjects, or others who may be 
identified in the records to be disclosed.
    2. Disclosure may be made to NIH/DHHS guest researchers, special 
government employees (SGEs), trainees, volunteers, former employees, 
contractors, and other persons engaged to perform a service in support 
of NIH/DHHS related to this system of records, if such persons need 
access to the records to perform their assigned task; provided, 
however, in each case NIH/DHHS determines whether limited disclosures, 
confidentiality statements, contractual commitments to comply with the 
requirements of the Privacy Act of 1974, or similar measures are needed 
to protect the privacy of respondent(s), complainant(s), witnesses, 
research subjects, or others who may be identified in the records to be 
disclosed; and NIH/DHHS determines that the disclosure is for a purpose 
compatible with the purpose for which the agency collected the records.
    3. Disclosure may be made to other Federal, State, local, or Tribal 
governmental agencies and offices, if NIH has reason to believe that a 
research misconduct proceeding may involve that agency or office.
    4. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal or regulatory in nature, disclosure may be made to the 
appropriate governmental agency, whether Federal, State, local or 
Tribal, or other public authority responsible for enforcing, 
investigating or prosecuting such violation, if the information 
disclosed is relevant to the responsibilities of the agency or public 
authority.
    5. Disclosure may be made to Institutional Review Boards, research-
sponsoring institutions, and individual research subjects, regarding 
information obtained or developed through a research misconduct 
proceeding that, in NIH's judgment, may have implications for 
individuals' health or for their participation in a research study.
    6. After NIH makes a finding of research misconduct and has 
informed ORI of the finding, disclosure may be made to responsible 
officials of NIH- or PHS-supported institutions or organizations, when 
in connection with a research misconduct proceeding concerning an 
individual previously or currently employed by, or affiliated with the 
institution or organization, or when NIH, ORI, or HHS makes a finding 
or takes an action potentially affecting the institution or 
organization or its NIH or PHS support for research, research training, 
or related activities.
    7. A record from this system may be disclosed to a Federal, State, 
local, or Tribal governmental agency maintaining civil, criminal, or 
other relevant enforcement records, or other pertinent records, or to 
another public authority or professional organization, if necessary to 
obtain information relevant to an investigation concerning the 
employment, clearance, suitability, eligibility or retention of an 
employee or other personnel action, the retention of a security 
clearance, the letting of a contract, issuance of a benefit or 
qualification decision made by HHS or NIH. No disclosure will be made 
unless the information has been determined to be sufficiently reliable 
to support a referral to another office within the agency or to another 
Federal agency for criminal, civil, administrative, personnel, or 
regulatory action. The other agency or licensing organization may then 
make a request supported by the written consent of the individual for 
the entire record if it so chooses. No information will be released 
that would reveal a confidential source.
    8. After NIH makes a finding of research misconduct and has 
informed ORI of the finding, disclosure may be made to research 
collaborators of the respondent, professional journals, other 
publications, news media, professional societies, other individuals and 
entities, and the public concerning research misconduct findings and 
the need to correct or retract research results or reports that have 
been affected by research misconduct, unless NIH determines that 
release of the specific information in the context of a particular case 
would constitute a clearly unwarranted invasion of personal privacy. No 
information will be released that would reveal a confidential source.
    9. After NIH makes a finding of research misconduct and has 
informed ORI of the finding, disclosure may be made to a State or other 
professional licensing board, certifying body, or other similar entity 
authorized to conduct a review of the respondent, to aid the entity in 
meeting its responsibility to protect the health of the population in 
its jurisdiction or the integrity of the profession.
    10. After NIH concludes a research misconduct proceeding without a 
finding of research misconduct or a settlement, disclosure may be made 
to the respondent, the complainant, witnesses, or other persons 
involved in or aware of the research misconduct proceeding; provided, 
however, in each case NIH determines whether limited disclosures, 
confidentiality statements, contractual commitments to comply with the 
requirements of the Privacy Act of 1974, or similar measures are needed 
to protect the privacy of respondent(s), complainant(s), witnesses, 
research subjects, or others who may be identified in the records to be 
disclosed.
    11. Disclosure may be made to the Department of Justice (DOJ), a 
court, or other tribunal, when: (a) The agency or any component 
thereof; (b) any employee of the agency in his or her official 
capacity; (c) any employee of the agency in his or her individual 
capacity

[[Page 52046]]

where the DOJ has agreed to represent the employee; or (d) the United 
States Government, is a party to litigation or has an interest in such 
litigation and, by careful review, the agency determines that the 
records are both relevant and necessary to the litigation and the use 
of such records by the DOJ, a court, or other tribunal is therefore 
deemed by the agency to be for a purpose that is compatible with the 
purpose for which the agency collected the records.
    12. A record may be disclosed to appropriate Federal agencies and 
Department contractors that have a need to know the information for the 
purpose of assisting the Department's efforts to respond to a suspected 
or confirmed breach of the security or confidentiality of information 
maintained in this system of records, if the information disclosed is 
relevant and necessary for that assistance.
    13. Disclosure may be made to a congressional office from the 
record of an individual in response to an inquiry from the 
congressional office made pursuant to the written request of the 
individual and if disclosure does not compromise the law enforcement 
activities of the Office of Research Integrity or other government 
agency.
    14. NIH may disclose information to the National Archives and 
Records Administration (NARA), General Services Administration (GSA), 
or other Federal government agencies pursuant to records management 
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
    15. Records may become accessible to U.S. Department of Homeland 
Security (DHS) cyber security personnel, if captured in an intrusion 
detection system used by HHS and DHS pursuant to the Einstein 2 
program. Under Einstein 2, DHS uses intrusion detection systems to 
monitor Internet traffic to and from federal computer networks to 
prevent malicious computer code from reaching the networks. According 
to DHS' Privacy Impact Assessment for Einstein 2 (available on the DHS 
Cybersecurity privacy Web site, https://www.dhs.gov/files/publications/editorial_0514.shtm#4), only personally identifiable information (PII) 
that is directly related to a malicious code security incident is 
captured by and accessible to DHS, and DHS does not access PII unless 
the PII is part of the malicious code.
    NIH may also disclose information from this system as authorized 
directly in the Privacy Act at 5 U.S.C. 552a(b).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records will be stored in various electronic media and paper form, 
and maintained under secure conditions in limited access areas or with 
controlled access. Only authorized users whose official duties require 
the use of this information will have regular access to the records in 
this system.
    In accordance with established NIH, HHS and other Federal security 
policies and controls, records may also be located, maintained and 
accessed from secure servers whenever feasible or located on portable/
mobile devices including, but not limited to: Laptops, PDAs, USB 
drives, portable hard drives, Blackberrys, iPods, CDs, DVDs, electronic 
readers, and/or other portable/mobile storage devices. Records are 
maintained on portable/mobile storage devices only for valid, business 
purposes, with prior approval, and in accordance with all applicable 
NIH, HHS and Federal security requirements, policies and controls.

RETRIEVABILITY:
    Records will be retrieved by manual or computer search using a 
unique case number or the name of the respondent(s) (i.e., the 
individual or individuals who are the subject of an allegation of 
research misconduct or of a research misconduct proceeding).

SAFEGUARDS:
    Measures to prevent unauthorized disclosures are implemented as 
appropriate for each location or form of storage and for the types of 
records maintained. Site(s) implement personnel and procedural 
safeguards such as the following:
    Authorized Users:
    Access is strictly limited to ensure least privilege by authorized 
personnel whose duties require such access (i.e., valid, business need-
to-know). Records from this system are available to the System Manager, 
to the Director, NIH, and to other appropriate NIH staff when they have 
a need for the records in the performance of their duties. Records are 
also available to the Director, ORI, and to other appropriate HHS 
officials, including attorneys in the Office of the General Counsel, 
when there is a need to know in the performance of their duties. All 
authorized users are informed that the records are confidential and are 
not to be further disclosed.
    Physical Safeguards:
    Controls to secure the data and protect paper and electronic 
records, buildings, and related infrastructure against threats 
associated with their physical environment include, but are not limited 
to the use of the HHS Employee ID and/or badge number and NIH key cards 
and security guards. Paper records are secured in locked file cabinets, 
offices and facilities. Electronic media are kept on secure servers or 
computer systems. Data on computer files is accessed by a password 
known only to authorized users who have a need for the data in the 
performance of their duties as determined by the System Manager. During 
regular business hours, rooms in this restricted area are unlocked but 
entry is controlled by on-site personnel. Security guards perform 
random checks on the physical security of the storage locations after 
duty hours, including weekends and holidays. The NIH main campus in 
Bethesda, Maryland is protected by perimeter barriers and limited 
points of access, security personnel, and intrusion alarms. Electronic 
access to computer files is strictly limited through passwords and 
user-invisible encryption. Special measures commensurate with the 
sensitivity of the record are taken to prevent unauthorized copying or 
disclosure of the records. Individually identifiable records are kept 
in locked file cabinets or in rooms under the direct control of the 
System Manager. Contractor interaction with records covered by this 
system will occur on-site and no physical records (paper or electronic) 
will be allowed to be removed from the NIH Office of Intramural 
Research unless authorized. All authorized users of personal 
information in connection with the performance of their jobs protect 
information from public view and from unauthorized personnel entering 
an unsupervised area/office.
    Administrative Safeguards:
    Controls to ensure proper protection of information and information 
technology systems include, but are not limited to the completion of a 
Certification and Accreditation (C&A) package and a Privacy Impact 
Assessment (PIA) for associated information technology systems, a 
system security plan, a contingency or back-up plan, user manuals, and 
mandatory completion of annual NIH Information Security and Privacy 
Awareness training. All authorized users of personal information in 
connection with the performance of their jobs (see Authorized Users, 
above) protect information from public view and from unauthorized 
personnel entering an unsupervised area/office. When the design, 
development, or

[[Page 52047]]

operation of a system of records on individuals is required to 
accomplish an agency function, the applicable Privacy Act Federal 
Acquisition Regulation (FAR) clauses are inserted in solicitations and 
contracts.
    Technical Safeguards:
    Controls are generally executed by the computer system and are 
employed to minimize the possibility of unauthorized access, use, or 
dissemination of the data in the system. They include, but are not 
limited to user identification, password protection, firewalls, virtual 
private network, encryption, intrusion detection system, common access 
cards, smart cards, biometrics and public key infrastructure.
    Implementation Guidelines: This Privacy Act System of Records 
Notice conforms to and complies with Office of Management and Budget 
(OMB) Circular A-130--Appendix I ``Federal Agency Responsibilities for 
Maintaining Records about Individuals'' https://www.whitehouse.gov/omb/assets/omb/circulars/a130/a130trans4.pdf, standards outlined in the 
Health and Human Services (HHS) General Administration Manual (GAM), 
HHS Chapter 45-10 ``Privacy Act--Basic Requirements and Relationships'' 
https://www.hhs.gov/hhsmanuals/gam/chapters/45-10.pdf, HHS Chapter 45-12 
``Creation, Alteration, and Termination of Privacy Act Systems of 
Records and Associated Documentation'' (available in paper copy only), 
HHS Chapter 45-13, ``Safeguarding Records Contained in Systems of 
Records'' https://www.hhs.gov/hhsmanuals/gam/chapters/45-13.pdf, and HHS 
Information Security and Privacy Program Policy.
    Alleged or Confirmed Security Incidents: NIH will report and take 
action to remediate security incidents involving the disclosure of 
personally identifiable information according to law, regulations, OMB 
guidance, HHS and NIH policies.

RETENTION AND DISPOSAL:
    Records will be maintained for 7 years in accordance with 42 CFR 
Part 93 and retained and disposed of under the authority of the NIH 
Records Control Schedule contained in Manual Chapter 1743, ``Keeping 
and Destroying Records'', Appendix 1, item 1700-A-3. Refer to the NIH 
Manual Chapter for specific retention and disposition instructions: 
https://www1.od.nih.gov/oma/manualchapters/management/1743.

SYSTEM MANAGER AND ADDRESS:
    The agency official responsible for the system policies and 
practices outlined above is:
    NIH Agency Intramural Research Integrity Officer (AIRIO), Office of 
Intramural Research (OIR), National Institutes of Health (NIH), 9000 
Rockville Pike, Bethesda, Maryland 20892.

NOTIFICATION PROCEDURE:
    This system will be exempt from the Privacy Act provision requiring 
procedures for notifying an individual, upon his or her request, if the 
system contains a record about him or her. However, consideration will 
be given to requests addressed to the System Manager listed above. Any 
individual who wishes to know if this system contains a record about 
him or her may make a written request to the System Manager.

RECORD ACCESS PROCEDURE:
    This system will be exempt from access. However, because the access 
exemption is limited and discretionary, consideration will be given to 
access requests addressed to the System Manager. The requester must 
verify his or her identity by providing either a notarization of the 
request or a written certification that he or she is who he or she 
claims to be and understands that the knowing and willful request of a 
record pertaining to an individual under false pretenses is a criminal 
offense under the Privacy Act, subject to a fine of up to five thousand 
dollars. If records are requested on behalf of a minor or legally 
incapacitated person, a statement of guardianship/conservatorship must 
be included. Requesters should also reasonably specify the record 
contents being sought. Requests should include (a) full name, (b) 
address, (c) the approximate date(s) the information was collected, (d) 
the types of information collected, and (e) the office or official 
responsible for the collection of information, etc. Individuals may 
also request an accounting of disclosures that have been made of their 
records, if any, if the System Manager determines that disclosure would 
not compromise the law enforcement activities of the NIH Office of 
Intramural Research. (These access procedures are in accordance with 
Department regulation (45 CFR 5b.5(a)(2)).

CONTESTING RECORD PROCEDURE (REDRESS):
    This system will be exempt from redress. However, records that 
contain factually incorrect information may be amended. To contest such 
information, write to the System Manager at the address specified 
above, and reasonably identify the record and specify the information 
to be contested, the corrective action sought, and the reason(s) for 
requesting the correction, along with supporting information. The right 
to contest records is limited to information which is factually 
inaccurate, incomplete, irrelevant, or untimely (obsolete).

RECORD SOURCE CATEGORIES:
    Information in this system is received or obtained from many 
sources, including: (1) Directly from the complainant or respondent or 
his/her representative; (2) derived from materials supplied by the 
complainant or respondent or his/her representative; (3) from 
information supplied by institutions, witnesses, scientific 
publications or other nongovernmental sources; (4) from observation and 
analysis made by NIH staff, guest researchers, SGEs, trainees, 
volunteers, former employees, contractors, and other persons engaged to 
perform a service in support of NIH; (5) departmental and other 
Federal, State, local, and Tribal government records; (6) from hearings 
and other administrative proceedings; and (7) from any other relevant 
source.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:
    Pursuant to 5 U.S.C. 552a (k)(2) and (k)(5) of the Privacy Act, the 
system will be exempted from the Privacy Act requirements pertaining to 
providing an accounting of disclosures, access and amendment, 
notification, and agency procedures and rules (5 U.S.C. 552a (c)(3), 
(d)(1)-(4), (e)(4)(G)-(H), and (f)). NIH believes that these exemptions 
are necessary to maintain the integrity of the research misconduct 
proceedings and to ensure that the NIH's efforts to obtain accurate and 
objective information will not be hindered. However, any individual who 
has been denied any right, privilege, or benefit to which he or she 
otherwise would have been entitled as a result of the maintenance of 
such material will be given access to the material, unless disclosure 
of the material would reveal the identity of a source who furnished 
information to the Government under an express promise of 
confidentiality.

[FR Doc. 2012-20884 Filed 8-27-12; 8:45 am]
BILLING CODE 4140-01-P