Medical Examiner's Certification Integration; Availability of Updated Privacy Impact Assessment, 30062-30064 [2014-12176]

Agencies

• Federal Motor Carrier Safety Administration
• DEPARTMENT OF TRANSPORTATION

[Federal Register Volume 79, Number 101 (Tuesday, May 27, 2014)]
[Proposed Rules]
[Pages 30062-30064]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-12176]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Motor Carrier Safety Administration

49 CFR Parts 383, 384, and 391

[Docket No. FMCSA-2012-0178]
RIN 2126-AB40


Medical Examiner's Certification Integration; Availability of 
Updated Privacy Impact Assessment

AGENCY: Federal Motor Carrier Safety Administration (FMCSA), DOT.

ACTION: Notice of availability; request for comments.

-----------------------------------------------------------------------

SUMMARY: FMCSA announces the availability of the Privacy Impact 
Assessment (PIA) for the Medical Examiner's Certification Integration 
notice of proposed rulemaking (NPRM) published on May 10, 2013. Due to 
technical errors, the PIA was not posted to the docket until July 4, 
2013, just a few days prior to the end of the public comment period. In 
addition, the PIA was not posted to the Department of Transportation's 
(DOT's) Privacy Web site until December 11, 2013. In an effort to 
provide the public with as much information as possible regarding the 
National Registry and the Medical Examiner's Certification Integration 
rulemaking, we are announcing the availability of the updated PIA and 
requesting comments from the public. Comments must be limited to 
possible impact of the rules proposed in the NPRM on the protection of 
privacy of information used in determining the physical qualifications 
of drivers of commercial motor vehicles.

DATES: Comments must be received on or before June 11, 2014.

ADDRESSES: You may submit comments identified by Docket Number FMCSA-
2012-0178 using any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the online instructions for submitting comments.
     Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Avenue SE., West Building, Ground 
Floor, Room W12-140, Washington, DC 20590-0001.
     Hand Delivery or Courier: West Building, Ground Floor, 
Room W12-140, 1200 New Jersey Avenue SE., between 9 a.m. and 5 p.m. 
E.T., Monday through Friday, except Federal holidays.
     Fax: 202-493-2251.
    To avoid duplication, please use only one of these four methods. 
See the ``Public Participation and Request for Comments'' portion of 
the SUPPLEMENTARY INFORMATION section below for instructions on 
submitting comments. Comments received after the comment closing date 
will be included in the docket, and we will consider late comments to 
the extent practicable.

FOR FURTHER INFORMATION CONTACT: Robin Hamilton, Office of Medical 
Programs, Federal Motor Carrier Safety Administration, 1200 New Jersey 
Avenue SE., Washington, DC 20590-0001, by telephone at (202) 366-4001 
or via email at fmcsamedical@dot.gov. Office hours are from 9 a.m. to 5 
p.m. ET, Monday through Friday, except Federal holidays. If you have 
questions on viewing or submitting material to the docket, contact 
Docket Services, telephone (202) 366-9826.

SUPPLEMENTARY INFORMATION:

I. Public Participation and Request for Comments

    FMCSA encourages you to submit comments regarding the impacts on 
privacy of information by the rules proposed in the Medical Examiner's 
Certification Integration rulemaking. All comments received will be 
posted without change to https://www.regulations.gov and will include 
any personal information you provide.

A. Submitting Comments

    If you submit a comment, please include the docket number for this 
rulemaking (FMCSA-2012-0178), indicate the specific section of this 
document to which each comment applies, and provide a reason for each 
suggestion or recommendation. You may submit your comments and

[[Page 30063]]

material online or by fax, mail, or hand delivery, but please use only 
one of these means. FMCSA recommends that you include your name and a 
mailing address, an email address, or a phone number in the body of 
your document so FMCSA can contact you if there are questions regarding 
your submission. To submit your comment online, go to https://www.regulations.gov and click on the ``Submit a Comment'' box, which 
will then become highlighted in blue. In the ``Document Type'' drop-
down menu, select ``Proposed Rules,'' insert ``FMCSA 2012-0178'' in the 
``Keyword'' box, and click ``Search.'' When the new screen appears, 
click on ``Submit a Comment'' in the ``Actions'' column. If you submit 
your comments by mail or hand delivery, submit them in an unbound 
format, no larger than 8\1/2\ by 11 inches, suitable for copying and 
electronic filing. If you submit your comments by mail and would like 
to know that they reached the facility, please enclose a stamped, self-
addressed postcard or envelope. FMCSA will consider all comments and 
material received during the comment period and may change the proposed 
rule based on your comments.

B. Viewing Comments and Documents

    To view comments, as well as documents mentioned in the Medical 
Examiner's Certification Integration NPRM, available in the docket, go 
to https://www.regulations.gov and click on the ``Read Comments'' box in 
the upper right-hand side of the screen. Then in the ``Keyword'' box, 
insert ``FMCSA-2012-0178'' and click ``Search.'' Next, click the ``Open 
Docket Folder'' in the ``Actions'' column. Finally, in the ``Title'' 
column, click on the document you would like to review. If you do not 
have access to the Internet, you may view the docket online by visiting 
the Docket Management Facility in Room W12-140 on the ground floor of 
the Department of Transportation West Building, 1200 New Jersey Avenue 
SE., Washington, DC 20590, between 9 a.m. and 5 p.m. ET, Monday through 
Friday, except Federal holidays.

C. Privacy Act

    Anyone may search the electronic form of all comments received into 
any of our dockets by the name of the individual submitting the comment 
(or of the person signing the comment, if submitted on behalf of an 
association, business, labor union, etc.). You may review DOT's Privacy 
Act Statement for the Federal Docket Management System published in the 
Federal Register on January 17, 2008 (73 FR 3316), or you may visit 
https://www.gpo.gov/fdsys/pkg/FR-2008-01-17/pdf/E8-785.pdf.

II. Background

Legal Basis
    The Agency, in conjunction with the Department's Chief Information 
Office, has prepared and made available a PIA.\1\ This PIA has been 
prepared in accordance with the provisions of Section 522(a)(5) of the 
FY 2005 Omnibus Appropriations Act, Public Law 108-447, 118 Stat. 3268 
(Dec. 8, 2004).\2\ This statute requires DOT agencies to prepare a PIA 
on proposed rules involving the privacy of information in identifiable 
form, including the type of personally identifiable information 
collected and the number of people affected.\3\
---------------------------------------------------------------------------

    \1\ Available at https://www.regulations.gov/#!documentDetail;D=FMCSA-2012-0178-0039.
    \2\ Set out as a note to 5 U.S.C. 552a, the Privacy Act, 5 
U.S.C. 552a.
    \3\ Section 522(f) of the statute defines ``identifiable form'' 
as to be consistent with section 208 of the E-Government Act of 2002 
(set out as a note under 44 U.S.C. Sec.  3501, the Paperwork 
Reduction Act) and as any representation of information that permits 
identification of an individual to be reasonably inferred by either 
direct or indirect means.
---------------------------------------------------------------------------

    The statute involved does not require this Agency or the Department 
to provide an opportunity to comment on the PIA directly. The PIA 
provides a detailed explanation of the privacy interests involved in 
the entire National Registry program. It sets out the careful and 
thorough steps FMCSA and the Department have taken and will take to 
protect those interests, while at the same time carrying out the 
statutory directives to ensure that CMV drivers are physically 
qualified and can operate safely and that operation of a CMV does not 
affect their health.\4\ Nonetheless, the PIA does provide a basis for 
public comment on any rules proposed by the Agency that may have an 
impact on privacy of information within its scope. The context for such 
impact is provided by a brief review of the history of the development 
of the National Registry.
---------------------------------------------------------------------------

    \4\ 49 U.S.C. 31136(a)(3) and (4).
---------------------------------------------------------------------------

Regulatory History
    The National Registry was developed and implemented under the 
authority of 49 U.S.C. 31149, enacted by Section 4116(a) of the Safe, 
Accountable, Flexible, Efficient Transportation Equity Act: A Legacy 
for Users (SAFETEA-LU). The program is managed and maintained by the 
FMCSA. The Federal Motor Carrier Safety Regulations (FMCSRs) require 
that CMV drivers comply with physical qualification requirements and be 
examined and certified by a medical examiner (ME) at least once every 
two years. The National Registry ensures that MEs who perform DOT 
driver medical examinations are properly trained and certified by FMCSA 
to do so. The program maintains personally identifiable information 
(PII) for each ME candidate applying for ME certification, MEs' 
administrative personnel who are registering on the National Registry, 
and of CMV drivers examined by a certified ME. FMCSA published a final 
rule on April 20, 2012 (77 FR 73129), to establish and maintain a 
National Registry of Certified Medical Examiners. FMCSA posted a PIA of 
the final rule on the DOT privacy program Web site on August 20, 2012.
    FMCSA published the Medical Examiner's Certification Integration 
NPRM on May 10, 2013 (78 FR 24104), a follow-on rule to the National 
Registry final rule. The purpose of the principal requirements proposed 
in the Medical Examiner's Certification Integration NPRM was to modify 
the requirements adopted in two earlier final rules issued by FMCSA, 
Medical Certification Requirements as Part of the Commercial Driver's 
License, 73 FR 73096 (Dec. 1, 2008), and the National Registry final 
rule. It proposed that the information from the Medical Examiner's 
Certificate (MEC) be transmitted to FMCSA on a daily basis by MEs. 
FMCSA would then promptly and accurately transmit that information for 
CDL holders to the State Driver Licensing Agencies (SDLAs) 
electronically for entry into the appropriate CDL driver record within 
one business day of receipt from FMCSA. Specifically, the NPRM proposed 
to require MEs to use a slightly revised Medical Examination Report 
(MER) Form, MCSA-5875 and the MEC, Form MCSA-5876; daily instead of 
monthly reporting of CMV driver medical examinations; electronic 
transmission of CDL and Commercial Learner's Permit (CLP) driver 
information from the National Registry system to the SDLAs; and 
electronic transmission of medical variance information for all CMV 
drivers to the SDLAs.
    The PIA announced by this notice is an update to the previous 
National Registry PIA (August 20, 2012) and in support of the Medical 
Examiner's Certification Integration NPRM. It not only updates the 
additional collection of personally identifiable information (PII) 
under this rule but attempts to update language in the PIA for clarity 
to the reader.

[[Page 30064]]

III. Summary of Privacy Impact Assessment

    The Privacy Act of 1974 articulates concepts for how the Federal 
government should treat individuals and their information and imposes 
duties upon federal agencies regarding the collection, use, 
dissemination, and maintenance of PII. The E-Government Act of 2002, 
Section 208, establishes the requirement for agencies to conduct PIAs 
for electronic information systems and collections. The assessment is a 
practical method for evaluating privacy in information systems and 
collections, and provides documented assurance that privacy issues have 
been identified and adequately addressed. The PIA is an analysis of how 
information is handled to: (i) Ensure handling conforms to applicable 
legal, regulatory, and policy requirements regarding privacy; (ii) 
determine the risks and effects of collecting, maintaining and 
disseminating information in identifiable form in an electronic 
information system; and (iii) examine and evaluate protections and 
alternative processes for handling information to mitigate potential 
privacy risks.
    Conducting a PIA ensures compliance with laws and regulations 
governing privacy and demonstrates DOT's commitment to protect the 
privacy of any personal information we collect, store, retrieve, use 
and share. It is a comprehensive analysis of how DOT's electronic 
information systems and collections handle PII. The goals accomplished 
in completing a PIA include:
    Making informed policy and system design or procurement decisions. 
These decisions must be based on an understanding of privacy risk, and 
of options available for mitigating that risk;
     Accountability for privacy issues;
     Analyzing both technical and legal compliance with 
applicable privacy law and regulations, as well as accepted privacy 
policy; and
     Providing documentation on the flow of personal 
information and information requirements within DOT systems.
    The Medical Examiner's Certification Integration NPRM would require 
the collection of PII; therefore, a PIA is required for the rulemaking 
and was prepared. It was belatedly included in the rulemaking docket 
and then made available on the DOT Privacy Web site late in 2013. The 
supporting PIA, available for review in the docket, gives a complete 
explanation of FMCSA practices for protecting PII, as updated from the 
2012 PIA prepared in support of the National Registry of Certified 
Medical Examiners final rule. In addition, the 2013 PIA updates the 
frequency with which PII is submitted to the Agency, adds the driver's 
mailing address which is currently being collected on the medical forms 
to the list of PII required to be submitted to the National Registry, 
and outlines how certain PII would be transmitted to the State 
licensing agencies. There is no additional PII collected under this 
NPRM. The updated 2013 PIA is specifically related to both the National 
Registry and Medical Examiner's Certification Integration NPRM and the 
entire medical program administered by FMCSA. Upon reviewing the PIA, 
you should have a broad understanding of the risks and potential 
effects associated with the Department activities, processes, and 
systems described and approaches taken to mitigate any potential 
privacy risks.
    The Agency requests comments on the possible impact of the rules 
proposed in the NPRM on the protection of privacy of information used 
in determining the physical qualifications of drivers of commercial 
motor vehicles, in light of the evaluation by the Agency and the 
Department of the protection of privacy of information set out in the 
Privacy Impact Assessment.

    Issued under the authority delegated in 49 CFR 1.87 on: May 21, 
2014.
Larry W. Minor,
Associate Administrator for Policy.
[FR Doc. 2014-12176 Filed 5-23-14; 8:45 am]
BILLING CODE 4910-EX-P