Privacy Act of 1974; System of Records, 66340-66345 [2021-25339]

Agencies

• NATIONAL SCIENCE FOUNDATION

[Federal Register Volume 86, Number 222 (Monday, November 22, 2021)]
[Notices]
[Pages 66340-66345]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-25339]


=======================================================================
-----------------------------------------------------------------------

NATIONAL SCIENCE FOUNDATION


Privacy Act of 1974; System of Records

AGENCY: National Science Foundation.

ACTION: Notice of two new systems of records.

-----------------------------------------------------------------------

SUMMARY: The National Science Foundation (NSF) proposes to establish 
two new systems of records: NSF-78 ``NSF Staff and Visitor Medical 
Information'' and NSF-79 ``Health Program Records.'' NSF-78 ``NSF Staff 
and Visitor Medical Information'' will contain workplace safety and 
personnel information collected from NSF staff and visitors in response 
to a health-related declaration of a national emergency by the 
President, a public health emergency declared by the Secretary of the 
Department of Health and Human Services (HHS) or other designated 
federal official, or a designated state official. NSF-79 ``Health 
Program Records'' will contain medical information from NSF staff and 
visitors who use the services of the NSF Health Unit or other NSF 
health programs. Such services may include routine well visits, 
occupational health, travel clearances, immunizations, and health 
assessments.

DATES: Persons wishing to comment on the changes set out in this notice 
may do so on or before December 22, 2021.
    Effective Date: This action will be effective without further 
notice on December 22, 2021 unless modified by subsequent notice to 
incorporate comments received from the public.

ADDRESSES: You may submit comments, identified by any of the following 
methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Email: Sarita Marshall, Branch Chief, at [email protected].
     Mail: Sarita Marshall, Branch Chief, Division of Human 
Resource Management, National Science Foundation, 2415 Eisenhower Ave., 
Alexandria, VA 22331.
    Instructions: NSF will post all comments on the NSF's website 
(https://www.nsf.gov/policies/privacy_act.jsp). All comments submitted 
in response to this Notice will become a matter of public record. 
Therefore, you should submit only information that you wish to make 
publicly available.

FOR FURTHER INFORMATION CONTACT: If you wish to submit general 
questions about the proposed new systems of records NSF-78 and NSF-79, 
please contact Sarita Marshall, Branch Chief, at 202-292-8767, or via 
email at [email protected].

SUPPLEMENTARY INFORMATION: NSF is publishing NSF-78 ``NSF Staff and 
Visitor Medical Information'' to provide notice to individuals 
regarding the collection, maintenance, use and disclosure of health 
screening and contact tracing information collected from and about NSF 
staff and visitors, including those working at or visiting

[[Page 66341]]

NSF or an NSF-sponsored event outside of the headquarters location. For 
purposes of this SORN, ``NSF staff'' includes NSF federal employees, 
Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, 
Engineers, and Educators (VSEEs), NSF contractors, non-NSF government 
personnel or contractors, interns, fellows, and volunteers. NSF is 
collecting this information to protect the health of NSF staff and 
visitors, including those who seek to enter the NSF facility and/or 
were physically present in the facility and came in close proximity to 
or had physical contact with NSF staff and/or visitors who, at the 
time, were infected or had symptoms of infection with a communicable 
disease.
    Health screening information will be used to reduce the risk that 
individuals with symptoms consistent with a communicable disease will 
enter the NSF facility or event and infect NSF staff and/or visitors 
with a communicable disease. Contact tracing information will be used 
to identify other NSF staff and/or visitors who were present in the NSF 
facility and in close proximity to or had physical contact with NSF 
staff and/or visitors who, at the time, were infected or had symptoms 
of infection with a communicable disease.
    The proposed system of records will have an effect on individual 
privacy because personally identifiable information, including medical 
information, is required to conduct health screening, to identify 
persons who have or may have been exposed to or infected with a 
communicable disease (e.g., to reduce risk by allowing them to work 
from home or use leave, as needed), and to identify other persons with 
whom an infected person might have had contact in the NSF facility or 
another facility hosting a NSF-sponsored event. In order to reduce the 
risk to individual privacy, NSF is minimizing dissemination of the 
information it maintains. For example, if NSF staff or visitors test 
positive for a communicable disease and reveal this information to NSF 
(or NSF acquires this information from another source), their identity 
will not be disclosed to other persons with whom they came in close 
physical contact unless otherwise authorized by law.
    NSF is publishing NSF-79 ``Health Program Records'' to provide 
notice to individuals regarding the collection, maintenance, use and 
disclosure of medical and health related information collected from NSF 
staff and visitors who use the services of the NSF Health Unit and/or 
other NSF health-related programs and initiatives. For purposes of this 
SORN, ``NSF staff'' includes NSF federal employees, Intergovernmental 
Personnel Act (IPA) assignees, Visiting Scientists, Engineers, and 
Educators (VSEEs), NSF contractors, non-NSF government personnel or 
contractors, interns, fellows, and volunteers. The primary purposes of 
the collection and maintenance of these records is to allow NSF, 
including the NSF Health Unit, to provide medical evaluation and 
treatment of patients, comply with laws and policies regarding the 
reporting of communicable diseases, support personnel-related matters, 
and allow NSF staff to participate in NSF health programs. A new 
electronic record keeping system will support electronic registration 
of new patients as well as the capability for patients 24/7 access 
their medical records.

SYSTEM NAME AND NUMBER:
    NSF Staff and Visitor Medical Information, NSF-78.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    National Science Foundation, 2415 Eisenhower Ave., Alexandria, VA 
22314.

SYSTEM MANAGER(S):
    Branch Chief, Division of Human Resource Management, 2415 
Eisenhower Ave., Alexandria, VA 22314

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Occupational Safety and Health Act (OSHA) of 1970, Public Law 91-
596, Section 19(a) (29 U.S.C. 668(a)); Executive Order 12196 
(Occupational Safety and Health Programs for Federal Employees), 5 
U.S.C. 7902(d); 29 U.S.C. 668, 29 CFR part 1904, 29 CFR 1910.1020, and 
29 CFR 1960.66; Executive Orders 12196 (Occupational Safety and Health 
Programs for Federal Employees), 13991 (Protecting the Federal 
Workforce and Requiring Mask-Wearing), 14042 (Ensuring Adequate Safety 
COVID Protocols for Contractors), and 14043 (Requiring Coronavirus 
Disease 2019 Vaccination for Federal Employees); OMB Memorandum M-21-
15, COVID-19 Safe Federal Workplace: Agency Model Safety Principles; 
OMB Memorandum M-21-25, Integrating Planning for a Safe Increased 
Return of Federal Employees and Contractors to Physical Workplaces with 
Post-Reentry Personnel Policies and Work Environments; updated COVID-19 
Workplace Safety: Agency Model Safety Principles, issued by the Safer 
Federal Workforce Task Force; the National Science Foundation Act of 
1950 (Pub. L. 81-507, sec. 11), including policies and agreements 
authorized and issued thereunder; and other authorities, including 
title VII of the Civil Rights Act of 1964, the Rehabilitation Act of 
1973, Executive Order 13164 (Establishing Procedures to Facilitate the 
Provision of Reasonable Accommodation), and Equal Employment 
Opportunity Commission (EEOC) regulations (29 CFR parts 1601 et seq.), 
as applicable.

PURPOSE(S) OF THE SYSTEM:
    NSF intends to collect the information in the system to assist NSF 
with maintaining a safe and healthy workplace, to (1) protect 
individuals in the NSF facility, including NSF-sponsored events outside 
of the NSF facility, from risks associated with a public health 
emergency; (2) to plan and respond to workplace and personnel 
flexibilities needed during a public health emergency; (3) to 
facilitate NSF's cooperation with public health authorities; (4) to 
perform contact tracing investigations of and notifications to NSF 
staff and visitors known or suspected of exposure to communicable 
diseases who came in close physical proximity to or had physical 
contact with other persons while working in or visiting the NSF 
facility; and (5) to comply with OSHA recordkeeping and reporting 
requirements.
    Contact tracing is defined as the identification, monitoring, and 
support of an affected individual (an individual in the NSF facility 
with confirmed or probable exposure to a public health emergency 
contaminant), and identification and contact of a potentially affected 
individual (an individual who was in contact with an affected 
individual or exposed to a public health emergency contaminant while in 
the NSF facility or at an NSF-sponsored event outside of the NSF 
facility).
    NSF may collect this information in response to a declaration of 
public health emergency by the Secretary of HHS. Under section 319 of 
the Public Health Service Act, the Secretary of HHS may declare that: 
(a) A disease or disorder presents a public health emergency; or (b) 
that a public health emergency, including significant outbreaks of 
infectious disease or bioterrorist attacks, otherwise exists. When the 
Secretary of HHS determines that a public health emergency exists, NSF 
must respond to protect the health of its workforce. NSF's response 
will depend on the nature of the particular public health emergency but 
may include collecting information from NSF staff and visitors.

[[Page 66342]]

    NSF may also collect this information when it determines that the 
spread of a communicable disease presents a significant risk of 
substantial harm to the health of NSF staff or visitors. NSF will 
consider any public health emergency declared by state or local 
officials in making such a determination. In other circumstances, even 
in the absence of a health-related declaration of national emergency or 
declaration of public health emergency (HHS or state level), NSF may 
collect this information where it determines that the spread of a 
communicable disease presents a significant risk of substantial harm to 
the health of NSF staff or visitors.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system covers NSF federal employees, individuals working in 
the NSF facility or on official NSF business, including 
Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, 
Engineers, and Educators (VSEEs), NSF contractors, non-NSF government 
personnel or contractors, interns, fellows, and volunteers. Other 
categories of individuals covered by the system include visitors to the 
NSF facility and potentially affected individuals at NSF-sponsored 
events outside of the NSF facility or otherwise present during official 
NSF business. The system also covers individuals listed as emergency 
contacts for such individuals.

CATEGORIES OF RECORDS IN THE SYSTEM:
    NSF Staff and Visitor Medical Information may include 
identification and contact information such as name, address, work or 
personal phone number(s), work or personal email address(es), 
organization (directorate/division), date of birth, medical reports, 
assessments, vaccination status, testing status (where and when it 
occurred; status of results), test type, test results, disease type, 
health status, approximate date of exposure, last date physically 
present in the NSF facility or at an NSF-sponsored event, name of 
facility visited (if outside of the NSF facility), areas of the NSF or 
other facility (if an NSF event outside of the NSF facility) traversed, 
areas and objects touched, workplace contacts, names of persons who had 
physical contact with or was in prolonged close physical proximity to 
infected/potentially infected persons, extended proximity event time 
and date, number of events, number of individuals in an event, number 
of individuals at location, dates and locations of domestic and 
international travel, and related information and documents collected 
for the purpose of screening and contact tracing, including 
attestations regarding vaccination, testing and treatment status. In 
addition, relevant personal information may be collected from 
individuals to assist NSF in making a determination regarding an 
employee's request for an exception to a vaccination requirement and/or 
other reasonable accommodations.

RECORD SOURCE CATEGORIES:
    Records are obtained through paper forms, interviews, or 
electronically from NSF staff, visitors, or individuals who attend an 
NSF-sponsored event. With regard to contact tracing, information may be 
collected from individuals infected or potentially infected while 
physically present in the NSF facility or at an NSF-sponsored event, 
other individuals with whom an infected or potentially infected 
individual had close contact, other federal or state agencies, 
physicians (as allowed by law or with consent from the individual), 
visitors or their employers, and NSF staff and visitors who maintain 
(manually or electronically) a log or report of their close physical 
contacts (and the duration of that contact) while in the NSF facility 
to individuals designated by NSF.
    Information is also collected from security systems monitoring 
access to Agency facilities (such as video surveillance and key card 
logs), human resources systems, emergency notification systems, and 
federal, state, and local agencies assisting with the response to a 
public health emergency.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The following NSF standard routine uses apply:
    1. Members of Congress. Information from a system may be disclosed 
to congressional offices in response to inquiries from the 
congressional offices made at the request of the individual to whom the 
record pertains.
    2. Freedom of Information Act/Privacy Act Compliance. Information 
from a system may be disclosed to the Department of Justice or the 
Office of Management and Budget in order to obtain advice regarding 
NSF's obligations under the Freedom of Information Act and the Privacy 
Act.
    3. Counsel. Information from a system may be disclosed to NSF's 
legal representatives, including the Department of Justice and other 
outside counsel, where the agency is a party in litigation or has an 
interest in litigation and the information is relevant and necessary to 
such litigation, including when any of the following is a party to the 
litigation or has an interest in such litigation: (a) NSF, or any 
component thereof; (b) any NSF employee in his or her official 
capacity; (c) any NSF employee in his or her individual capacity, where 
the Department of Justice has agreed to, or is considering a request 
to, represent the employee; or (d) the United States, where NSF 
determines that litigation is likely to affect the agency or any of its 
components.
    4. National Archives, General Services Administration. Information 
from a system may be disclosed to representatives of the General 
Services Administration and the National Archives and Records 
Administration (NARA) during the course of records management 
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
    5. Response to an Actual or Suspected Compromise or Breach of 
Personally Identifiable Information. NSF may disclose information from 
the system to appropriate agencies, entities, and persons when: (a) NSF 
suspects or has confirmed that there has been a breach of the system of 
records; (2) NSF has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals; NSF (including 
its information systems, programs, and operations); the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with NSF efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm. Furthermore, NSF 
may disclose information from the system to another Federal agency or 
Federal entity, when NSF determines that information from this system 
of records is reasonably necessary to assist the recipient agency or 
entity in: (1) Responding to a suspected or confirmed breach; or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    6. Courts. Information from a system may be disclosed to the 
Department of Justice or other agencies in the event of a pending court 
or formal administrative proceeding, when the information is relevant 
and necessary to that proceeding, for the purpose of representing the 
government, or in the course of presenting evidence, or the information 
may be produced to parties

[[Page 66343]]

or counsel involved in the proceeding in the course of pre-trial 
discovery.
    7. Contractors. Information from a system may be disclosed to 
contractors, agents, experts, consultants, or others performing work on 
a contract, service, cooperative agreement, job, or other activity for 
NSF and who have a need to access the information in the performance of 
their duties or activities for NSF.
    8. Audit. Information from a system may be disclosed to government 
agencies and other entities authorized to perform audits, including 
financial and other audits, of the agency and its activities.
    9. Law Enforcement. Information from a system may be disclosed, 
where the information indicates a violation or potential violation of 
civil or criminal law, including any rule, regulation or order issued 
pursuant thereto, to appropriate Federal, State, or local agencies 
responsible for investigating, prosecuting, enforcing, or implementing 
such statute, rule, regulation, or order.
    10. Disclosure When Requesting Information. Information from a 
system may be disclosed to Federal, State, or local agencies which 
maintain civil, criminal, or other relevant enforcement information or 
other pertinent information, such as current licenses, if necessary, to 
obtain information relevant to an agency decision concerning the hiring 
or retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    11. To the news media and the public when: (1) A matter has become 
public knowledge, (2) the NSF Office of the Director determines that 
disclosure is necessary to preserve confidence in the integrity of NSF 
or is necessary to demonstrate the accountability of NSF's officers, 
employees, or individuals covered by this system, or (3) the Office of 
the Director determines that there exists a legitimate public interest 
in the disclosure of the information, except to the extent that the 
Office of the Director determines in any of these situations that 
disclosure of specific information in the context of a particular case 
would constitute an unwarranted invasion of personal privacy.
    In addition to the standard routine uses, information may be 
disclosed as follows:
    12. Federal agencies such as the HHS, state and local health 
departments, and other public health or cooperating medical authorities 
in connection with program activities and related collaborative efforts 
to deal more effectively with exposures to communicable diseases, and 
to satisfy mandatory reporting requirements when applicable.
    13. Contractors to assist the agency in health screening and 
contact tracing activities and assessing/revising/improving NSF 
processes, procedures, performance, and implementation of health 
screening and contact tracing activities.
    14. To appropriate federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations, to 
the extent permitted by law for the purpose of protecting the vital 
interests of a data subject or other persons, including to assist such 
agencies or organizations in preventing exposure to or transmission of 
a communicable or quarantinable disease or to combat other significant 
public health threats.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored electronically in secure 
facilities or on paper. Electronic records are maintained in a secure 
password-protected environment. Permission level assignments will allow 
internal agency users access only to those functions for which they are 
authorized. All paper records are maintained in secure, access-
controlled areas or buildings. Paper records are stored in a locked 
drawer, behind a locked door or at a secure offsite location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by an individual's name or other unique 
personal identifier such as an email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    All data maintained by this system of records are retained and 
destroyed in accordance with the NARA Records Schedule 2.7; item 020 
(occupational injury and illness program records), and item 040 
(workplace environmental monitoring and exposure records). Contact 
tracing records will be maintained in the agency in accordance with 
proposed retention schedules.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable law, rules, and policies, including all applicable NSF 
automated systems security and access policies. Strict controls have 
been imposed to minimize the risk of compromising the information that 
is being stored. Access to the computer system containing the records 
in this system is limited to those individuals who have a need to know 
(including medical personnel under a contract agreement) the 
information for the performance of their official duties. These records 
are maintained in a secure password-protected environment. All users 
are required to take annual NSF IT Security and Privacy Awareness 
Training, which covers the procedures for handling Sensitive but 
Unclassified Information, including personally identifiable information 
(PII).

RECORD ACCESS PROCEDURES:
    Individuals seeking to access information about themselves 
contained in this system are required to follow the procedures found at 
45 CFR part 613.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest information about themselves 
contained in this system are required to follow the procedures found at 
45 CFR part 613.

NOTIFICATION PROCEDURES:
    Individuals requesting access to or contesting records contained in 
this system will be notified according to the procures found at 45 CFR 
part 613.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

SYSTEM NAME AND NUMBER:
    Health Program Records, NSF-79.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    National Science Foundation, 2415 Eisenhower Ave., Alexandria, VA 
22314.

SYSTEM MANAGER(S):
    Branch Chief, Pay and Benefits Services, Division of Human Resource 
Management 2415 Eisenhower Ave., Suite W 15000, Alexandria, VA 22314.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 7901 and the National Science Foundation Act of 1950 (Pub. 
L. 81-507). To the extent that this system includes records relating to 
requests for reasonable accommodations, see also title VII of the Civil 
Rights Act of 1964, the Rehabilitation Act of 1973, Executive Order 
13164 (Establishing Procedures to Facilitate the Provision of 
Reasonable Accommodation), and Equal Employment Opportunity Commission 
(EEOC) regulations (29 CFR parts 1601 et seq.), as applicable.

[[Page 66344]]

PURPOSE(S) OF THE SYSTEM:
    Information in this system of records is collected and maintained 
to document an individual's utilization of health services provided by 
the NSF Health Unit and other NSF health programs. Data is necessary to 
ensure proper evaluation, diagnosis, treatment, and referral to 
maintain continuity of care; a medical history of care received by the 
individual; planning for further care of the individual; a means of 
communication among health care members who contribute to the 
individual's care; and a legal document of health care rendered. 
Information is also collected to help NSF coordinate with other 
federal, state and local agencies when responding to health 
emergencies, comply with laws regarding the reporting of communicable 
disease, and address personnel matters such as review of medical 
documentation submitted in support of requests for reasonable 
accommodations on the basis of a disability or travel clearances.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system covers any individual who receives care at the NSF 
Health Unit or by Health Unit staff, or other NSF health programs. 
Covered individuals may include NSF federal employees, individuals 
working in the NSF facility or on official NSF business, including 
Intergovernmental Personnel Act (IPA) assignees, Visiting Scientists, 
Engineers, and Educators (VSEEs), NSF contractors, non-NSF government 
personnel or contractors, interns, fellows, volunteers, and visitors to 
NSF headquarters.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Health screening data, patient medical records, and other 
information provided to the Health Unit during the course of patient 
intake and care, and/or information provided to other NSF health 
programs that NSF may participate in. These records may include 
personal data such as name; date of birth; address; telephone number; 
email address; emergency contact information; information about and 
obtained from and individual's physician; medical history; biographical 
data including about family members; examination, diagnostic, 
assessment, and treatment data; laboratory findings; nutrition and 
dietetic files; nursing notes; immunization records; vaccination 
records; and prescription information. In addition, this system may 
contain relevant personal information that has been collected from 
individuals to assist NSF in making a determination regarding the 
individual's request for a medical exception to a vaccination 
requirement and/or other reasonable accommodations requested on the 
basis of a disability. See also SORN NSF-78.

RECORD SOURCE CATEGORIES:
    Information in this system of records comes from the individual to 
whom it applies; laboratory reports and test results; health unit 
physicians, nurses, and other medical technicians who have examined, 
tested, or treated the individual; the individual's personal physician; 
other federal employee health units; and other federal, state and local 
agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The following NSF standard routine uses apply:
    1. Members of Congress. Information from a system may be disclosed 
to congressional offices in response to inquiries from the 
congressional offices made at the request of the individual to whom the 
record pertains.
    2. Freedom of Information Act/Privacy Act Compliance. Information 
from a system may be disclosed to the Department of Justice or the 
Office of Management and Budget in order to obtain advice regarding 
NSF's obligations under the Freedom of Information Act and the Privacy 
Act.
    3. Counsel. Information from a system may be disclosed to NSF's 
legal representatives, including the Department of Justice and other 
outside counsel, where the agency is a party in litigation or has an 
interest in litigation and the information is relevant and necessary to 
such litigation, including when any of the following is a party to the 
litigation or has an interest in such litigation: (a) NSF, or any 
component thereof; (b) any NSF employee in his or her official 
capacity; (c) any NSF employee in his or her individual capacity, where 
the Department of Justice has agreed to, or is considering a request 
to, represent the employee; or (d) the United States, where NSF 
determines that litigation is likely to affect the agency or any of its 
components.
    4. National Archives, General Services Administration. Information 
from a system may be disclosed to representatives of the General 
Services Administration and the National Archives and Records 
Administration (NARA) during the course of records management 
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
    5. Response to an Actual or Suspected Compromise or Breach of 
Personally Identifiable Information. NSF may disclose information from 
the system to appropriate agencies, entities, and persons when: (a) NSF 
suspects or has confirmed that there has been a breach of the system of 
records; (2) NSF has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, NSF (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with NSF efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm. Furthermore, NSF 
may disclose information from the system to another Federal agency or 
Federal entity, when NSF determines that information from this system 
of records is reasonably necessary to assist the recipient agency or 
entity in: (1) Responding to a suspected or confirmed breach; or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    6. Courts. Information from a system may be disclosed to the 
Department of Justice or other agencies in the event of a pending court 
or formal administrative proceeding, when the information is relevant 
and necessary to that proceeding, for the purpose of representing the 
government, or in the course of presenting evidence, or the information 
may be produced to parties or counsel involved in the proceeding in the 
course of pre-trial discovery.
    7. Contractors. Information from a system may be disclosed to 
contractors, agents, experts, consultants, or others performing work on 
a contract, service, cooperative agreement, job, or other activity for 
NSF and who have a need to access the information in the performance of 
their duties or activities for NSF.
    8. Audit. Information from a system may be disclosed to government 
agencies and other entities authorized to perform audits, including 
financial and other audits, of the agency and its activities.
    9. Law Enforcement. Information from a system may be disclosed, 
where the information indicates a violation or potential violation of 
civil or criminal law, including any rule, regulation, or order issued 
pursuant thereto, to appropriate Federal, State, or local

[[Page 66345]]

agencies responsible for investigating, prosecuting, enforcing, or 
implementing such statute, rule, regulation, or order.
    10. Disclosure When Requesting Information. Information from a 
system may be disclosed to Federal, State, or local agencies which 
maintain civil, criminal, or other relevant enforcement information or 
other pertinent information, such as current licenses, if necessary, to 
obtain information relevant to an agency decision concerning the hiring 
or retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    11. To the news media and the public when: (1) A matter has become 
public knowledge, (2) the NSF Office of the Director determines that 
disclosure is necessary to preserve confidence in the integrity of NSF 
or is necessary to demonstrate the accountability of NSF's officers, 
employees, or individuals covered by this system, or (3) the Office of 
the Director determines that there exists a legitimate public interest 
in the disclosure of the information, except to the extent that the 
Office of the Director determines in any of these situations that 
disclosure of specific information in the context of a particular case 
would constitute an unwarranted invasion of personal privacy.
    In addition to the standard routine uses, information may be 
disclosed as follows:
    12. Medical personnel under a contract agreement with NSF.
    13. To disclose information to a federal, state, or local agency to 
the extent necessary to comply with laws governing reporting of 
communicable disease.
    14. Appropriate federal, state, or local agencies responsible for 
investigation of an accident, disease, medical condition, or injury as 
required by pertinent legal authority.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored electronically in secure 
facilities or on paper. Electronic records are maintained in a secure 
password-protected environment. Permission level assignments will allow 
internal agency users access only to those functions for which they are 
authorized. All paper records are maintained in secure, access-
controlled areas or buildings. Paper records are stored in a locked 
drawer, behind a locked door or at a secure offsite location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by an individual's name or other unique 
personal identifier such as an email address or phone number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    All data maintained by this system of records are retained and 
destroyed in accordance with the NARA Records Schedule 2.7; item 010 
(clinic scheduling records); items 060, 061, and 062 (occupational 
individual medical case files); and item 070 (non-occupational 
individual medical case files).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable law, rules, and policies, including all applicable NSF 
automated systems security and access policies. Strict controls have 
been imposed to minimize the risk of compromising the information that 
is being stored. Access to the computer system containing electronic 
records in this system is limited to those individuals who have a need 
to know (including medical personnel under a contract agreement) the 
information for the performance of their official duties. These records 
are maintained in a secure password-protected environment. All users 
are required to take annual NSF IT Security and Privacy Awareness 
Training, which covers the procedures for handling Sensitive but 
Unclassified Information, including personally identifiable information 
(PII).

RECORD ACCESS PROCEDURES:
    Individuals seeking to access information about themselves 
contained in this system are required to follow the procedures found at 
45 CFR part 613.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest information about themselves 
contained in this system are required to follow the procedures found at 
45 CFR part 613.

NOTIFICATION PROCEDURES:
    Individuals requesting access to or contesting records contained in 
this system will be notified according to the procures found at 45 CFR 
part 613.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Dated: November 16, 2021.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. 2021-25339 Filed 11-19-21; 8:45 am]
BILLING CODE 7555-01-P