09-25-0166 SYSTEMS LISTING

Administration: Radiation and Occupational Safety and Health Management Information Systems, HHS/NIH/ORS.

None.

Radiation Safety Branch, Division of Safety, Office of Research Services (ORS), Building 21, Room 134, 21 Wilson Drive, Bethesda, MD 20892.

Occupational Safety and Health Branch, Division of Safety, Office of Research Services (ORS), Building 13, Room 3K04, 13 South Drive, Bethesda, Maryland 20892.

Write to appropriate System Manager at the address below for the address of contractor locations, including the address of any Federal Records Center where records from this system may be stored.

Radiation Safety Branch (RSB): NIH employees using radioactive materials or radiation producing machinery, contractor employees who provide service to the Radiation Safety Branch and any other individuals who could potentially be exposed to radiation or radioactivity as a result of NIH operations and who, therefore, must be monitored in accordance with applicable regulations.

Occupational Safety and Health Branch (OSHB): Individuals (including NIH employees and NIH service contract employees) who use or come into contact with potentially hazardous biological or chemical materials, and participants of occupational safety and health monitoring/surveillance programs.

Employee name, title, organizational affiliation, birth date, social security number (optional), work address, work telephone number, name of supervisor, and other necessary employment information; radiation/occupational safety and health training information; medical and technical information pertaining to safety and health related initiatives; research protocols and other related documents used to monitor and track radiation exposure and exposure to potentially hazardous biological or chemical materials; radiation materials usage data; and incident data.

42 U.S.C. 241, regarding the general powers and duties of the Public Health Service relating to research and investigation; 5 U.S.C. 7902 regarding agency safety programs; and 42 U.S.C. 2201, regarding general duties of the Nuclear Regulatory Commission including the setting of standards to cover the possession and use of nuclear materials in order to protect health.

2. To identify, evaluate and monitor use or contact (including incident follow-up) with:

radiation (exposure maintained at lowest levels reasonable); biological and/or chemical (potentially hazardous materials).

3. To monitor, track, and assess the use of personal protective equipment in the work place to ensure availability, effectiveness, and proper maintenance.

4. To address emergent safety and health issues or concerns.

1. Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
2. Disclosure may be made to the Department of Justice or to a court or other tribunal from this system of records, when (a) HHS, or any component thereof; or (b) any HHS employee in his or her official capacity; or (c) any HHS employee in his or her individual capacity where the Department of Justice (or HHS, where it is authorized to do so) has agreed to represent the employee; or (d) the United States of any agency thereof where HHS determines that the litigation is likely to affect HHS or any of its components, is a party to litigation or has an interest in such litigation, and HHS determines that the use of such records by the Department of Justice, court or other tribunal is relevant and necessary to the litigation and would help in the effective representation of the governmental party, provided, however, that in each case HHS determines that such disclosure is compatible with the purpose for which the records were collected.
3. Disclosure may be made to contractors for the purpose of processing or refining the records. Contracted services may include monitoring, testing, sampling, surveying, evaluating, transcription, collation, computer input, and other records processing. The contractor shall be required to maintain Privacy Act safeguards with respect to such records.
4. Disclosure may be made to: a) officials of the United States Nuclear Regulatory Commission which, by Federal regulation, licenses, inspects and enforces the regulations governing the use of radioactive materials; and b) OSHA, which provides oversight to ensure that safe and healthful work conditions are maintained for employees. Disclosure will also be permitted to other Federal and/or State agencies which may establish health and safety requirements or standards.
5. Radiation exposure and/or training and experience history may be transferred to new employer.
6. A record may be disclosed for a research purpose, when the Department: (A) has determined that the use or disclosure does not violate legal or policy limitations under which the record was provided, collected, or obtained; (B) has determined that the research purpose (1) cannot be reasonably accomplished unless the record is provided in individually identifiable form, and (2) warrants the risk to the privacy of the individual that additional exposure of the record might bring; (C) has required the recipient to (1) establish reasonable administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record, (2) remove or destroy the information that identifies the individual at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the research project, unless the recipient has presented adequate justification of a research or health nature for retaining such information, and (3) make no further use or disclosure of the record except (a) in emergency circumstances affecting the health or safety of any individual, (b) for use in another research project, under these same conditions, and with written authorization of the Department, (c) for disclosure to a properly identified person for the purpose of an audit related to the research project, if information that would enable research subjects to be identified is removed or destroyed at the earliest opportunity consistent with the purpose of the audit, or (d) when required by law; (D) has secured a written statement attesting to the recipient's understanding of, and willingness to abide by these provisions.

Records are maintained in file cabinets or in computer databases maintained by the RSB and OSHB. Records may be stored in file folders, binders, magnetic tapes, magnetic disks, optical disks and/or other types of data storage devices.

Records are retrieved by name, social security number, office address, or unique RSB or OSHB assigned identification number.

1. Authorized Users: Employees who maintain this system are instructed to grant regular access only to RSB/OSHB staff, authorized contractor personnel, U.S. Nuclear Regulatory Commission Inspectors, Radiation Safety Committee Members, Biosafety Committee members, and other appropriate NIH administrative and management personnel with a need to know. Access to information is thus limited to those with a need to know.
2. Physical Safeguards: Rooms where records are stored are locked when not in use. During regular business hours, rooms are unlocked but are controlled by on-site personnel. Individually identifiable records are kept in locked file cabinets or rooms under the direct control of the Project Director.
3. Procedural Safeguards: Names and other identifying particulars are deleted when data from original records are encoded for analysis. Data stored in computers is accessed through the use of keywords known only to authorized users. All users of personal information in connection with the performance of their jobs (see Authorized Users, above) will protect information from public view and from unauthorized personnel entering an unsupervised office. The computer terminals are in secured areas and keywords needed to access data files will be changed frequently.
4. Additional RSB Technical Safeguards: Computerized records are accessible only through a series of code or keyword commands available from and under direct control of the Project Director or his/her delegated representatives. The computer records are secured by a multiple level security system which is capable of controlling access to the individual data field level. Persons having access to the computer database can be restricted to a confined application which only permits a narrow "view" of the data. Data on computer files is accessed by keyword known only to authorized users who are NIH or contractor employees involved in work for the program.

These practices are in compliance with the standards of Chapter 45-13 of the HHS General Administration Manual, "Safeguarding Records Contained in Systems of Records," supplementary Chapter PHS hf: 45-13, and the HHS Automated Information Systems Security Program Handbook.

Records are retained and disposed of under the authority of the NIH Records Control Schedule contained in NIH Manual Chapter 1743, Appendix 1 - "Keeping and Destroying Records" (HHS Records Management Manual, Appendix B-361): item 1300-B which applies to Division of Safety records. Refer to the NIH Manual Chapter for specific disposition instructions. Radiation exposure records are retained under item 1300-B-10, which does not allow disposal at this time.

Assistant Chief, Information Technology, Radiation Safety Branch, Division of Safety, Office of Research Services (ORS), National Institutes of Health, Building 21, Room 134, 21 Wilson Drive, Bethesda, Maryland 20892.

Chief, Occupational Safety and Health Branch, Division of Safety, Office of Research Services (ORS), Building 13, Room 3K04, 13 South Drive, Bethesda, Maryland 20892.

To determine if a record exists, write to the appropriate System Manager as listed above.

The requester must also verify his or her identity by providing either a notarization of the request or a written certification that the requester is whom he or she claims to be. The request should include: a) full name, and b) appropriate dates of participation.

Same as Notification Procedures. Requesters should also reasonably specify the record contents being sought. Individuals may also request an accounting of disclosure of their records, if any.

Contact the appropriate System Manager specified above and reasonably identify the record, specify the information to be contested, and state the corrective action sought with supporting documentation. The right to contest records is limited to information which is incomplete, irrelevant, incorrect, or untimely (obsolete).

Information is obtained from the subject individual, previous employers and educational institutions, contractors, safety and health monitoring/surveillance records, employee interviews, site visits, or other relevant NIH organizational components.

None.