09-25-0216 SYSTEMS LISTING

Administration: NIH Electronic Directory, HHS/NIH.

None.

Records are maintained in databases located within the NIH computer facilities and the files of

NIH functional offices required to identify individuals in order to manage the federal resources and authorities assigned to them. A current list of sites, including the address of any Federal Records Center where records from this system may be stored, is available by writing the system manager listed under Notification Procedure below.

Users of NIH resources and services including but not limited to: current and past NIH employees, contractors, tenants of NIH facilities, participants in the NIH visiting programs, registered users of NIH computer facilities, grantees, reviewers, council members, collaborators, vendors, and parking permit holders. This system does not cover patients and visitors to the NIH Clinical Center.

This system is a source system that provides identification data to a variety of directory services at NIH that share comparable information and assign or relate dedicated federal resources to individuals. This system provides for a central directory that allows NIH to manage NIH corporate business processes and electronic commerce. The types of personal information in this directory are necessary to ensure the accurate identification of individuals doing business in or with the National Institutes of Health. The types of personal information included in this directory are: name, alias names, date of birth, place of birth, social security number, gender, home address, home phone number, home FAX number, personal pager number, personal mobile phone number, personal email address, emergency contacts, photograph, digitized written signature, digitized biometrics, and NIH-assigned unique identifier. Public data refers to non-sensitive information readily available to the general public (e.g., name, building, room number, and work phone). Non-public data refers to sensitive/confidential information or data for which access is limited to appropriate staff with a valid need-to-know in the performance of their official job duties, or as outlined in the routine uses for disclosure (e.g., social security number, gender, home address, date of birth, place of birth).

5 U.S.C. 301 and 302, 44 U.S.C. 3101 and 3102, Executive Order 9397.

The purpose is to establish a consolidated and centrally coordinated electronic directory to support e-government of administrative business processes; allow effective controls over the creation, maintenance and use of records in the conduct of current business; provide for effective management of costs, operation and interconnectivity of NIH information systems; provide the required structure for network security; and provide an accurate source of directory information at the NIH. Data collected is used to build an NIH centralized source identification directory and provides for directory security system authentication and authorization and supports NIH corporate business processes and electronic commerce. This system of records enables NIH to reliably identify individuals and those federal resources assigned to them. A NIH unique identifier (UID) will be assigned to each individual to permit identification of a single person with their descriptive information and resources throughout their career.

This system allows for the creation of accurate records for individuals in the NIH directory and ensures that duplicate data files are compared, corrected and combined for accuracy, thus eliminating redundancy. It is the central point of coordination for other automated systems that manage or track resources, particularly information security systems.

Internal use and access to the personal information in this system will be limited to those with a valid need-to-know in the performance of their official duties. Typical internal uses of the system, including categories of users, uses of the data collected and the need for such use are as follows:

1. Trans-NIH Human Resource Personnel, Administrative Officers, and administrative technicians, will access all public and non-public records for employees and/or NIH affiliates within their scope of responsibility to access/track staffing information such as personal/work contact information, physical location, and/or any other information to facilitate current NIH administrative business processes.
2. Information Resources Management staff and Space and Facility Management personnel will have access to view public data (building location and work phone information) to coordinate access for, and the allocation of, telecommunication resources and building space/access.
3. Supervisors, Administrative Officers and Administrative Technicians will have access to emergency contact information to enable them to contact someone in the event of an emergency.
4. NIH central services staff, NIH police, and NIH management will access both public and non-public data to coordinate/track employee data required for other NIH business processes such as card key access, ID badges, parking permits, library resources, census information gathered for reporting requirements, employee development, training, campus security, and other administrative processes.
5. NIH Security Officers, or other incident response personnel will have access to public/non-public data where NIH deems it necessary for official investigations or security incidents involving suspected intrusion, illegal activity, or unauthorized/unethical misuse of the system of records or data therein.

1. Disclosure may be made to a congressional office from the records of an individual in response to an inquiry from the congressional office made at the request of that individual.
2. Disclosure may be made to representatives of the General Services Administration or the National Archives and Records Administration who are conducting records management inspections under the authority of 44 U.S.C. 2904 and 2906.
3. Disclosure may be made to agency contractors, experts, consultants, or volunteers who have been engaged by the agency to assist in the performance of a service related to this system of records and who need to have access to the records in order to perform the activity. Recipients are required to maintain Privacy Act safeguards with respect to these records.
4. Disclosure may be made to respond to a Federal agency's request made in connection with the hiring or retention of an employee, the letting of a contract or issuance of a security clearance, grant, license, or other benefit by the requesting agency, but only to the extent that the information disclosed is relevant and necessary to the requesting agency's decision on the matter.
5. Disclosure may be made to the Department of Justice, or to a court or other adjudicative body, from this system of records when (a) HHS, or any component thereof; or (b) any HHS officer or employee in his or her official capacity; or (c) any HHS officer or employee in his or her individual capacity where the Department of Justice (or HHS, where it is authorized to do so) has agreed to represent the officer or employee; or (d) the United States or any agency thereof where HHS determines that the proceeding is likely to affect HHS or any of its components, is a party to the proceeding or has any interest in the proceeding, and HHS determines that the records are relevant and necessary to the proceeding and would help in the effective representation of the governmental party.

Records are maintained on electronic media such as computer tape and disk and/or hard-copy. Automated records are stored in controlled computer areas. Both manual and computerized records will be maintained in accordance with the standards of Chapter 45-13 of the HHS General Administration Manual, "Safeguarding Records Contained in Systems of Records", supplementary Chapter PHS hf: 45-13, and the Department's Automated Information System Security Program Handbook.

Records are indexed and retrieved by: name, unique identifier, alias names, and social security number.

1. Authorized Users: Non-public data on computer files is accessed by keyword known only to authorized users who are NIH employees or contractor staff who have a legitimate operational responsibility to access the data in the performance of their duties as determined by the System Manager. Staff are only granted access to those directories or fields for which they have operational responsibilities. User activity is recorded. Occurrences of non-routine user or operator activity are recorded. Public data is controlled by user-defined view via a web-based look-up table. View of public data is accessible and controlled via the NIH network.
2. Physical Safeguards: Physical access to the computer systems where records are stored is controlled through the use of door locks and alarms.
3. Procedural and Technical Safeguards: Access to the non- public data will be controlled through: password protection, user authentication, and system administration procedures for user access. User name and password authentication procedures are in place to protect non-public data from public view, and to prevent unauthorized personnel from accessing data. Logical access controls, based on job function, are in place to authorize and/or restrict the user activity and view of the data. Persons having access to data are restricted to a field-by-field confined user interface that permits a controlled, or narrow "view" of the data. Sensitive data transferred between NIH source databases is secured through encryption or similar manner. Digital certificates and automated user audit trail capabilities have been incorporated to ensure data integrity and to detect evidence of data tampering.

These practices are in compliance with standards of Chapter 45-13 of the HHS General Administration Manual, "Safeguarding Records Contained in Systems of Records", supplementary Chapter PHS hf: 45-13, and the Department's Automated Information Systems Security Program Handbook.

Records may be retired to a Federal Records Center and subsequently disposed of in accordance with the NIH Records Control Schedule. The Records Control Schedule and disposal standard for these records may be obtained by writing to the System Manager at the address below.

NED Administrator, Clinical Center (CC), Building 10, Room 1C280, 10 Center Drive, Bethesda, MD 20892.

NED Administrator, Clinical Center (CC), Building 10, Room B1L410B, 10 Center Drive, Bethesda, MD 20892.

NED Administrator, Center for Information Technology (CIT), Fernwood Building, Room 2NW06F, Bethesda, MD 20892.

NED Administrator, Center for Information Technology (CIT), Fernwood Building, Room 2NW06E, Bethesda, MD 20892.

NED Administrator, Center for Scientific Review (CSR), Democracy Plaza I, Room 3028, 6701 Rockledge Drive, Bethesda, MD 20892.

NED Administrator, Center for Scientific Review (CSR), Democracy Plaza I, Room 3028, 6701 Rockledge Drive, Bethesda, MD 20892.

NED Administrator, Office of Administrative Management and International Services, Fogarty International Center (FIC), Building 31, Room B2C08, 31 Center Drive, Bethesda, MD 20892-2220.

NED Administrator, Office of Administrative Operations, National Center for Complementary and Alternative Medicine (NCCAM), Building 31, Room 2B11, 31 Center Drive, Bethesda, MD 20892-2182.

NED Administrator, National Cancer Institute (NCI), 6116 Executive Boulevard, Room 609, Bethesda, MD 20892.

NED Administrator, National Center for Research Resources (NCRR), Rockledge I, Room 6070, 6705 Rockledge Drive, Bethesda, MD 20892.

NED Administrator, National Eye Institute (NEI), Building 31, Room 6A19, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Human Genome Research Institute (NHGRI), Building 49, Room 3A38, 49 Convent Drive, Bethesda, MD 20892..

NED Administrator, National Heart, Lung, and Blood Institute (NHLBI), Democracy Plaza I, Room 7021, 6701 Rockledge Drive, Bethesda, MD 20892-7921.

NED Administrator, National Institute on Aging (NIA), Gerontology Research Center, Johns Hopkins Bayview Campus, 5600 Nathan Shock Drive, Room 1E14A, Baltimore, MD 21224.

NED Administrator, National Institute on Aging (NIA), Gerontology Research Center, Johns Hopkins Bayview Campus, 5600 Nathan Shock Drive, Room 1E14A, Baltimore, MD 21224.

NED Administrator, National Institute of (NIAAA), Building 31, Room 1B40, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Allergy and Infectious Disease (NIAID), Building 31, Room 7A19, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Allergy and Infectious Disease (NIAID), Building 31, Room 7A19, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Arthritis and Musculoskeletal and Skin Diseases (NIAMS), Natcher Building, Room 5AS51, 45 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Biomedical Imaging and Bioengineering (NIBIB), Building 31, Room 1B37, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Biomedical Imaging and Bioengineering (NIBIB), Building 31, Room 1B37, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Child Health and Human Development (NICHD), Rockledge I, Room 800, 6705 Rockledge Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Drug Abuse (NIDA), Neuroscience Center, Room 512, 6001 Executive Boulevard, Bethesda, MD 20892.

NED Administrator, National Institute on Deafness and Other Communication Disorders (NIDCD), Building 31, Room 3C21, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Dental and Craniofacial Research (NIDCR), Natcher Building, Room 4AN12, 45 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK), Democracy Plaza II, Room 909, 6707 Democracy Boulevard, Bethesda, MD 20892.

NED Administrator, National Institute of Diabetes and Digestive and Kidney Diseases (NIDDK), Building 10, Room 9N208, 10 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Environmental Health Sciences (NIEHS), P.O. Box 12233, Research Triangle Park, NC 27709.

NED Administrator, National Institute of General Medical Sciences (NIGMS), Natcher Building, Room 3AS25A, 45 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Mental Health (NIMH), Building 31, Room 2B34, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Medical Health (NIMH), Building 31, Room 2B34, 31 Center Drive, Bethesda, MD 20892-9657.

NED Administrator, National Institute of Neurological Disorders(NINDS), Building 31, Room 8A33, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Institute of Nursing Research (NINR), Building 31, Room 5B19A, 31 Center Drive, Bethesda, MD 20892.

NED Administrator, National Library of Medicine (NLM), Building 38, Room 2W05, 8600 Rockville Pike, Bethesda, MD 20894.

NED Administrator, Office of the Director (OD), 6011 Executive Boulevard, Room 325, Bethesda, MD 20892.

NED Administrator, Office of Research Services (ORS), Building 31, Room 4B30, 31 Center Drive, Bethesda, MD 20892.

Write to the System Manager listed above. The requester must verify his or her identity by providing either a notarization of the request or a written certification that the requester is who he or she claims to be and understands that the knowing and willful request for acquisition of a record pertaining to an individual under false pretenses is a criminal offense under the Act, subject to a five thousand-dollar fine. The request should include a) full name, and b) address, and c) year of records in question..

Write to the System Manager specified above to attain access to records and provide the same information as is required under the Notification Procedures. Requester should also reasonably specify the record content being sought. Individuals may also request an accounting of disclosure of their records, if any.

Address a petition for amendment to the System Manager. All requests must be in writing. The individual must identify himself/herself, specify the system of records from which the records are retrieved, the particular records to be corrected or amended, whether seeking an addition to or a deletion or substitution for the records, and the reason for requesting correction or amendment of the record.

NIH employees, contractors, and other persons who are using or performing services on behalf of the NIH, and the NIH human resource databases (i.e., Human Resource Database (HRDB), Fellowship Payment System (FPS), J.E. Fogarty Database of Foreign Visiting Scientists (JEFIC), NIH Telecommunications Database (TELCOM), Parking and Identification Database (PAID), Email Directory and Forwarding Service (PH directory), and the Integrated Time and Attendance System (ITAS)).

None.