Medical Examiner's Certification Integration; Availability of Updated Privacy Impact Assessment |
---|
|
Larry W. Minor
Federal Motor Carrier Safety Administration
May 27, 2014
[Federal Register Volume 79, Number 101 (Tuesday, May 27, 2014)] [Proposed Rules] [Pages 30062-30064] From the Federal Register Online via the Government Printing Office [www.gpo.gov] [FR Doc No: 2014-12176] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF TRANSPORTATION Federal Motor Carrier Safety Administration 49 CFR Parts 383, 384, and 391 [Docket No. FMCSA-2012-0178] RIN 2126-AB40 Medical Examiner's Certification Integration; Availability of Updated Privacy Impact Assessment AGENCY: Federal Motor Carrier Safety Administration (FMCSA), DOT. ACTION: Notice of availability; request for comments. ----------------------------------------------------------------------- SUMMARY: FMCSA announces the availability of the Privacy Impact Assessment (PIA) for the Medical Examiner's Certification Integration notice of proposed rulemaking (NPRM) published on May 10, 2013. Due to technical errors, the PIA was not posted to the docket until July 4, 2013, just a few days prior to the end of the public comment period. In addition, the PIA was not posted to the Department of Transportation's (DOT's) Privacy Web site until December 11, 2013. In an effort to provide the public with as much information as possible regarding the National Registry and the Medical Examiner's Certification Integration rulemaking, we are announcing the availability of the updated PIA and requesting comments from the public. Comments must be limited to possible impact of the rules proposed in the NPRM on the protection of privacy of information used in determining the physical qualifications of drivers of commercial motor vehicles. DATES: Comments must be received on or before June 11, 2014. ADDRESSES: You may submit comments identified by Docket Number FMCSA- 2012-0178 using any of the following methods: Federal eRulemaking Portal: http://www.regulations.gov. Follow the online instructions for submitting comments. Mail: Docket Management Facility, U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building, Ground Floor, Room W12-140, Washington, DC 20590-0001. Hand Delivery or Courier: West Building, Ground Floor, Room W12-140, 1200 New Jersey Avenue SE., between 9 a.m. and 5 p.m. E.T., Monday through Friday, except Federal holidays. Fax: 202-493-2251. To avoid duplication, please use only one of these four methods. See the ``Public Participation and Request for Comments'' portion of the SUPPLEMENTARY INFORMATION section below for instructions on submitting comments. Comments received after the comment closing date will be included in the docket, and we will consider late comments to the extent practicable. FOR FURTHER INFORMATION CONTACT: Robin Hamilton, Office of Medical Programs, Federal Motor Carrier Safety Administration, 1200 New Jersey Avenue SE., Washington, DC 20590-0001, by telephone at (202) 366-4001 or via email at fmcsamedical@dot.gov. Office hours are from 9 a.m. to 5 p.m. ET, Monday through Friday, except Federal holidays. If you have questions on viewing or submitting material to the docket, contact Docket Services, telephone (202) 366-9826. SUPPLEMENTARY INFORMATION: I. Public Participation and Request for Comments FMCSA encourages you to submit comments regarding the impacts on privacy of information by the rules proposed in the Medical Examiner's Certification Integration rulemaking. All comments received will be posted without change to http://www.regulations.gov and will include any personal information you provide. A. Submitting Comments If you submit a comment, please include the docket number for this rulemaking (FMCSA-2012-0178), indicate the specific section of this document to which each comment applies, and provide a reason for each suggestion or recommendation. You may submit your comments and [[Page 30063]] material online or by fax, mail, or hand delivery, but please use only one of these means. FMCSA recommends that you include your name and a mailing address, an email address, or a phone number in the body of your document so FMCSA can contact you if there are questions regarding your submission. To submit your comment online, go to http://www.regulations.gov and click on the ``Submit a Comment'' box, which will then become highlighted in blue. In the ``Document Type'' drop- down menu, select ``Proposed Rules,'' insert ``FMCSA 2012-0178'' in the ``Keyword'' box, and click ``Search.'' When the new screen appears, click on ``Submit a Comment'' in the ``Actions'' column. If you submit your comments by mail or hand delivery, submit them in an unbound format, no larger than 8\1/2\ by 11 inches, suitable for copying and electronic filing. If you submit your comments by mail and would like to know that they reached the facility, please enclose a stamped, self- addressed postcard or envelope. FMCSA will consider all comments and material received during the comment period and may change the proposed rule based on your comments. B. Viewing Comments and Documents To view comments, as well as documents mentioned in the Medical Examiner's Certification Integration NPRM, available in the docket, go to http://www.regulations.gov and click on the ``Read Comments'' box in the upper right-hand side of the screen. Then in the ``Keyword'' box, insert ``FMCSA-2012-0178'' and click ``Search.'' Next, click the ``Open Docket Folder'' in the ``Actions'' column. Finally, in the ``Title'' column, click on the document you would like to review. If you do not have access to the Internet, you may view the docket online by visiting the Docket Management Facility in Room W12-140 on the ground floor of the Department of Transportation West Building, 1200 New Jersey Avenue SE., Washington, DC 20590, between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal holidays. C. Privacy Act Anyone may search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment (or of the person signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT's Privacy Act Statement for the Federal Docket Management System published in the Federal Register on January 17, 2008 (73 FR 3316), or you may visit http://www.gpo.gov/fdsys/pkg/FR-2008-01-17/pdf/E8-785.pdf. II. Background Legal Basis The Agency, in conjunction with the Department's Chief Information Office, has prepared and made available a PIA.\1\ This PIA has been prepared in accordance with the provisions of Section 522(a)(5) of the FY 2005 Omnibus Appropriations Act, Public Law 108-447, 118 Stat. 3268 (Dec. 8, 2004).\2\ This statute requires DOT agencies to prepare a PIA on proposed rules involving the privacy of information in identifiable form, including the type of personally identifiable information collected and the number of people affected.\3\ --------------------------------------------------------------------------- \1\ Available at http://www.regulations.gov/#!documentDetail;D=FMCSA-2012-0178-0039. \2\ Set out as a note to 5 U.S.C. 552a, the Privacy Act, 5 U.S.C. 552a. \3\ Section 522(f) of the statute defines ``identifiable form'' as to be consistent with section 208 of the E-Government Act of 2002 (set out as a note under 44 U.S.C. Sec. 3501, the Paperwork Reduction Act) and as any representation of information that permits identification of an individual to be reasonably inferred by either direct or indirect means. --------------------------------------------------------------------------- The statute involved does not require this Agency or the Department to provide an opportunity to comment on the PIA directly. The PIA provides a detailed explanation of the privacy interests involved in the entire National Registry program. It sets out the careful and thorough steps FMCSA and the Department have taken and will take to protect those interests, while at the same time carrying out the statutory directives to ensure that CMV drivers are physically qualified and can operate safely and that operation of a CMV does not affect their health.\4\ Nonetheless, the PIA does provide a basis for public comment on any rules proposed by the Agency that may have an impact on privacy of information within its scope. The context for such impact is provided by a brief review of the history of the development of the National Registry. --------------------------------------------------------------------------- \4\ 49 U.S.C. 31136(a)(3) and (4). --------------------------------------------------------------------------- Regulatory History The National Registry was developed and implemented under the authority of 49 U.S.C. 31149, enacted by Section 4116(a) of the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA-LU). The program is managed and maintained by the FMCSA. The Federal Motor Carrier Safety Regulations (FMCSRs) require that CMV drivers comply with physical qualification requirements and be examined and certified by a medical examiner (ME) at least once every two years. The National Registry ensures that MEs who perform DOT driver medical examinations are properly trained and certified by FMCSA to do so. The program maintains personally identifiable information (PII) for each ME candidate applying for ME certification, MEs' administrative personnel who are registering on the National Registry, and of CMV drivers examined by a certified ME. FMCSA published a final rule on April 20, 2012 (77 FR 73129), to establish and maintain a National Registry of Certified Medical Examiners. FMCSA posted a PIA of the final rule on the DOT privacy program Web site on August 20, 2012. FMCSA published the Medical Examiner's Certification Integration NPRM on May 10, 2013 (78 FR 24104), a follow-on rule to the National Registry final rule. The purpose of the principal requirements proposed in the Medical Examiner's Certification Integration NPRM was to modify the requirements adopted in two earlier final rules issued by FMCSA, Medical Certification Requirements as Part of the Commercial Driver's License, 73 FR 73096 (Dec. 1, 2008), and the National Registry final rule. It proposed that the information from the Medical Examiner's Certificate (MEC) be transmitted to FMCSA on a daily basis by MEs. FMCSA would then promptly and accurately transmit that information for CDL holders to the State Driver Licensing Agencies (SDLAs) electronically for entry into the appropriate CDL driver record within one business day of receipt from FMCSA. Specifically, the NPRM proposed to require MEs to use a slightly revised Medical Examination Report (MER) Form, MCSA-5875 and the MEC, Form MCSA-5876; daily instead of monthly reporting of CMV driver medical examinations; electronic transmission of CDL and Commercial Learner's Permit (CLP) driver information from the National Registry system to the SDLAs; and electronic transmission of medical variance information for all CMV drivers to the SDLAs. The PIA announced by this notice is an update to the previous National Registry PIA (August 20, 2012) and in support of the Medical Examiner's Certification Integration NPRM. It not only updates the additional collection of personally identifiable information (PII) under this rule but attempts to update language in the PIA for clarity to the reader. [[Page 30064]] III. Summary of Privacy Impact Assessment The Privacy Act of 1974 articulates concepts for how the Federal government should treat individuals and their information and imposes duties upon federal agencies regarding the collection, use, dissemination, and maintenance of PII. The E-Government Act of 2002, Section 208, establishes the requirement for agencies to conduct PIAs for electronic information systems and collections. The assessment is a practical method for evaluating privacy in information systems and collections, and provides documented assurance that privacy issues have been identified and adequately addressed. The PIA is an analysis of how information is handled to: (i) Ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system; and (iii) examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. Conducting a PIA ensures compliance with laws and regulations governing privacy and demonstrates DOT's commitment to protect the privacy of any personal information we collect, store, retrieve, use and share. It is a comprehensive analysis of how DOT's electronic information systems and collections handle PII. The goals accomplished in completing a PIA include: Making informed policy and system design or procurement decisions. These decisions must be based on an understanding of privacy risk, and of options available for mitigating that risk; Accountability for privacy issues; Analyzing both technical and legal compliance with applicable privacy law and regulations, as well as accepted privacy policy; and Providing documentation on the flow of personal information and information requirements within DOT systems. The Medical Examiner's Certification Integration NPRM would require the collection of PII; therefore, a PIA is required for the rulemaking and was prepared. It was belatedly included in the rulemaking docket and then made available on the DOT Privacy Web site late in 2013. The supporting PIA, available for review in the docket, gives a complete explanation of FMCSA practices for protecting PII, as updated from the 2012 PIA prepared in support of the National Registry of Certified Medical Examiners final rule. In addition, the 2013 PIA updates the frequency with which PII is submitted to the Agency, adds the driver's mailing address which is currently being collected on the medical forms to the list of PII required to be submitted to the National Registry, and outlines how certain PII would be transmitted to the State licensing agencies. There is no additional PII collected under this NPRM. The updated 2013 PIA is specifically related to both the National Registry and Medical Examiner's Certification Integration NPRM and the entire medical program administered by FMCSA. Upon reviewing the PIA, you should have a broad understanding of the risks and potential effects associated with the Department activities, processes, and systems described and approaches taken to mitigate any potential privacy risks. The Agency requests comments on the possible impact of the rules proposed in the NPRM on the protection of privacy of information used in determining the physical qualifications of drivers of commercial motor vehicles, in light of the evaluation by the Agency and the Department of the protection of privacy of information set out in the Privacy Impact Assessment. Issued under the authority delegated in 49 CFR 1.87 on: May 21, 2014. Larry W. Minor, Associate Administrator for Policy. [FR Doc. 2014-12176 Filed 5-23-14; 8:45 am] BILLING CODE 4910-EX-P