Date of this submission: 12/16/2008
NASA Center: Sunguard
Application Name: OCHMO EHRS
Is this application or information collection new or is an existing one being modified? New
Does this application collect, maintain, and/or disseminate information in identifiable form (IIF)? YES
Mission Program/Project Supported: Office of the Chief Health and Medical Officer
Identifying Numbers (Use N/A, where appropriate)
Privacy Act System of Records Number: NASA 10HIMS
OMB Information Collection Approval Number and Expiration Date: N/A
Other Identifying Number(s): N/A
1. Provide an overview of the application or collection and indicate the legislation authorizing this activity.
The Office of the Chief Health and Medical Officer (OCHMO) is implementing an Electronic Health
Record System (EHRS) for all of the NASA Occupational Health clinics. The project's objective is to replace the paper-based medical records with electronic health records. This will reduce errors, standardize processes and improve record eligibility, patient care, data analysis, communication and
reporting of bio-surveillance issues. The EHRS collects medical information required by Occupational Safety and Health Administration (OSHA) and the Federal Employees' Compensation Act (FECA).
2. Describe the information the agency will collect, maintain, or disseminate and how the agency will use the information. In this description, indicate whether the information contains IIF and whether submission is voluntary or mandatory.
This system contains general medical records of medical care, first aid, emergency treatment, examinations (e.g., surveillance, hazardous workplace, certification, flight, special purpose and health
maintenance), exposures (e.g., hazardous materials and ionizing radiation), and consultations by non-NASA physicians. Information resulting from physical examinations, laboratory and other tests, and medical history forms; treatment records; screening examination results; immunization records;
administration of medications prescribed by private/personal or NASA physicians; consultation
records; and hazardous exposure and other health hazard/abatement data. The information is used by the Occupational Health clinics at all NASA centers in order to carry out their daily operations. The
system contains Information in Identifiable Form (IIF) as part of the general medical records. The IIF information is mandatory since it is needed to provide proper medical care/treatment at the clinic.
3. Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort.
The information collected includes the minimum IIF required to allow full and proper functioning of the
4. Explain why the IIF is being collected, maintained, or disseminated.
The system contains IIF as part of the general medical records, documenting all aspects of
occupational health care as required by OSHA and FECA.
5. Identify with whom the agency will share the IIF.
Entities that have access to the data in the EHRS are listed in the SORN.
6. Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.
Partial patient demographic data will be obtained in data feeds from data sources inside NASA. The
demographic data not obtained by data feed will be obtained directly from the patient. Medical
information will be provided by the clinic staff. Medical information confidentiality falls under the Health Insurance Portability and Accountability Act (HIPAA); consent forms are required of all patients that are treated in the clinic. No PIA specific consent is used.
7. State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children's Online Privacy Protection Act of 1998)
8. Describe how the IIF will be secured.
Please refer to the System Security Plan for details of physical and other controls.
9. Describe plans for retention and destruction of IIF.
Records are maintained in Agency files and destroyed by series in accordance with NASA Records
Retention Schedule 1, Item 126, and NASA Records Retention Schedule 8, Item 57.
10. Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained.
Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it: Teresa Fryer, NASA Privacy Program Manager
Signature on File Signature on File
Janine E. Hardin Henry W. Yu
NASA Cognizant Official Center PAM
Date: 12/15/08 Date: 12/10/08
Signature on File Signature on File
Michael J. Bolger Teresa M. Fryer
Center CIO NASA Privacy Act Officer
Date: 12/10/08 Date: 12/8/08
Signature on File
Jonathan Q. Pettus
NASA Chief Information Officer