System Name: FDA Records Related to Research Misconduct Proceedings, HHS/FDA/OC.
Security Classification: The security classification for the system is: Unclassified.
System Location(s): System records are located in the Office of the Chief Scientist, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 32, rm 4214, Silver Spring, MD 20993. Some records may reside in the Agency component offices during the time that an allegation is under review.
Categories of Individuals Covered by the System: This system includes records related to the processing and reviewing of allegations of research misconduct levied against an individual (the respondent) who is an agent of, or affiliated by contract or agreement with FDA, or an FDA employee involved in intramural research. The records contain personally identifiable information (PII) and non-PII about respondents, complainants, witnesses and other individuals affiliated with entities that are contacted by or provide information to FDA.
Privacy Act notification, access, and amendment rights (described in this document) relative to this system are available to individuals who are subjects of records in the system, that is, respondents. Although records in the system may contain PII related to other individuals, only respondents are considered subjects of records in this system.
"Respondents" is defined as "the person against whom an allegation of research misconduct is directed or who is the subject of a research misconduct proceeding." The term "research misconduct" is defined in 42 CFR 93.103 to mean " fabrication, falsification, or plagiarism in proposing, performing, or reviewing research, or in reporting research results." These and other definitions are set out in 42 CFR part 93.
This system notice applies to an allegation of research misconduct involving the following: (1) Applications or proposals for FDA support for biomedical or behavioral extramural or intramural research or research training, or activities related to that research or research training; (2) FDA supported biomedical or behavioral extramural or intramural research; (3) FDA supported extramural or intramural research training programs; (4) FDA supported extramural or intramural activities that are related to biomedical or behavioral research or research training; and (5) plagiarism of research records produced in the course of FDA supported research, research training, or activities related to that research or research training.
Categories of Records in the System: The records in the system include information that must be submitted to ORI by FDA under 42 CFR part 93 and information that FDA obtains while conducting research misconduct proceedings. This information may include, but is not limited to:
PII about respondents such as name, date of birth, employment information, educational background, social security number, personal and professional phone numbers, mailing address, and email address;
PII regarding complainants and witnesses such as name, and personal or work contact information;
The nature and substance of allegations;
Data regarding FDA funding related to the research and/or respondent, including grants numbers;
The organization(s) and officials responsible for conducting the action that are part of the research misconduct proceeding;
The documentation used in the inquiry and investigation, including relevant research data and materials, which may include relevant information on study subjects;
Applications, proposals, and documentation related to review and award actions;
Reports, abstracts, manuscripts, and publications by the respondent(s);
Other relevant reports, abstracts, manuscripts, and publications;
Correspondence and memoranda of telephone calls;
Summaries of interviews and transcripts or recordings of interviews;
Statistical, scientific, and forensic analyses;
Interim and final FDA reports; and
Records of Agency findings, administrative actions, and appeal proceedings, if any.
The system also contains general administrative and oversight records regarding ORI actions. This includes information related to the following: (1) ORI reviews of the research misconduct proceedings, ORI findings of research misconduct, and ORI proposals for administrative action or for settlement of the case; (2) a respondent's opportunity to contest ORI findings of research misconduct and proposed HHS administrative actions; (3) final HHS findings of research misconduct and final decisions regarding administrative actions and their implementation; and (4) FDA and ORI coordination with other Federal, State, and local offices or agencies, including the DOJ.
Authority for Maintenance of the System: The authorities for maintaining this system are: 21 U.S.C. 371, 375, 393(d)(2), 394, 397, and 399a; 42 U.S.C. 216(b), 241, 289b; 5 U.S.C. 301; 44 U.S.C. 3101; and 42 CFR part 93.
Purpose(s): The purposes of this system are to do the following:
1. Enable FDA, ORI, HHS, and the Federal Government to protect the health and safety of the public, to promote the integrity of FDA supported research, and to conserve public funds.
2. Enable FDA to implement its authority relating to research misconduct proceedings as set forth in 42 CFR part 93 and to document FDA activities in implementing that authority.
3. Ensure that research misconduct proceedings, including FDA's implementation of the Agency's and other HHS administrative actions, are carried out in accordance with FDA policy, 42 CFR part 93, and other applicable Federal statutes and regulations.
4. Enable FDA to inform Agency officials and other HHS officials who have a need for the records in the performance of their duties of the status and results of research misconduct proceedings.
5. Enable FDA to notify, consult with, and provide assistance to ORI, and other Federal, State, or local agencies to permit them to take action to protect the health and safety of the public, to promote the integrity of FDA supported research, to conserve public funds, or to pursue potential violations of civil and criminal statutes.
Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of such Uses:
The Privacy Act lists the conditions for disclosure under 5 U.S.C. 552a(b). Among the permitted disclosures is disclosure "to those officers and employees of the agency which maintains the record who have a need for the record in the performance of their duties" (5 U.S.C. 552a(b)(1)). For this system of records, this condition would include disclosure to the appropriate FDA, ORI, and other HHS officers and employees.
Permitted disclosures also include routine uses that are listed in the notice of the system of records (5 U.S.C. 552a(b)(3)). The Privacy Act defines "routine use" as "with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected." See also FDA's Privacy Act regulations, defining "routine use" as "use outside the Department of Health and Human Services that is compatible with the purpose for which the records were collected and described in the [System of Records] notice)" (21 CFR 21.20(b)(5)).
Records in this system that contain information about record subjects (respondents) and nonsubjects (witnesses, complainants, and other individuals affiliated with entities that are contacted by or provide information to FDA) may be disclosed to recipients outside HHS in accordance with the following routine uses:
1. Disclosure may be made to any individual or entity able to obtain information or provide information or assistance in a research misconduct proceeding or related proceeding. Recipients of disclosures under this routine use may include experts asked to perform statistical, forensic, or other analyses; the relevant FDA supported institution(s); institutions with which the respondent(s) was previously affiliated; Federal, State and local agencies; the respondent(s); the complainant(s); witnesses; and organizations or individuals acting on behalf of those agencies, institutions, and individuals; provided, however, that in each case FDA determines whether limited disclosures or confidentiality agreements are needed to protect the privacy of respondent(s), complainant(s), witnesses, research subjects, or others who may be identified in the records to be disclosed.
2. Disclosure may be made to other Federal, State, or local agencies and offices, if FDA has reason to believe that a research misconduct proceeding may involve that agency or office.
3. Disclosure may be made to appropriate Federal Agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance.
4. Disclosure may be made to Institutional Review Boards, collaborating institutions, and individual research subjects, regarding information obtained or developed through a research misconduct proceeding that, in FDA's judgment, may have implications for individuals' health or for their participation in a research study.
5. When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, disclosure may be made to the appropriate agency, whether Federal, foreign, State, local, or tribal, or other public authority responsible for enforcing, investigating, or prosecuting such violation, if the information disclosed is relevant to the responsibilities of the agency or public authority.
6. After FDA makes a finding of research misconduct and has informed ORI of this finding, disclosure may be made to responsible officials of FDA supported institutions or organizations, when in connection with a research misconduct proceeding concerning a respondent previously or currently employed by, or affiliated with the institution or organization, or when FDA, ORI, or HHS makes a finding or takes an action potentially affecting the agency or organization or its FDA support for research, research training, or related activities.
7. After FDA makes a finding of research misconduct and has informed ORI of this finding, disclosure may be made to the respondent's supervisor because research will be a significant part of many employee jobs, and performance is an important element of information to help the supervisor determine employee assignments as well as the level of supervision needed. If an individual moves to another job or contract, FDA may notify the other entity that we have relevant information with regard to that individual.
8. After FDA makes a finding of research misconduct and has informed ORI of this finding, disclosure may be made to a Federal Agency in connection with the hiring or retention of the respondent, the issuance of a security clearance, the reporting of an investigation of an employee, or the issuance of a license or other benefit by the Agency, to the extent that the record is relevant to the Agency's decision on the matter.
9. After FDA makes a finding of research misconduct and has informed ORI of this finding, disclosure may be made to professional journals, other publications, news media, and the public concerning research misconduct findings and the need to correct or retract research results or reports that have been affected by research misconduct, unless it is determined that release of the specific information in the context of a particular case would constitute a clearly unwarranted invasion of personal privacy. No information will be released that would reveal a confidential source.
10. After FDA makes a finding of research misconduct and has informed ORI of this finding, disclosure may be made to a State licensing board, certifying body, or other similar entity conducting a review of the respondent to aid the entity in meeting its responsibility to protect the health of the population in its jurisdiction or the integrity of the profession.
11. Disclosure may be made to contractors and other individuals or entities who perform services for the Agency related to this system of records and who have access to the records in order to perform such services, including individuals appointed to serve on FDA research misconduct inquiry committees or investigation committees if such individuals need access to the records to perform their assigned task. Provided, however, in each case FDA determines whether limited disclosures or confidentiality agreements are needed to protect the privacy of respondent(s), complainants(s), witnesses, research subjects, or others who may be identified in the records to be disclosed; and FDA determines that the disclosure is for a purpose compatible with the purpose for which the Agency collected the records.
12. When FDA closes a case without a settlement or finding of research misconduct, disclosure may be made to the respondent, relevant institution, and complainant(s); provided, however, that in each case FDA determines whether limited disclosures or confidentiality agreements are needed to protect the privacy of respondent(s), complainant(s), witnesses, research subjects, or others who may be identified in the records to be disclosed.
13. Disclosure may be made to the DOJ when: (1) The Agency or any component thereof; or (2) any employee of the Agency in his or her official capacity; or (3) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (4) the U.S. Government is a party to litigation or has an interest in such litigation, and by careful review, the Agency determines that the records are both relevant and necessary to the litigation and the use of such records by the DOJ is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
14. Disclosure may be made to a court or other tribunal when: (1) The Agency or any component thereof; or (2) any employee of the Agency in his or her official capacity; or (3) any employee of the Agency in his or her individual capacity where the DOJ has agreed to represent the employee; or (4) the U.S. Government is a party to the proceeding or has an interest in such proceeding, and by careful review, the Agency determines that the records are both relevant and necessary to the proceeding and the use of such records is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
15. Einstein 2 Cyber Security Monitoring: Records may become accessible to U.S. Department of Homeland Security (DHS) cyber security personnel, if captured in an intrusion detection system used by HHS and DHS pursuant to the Einstein 2 program. Under Einstein 2, DHS uses intrusion detection systems to monitor Internet traffic to and from federal computer networks to prevent malicious computer code from reaching the networks. According to DHS' Privacy Impact Assessment for Einstein 2 (available on the DHS Cybersecurity privacy Web site, http://www.dhs.gov), only PII that is directly related to a malicious code security incident is captured by and accessible to DHS, and DHS does not access PII unless the PII is part of the malicious code.
16. Disclosure may be made to the National Archives and Records Administration and/or the General Services Administration for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:
Storage: Records may be maintained in hard copy files and on computer disks, hard drive, and file servers, and other types of data storage devices.
Retrievability: Records may be retrieved by manual or computer search of the case-tracking system using the name of the respondent(s).
Safeguards: a. Authorized users. Records in FDA's system are available to the Commissioner of Food and Drugs, the Agency's Chief Scientist and Deputy Commissioner for Science and Public Health, the Agency's Research Integrity Officer (System Manager), and to other appropriate FDA staff when they have a need for the records in the performance of their duties. Records are also available to the Director of ORI and other appropriate ORI staff, and to other appropriate HHS officials that are involved in the research misconduct proceeding, when there is a need to know in the performance of their duties. All authorized users are informed that the records are confidential and are not to be further disclosed.
b. Procedural safeguards. Access is strictly controlled by the Research Integrity Officer (System Manager) in compliance with the Privacy Act and this system notice. Access to the records is limited to ensure confidentiality. All questions and inquiries from any party should be addressed to the Research Integrity Officer (System Manager).
c. Physical safeguards. All records (such as diskettes, computer listings, or documents) are kept in a secured area, locked rooms, and locked building. The facility has a 24-hour guard service, and access to the building is further controlled by an operational card key system. Access to the files, which are generally hard copy, is limited to a subset of individuals with general access to the building.
Access to individual offices is controlled by simplex locks. Records are kept in locked file cabinets in a room that is locked during non- working hours. Access to this room is restricted to specific personnel. Access to computer files is strictly limited through passwords and user-invisible encryption. Special measures commensurate with the sensitivity of the record are taken to prevent unauthorized copying or disclosure of the records.
Retention and Disposal: The records are maintained for 7 years in accordance with 42 CFR part 93, FDA's Records Control Schedule, and with the applicable General Records Schedule and disposition schedule approved by the National Archives and Records Administration.
System Manager(s) and Address(es): FDA Research Integrity Officer, Office of the Chief Scientist, Food and Drug Administration, 10903 New Hampshire Ave., Bldg. 32, Rm 4214, Silver Spring, MD 20993.
Notification Procedure: In accordance with 21 CFR part 21, subpart D, an individual may find out whether a record exists about him or her by submitting a written request, with notarized signature if request is made by mail, or with identification if request is made in person, directed to: FDA Privacy Act Coordinator, Division of Freedom of Information (ELEM-1029), Food and Drug Administration, 12420 Parklawn Dr., Element Building, Rockville, MD 20857. HHS/FDA is exempting all records related to research misconduct proceedings from this provision (see section I.S of this document Records Exempted from Certain Provisions of the Privacy Act). However, consideration will be given to requests addressed to the Privacy Act Coordinator as described previously in this document. In addition, some records may be exempt under 5 U.S.C 552a(d)(5), if they are "compiled in reasonable anticipation of a civil action or proceeding." See also 21 CFR 21.41(e).
Record Access Procedures: Procedures are the same as those in section I.O of this document (Notification Procedure). Requests should also reasonably specify the record contents being sought and may also request an accounting of disclosures that have been made of the record, if any. As stated previously in this document, HHS/FDA is exempting all records related to research misconduct proceedings from this provision (see section I.S of this document, Records Exempted from Certain Provisions of the Privacy Act), and some records may be exempt under 5 U.S.C. 552a(d)(5). However, consideration will be given to access requests addressed to the Privacy Act Coordinator as described in section I.O of this document (Notification Procedure).
Contesting Record Procedures: In accordance with 21 CFR 21.50, contact the Privacy Act Coordinator, Food and Drug Administration (see section I.O of this document). Reasonably identify the record and specify the information being contested, the corrective action sought, and your reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant. As stated previously in this document, HHS/FDA is exempting all records related to research misconduct proceedings from this provision (see section I.S of this document, Records Exempted from Certain Provisions of the Privacy Act ), and some records may be exempt under 5 U.S.C. 552a(d)(5).
Record Source Categories: Information in this system is obtained from many sources, including the following: (1) Directly from the respondent or complainant or his/her representative; (2) derived from materials supplied by the respondent or complainant or his/her representative; (3) from information supplied by the institutions, witnesses, scientific publications, and other nongovernmental sources; (4) from observation and analysis made by FDA and ORI staff and scientific experts; (5) from departmental and other Federal, State, and local government records; (6) from hearings and other administrative proceedings; and (7) from any other relevant source.
Exemptions Claimed for the System: FDA records related to research misconduct proceedings will be exempt from the Privacy Act requirements pertaining to providing an accounting of disclosures, access and amendment, notification, and Agency procedures and rules under sections 552a(k)(2) and (k)(5) of the Privacy Act.
Elsewhere in this issue of the Federal Register, FDA is publishing a notice of proposed rulemaking and direct final rule to apply these exemptions to records in this system related to ongoing investigations or that would reveal a confidential source. These exemptions are necessary to safeguard the integrity of the research misconduct proceedings and to ensure that FDA's efforts to obtain accurate and objective information will not be hindered. In the course of investigations of allegations of research misconduct, it is often necessary to give an express promise to withhold the identity of an individual who has provided relevant information. Sources of information necessary to complete an effective investigation may be reluctant to provide sensitive information unless they can be assured that their identities will not be revealed. The proposed exemptions will ensure that the records related to ongoing investigations will not be disclosed inappropriately and that the identities of confidential sources will be protected.
The notice of proposed rulemaking and direct final rule provide additional detail regarding the bases for these exemptions.