DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
January 22, 2007
Table of Contents
Overview of Federal Aviation Administration privacy management process for FAA MedXPress
Personally-identifiable information and FAA MedXPress
Why FAA MedXPress Collects information
How FAA MedXPress Uses Information
How FAA MedXPress Shares Information
How FAA MedXPress Provides Notice and Consent
How FAA MedXPress Ensures Data Accuracy
How FAA MedXPress Provides Redress
How FAA MedXPress Secures Information
How FAA MedXPress Retains Information
System of Records
The Federal Aviation Administration (FAA), within the Department of Transportation (DOT), has been given the responsibility to carry out safety programs. FAA is responsible for:
One of the programs that helps FAA fulfill this mission is the FAA Medical Certification System, known as FAA MedXPress, which has the following functions:
FAA MedXPress is managed by the Office of Aerospace Medicine (OAM) inside the FAA’s Civil Aerospace Medical Institute (CAMI). OAM/CAMI is responsible for a broad range of medical programs and services for both the domestic and international aviation communities. Services provided by the OAM/CAMI include:
As such, OAM/CAMI has the responsibility for collecting and maintaining any information related to the medical conditions of pilots and certain covered positions within the FAA.
All airmen, air traffic controllers (ATCs) and certain other designated FAA employees are required to have FAA Medical Certificates. The process of applying for an FAA Medical Certificate or Student Pilot Medical Certificate requires completion of the OMB-approved, FAA Medical History Form 8500-8, and performance of a medical examination of the applicant by an FAA-designated Aviation Medical Examiner (AME). The AME is a private physician who is approved by the FAA to perform this function.
Until now, the applicant has been required to complete Form 8500-8 in the AME’s office prior to the examination. FAA MedXPress now allows applicants to complete and submit their FAA Form 8500-8 on-line. FAA MedXPress securely transmits the completed form to FAA and makes it available to a designated AME to review at the time of the applicant’s medical examination. FAA MedXPress is built upon the FAA’s existing Aerospace Medical Certification Subsystem (AMCS) program, which allows AMEs to transmit Form 8500-8 medical history data to the FAA.
The protection of applicant privacy is a priority for FAA. FAA utilizes a privacy management process built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to ensure that DOT and FAA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FAA to achieve its mission of protecting and enhancing the U.S. transportation system. The methodology is based upon the following:
To handle airmen, air traffic controller, and other FAA employee medical certifications, FAA MedXPress requires the submission of personally identifiable information (PII) and non-PII data pertaining to applicants. For an individual to be included in the FAA MedXPress system, the applicant is required to electronically complete and submit the following PII:
The FAA MedXPress system collects PII in order to provide the AME and FAA with the necessary information to determine whether an applicant should be approved for medical certification as a pilot, air traffic controller, or other covered FAA employee. To facilitate this process, FAA MedXPress collects information electronically for automated transfer to AMEs. In general, FAA MedXPress aids the airman and medical examiners in providing current, consistent and valid information for FAA to make more informed certification decisions.
FAA MedExpress is used primarily as a tool to manage the flow of medical certification information. The information collected by FAA MedXPress is not used by any system, process, or individual until the applicant grants access permission to a selected AME by providing that AME with the confirmation number received from FAA after the application is submitted. After the AME has completed the medical examination, the information is sent to the FAA Legal Instrument Examiners at OAM/CAMI. The FAA Legal Instrument Examiners are the individuals within FAA responsible for approving medical certificates.
FAA MedXPress shares information with the AMEs and those within the FAA (OAM/CAMI) responsible for tracking medical clearance information. When the applicant provides the electronic information to an AME via a confirmation number, the data are transferred by FAA MedXPress to the AMCS. As stated previously, the AME uses the AMCS to electronically complete the Form 8500-8 to be transmitted to the FAA. FAA MedXPress shares applicant data in accordance with the Privacy Act System of Records Notice DOT/FAA 847 - Aviation Records on Individuals.
For an individual’s PII to be included in FAA MedXPress, that individual must have applied for a medical certificate. Notice is provided to applicants through the applicable Privacy Act System of Records Notice, DOT/FAA 847 – Aviation Records on Individuals. In addition, the FAA MedXPress Web site provides notice to all applicants via a privacy policy that contains all the protections and advisories required by the E-Government Act, as well as terms of use documentation. Upon registering with and logging into FAA MedXPress, applicants are able to provide consent to the terms of use by checking an appropriate box and submitting a form.
FAA MedXPress receives all data directly from the applicant. FAA MedXPress uses internal validation functionality to ensure that all required data fields have been completed on the form. It is the responsibility of the AME to ensure that all data submitted by the applicant are complete and correct. Applicants are able to modify their data; however, any modifications to the applicant’s submitted data must be manually updated on the printed form and initialed by the applicant.
As provided for by the Privacy Act System of Records notice DOT/FAA 847 - Aviation Records on Individuals, individuals with questions about privacy and FAA MedXPress, including the redress process, may contact FAA directly. The FAA MedXPress system resides at:
6500 S. McArthur Blvd.
CAMI Bldg. Room B-17A
Oklahoma City, OK 73169
The posted privacy policy on the FAA MedXPress Web site also provides contact information for FAA’s Privacy Officer.
FAA MedXPress takes appropriate security measures to safeguard PII and other sensitive data. FAA MedXPress applies DOT security standards, including, but not limited to, routine scans and monitoring, back-up activities, and background security checks of those FAA employees and contractor employees who have access to the data.
The following electronic access safeguards are also in effect:
FAA MedXPress uses Secure Socket Layer encryption and session tracking to ensure that applicant data submitted on-line and transmitted to the FAA remains secure. FAA MedXPress does not employ the use of persistent cookies.
FAA MedXPress users must apply for an account using a valid email address. Temporary passwords are sent to the address provided and expire upon first use. The FAA MedXPress application consists of an account creation and user authentication module, an electronic Form 8500-8 entry module, and an email notification module. All modules operate in succession by accessing the same security information. As stated above, FAA MedXPress uses session and IP address tracking to ensure that only the validated user will have access to data.
FAA MedXPress also ensures that the only AME given access to the information entered by the applicant is the AME who receives a confirmation number from the applicant.
In addition, access to FAA MedXPress PII is limited according to job function. FAA controls access privileges according to the following roles:
The following matrix describes the levels of access and safeguards around each of these roles as they pertain to PII.
ROLE | ACCESS |
SAFEGUARDS |
---|---|---|
User |
|
The following safeguards apply:
|
Help Desk |
|
The following safeguards also apply:
|
FAA MedXPress retains information for completed exams as required by law. Applications for medical certification that are collected by FAA MedXPress are deleted after 60 days under the following circumstances:
FAA MedXPress is a system of records subject to the Privacy Act, because it is routinely searched by a unique identifier. This system is covered by System of Records Notice: DOT/FAA 847 - Aviation Records on Individuals.