Information Security and Privacy Controls over the Airmen Medical Support Systems [open pdf - 174KB]
This Department of Transportation (DOT) Office of Inspector General Report (OIG) "presents the results of our review of the information security and privacy controls over the Federal Aviation Administration's (FAA) Airmen Medical Support Systems (MSS). FAA requires airmen to hold a medical certification of their medical and mental fitness to operate aircraft. MSS currently stores more than 18 million medical records supporting the medical assessment of over three (3) million airmen. To ensure aviation safety and protect the privacy of airmen, it is critical that this medical information be secure. Also, coordination with other Federal agencies may improve aviation safety by identifying airmen who are receiving disability benefits and may not have disclosed potentially disqualifying medical conditions. This review was requested by the Chairmen of the House Committee on Transportation and Infrastructure and its Subcommittee on Aviation. The objectives of [this OIG] audit were to (1) determine if airmen's personally identifiable information (PII) is properly secured from unauthorized use or access, and (2) assess FAA's progress in establishing mechanisms to identify airmen holding current medical certificates while receiving disability pay. To conduct [this] work, [the OIG] interviewed officials from FAA's Civil Aerospace Medical Institute located in Oklahoma City, Oklahoma; FAA's Headquarters in Washington, D.C.; as well as representatives from FAA's contractor and Aviation Medical Examiners' (AME) private medical support staff at various locations. [The OIG] also spoke with officials from FAA's Office of Budget Policy Division."
Department of Transportation, Office of Inspector General, Report No. FI-2010-069
United States Department of Transportation, Office of Inspector General: http://www.oig.dot.gov/