Fmcsa medical examiners registry remains offline transport topics jstor database

The statement said that on dec. 15, the agency attempted to put the system back online but determined there were still security vulnerabilities and the system was taken offline again. It remained down as of press time.

The medical examiners database contains records of medical exams and sensitive information on the 58,000 examiners as well as exams administered to truck drivers, according to a privacy impact assessment of the website last year by the U.S. Department of transportation.

A statement on the registry site reads: “the national registry website is currently under construction with limited functionality.” that functionality allows drivers to plug in their zip codes to find certified examiners in their area.FMCSA said

“the delay in restoring the site is due to the department’s commitment to ensure the security of the site,” FMCSA said.

“the security of the data and privacy of drivers and medical examiners is the paramount concern.”

The agency noted the hack indicated that the information technology system safeguard needed enhancements to protect against certain risks that have surfaced since the site was first launched around 2011.

“we will continue to work to address those risks to ensure that when the site is up and running, we will be in a better position to avoid a repeat of what happened in december 2017,” FMCSA said.

The agency said the cost to make the fixes has not yet been determined but that the DOT chief information officer and FMCSA are working to “develop a roadmap and cost estimate to deploy services through an iterative methodology.”

information technology

The rule removes the requirement that drivers provide paper copies of their medical certifications to their state commercial driver license issuing agency. Therefore medical cards would no longer be considered valid proof of medical qualification for drivers with commercial driver licenses.

Under the new rule, medical examiners would electronically pass medical examination information to FMCSA, which would in turn pass it electronically to the state licensing agency, allowing law enforcement to make checks to validate medical driver qualifications.

Brian morris, a member of FMCSA’s medical review board and corporate medical director for quadrant health strategies inc., said the agency has not shared information with him on the hack.FMCSA said

“I can’t imagine what could be going on with the site being down for months,” morris told TT. “I have no idea when the site is going to go back up.”

Although FMCSA said it has launched a static look-up function on the website for validity checks, morris said since data has not been entered in recent months, any validity checks of exams likely would have to be verified with the examiner’s office.

There have been past indications that information technology systems at FMCSA and DOT have room for improvement in protecting personally identifiable information.

A DOT inspector general audit released in january recommended that DOT’s chief privacy officer establish a continuous monitoring program for security controls to ensure that personal, identifiable information systems remain compliant with the agency’s privacy risk management policy.Information technology

In a 2017 report on FMCSA’s information technology, the government accountability office said the agency needed to strengthen its strategic planning and oversight to modernize legacy systems, including the medical examiners registry.

In 2016, a DOT inspector general audit of the volpe transportation center, which contracted with FMCSA to develop and operate the medical examiners registry, said that some of the center’s management practices created security weaknesses that make its IT infrastructure vulnerable to compromise.