Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Centers for Disease Control - Page 3

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / CDC Consolidated Tracking System (CTS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/22/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0006
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CTS Service Center
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Bill McHarg

10. Provide an overview of the system:  The essential system functions are: Enabling the CIO’s a way to track requests and tasks associated with their Center’s services, processes, or products; Support for incident, change, service request (interaction), self-service (ESS); Connectivity and integration with other HP software, as well as with LDAP directories, e-mail, and databases; Provides a central “triage” command center for all issues; Tracks IT work and responsibility, providing visibility into service support; Integration of ServiceCenter with CIO’s intranet web pages
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A No PII is shared
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CTS Service Center System provides a central information point for processing service requests and resolutions for 5 CDC organizations. These organizations are (1) Strategic National Stockpile (DSNS), (2) Office of Safety, Health and Environment (OHS), (3) Public Health Information Network (PHIN) (4) Financial Management Office (FMO) (5) Human Capital Resource Management (AHRC).  Requests are received via phone, web or email. A request is created in CTS Service Center as a Call/Incident either manually or email generated. Depending on the nature of the request the technician either resolves the call or escalates to a SME. Once the incident ticket is closed, then the call is closed and all information is logged into the database.  The Human Capital Resource Management (AHRC) organization at times may collect PII data that is sent to them voluntarily ( by email) from people looking for employment.  They will voluntarily submit their resumes which may include personal information (phone numbers, email addresses, etc).  This information is not disseminated to other agencies
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Individuals are not asked to supply PII via this system only non-PII identifying information, i.e., application applied to and or issues of concern.  Individuals submitting PII via this system have the safeguards of submitting their information to a government e-mail address contained and secured through customary information technology practices and procedures.  Given that this is an inquiry system used to triage federal hiring and human resources matters, individuals grant consent to use of PII through other data collection systems that contain proper PII warnings and notifications, e.g., USAJOBS, USASTAFFING, as well as internal HHS human resources systems, i.e., CapitalHR, and WIZ. This information is not disseminated to other agencies
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII is secured using Mandanten security within the application and using Active Directory for access to the application. Mandanten is set up based on the company of the user who called in the interaction, though it can be set up based on any value in any table that needs to be protected. Mandanten protection is set up on a per-table basis
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/22/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Content Services Reporting System (CSRS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/25/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Content Services Reporting System(CSRS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Scott Mullins
10. Provide an overview of the system:  The Content Services Reporting System (CSRS) is an internal facing web based system that will provide a basic reporting capability for various data sources, such as the CDC Media, DIOE CIT, and the CDC Percussion Web Content Management System. The system is only accessible via the CDC Intranet. There will be one-way data replication functionality from the target database to the Microsoft SQL Server Reporting Services (SSRS) platform within the CSRS. This system was created to provide reporting capabilities for information systems managing content within CDC.GOV.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Content Services Reporting System (CSRS) is an internal facing web based system that will provide a basic reporting capability for various data sources, such as the CDC Media, DIOE CIT, and the CDC Percussion Web Content Management System. This system was created to provide reporting capabilities for information systems managing content within CDC.GOV. There is no PII in the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/25/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Content Transformation System (CCTVS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Content Transformation and Validation System (CCTVS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Scott Mullins
10. Provide an overview of the system:  The CDC Content Transformation and Validation System (CCTVS) is based on a COTS product called Kapow Katalyst. Kapow Katalyst is an application integration platform that integrates with any layer in the application stack — the presentation layer, the application layer (APIs) or the database layer  — and automates the processes of extracting, transforming, integrating and migrating data from virtually any application to any other. Kapow Katalyst Application Integration Platform eliminates the dependency on APIs, project delays, and the high risk of inaccurate data from manual processes.
Kapow Katalyst consists of four components, although we will only be using three of them.  The components we are using are Management Studio, Design Studio, and Robo Server.  Management Console is a java web application which runs in a Tomcat servlet container.  The server firewall will be configured so Management Console is not accessible to users outside of the server it is installed on.  Robo Server and Design Studio are thick client java applications.  Management Studio and Design Studio are GUIs for Robo Server. Robo Server will be configured via Management Studio and Design Studio to crawl cdc.gov websites, extract content, transform it, and load it into the WCMS system.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CCTS will crawl cdc.gov websites, extract content, transform it, and load it into the WCMS system. There will be no PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII collected

32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/21/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Cost Effectiveness HIV/AIDS Database (CHAD) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  Initial PIA Migration to ProSight 
1. Date of this Submission:  2/3/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Cost Effectiveness HIV/AIDS Database (CHAD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tim Green
10. Provide an overview of the system:  CHAD is a client server application that performs the following functions:
•Generates comparison tables of cost-effectiveness of HIV interventions by target population as defined by risk, age, gender, race or other setting.
•Updates aforementioned tables with minimal effort. Specifically, without undertaking any literature searches.
•Responds promptly to adhoc OD (or other) requests for information on the state of the art.
•Understand current gaps in the existing literature. For example, where effectiveness data may exist (according to PRS) but cost-effectiveness is lacking.
•Generate (write) systematic reviews of the literature with minimal effort given that the searches will be automated and the results parsed periodically.
•Sort and compare study results by type including Model-based, Research-based and Program-based.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Generates comparison tables of cost-effectiveness of HIV interventions by target population as defined by risk, age, gender, race or other setting.
•Updates aforementioned tables with minimal effort. Specifically, without undertaking any literature searches.
•Responds promptly to adhoc OD (or other) requests for information on the state of the art.
•Understand current gaps in the existing literature. For example, where effectiveness data may exist (according to PRS) but cost-effectiveness is lacking.
•Generate (write) systematic reviews of the literature with minimal effort given that the searches will be automated and the results parsed periodically.
•Sort and compare study results by type including Model-based, Research-based and Program-based.

No Personally Identifiable Information (information that can be used to identify an individual) will be collected, stored, or transmitted.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olsan
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  ThomasP Madden
Sign-off Date:  2/3/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Cote d’Ivoire IT Infrastructure (GAP-Cote d'Ivoire) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/6/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-­1104-00-114-042
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC Cote d’Ivoire IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Cote d’Ivoire and provides file server, exchange server, webmail server.  Authentication is performed by a locally administered Active Directory for administering local users only.  Failover is to local AD at the site.  Local does not send or receive information from the main HHS/CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 12/07/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/6/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER C-support [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  Rolled-up under CDC PH Monitoring for Office of Terrorism # 009-20-01-03-02-8121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1579
7. System Name (Align with system Item name):  OPHPR cSupport
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dan Tuten
10. Provide an overview of the system:  OPHPR C-Support is based on the COTS product c.Support® from GWI Software.  It is a comprehensive help desk/customer support application that allows support organizations to coordinate and manage everyday support activities as well as track assets, build a knowledge base and provide customer self-help.
Designed and developed using the Microsoft® .NET Framework, it provides the best overall value by leveraging our existing investment in Microsoft® systems, servers, and infrastructure. c.Support will integrate with Microsoft Active Directory®, Domino Directory, a Microsoft SQL database, and/or Microsoft® CRM.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  OPHPR C-Support collects non-PII, non-CUI data from internal OPHPR users only for entering and tracking OPHPR Service Request/HelpDesk tickets.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/31/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Countermeasure Tracking Systems (CTS) Inventory Management and Tracking System (IMATS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/29/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Countermeasure Tracking Systems (CTS) Inventory Management and Tracking System (IMATS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Barbara Nichols
10. Provide an overview of the system:  IMATS will not collect, maintain (store), disseminate and/or pass through SSNs(Social Security Numbers) within any database(s), record(s), file(s) or website(s) hosted by this IMATS; thus,  Attachment A – SSN Elimination or Usage Approval Request is not required.

The IMATS system solution will provide the Division of Strategic National Stockpile (DSNS) and public health Project Areas (50 states plus specific major cities and territories) grantees with the ability to track and report multiple levels of countermeasure inventory. The system will allow enhanced coordination of countermeasure allocations at each level of public health Project Areas.  The system will enable DSNS and Project Areas to enhance the existing process and increase capacity to manage and report on state and local inventory caches in all-hazards public health response efforts to an event.

To support the needs of the Project Areas, the IMATS system is capable of accepting counts of inventory items using two options:
·          IMATS On-line - Project Area will collect and enter inventory counts data via CDC IMATS on-line to send to the CDC.
·          Data Exchange - Project Areas that have their own inventory management system may send a file via the data exchange process to the CDC for inventory counts on-hand from their existing inventory management systems using either delimited text or extensible markup language (XML) format.
Each project area may select one option for providing requested aggregate inventory information to the Centers for Disease Control and Prevention (CDC).

IMATS is a 3-tier browser-based application utilizing the following:
·          Client tier XHTML-generated HTML runs in a web browser IE8 and higher
·          Web tier built using JSF2, Spring and JPA.  Reporting functionality is delivered through BIRT reporting engine.
·          Persistence or Data tier Microsoft SQL Server 2008.

IMATS will run on the following platform:
·          Web Application Server: BEA Web Logic application server (11g)
·          J2EE web-based application
·          Database Server: Microsoft SQL 2008 Server
·          Hosting Environment: MTDC

Data Exchange will run on the existing CTS Countermeasure Inventory Tracking (CIT) application.

Based on hosting IMATS in the MTDC, the MTDC Business Continuity Plan (BCP) will apply. IMATS authentication will be handled via SAMS using a tiered level 2 and 3 e-authentication (e-auth).

The maximum time the system can be down without adversely affecting CDC’s mission performance is 48 hours.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  IMATS contains no PII, so it cannot share or disclose any PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) Per NIST 800-60, CTS IMATS will be solely concerned with Inventory Control of pharmaceuticals, vaccines, medical supplies, and medical equipment, which is defined as “the tracking of information related to procured assets and resources with regards to quantity, quality, and location” with a recommended security CIA categorization of a triple low for confidentiality, integrity, and availability (CIA).”
(2) The Division of the Strategic National Stockpile (DSNS) program provides pharmaceuticals, vaccines, medical supplies, and medical equipment to augment depleted state and local resources during response to terrorist attacks or other emergencies. CTS IMATS will provide inventory control about that materiel.
(3) IMATS contains no PII.
(4) IMATS contains no PII, so the question is N/A.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1) No individual’s data is in IMATS, so no notification and consent process is needed.
(2) No individual’s data is in IMATS, so no notification and consent process is needed.
(3) No PII is in IMATS, so no PII will be used or shared.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is in IMATS, so it requires no specific PII administrative, technical, and physical controls are necessary
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/29/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Countermeasures Tracking Systems (CTS) Communication Portal (CP) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/19/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  Countermeasures Tracking Systems (CTS) Communication Portal (CP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Barbara Nichols
10. Provide an overview of the system:  SSN’s(Social Security Numbers) and PI will not be collected, maintained (stored), disseminated and/or pass through within any database(s), record(s), file(s) or website(s) hosted by CTS CP, Attachment A – SSN Elimination or Usage Approval Request will not be required.

The Communications Portal system will provide a central place for the DSNS to disseminate critical information to DSNS partners and receive their feedback in a timely manner.  Information specific to regulatory requirements and guidance of use of the supplies released from DSNS would be posted to the portal.   Examples may include but not be limited to targeted information related to countermeasures dispensing and Emergency Use Agreement EUA)/Investigational New Drug (IND) information and documentation.
It is envisioned that CP will integrate with the other CTS applications for the purposes of a single sign on or to pull non-critical data to display to users.

CP is a browser-based application using:
•               Web Application Server: BEA Web Logic application server (9.2)
•               Database Server: Microsoft SQL 2008 Server
•               Hosting Environment: MTDC
•               Liferay open source portal  

It is envisioned that authentication will be handled via SAMS. User registration and authentication are governed by the CDC security standards.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  CP does not share or disclose any PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The Communications Portal system will provide a central place for the DSNS to disseminate critical information to DSNS partners and receive their feedback in a timely manner.  Information specific to regulatory requirements and guidance of use of the supplies released from DSNS would be posted to the portal.   Examples may include but not be limited to targeted information related to countermeasures dispensing and Emergency Use Agreement EUA)/Investigational New Drug (IND) information and documentation.

(2) To distribute in one place to DSNS partners and receive their feedback. Much of the information is on websites (e.g., FDA)

(3) CP does not collect, maintain, or disseminate any PII.

(4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1), (2), (3) N/A. CP will not collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s).
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A. CP will not collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s).
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/19/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Create-It [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1350
7. System Name (Align with system Item name):  Create-IT
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  James Newman
10. Provide an overview of the system:  Create-IT serves as the management system for DCS (Division of Communication Services) production activities.  In this capacity, Create-IT manages three primary functions.  The first of these functions is the intake of work requests from across the agency (internal use only).  Create-IT provides a flexible service and question based query system to guide the user into selecting the appropriate request type, then gathers all the necessary information to initiate work on this request.  Secondly, Create-IT functions as the management tracking system for DCS day to day workflow.  Create-IT allows management of projects, assignment and tracking of staff, storage of project critical information, and extensive data reporting.  Finally, Create-IT is responsible for collecting the satisfaction survey data at the end of projects.   All of these functions are tightly integrated into the Create-IT system, and provided to DCS users through a simple to use web based environment.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system tracks graphics request data and the status of requested jobs.  This would include information such as: requested service, important dates, project specifications, requesting center/division.  No personal information is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII information is collected, stored, or processed.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DACH Block Grant MIS (BGMIS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 92
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH Block Grant MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC DACH BRFSS Survey Operations Support Admin (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1534
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH BRFSS Survey Operations Support Admin

 

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Daily Announcements (CDCDA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Daily Announcements (CDCDA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  A system designed to reduce CDC Email traffic by distributing all daily announcements in one consolidated email message. The system will also have a web-based interface where users can search for current and past announcements. There is no PII associated with this system. It provides a vehicle for the creation and maintenance of CDC announcements.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Data and Message Brokering (DMB) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  Initial PIA Migration to ProSight 
1. Date of this Submission:  7/8/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-00-01-0908-00 (009-20-01-00-01-0909-00)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A - System does not constitute a "System of Records" under the Privacy Act.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1469
7. System Name (Align with system Item name):  Public Health Information Network (PHIN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lynn Gibbs-Scharf
10. Provide an overview of the system:  The Public Health Information Network (PHIN) is a set of guidelines, standards, specifications, and collaborative relationships that will enable the consistent and reliable exchange of response, health, and disease tracking data between public health partners.

Currently there are multiple systems in place that support communications for public health labs, the clinical community, and state and local health departments. Each has demonstrated the importance of being able to exchange health information. However, many of these systems operate in isolation, not capitalizing on the potential for a cross-fertilization of data exchange. A crosscutting and unifying framework is needed to better monitor these data streams for early detection of public health issues and emergencies.   The Public Health Information Network (PHIN) is this framework. Through defined data and vocabulary standards and strong collaborative relationships, the Public Health Information Network will enable consistent exchange of response, health, and disease tracking data between public health partners.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This initiative does not collect personally identifiable information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system does not host a website.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden, OCISO
Sign-off Date:  7/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Data Coordinating Center [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/1/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1663
7. System Name (Align with system Item name):  Data Coordinating Center (DCC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dawn Gnesda
10. Provide an overview of the system:  The CDC has developed and initiated two major surveillance systems: the National HIV Behavioral Surveillance (NHBS) and the Medical Monitoring Project (MMP/MRA).  These surveillance systems are currently functioning in no more than 25 NHBS and 26 MMP sites.  In order to support these surveillance systems, DHAP has contracted with a vendor for a Data Coordinating Center (DCC).

The states and local health departments are responsible for implementing the projects, collecting and monitoring data and sending data to CDC.  CDC is responsible for technical assistance to project areas; data management and data report-generation for project areas; returning a ‘clean’ data set for project areas to use for their local analysis, and compiling and documenting a national database.

Primary objectives of the DCC are: 1.) receive data from no more than 25 NHBS and 26 MMP sites over a secure transport mechanism referred to as the SDN Replacement, 2.) Processing data for quality assurance, 3.). Creating and transferring cumulative and final data sets to CDC and to project areas, 4.) Providing ad-hoc technical assistance to NHBS and MMP project areas, 5.) Providing formal training sessions for NHBS and MMP project areas, 6.) Communication and reporting to CDC.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) Data collected by the DCC is for 2 large surveillance systems, the National Behavioral Surveillance System (NHBS) and the Medical Monitoring Project (MMP).  NHBS collects data from a minimum of 500 eligible participants per year.  There are three sources of data for NHBS: recruitment data, behavioral survey data, and HIV testing data.  The MMP collects both interview and medical record abstraction data on approximately 9000 participants each year.
2) The NHBS system monitors risk behaviors among populations at risk for HIV/AIDS infections.  The MMP monitors behaviors and clinical outcomes among HIV infected persons. Information gathered from both surveys will be used to “strengthen the capacity nationwide to monitor the epidemic.”
3) Neither the NHBS nor the MMP collects information containing PII.
4) Participation in either the NHBS or MMP is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  DCC DOES NOT COLLECT PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/1/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Data Warehousing [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  12/7/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-01-0908-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  0920-000
6. Other Identifying Number(s):  ESC# 1345
7. System Name (Align with system Item name):  Data Warehousing (DW)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robb Chapman
10. Provide an overview of the system:  DW collects data pertaining to diseases across states with disparate systems into a repository used for surveillance and analysis. Data Warehouse collects surveillance data (individual case based data which includes clinical, epidemiologic, and interpretive laboratory questions as well as aggregate level data (summary data)) for National Notifiable Conditions (NNCs).  The type of data varies depending on the disease and the data elements are defined by the CDC programs responsible for control of the specific conditions.  The data elements are cleared through OMB.   Specifications exist which indicate both structure and content of the data.  The data are collected by state, local, and territorial public health entities and sent to CDC for national surveillance purposes.  This process has been in place since 1951.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  DW is a non-major application that receives data, including PII for its clients systems within CDC, CCID and DISSS.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects data on diseases designated as nationally notifiable by CDC and the Council of State and Territorial Epidemiologists (CSTE).  CSTE is a national organization representing the jurisdictions which transmit data to this system (the National Notifiable Diseases Surveillance System or NNDSS).  Through this system, the data are provided to the CDC Program Areas responsible for prevention and control activities.  The CDC Program Areas utilize the data to determine trends, monitor effectiveness of interventions and preventive activities, determine epidemiologic characteristics of the diseases for formulating recommendations and guidelines, resource allocation, outbreak monitoring, and other policy decisions.  NNDSS also serves as the nation’s only source of statistics for national notifiable conditions.  The data are published weekly in the Morbidity and Mortality Weekly Report (MMWR) as well as in the Annual Summary of Notifiable Diseases, also published by MMWR.  The data does contain Personally Identifiable Information (PII).  Specifically, the following PII data elements are collected:  date of birth and birthplace (country level) for some conditions; age for all conditions; zip/county/state for all conditions; gender for all conditions; race and ethnicity for all conditions. Submission of the PII data to CDC is voluntary, however, all reporting jurisdictions participate.  CDC Program areas provide funding to reporting jurisdictions.  Some PII data elements are required as a condition of receiving cooperative agreement funding.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  DW is subject to certification and accreditation requirements of CDC "Moderate" security systems. It is subject to oversight from an assigned security professional, as well as OIG audit and OCISO requirements. The data are stored in databases which are accessible within the network by CDC subject matter experts who have responsibility for surveillance and control of the specific data.  Who has access varies by disease.  Requests for access to the data are submitted to the National Notifiable Diseases Surveillance System (NNDSS).  They are co-approved by NNDSS and the CDC program lead for the disease to which access is being requested.  Users sign a data use agreement which was jointly developed between CDC and the Council of State and Territorial Epidemiologists (CSTE).  CSTE represents the reporting jurisdictions which originally collected the data and sent it to CDC.  Access is then granted to the database.  CDC programs have had access to these types of data via NNDSS using this process since electronic feeds were established in 1990.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/7/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Data.cdc.gov [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1971
7. System Name (Align with system Item name):  Socrata
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  Socrata will be a public facing website that will be accessed by the public. This site is designed to follow the lead already taken by HHS for open/transparent government. HHS and CDC believe that transparency and data sharing are of fundamental importance to our ability to achieve HHS’s strategic goals of advancing the health and well-being of the United States. CDC’s data can be utilized to help citizens understand what we do and hold us accountable, increase awareness of public health issues, generate insights on how to improve health and well being, and mobilize public and private sector action and innovation to improve performance. All data published by the CDC will contain no PII. All CDC users will access the system and authenticate via the Internet using a web browser, while Socrata engineers maintain the underlying infrastructure. Some features the public will be able to use while accessing the site include published data along with tools to view, filter, visualize, re-share, or program against using the Socrata Open Data API (SODA).
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Socrata will be a public facing website that will be accessed by the public. This site is designed to follow the lead already taken by HHS for open/transparent government. HHS and CDC believe that transparency and data sharing are of fundamental importance to our ability to achieve HHS’s strategic goals of advancing the health and well-being of the United States. CDC’s data can be utilized to help citizens understand what we do and hold us accountable, increase awareness of public health issues, generate insights on how to improve health and well being, and mobilize public and private sector action and innovation to improve performance. All data published by the CDC will contain no PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DCAS Dose Reconstruction [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/27/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0147
5. OMB Information Collection Approval Number:  0920-0530
6. Other Identifying Number(s):  ESC# 1576
7. System Name (Align with system Item name):  NIOSH Dose Reconstruction System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Leroy Turner
10. Provide an overview of the system:  NIOSH established the Office of Compensation Analysis and Support (OCAS) to assist with implementing a program created by the Energy Employees Occupational Illness Compensation Program Act of 2000 (EEOICPA or The Act) which provides compensation and medical benefits for nuclear weapons workers who may have developed certain work-related illnesses. OCAS works closely with the Department of Energy (DOE), Department of Labor (DOL), and the Department of Justice (DOJ). The mission of the NIOSH Dose Reconstruction System is to determine eligibility for compensation and support the process of and track claims for compensation and medical benefits from the Department of Labor (DOL) for government nuclear weapons workers under the EEOICPA for radiation dose reconstruction
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  ·          Department of Labor (DOL) for the purpose of determining eligibility for compensation.
·          Department of Justice (DOJ) for the purpose of enforcement of the law and defense of the interests of the United States according to the law and for notifying uranium workers eligible for benefits under the RECA that they may also receive compensation from DOL under The Act.
·          DHHS/Office of the Secretary for approval of a special exposure cohort class definition.
Oak Ridge Associated Universities (ORAU) – contractor for Dose Reconstruction Contract See for more information:  http://www.cdc.gov/NIOSH/OCAS/pdfs/orau/drcntrt.pdf
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects PII information that is submitted by former government nuclear weapons workers and/or their families under the EEOICPA to facilitate radiation dose reconstruction to determine eligibility so that a claim for compensation and medical benefits can be filed with the Department of Labor.  The mandatory PII information that we collect, maintain and disseminate, (name, date of birth, social security number, mailing address, phone number, medical records numbers, medical notes, legal documents, e-mail address, and employment status) is used to perform dose reconstruction under EEOICPA and other analysis required to process financial claims brought against the US government by individual claimants.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There is no process to notify affected individuals when any system changes are made.

All PII contained in this system had previously been collected by the site where the individual worked. Release of their PII at that time was a condition of employment. Claimants under the EEOICPA act sign a Privacy Act advisement that provides notice that the project will store and use their PII data.

Department of Energy personnel access the Site Research Database (SRDB) to determine if there are any classification issues with the documents being stored. Upon request, we provide documents to the Department of Labor to support EEOICPA, Part E – chemical exposure. Documents that are accessed may contain PII data.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  A unique ID and password is required to access the information on the CDC network. All users on the CDC network are required to take Privacy Act training prior to being granted access.

This is covered in DOSEREC Computer Security Plan and
NIOSH Dose Reconstruction System Policies and Procedures Guide

IIF is collected and the proper controls are utilized to safeguard sensitive information.

E-Authentication Assurance Level = N/A

Risk Analysis Date = May 1, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/27/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Delegations of Authorities Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/15/2007
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  593
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 593
7. System Name (Align with system Item name):  Delegation of Authority
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Thurmond
10. Provide an overview of the system:  The Delegations of Authorities database contains all the data for the delegations of authority.  It develops and processes the formed assignment of authorities to CDC senior managers.  It makes recommendations concerning delegations.   It has search capabilities and data can be viewed by all of CDC.  MASO inputs the data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Abstracts of Delegations of Authority within CDC..
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/4/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Democratic Republic of Congo IT Infrastructure [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/19/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Democratic Republic of Congo IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Democratic Republic of Congo and provides a file servers, application servers, exchange server, and webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Dengue Laboratory Sample Data Base [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-1480-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 63
7. System Name (Align with system Item name):  Dengue Laboratory Samples Database (DLSDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Harold Margolis
10. Provide an overview of the system:  The Dengue Laboratory Samples Database is an internal client server system located on San Juan Dengue Branch’s LAN.  Dengue Laboratory Samples Database (DLSDB) is used for surveillance of dengue occurrences in Puerto Rico and other locations.  The database contains patient information & laboratory results from the dengue diagnostic lab.  It searches for previous samples from patients, stores data on the samples, & stores results of epidemiological evaluations.  The data is used for epidemiologic analyses of disease activity in certain periods or locations by division scientists.  Sample results are reported to the patients’ health care provider.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The data is used for epidemiologic analyses and is shared with the patients’ healthcare provider.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The data is used for epidemiologic analyses of disease activity in certain periods or locations by division scientists.  Sample results are reported to the patients’ health care provider.   The information collected from the patients contains PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Individuals who have their blood tested for dengue know that their name, address, sex, age and birthday is being provided to the PRDH and CDC on the DCIF form as they assist in filling out the form by answering the doctors or healthcare providers’ questions.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The Database is housed in a secure environment. Badge access is required.
DLSDB is internal facing system on the CDC network behind the firewall with no interconnections to any other outward facing system. Roll Based Access Controls (RBAC) and password controls are in place.
Only authorized and authenticated individuals can access PII inside of the Database
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC DHAP Intranet (DHAP-I) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/19/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 2077
7. System Name (Align with system Item name):  DHAP Intranet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Nick DeLuca
10. Provide an overview of the system:  The DHAP Intranet System does not collect, process, store, or transmit PII or SSN data.
The Division of HIV/AIDS Prevention currently maintains the DHAP intranet site to inform and connect DHAP employees across the CDC. The intranet currently consists of static HTML sites and functions as a repository for documents produced by DHAP staff. Up until the start of this project, all development attention has been focused on this static framework and the ongoing content collection from branches across DHAP. The current intranet is designed within the bounds of the CDC’s static HTML template guidelines and does not incorporate advanced searching capabilities of dynamic mapping or dynamic content management into the user interface. The current intranet infrastructure and its content is in compliance with 508 standards.
Enhancements included in the scope of the DHAP Intranet Database and Mapping Enhancement project will:
1) improve access to CDC DHAP content
2) establish a stable content framework for efficient maintenance
3) provide a robust user experience.
The intent of this project is to support DHAP objectives by enhancing the intranet site with mapping and database technology.  The end product of this project will be an enhanced version of the existing DHAP intranet that utilizes technology to foster better communication and information sharing within the DHAP community.
These enhancements advance the current DHAP intranet, thus maximizing its potential to serve the DHAP community while still complying with current CDC intranet guidelines and 508 standards.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The DHAP Intranet system will collect, maintain, or disseminate information related to FAO Announcements, calendar of events, EPI category, Grantee’s and their registry and funding information, Logs, Publication Authors, Publications, and state profiles.
This information is collected for tracking and funds management purposes.
Information obtained from individuals, grantees, and authors is for their business address, phone, etc. No Personally Identifiable Information is requested or stored on the DHAP Intranet system.
PubAuthors: Author Name
Calendar: Contact Name, Email Address
FOAGrantees: Project Officer Name, Office Phone, Office Fax, Email Address
Grantee: Name, Address, City, State, Zip, Office Phone, Office Fax
GranteeRegistry: Name, Address, City, State, Zip, Office Phone, Office Fax
StateProfile: Project Officer Name, Office Phone, Email Address
Core Surveillance Epidemiologist (CSE): Name, Phone, Email Address
Surveillance Public Health Advisor (SPHA): Name, Phone, Email Address
Submission of business contact information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/19/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DHAP: HIV Program Evaluation and Monitoring System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/26/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-21-01-02-02-1260-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-0696
6. Other Identifying Number(s):  ESC# 1260
7. System Name (Align with system Item name):  CDC HIV Prevention Program Evaluation and Monitoring System (PEMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dale Stratford
10. Provide an overview of the system:  The primary purpose of PEMS is to provide a standardized data collection, analysis, and reporting tool for CDC HIV prevention program grantees.  State and local governmental agencies, as well as the CDC, will use the data from PEMS for program monitoring and evaluation.  Also community-based organizations (CBOs) and state and local health departments funded by CDC will use PEMS to report on HIV prevention activities they are funded to implement.  PEMS will improve the ability of CDC-funded health departments and CBOs to collect and report HIV prevention program data.  Data collected and reported via PEMS will be used to report on newly developed program performance indicators.  These indicators will be used by CDC to monitor and report on the domestic HIV/AIDS prevention program.  The use of PEMS and the data it will provide will be used to address deficiencies found using the Program Assessment Rating Tool (PART) by the Office of Management and Budget (OMB).  The managers of these organizations and agencies along with federal project officers will use the data to improve programs and to monitor and assess the effects of the HIV prevention programs and any modifications.
The focus of PEMS is to provide the data necessary to analyze and assess the processes and effects of HIV prevention programs.  This data will help CDC to promulgate best practices, redesign interventions that are inefficient or not effective in reducing risky behaviors that could result in HIV infection, and to identify grantees that need assistance to better deliver effective prevention services.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The list of PII variables in PEMS includes:

Encrypted Variables:
Name, Date of Birth, Physical description, Address, Phone numbers, Occupation and Employer, Local Client Unique ID.

Unencrypted Variables:
Local Client ID and Local PCRS IS.

Although the system collects the Names of Individuals, ONLY: Year of Birth, Local Client ID and Local PCRS ID are accessible by the CDC, all other PII is encrypted.

The data that is being collected in PEMS will be used to evaluate HIV Prevention Programs that are funded by the CDC.  The data collected from Grantees is not mandatory, but if the required data is not furnished there may be consequences to Grantees in terms of future CDC funding availability.  No PII data is required to be submitted by grantees to the CDC.

The system does contain PII, however the PII contained in this system is unavailable due to encryption.  It has been officially determined that the Privacy Act is not applicable and No SORN is necessary.

Submission of all PII information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The owners of the data (Grantees at the local level) will be notified if there are major changes to the system.  Grantee agencies obtain information consent from each individual before collecting data at the local level.  It is their responsibility to inform individuals of changes in Disclosure and Usage.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative Controls:
Triple DES Encryption by Grantees (Only grantee sites owning data have the ability to unencrypt), data confidentiality agreements.

Technical Controls:
User IDs, Passwords, Firewall, IDS and SSL encryption.

Physical Controls:
Guards, ID badges, Key Cards and CCTV.

The PEMS application will use SSL between web-browser clients and the web server that accepts data from users.  Additional SSL Sessions secure data between the web server, the application server and the database server.  Each of these sessions employs the same type of encryption used by all major financial services and electronic commerce sites today.

PEMS also supports persistent encryption of specific data variables (identified as sensitive by the CDC) using 3DES algorithm (encrypted by the Grantee’s) and MS SQL Server 2008 Transparent Disk Encryption (TDE) at database level.

PEMS collects both client information and partner information.  Users log into PEMS using a username and password after authenticating through the SAMS Portal.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/26/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Diabetes Management Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/25/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  DDT MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris (CTR)
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Dioxin and Persistent Organic Pollutants Laboratory [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/3/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1590
7. System Name (Align with system Item name):  Dioxin and Persistent Organic Pollutants Laboratory  (DOXPOP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cheryl McClure
10. Provide an overview of the system:  DOXPOP is a data storage, generation and analysis report system.  DOXPOP is non-web based and is designed to use DOXPOPs collected information into the DOXPOP database and used for storage, retrieval and analysis of data from projects of the DOXPOPs laboratory.  The types of data are from the DOXPOP Laboratories.  After the information from each section has been entered, the data sets can be merged for a complete report on each sample. DOXPOP data is aggregated at the Coordinating Center for Environmental Health and Injury Prevention (CCEHIP) National Center for Environmental Health (NCEH) / Division of Laboratory Sciences (DLS) / Organic Analytical Toxicology Branch (OATB).  The purpose of the DOXPOP is to provide analysis of the collected information for the stakeholders and DOXPOPs is funded to serve the purpose of the NCEH/DLS/OATB managerial staff for decision making purposes. Only OATB/DOXPOP users access the system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) Data entries are made into four main tables containing:
- Project sample lists with accession information (example - CDC assigned study numbers, Sample ID, received date);
- Information from the sample clean-up process (example - Sample weight/volume, Sample type, Quality Control material used, Run number assigned, Internal standard added/amount);
- Mass spectrometry data (Analysis instrument, run number, analysis date, quantitative results of analysis as peak areas, retention times, final coding of data as reportable/below detection limits/non-reportable); and
- Lipid results (example - Sample ID, lipid values as total cholesterol, triglycerides).

(2) The purpose of the DOXPOP is to provide analysis of the collected information for the stakeholders and DOXPOPs is funded to serve the purpose of the NCEH/DLS/OATB managerial staff for decision making purposes.

(3) The information contains no PII or sensitive information of any type.

(4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A

32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/3/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Disability and Health Data System (DHDS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/25/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Disability and Health Data System (DHDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Disabilities and Health Data System (DHDS) is a public facing web-based system that uses data from BRFSS and other CDC health data resources to facilitate the dissemination of health statistics. Using the COTS product InstantAtlas, DHDS provides a highly-interactive web-based maping program that combines statistics and data to improve visualization, enhance communication, and engage people in more informed decision making.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.    Disseminating publically available de-identified data about health risk behaviors, clinical preventive practices, and health care access and use primarily related to chronic diseases and injury.
2.    Identify emerging health problems; establish and track health objectives; develop, implement, and evaluate a broad array of disease prevention activities; and support health-related legislative efforts.
3.    No PII in the system.
4.    N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/25/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Disease Notification Analysis (DNA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0169
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Disease Notification Analysis (DNA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Zanju Wang
10. Provide an overview of the system:  DNA (Disease Notification Analysis) is a Microsoft SQL Server Analysis Services database that reports summary data of Class A† and Class B‡ conditions identified during the required overseas medical examinations of the U.S.-bound immigrants and refugees, domestic follow-up on Tuberculosis among the U.S.-bound immigrants and refugees, and demographic and arrival information of all the U.S.-bound refugees and only immigrants with medical conditions.  DNA has data from 1994 to present. DNA was developed by Immigrant Refugee and Migrant Health Branch (IRMHB) of Division of Global Migration and Quarantine (DGMQ) of CDC.

† active, infectious
‡ active or inactive, noninfectious
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Notify states and local health departments of immigrants and refugees arriving in their jurisdictions with health conditions.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.  The Immigration and Nationality Act requires health evaluations for all immigrants and refugees seeking  permanent residence in the United States-which establish specific inadmissible conditions for which migrants can be excluded from entry into the United States. Migrants found to have inadmissible conditions are required to be treated for these diseases, or to obtain a medical waiver before they could migrate to the United States. 
2. The US Refugee Act, a provision of the INA, grants the US DHHS/CDC an expanded role in health evaluations for refugees entering the Untied States.  It delegates CDC responsibility for identifying and addressing conditions of public health significance—regardless of their designation as inadmissible conditions.  In addition, the act delegates CDC responsibility for monitoring the quality of the health evaluations performed overseas.
3.  Third, the Act also makes the CDC responsible for staffing ports of entry to meet arriving refugees, and to notify and transfer medical information to U.S. health departments so that refugees will receive appropriate follow-up and treatment in the US. Fourth, the act authorizes grants to U.S. State and local health departments to provide medical screening and treatment to refugees after arrival in the U.S. 
4. Finally, through Federal Quarantine Regulations, the CDC Division of Global Migration and Quarantine has responsibility for preventing the importation of infectious diseases, through monitoring the health status of persons arriving in the U.S.
The information collected contains personal medical information which requires protecting the Confidentiality of the information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The immigrants or refugees carry packets which consist of Department of State forms collecting personal medical information when migrating to United States.  DGMQ staff enters the information at the port of entry Quarantine Stations using these forms. After the information is entered in the database a notification is send to the state / local health department and the immigrant / refugee is notified by mail.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The data collected is secured via the application, database, network and server control mechanisms including userID and password, active directory, and physical restrictions for access to infrastructure components.
E-Authentication Assurance Level = N/A
Risk Analysis Date = September 30, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thmos P Madden
Sign-off Date:  1/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Distribution List Manager Tool (DLMT) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/3/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Distribution List Manager Tool (DLMT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ryan Shaver
10. Provide an overview of the system:  DLMT will allow CDC users to manage distribution lists in the active directory and exchange.  The system will also allow for the creation of new DLs and handle routing, approvals, and renewals for existing and new DLs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A distribution lists in the active directory and exchange for the creation of new DLs ,handle routing, approvals, and renewals for existing and new DLs.

No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/3/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Division of Public Health Systems and Services Web Infrastructure Project (DWIP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/3/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0160
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Division of Public Health Systems & Services Web Infrastructure Project (DWIP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Alan W. Schley
10. Provide an overview of the system:  The Division of Public Health Systems & Services Web Infrastructure project provides the foundation for the Division’s Internet and CDC Intranet communications portal.  The Division will use the Internet to disseminate information to the general public regarding its activities to promote public health and support the goals and mission of the Centers for Disease Control.  The Division website will be composed of sub-webs providing dynamic access to National Notifiable Disease information, Epi Info software download and product registration, advertisement of and pre-registration to Division sponsored seminars and public events, and other functionality in support of the objectives of the division.  The CDC Intranet will be used to facilitate communication and support the work being done by each associate within the division via administrative utilities developed to serve specific needs such as website maintenance and change requests, status reporting and accountability, and internal material controls.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not disclose or share PII information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Optional e-mail addresses are collected to only notify product users of product updates or changes.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Individuals are notified via disclaimers on the web form where optional email addresses are collected.  This information is collected only to notify product users of product updates or changes, the information will not be shared.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Data will be encrypted in SQL. 

IIF Collected.
E-Authentication Assurance Level = (0) N/A
Risk Analysis Date = 08/17/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Division of Scientific Resources Inventory System (DSR) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/8/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Division of Scientific Resources Inventory System (DSR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Angela Cox
10. Provide an overview of the system:  The Division of Scientific Resources Inventory System (DSR) is an intranet application developed using ASP and SQL Server 2005. This system was built to allow DSR and its suppliers (CDC employees) real-time access to ordering and inventory information.  The DSR system allows users to generate real-time reports and accessibility to inventory information and does not contain Personal Identifiable Information (PII).  This version of the DSR Inventory System replaced the antiquated DOS based system called SBT.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Inventory Section allows certain user roles to view information on inventory (reagents, lots, reports), maintain inventory (add new items, edit/update/delete items, assemble kits, etc.), or maintain supplier information.  The Maintenance Section allows user to update their profile information.  Super users use this section to maintain advanced system features: Security (Access and Reports), User Maintenance, Supplier Maintenance, and Lookup Tables. DSR Inventory System is an external facing web application. From this data the system will generate reports and allow direct connectivity for statisticians within the CDC. No PII collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/8/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Division of Viral Diseases Surveillance Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/8/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9621-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1631
7. System Name (Align with system Item name):  Division of Viral Diseases Surveillance Network (DVDSN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Aaron Curns
10. Provide an overview of the system:  The DVDSN is a web based collection tool to modernize viral surveillance.  Current collection method is a non-web based email and telephones which is inefficient.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No, System does not contain any PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The information the agency will collect, maintain, or disseminate (clearly state if the information contained in the system ONLY represents federal contact data);

Laboratory Enterovirus test results for specimens.

(2) Why and for what purpose the agency will use the information;

For the surveillance of Enteroviruses.

(3) Explicitly indicate whether the information contains PII;

No PII is collected.

(4) Whether submission of personal information is voluntary or mandatory: ONLY represents federal contact data

Submission of information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII Collected.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No, System does not contain any PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/8/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC DLS Electronic Laboratory Notebook (DLSELN) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A.  The system is not subject to the Privacy Act and contains no PII.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1650
7. System Name (Align with system Item name):  DLS Electronic Laboratory Notebook (DLSELN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Rollins
10. Provide an overview of the system:  CambridgeSoft Corporation (www.cambridgesoft.com) has developed a desktop software application (E-Notebook) that the Division of Laboratory Science (DLS) has selected to use for electronically organizing information that is typically stored in paper notebooks. E-Notebook, referred by DLS as Electronic Laboratory E-Notebook (DLSELN) is an application designed for research, development, and manufacturing organizations for collaboration and knowledge sharing, regulatory compliance, and intellectual property protection, Laboratory Information Management Systems (LIMS), document management, project management, and diverse workflow support.  E-Notebook is a configurable, multi-purpose and scalable application that provides a solution to a large set of requirements across research and development and manufacturing industries.

DLSELN will provide scientists with the ability to replace paper laboratory notebooks; including storing and sharing data between other scientists within the Division of Laboratory Science and the Emergency Response and Air Toxicants branch (DLS/ERAT).  DLSELN will also enable users to enter content from Word, Excel, PowerPoint, Acrobat PDF, ChemDraw, and structured data in lists and tables.  The forms can then be configured with any of these applications.  E-Notebook will essentially provide users the flexibility of a shared drive with the compliance and search benefits of a database.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) DLSELN will electronically store Scientists’ notes that are typically stored in paper notebooks.  The notes contain no PII.

(2) DLSELN is an application designed for research, development, and manufacturing organizations for collaboration and knowledge sharing, regulatory compliance, and intellectual property protection, Laboratory Information Management Systems (LIMS), document management, project management, and diverse workflow support. 

(3) The system does not contain PII.

(4) N/A.  The system does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1) N/A.  The system does not contain PII.

(2) N/A.  The system does not contain PII.

(3) N/A.  The system does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain PII.

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =8/11/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DLS FrontEnds [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/24/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1594
7. System Name (Align with system Item name):  DLS FrontEnds (DLSFE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kathleen Caldwell
10. Provide an overview of the system:  DLS FrontEnds (DLSFE) is an internally non-web based application designed to provide the quality control staff and supervising scientists with the ability to manage the receipt, analysis, and reporting of data associated with the specimen analysis work done in the Inorganic Radiological and Analytical Toxicology (IRAT) and Nutritional Biochemistry Branch (NBB) branches of the Division of Laboratory Sciences (DLS).  The quality control staff and supervising scientists review the data using various DLSFE forms for consistency and accuracy and add comments and edit parameters as deemed necessary.  The unexpected or out-of-range results may require additional specimen analysis, which would require a repeat of the previous steps minus initial login.  If the quality control staff deems the data ready for reporting, then the data is flagged ‘ready to report’.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  The system does not contain any PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) DLSFE stores output results from lab instruments.
(2)  The data is used to provide the quality control staff and supervising scientists with the ability to manage the receipt, analysis, and reporting of data associated with the specimen analysis work done in the Inorganic Radiological and Analytical Toxicology (IRAT) and Nutritional Biochemistry Branch (NBB) branches of the NCEH Division of Laboratory Sciences (DLS).
(3) The system does not contain any PII.
(4) N/A.  The system does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  The system does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain any PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/24/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DLS Intranet (DLSI) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/10/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC 1748
7. System Name (Align with system Item name):  DLS Intranet (DLSI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Justin Williams
10. Provide an overview of the system:  The DLS Intranet (DLSI) is an internal information website operated by the National Center for Environmental Health (NCEH) / Division of Laboratory Sciences (DLS), the purpose of which is to provide information and resources for DLS personnel.  DLSI is used to deliver content/reports of the Division in the form of PDF, Word and Excel Files.   There is no data entry or data collection of any type.  There is no PII of any type in DLSI.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  DLSI does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1. DLSI provides information and resources for DLS personnel.
2. DLSI is used to deliver content/reports of the Division in the form of JPEG Images, PDF, Word and Excel Files.
3. DLSI does not contain PII.
4. N/A.  DLSI does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  DLSI does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  DLSI does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/13/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - 5-A-Day Recipes
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DNPA GA - 5-A-Day Recipes
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Calculator to help determine the amount of fruit and vegetable consumption based on gender and age.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - 5-A-Day Surveillance
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DNPA GA - 5-A-Day Surveillance
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Analyze and compare survey responses by state, year, and demographic group.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA Legislative Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/22/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DNPA GA - Legislative Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Search for state-level bills related to nutrition and physical activity topics.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Document Operations and Clearance System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/16/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-0610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A

5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1708
7. System Name (Align with system Item name):  Document Organization and Clearance System (DOCS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert Swain
10. Provide an overview of the system:  The purpose of the DOCS is to provide a secure, enterprise wide system for creating, clearing, and storing CDC content.  Components that make up the DOCS system have been in use for more than seven years and support clearance and document storage in all centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1. DOCS collects, maintains, and disseminates CDC content ranging from posters, articles, and books to web content supporting intranet sites.  In the clearance portion of the system POC and reviewers names are collected along with author and co-author information that extends beyond just names.
2. This content is stored in DOCS as a system of record or it is stored there to be cleared so it is approved to be shared inside and/or outside of the CDC.  Specific information such as POC, reviewers, author, and co-author are collected to enable routing of the content through clearance and give deserved credit to authors. 
3  PII in the system includes names or the POC, reviewers, author and co-authors.  The co-author information also includes email addresses, organization, and options fro entering phone numbers. 
4. POC is an automatically captured field for any document.  Author, POC, and reviewer names are mandatory for any documents being cleared.  Co-author information is voluntary, but encouraged.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1. Authors are trained to receive and capture approval from co-authors prior to submitting content into the clearance system.  Authors are trained that their name will be associated with the content as well.
2. Co-authors are aware that their names and email addresses are collected in the DOCS system, and currently that information is not being shared.
3. However, there is a project called CPAP that will display author and co-author information.  Prior to integrating with that system, we will define the process of communicating with co-authors that their name and potentially their email address will be presented on a publicly available site.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII in the system is protected by role based access to content and metadata.  The metadata is stored in the SQL Server database associated with the repository, and access to the SQL Server data is secured as well by role-based security.

 

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/16/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DOH Management Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/26/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DOH MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Tracks objectives and activities of state based oral health programs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Dominican Republic IT Infrastructure (GAP-Dominican Republic) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/23/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC Dominican Republic GAP Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Dominican Republic IT Infrastructure with file server, exchange server, and webmail server. Authentication is performed via local AD that does not send or receive data from the main HHS/CDC Active directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =9/9/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSR Occupational Injury and Illness Classification System Coding Tool (OIICS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/9/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC NIOSH DSR Occupational Injury and Illness Classification System (OIICS) Coding Tool
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Larry Jackson
10. Provide an overview of the system:  The OIICS Coding tool is a website with the purpose of educating users about the structure and composition of the Occupational Injury and Illness Classification System and enhacing the accessibility of the coding system for experiencd users. The website provides functionality for searching, click by click browing, drill down exploration, and a downloadable version of the OIICS manual and application.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  2/10/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSS Consolidated Internet Web Services (DCIWS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  DSS Consolidated Internet Web Services (DCIWS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  DSS Consolidated Internet Web Services provides internal facing web servers, services and applications within the consolidated DSS environment
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey l Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSS DMZ Connection System (DDCS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/2/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  DSS DMZ Connection System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  DSS DMZ Connection System will utilize Microsoft Terminal servers will be used for accessing from the internal CDC network to the External CDC DMZ Zone. There are no speacial configuration other than the base 2008R2 install and Terminal server install.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSS Virtual Infrastructure - External (DVI-E) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/6/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  DSS Virtual Infrastructure - External
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  DSS Virtual Infrastructure – External provides the infrastructure for external facing web servers, services and applications for the Internet.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PII no
E-Auth Level = N/A
Risk Analysis date: 7/16/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/18/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSS Virtual Infrastructure (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  DSS Virtual Infrastructure (DVI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jim Landers
10. Provide an overview of the system:  DSS Virtual Infrastructure provides the infrastructure for internal facing web servers, services and applications for the Intranet.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF Collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = 12/18/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSTDP NCHHSTP HPV Impact Project Database (HPV)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/3/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC DSTDP NCHHSTP HPV Impact Project Database (HPV)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Stuart Berman
10. Provide an overview of the system:  Not Web-based. Access database
The (HPV-IPDA) application will be a stand alone Access DB that provides a data collection and management tool for the local collaborators as well as analysis by all collaborators.  The purpose of the project is to develop and pilot a system to monitor HPV vaccine impact through ongoing surveillance of CIN 2/3 and AIS and associated HPV types.  In addition, a minimum of 250 randomly selected cases per year from each participating site will be investigated in more detail.  Specifically, HPV vaccination history and relevant medical history will be obtained for these individuals, and diagnostic histology specimens related to the current diagnosis will be collected for histological evaluation and tested for a range of HPV types.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No IIF or any other information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No IIF or any other information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF or any other information.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF or any other information.
No IIF collected.
E-Authentication = N/A
Risk Analysis Date = 10/6/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  9/3/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DSTDP: STDNet [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9521-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1094
7. System Name (Align with system Item name):  Sexually Transmitted Diseases Network (STDNet)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Greg Pierce
10. Provide an overview of the system:  STDNet takes STD surveillance data that is reported through the National Electronic Telecommunications System for Surveillance (NETSS) maintained by NCPHI.  STDNet provides menu driven access to STD surveillance data analysis and reporting.  The STDNet application provides users an interface where, for example, they can query a disease by demographics, time and geographic location among other things (e.g. total number of syphilis cases by race, sex for Georgia in 2006).  It provides users the ability to produce reports and graphs without having to know the mainframe SAS.  The STD surveillance data is used to monitor for an epidemic of certain sexually transmitted diseases where notification is required and necessary.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  STD Surveillance data from the National Electronic Telecommunications System for Surveillance (NETSS). No PII data is process, stored or transmitted by STDNet.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DTBE Image Library [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/23/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9323-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1734
7. System Name (Align with system Item name):  DTBE Image Library
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wanda Walton
10. Provide an overview of the system:  A central storage and retrieval system for current and historical TB-related digital images for DTBE. The DTBE Image Library does not collect, store, process, or transmit PII or SSN information.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No IIF or any other information
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   Images 2) for display on TB website 3) N/A 4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/23/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DVBID Reagent Ordering System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/1/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-1481-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 954
7. System Name (Align with system Item name):  DVBID Reagents Ordering System (DVBIDROS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Roger Nasci
10. Provide an overview of the system:  The DVBIDROS information system consists of two components. The internal CDC component tracks reagents inventory and the external-facing web site is used by the Public Health Departments to process (ordering/requests) reagents.  The requestor accesses the Internet site and requests a user name and password.  Once the request for access is reviewed and approved by the divisions approving official, a user name and password is emailed to them.  Once the requestor has their user name and password they can log into the Internet site and request reagents.  Reagent requests are sent to Activity Chief’s for approval and the requestor receives an order confirmation.  Once the approval is granted the DVBID Shipping Clerk prepares invoices and declaration of dangerous goods and ships the reagent.  Users are Public health officials/researchers and Universities reagent ordering/requests.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Ordering information for reagents and business contact information on individuals. The information is used to verify authorized people are placing orders. No PII. Information is mandatory to complete order form
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/1/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC DVD  Batch Specimen Tracking System (BTS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9621-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1582
7. System Name (Align with system Item name):  DVD Batch Specimen Tracking System (DVD-BTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wendi Kuhnert
10. Provide an overview of the system:  This system serves as a central location or data source of specimen batches collected from all DVD laboratories.  It will not have a dedicated user interface.  This system only stores data so that it can be utilized for analytical purposes.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system serves as a central location or data source of specimen batches collected from all DVD laboratories.  It will not have a dedicated user interface.  This system only stores data so that it can be utilized for analytical purposes. DVD BTS does not collect any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = August 09, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Early Aberration Reporting System (EARS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/13/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 934
7. System Name (Align with system Item name):  Early Aberration Reporting System (EARS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lori Hutwagner
10. Provide an overview of the system:  The Early Aberration Reporting System (EARS) was pioneered as a method for monitoring bioterrorism during large-scale events.  Various city, county, and state public health officials in the United States and abroad currently use EARS on syndromic data from emergency departments, 911 calls, physician office data, school and business absenteeism, and over-the-counter drug sales.  The EARS program presents its analysis in a complete HTML Website containing tables and graphs linked through a home page. Viewing EARS output requires only a Web browser.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  EARS will voluntarily collect daily counts of syndromic information.  This information will be used to monitor for possible aberrations or spread of disease such as ILI.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/12/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Early Detection Research Network EDRN-CCCEVC [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Early Detection Research Network-Cervical Cancer Clinical Epidemiology and Validation Center (EDRN-CCCEVC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Elizabeth R. Unger PhD, MD

10. Provide an overview of the system:  The Early Detection Research network - Cervical Cancer Clinical Epidemiology and Validation Center (EDRN-CCCEVC) system is designed to support and manage study information pertaining to cervical cancer research. Research data is manually entered into the database through SQL Server Management Studio. The database captures specific information on:
•        biopsy results & reviews
•        physical & colposcopic examination results
•        patient responses to study questions
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  System is completely anonymous and links biologic samples with patient demographics and disease status.  Data will be shared with ERNE investigators seeking to develop or validate biomarkers for cervical cancer screening. It is voluntary. Date of birth, race and gender are collected..
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  CDC did not and will not have contact information for study participants.  Enrollment, follow-up and data collection was performed by clinical coordinators at several sites.  The clinical sites retained this information and will not release it to CDC per protocol.  Informed consent allows data collected in the study to be linked to biologic samples through coded study ID.  The study is now closed to further visits.  Remaining activities are to complete and validate data collection.  Upon completion of this step, the links to participant identity will be destroyed at the clinical sites.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  -      Data is stored on ITSO servers which are secured technically using authentication, and Microsoft SQL Server security protocols.
-      Data is stored on ITSO servers which are secured physically using restricted badge-only access.
-      The appl
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  7/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC eGrants Application Tracking Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/19/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-04-00-02-1036-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A, System does not constitute a “system of records” under the Privacy Act.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1370
7. System Name (Align with system Item name):  Grants Application Tracking Information System (eGrATIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Melissa Moore
10. Provide an overview of the system:  Track immunization grants awarded to State and Local Health Departments from application through award and budget changes
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No, System does not contain any PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  eGrATIS will collect  programmatic information from CDC grantees (state, cities and territories) through a common internet interface. eGrATIS operationalizes the entire life cycle of the grants application process from inception to completion. The system generates reports, supports queries, standardizes reporting practices, and consolidates program information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No, System does not contain any PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No, System does not contain any PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC EHS-NET Information System (EHSNIS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/6/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 887
7. System Name (Align with system Item name):  Environmental Health Specialists Network Information System (EHSNIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Carol Selman
10. Provide an overview of the system:  The Environmental Health Specialists Network (EHSNIS) is a survey analysis tool used by CDC staff to conduct studies for the purpose of identifying environmental causes of food borne illnesses and related outbreaks. Surveys are designed by the CDC personnel allowing for collaboration with Food and Drug Administration (FDA) and participating states. Once data is collected and entered into the system, specified users may edit or delete the data. Studies are then conducted to determine causes of various food borne illnesses and related outbreaks, for research purposes.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) EHSNIS collects environmental assessment data regarding food and waterborne illnesses and related outbreaks.
(2) Data is collected to conduct studies for the purpose of identifying environmental causes of food and waterborne illnesses and related outbreaks and to support EHS-Net activities, partners, and other Branch activities designed to support environmental health service programs.
(3) No.  The system does not contain any PII.
(4) N/A.  The system does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  The system does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain any PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/6/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC EIP All Age Hospitalization Database (EIP AAHD) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/9/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9621-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1601
7. System Name (Align with system Item name):  EIP All Ages Hospitalization(EIPAAHD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sang Kang
10. Provide an overview of the system:  The Emerging Infections Programs (EIPs) is a population-based network of CDC and state health departments, working with collaborators (local health departments, public health laboratories, clinical laboratories, infection control practitioners, healthcare providers, academic institutions, and other federal agencies) to assess the public health impact of emerging infections and to evaluate methods for their prevention and control.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No, System does not share or disclose information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.      The information collected consists of  DOB,  Hospital Admission, Hospital Discharge Date, Nursing Home Resident (Y/N), Age, Sex, Ethnicity, Lab Results
2    The PII collected and used in demographical analysis.
3.      Yes, the information contains PII
4.      PII data is mandatory from state health department to CDC.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No Process in place
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  EIP data is stored in CDC file server with restricted access.  Approved users are allowed access.
Technical controls: user ID,   passwords. Physical controls:  Guards, Identification Badges.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/9/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Control Correspondence [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-0984-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  A SORN is being developed.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1293
7. System Name (Align with system Item name):  Executive Control Correspondence (ECC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ron Campbell
10. Provide an overview of the system:  Users will use Executive Control Correspondence (ECC) to import electronic documents/files into a workflow, and index them with data and route for review and processing.   It will be used to convert paper documents sent to the CDC Directors office into an electronic format. They are placed into electronic folders, and routed via a workflow engine to the appropriate centers for review and response. The response document is then printed signed and returned to the requester. A copy of the folder and contents is saved by the system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  DIMES is responsible for dissemination and tracking of the information.  Shared with all CDC Divisions. Sharing in order to craft a response to the correspondence that has come in.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The information that is collected is voluntary and contains IIF.  Individuals (public citizens) submit information to the CDC via email, USPS mail or fax to voice opinion, concern or have questions.  The information that is submitted varies from health and product concerns to submission of invention ideas.  The information is then forwarded to Subject Matter Experts (SME’s).  IIF can included on the correspondence sent to the CDC and is not requested but is voluntarily given.  These documents are scanned into a PDF and may contain Name, DOB, Mailing Address, Phone Numbers, Legal Documents, Email Address, Military Status and/or Foreign Activities.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The information is voluntary and is not requested.  There is not a process in place for notification.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  DBA – controls database, system admin controls the electronic files, UserID and Passwords.  Documents are not stored in a database.  They are stored on a file server.
Network and security controls for the web servers and databases are in place as well as network security monitoring and security audits. The system is only available on the intranet, mitigating the exposure outside the firewall. Access to the system and to specific information is controlled using Windows Integrated Authentication so users have to have a valid and active network profile before they are allowed system access.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Data Interchange (EDI) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/23/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-02-0984-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1138
7. System Name (Align with system Item name):  Electronic Data Interchange
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  Electronic Data Interchange (EDI) is a web-based system designed to support the Vaccine Tracking System (VTrcks) in order to convert SAP Intermediate Document (IDOC) files to the American National Standards Institute (ANSI) X-12 EDI files and the reverse, (X-12 to SAP IDOC files).
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A – No PII is collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The National Center for Immunization and Respiratory Diseases (NCIRD) provides vendor vaccine order information from grantees (Immunization Programs and Health Departments nationwide) and manages the vaccine orders using VTrckS. EDI is the conduit between the VTrckS system at CDC and vaccine  trading partners.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A – No PII is collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/23/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Disease Notification (EDN) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  12/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00-110-246 (CDC PH Monitoring for Infectious Disease Control Rollup)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09- 20 - 0136
5. OMB Information Collection Approval Number:  1405-0113
6. Other Identifying Number(s):  ESC# 943
7. System Name (Align with system Item name):  Electronic Disease Notification (EDN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Weigong Zhou
10. Provide an overview of the system:  CDC assists state health departments and overall public health through an application called Electronic Disease Notification (EDN).  Immigrants and refugees entering the United States are required by law to possess certain U.S. Department of State medical screening information and documentation as part of a visa request.  Upon arriving at various U.S. points of entry, these immigrants and refugees provide medical information based on overseas examinations to customs and immigration officials on any of several health related conditions that may exist.  The purpose of EDN is to document these health conditions and provide the case to the destination state health department for further follow up and tracking.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  State and Local Health Departments for federally mandated follow-up upon persons’ arrival in their jurisdiction
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) EDN collects, maintains, and disseminates medical, US contact, and US arrival information. 2) It does so to fulfill CDC’s federal mandate to notify state and local health departments of aliens which have arrived with conditions of public health interest and need follow-up by the health departments and/or who may seek care with state health services. 3) PII is contained and disseminated for the health departments to properly find and identify these aliens. 4) An alien may choose not to provide this information; however, it may impede the Department of State’s granting them a visa for US entry.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1) None; 2.) Privacy Act Notice on the form states how the information is going to be used.; 3.) Privacy Act Notice on the form states how the information is going to be used.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Role-based security, digital certificates, and passwords
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Foodborne Outbreak Reporting System (Version 2) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/9/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1263
7. System Name (Align with system Item name):  Electronic Foodborne Outbreak Reporting System 2.0 (eFORS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tarun Sethi
10. Provide an overview of the system:  Electronic Food borne Outbreak Reporting System Version 2 (eFORS 2) collects and stores food borne illness outbreak data from State Health Departments.  Fifty (50) states and fourteen (14) union territories enter food borne illness data as they occur using a web interface. Data analysis by CDC occurs after the outbreak and the outbreak is controlled.  State and Territory, Health Department personnel enter data, finalize and approve data using a Web interface.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Electronic Food borne Outbreak Reporting System Version 2 (EFORS 2); collect, and store food borne illness outbreak data from State Health Departments.  Fifty (50) states and fourteen (14) union territories enters food borne illness data as they occur using a web interface. There is no PII anywhere in the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  7/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Forms [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  594
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 594
7. System Name (Align with system Item name):  Electronic Forms
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  The Electronic Forms allows users to use CDC and other government fillable forms.  You can search by category, form number or form name for government fillable forms..
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 01/03/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Resources (E-Resources) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/2/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Electronic Resources (E-Resources)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Leslyn McNabb
10. Provide an overview of the system:  SFX is an OpenURL compliant context-sensitive linking server.  SFX accepts an OpenURL as input from an information source such as a database (source), parses that information and sends the patron to the correct full text resource.  SFX also provides the ability to manage the library's electronic serials titles, by giving the library the ability to choose packages/coverage dates based on their subscriptions, turn resources "on/off", and provides services to users such as an AZ searchable list and a citation linker.
The library also pays for bX and MARCit services.  These are built-in services on the SFX server that we have chosen to pay to "activate."  The bX service provides information in the SFX services menu that gives the user the feature "users who looked at this article also looked at these articles".  The MARCit service is a records enhancement service where we receive serial record bibliographic records already created that we can then import into our catalog.  Both of these services require additional ports open on the SFX server in order to function.
EZProxy is a separate piece of software, installed on a separate server.  EZProxy is a proxy server.  It sits between SFX and the vendor's resources that SFX points to.  The proxy server is utilized because of business reasons at the CDC.  The library charges back to CIO's for GFE and we need a system for tracking usage of electronic resources.  EZProxy tracks usage of electronic resources by capturing the user id and IP address from the machine of the person as they are leaving SFX but before they get to the vendor site.  Once at the vendor site, their usage is tracked as well.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/2/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Electronic Risk Assessment Management Program(eRAMP) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/12/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1723
7. System Name (Align with system Item name):  Electronic Risk Assessment Management Program(eRAMP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Frances Hard-Bennett
10. Provide an overview of the system:  E-Ramp is an automated database system developed and designed to manage CDC health and safety data and to generate reports related to hazards identified within CDC’s laboratory workplaces.   This system incorporates the input of both the lab principal investigator, laboratory safety officer and the CDC OSHE Safety Risk Manager.  It’s developed to provide a measure of checks and balance by each entity and responsible party in order to establish a comprehensive inventory of hazards and a systematic approach to assessing the hazards and identifying the risk to the user/employee and the employer (supervisors and managers).    The system is developed in a manner that addresses regulatory compliance of health, safety and environmental laws that impact CDC operations and to identify best operating procedures deem outside the scope of regulation yet necessary to protect the CDC work force.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No IIF Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated or maintained on the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = October 26, 2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/12/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Elevated Privileges (EPv) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/9/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Elevated Privileges (EPv)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wayne Knight
10. Provide an overview of the system:  Elevated Privileges (EPv) is a dynamic application that provides an approval process for enhanced permissions on a CDC commodity workstation.  This .Net application supports CDC OCISO standards and requirements for ensuring a least privilege model for CDC commodity workstations across the CDC enterprise.

The system provides a tertiary level of security by utilizing application data driven security categories, Active Directory authentication, and security group’s authentication.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = July 1, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/10/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC EmailForms (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/18/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-0610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1629
7. System Name (Align with system Item name):  EmailForms
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Glenn Moore
10. Provide an overview of the system:  Allows information submitted through web forms on designated CDC Internet sites to be sent via email to designated recipients.  Examples include allowing web site users to submit questions or comments to the CDC via “Contact Us” web pages, or to submit requests to subscribe to CDC listservs to receive periodic notification of news or events.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Example uses of EmailForms include allowing web site users to submit questions or comments to the CDC via “Contact Us” web pages, and submitting requests to subscribe to CDC listservs to receive periodic notification of news or events.  CDC web form authors define what information will be requested on those web forms and submitted through email via EmailForms.  Such information typically includes the user’s email address and questions or comments the user may have.  Email addresses and other contact information are used solely for the purpose of contacting the user in order to answer questions or comments.  EmailForms does not store information submitted via web forms in most cases.  EmailForms only generates email messages containing submitted form data and sends those messages via the CDC SMTP gateway.  No form data is stored within the EmailForms application.  In the event the SMTP gateway cannot be reached, EmailForms will temporarily store email messages on its local file system until the SMTP gateway is available again, at which time the emails will be sent and will be deleted from the EmailForms file system.  Sent email may remain in the CDC email system subject to the CDC’s email retention policies.  Submission of information through EmailForms is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles  OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/24/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC EmailForms [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/26/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC OD GA - Email Form
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy allen
10. Provide an overview of the system:  Allows the contents of Web pages to be e-mailed.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Emergency Medication Distribution System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/30/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0013
5. OMB Information Collection Approval Number:  NA
6. Other Identifying Number(s):  ESC# 1676
7. System Name (Align with system Item name):  Emergency Medication Distribution System (EMDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Art Tallman
10. Provide an overview of the system:  The system tracks medication on hand by logging doses of medication given to individuals during a medical emergency such as pandemic flu outbreak.  Some medication is purchased with CDC funds directly from vendors, others via IAAs with other federal agencies (VA), some “donated” by HHS. The individuals who have their medication doses tracked are CDC personnel.
The main purpose of the system is for inventory tracking and control to avoid duplicate dispensing and also to identify recipients in case of adverse reactions, recalls etc.  The system is anticipated for use only in large-scale CDC “emergency”events.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII shared or disclosed.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Name, DOB
The system records the number of meds on hand and the doses administered to individuals.  They collect/store date of birth and it is needed for clinical purposes
The information collected by this system is PII.
Submission of PII is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1)  Users are notified via a general OD announcement when changes occur in the system. Users are also asked to update and validate their information on a yearly basis. A privacy notice opens when the user first accesses their contact information.
(2)  PII is collected and maintained by CDC.
(3) PII may be used to search for individual records, but never disclosed except by signed authorization
Consent given implicitly by users when identifying themselves as recipients of meds.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Medical Director grants and removes system privileges.  Only authorized users are granted by access by the director.  System on Intranet only with all associated controls includes requiring membership in an AD group.  Campus is physically secured by methods identified above.
PII Collected
EAAL = N/A
Risk Analysis Date = March 19, 2012
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/30/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Emergency Operations Management System (EOMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-19-0171
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1634
7. System Name (Align with system Item name):  Emergency Operations Management System (EOMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Clarence Bloomfield
10. Provide an overview of the system:  Emergency Operations Management System is a consolidation of current state applications and development of new functions and features.  The applications being integrated are, DRS, DDSS, PWMS, UAS/IMS Communications, DCLA, RTS, CAP/AAR, COP and the EOC portal into EOMS.  EOMS will have a home page, Common Operating Picture tab, Archive, Administrator, and IMS Communications.  EOMS will provide charts, maps, link lists, document access, calendars that are similar to those in the EOC portal.  The objective of EOMS is to consolidate the current applications and provide similar look and feel, while providing enhancements to enable users to interoperate within the consolidated applications.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  EOC Staff for the purpose of Situational Awareness and tracking people and resources.The purpose of this information is to identify searchable criteria for building deployment teams and preparedness teams. In addition, information is used to alert people and teams about issues and events.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information is collected indirectly from feeds that contain user information.  The purpose of this information is to identify searchable criteria for building deployment teams and preparedness teams. In addition, information is used to alert people, teams about issues and events.

The information contains PII data. The type of information collected is listed in the PII category in the document.

The information is voluntary and mandatory.
The information that comes from the CDC neighborhood is voluntary & government trip data is not voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Employees’ (new hires) are informed and have given consent during the employee orientation process that their PII information will be used in order to support the CDC Director’s Emergency Operations Center.
PII information is obtained by CDC Neighborhood and this information is provided voluntarily.  Government trip data is not voluntary and is provided by EOC functional team leaders.  Systems (ie. LifeGuard) that request information outside of what is collected from CDC Neighborhood or is provided by an EOC functional team leader do provide consent form (via electronic notification) requiring acknowledgement from users before proceeding.

EOMS also adheres to the HHS Rules of Behavior Document Number: HHS-OCIO-2008-0001.003S
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Portions of the application that use PII data are segmented from the rest of the system. Before one of these segments can be accessed, the portal must determine what rights the current user has to it.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Emerging Infections Program Clostridium Difficile Infection Incident Case Management System (EIP CDI ICMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/22/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1867
7. System Name (Align with system Item name):  Emerging Infections Program Clostridium difficile Infection Incident Case Management System (EIPCDIICMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wenkai Li
10. Provide an overview of the system:  
The Emerging Infection Program (EIP) Clostridium difficile Infection (CDI) Incident Case Management System (ICMS) is a web based .Net application that supports the operational activities of  EIP CDI project incident case’s data and information management including the integration of epidemiologic and laboratory information from CDI incident cases. Surveillance officers from external EIP sites manually import incident cases, complete Case Report Forms (CRF) and health interviews, as well as access incident case information from the ICMS web application.  CDC lab staffs upload reference test results into the ICMS web application.  The main ICMS functions are: 1) import incident case information from external EIP sites, 2) provide incident case information to external EIP sites, 3) perform incident case classification, 4) Capture Case Report Forms and Health Interview Information, 5) allow CDC labs to enter and view test results, 6) provide interfaces to generate datasets for CDC epidemiology group, CDC lab, and external EIP sites, 7) and facilitate specimen tracking. ICMS also provides a function to search for an incident case by; State ID, Patient ID, Incident Specimen Collection Date range or Case Last Updated Date range, Case Classification Status, and Case Processing Status.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No. The system do not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects and maintains patient demographic information and clinical information.  The collected demographic information is used to determine case eligibility, conduct sampling and analyze risk factors among different patient groups.
Determine the population-based incidence of community- and healthcare-associated CDI among participating EIP sites; Characterize C. difficile strains that are responsible for CDI in the population under surveillance with a focus on strains from community-associated cases; Describe the epidemiology of community- and healthcare-associated CDI and generate hypotheses for future research activities using EIP CDI surveillance infrastructure.
The collected demographic information includes: Date of Birth; Gender; Race and Ethnicity.  

The information of Date of Birth, Gender, and Race and Ethnicity is required
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There is not a process in place since the project is a surveillance project and data is received from EIP sites.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The information collected and maintained in the system is protected by administrative, techical and physical controls:
·         Administrative controls: There are clearly defined policies and rules on how to access , use and change information in the system
·         Techical controls: The system implements CDC recommended technical controls including user authentication and authorization, network firewalls, network intrusion detection, data encryption etc.   
·         Physical controls: The information is stored in secure database hosed at a secure location at CDC.

IIF Collected.

E-Authentication Assurance Level = 2

Risk Analysis Date = July 29, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Enterprise Reporting [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1814
7. System Name (Align with system Item name):  Enterprise Reporting (Enterprise Reporting)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Morris Campbell
10. Provide an overview of the system:  The Enterprise Reporting system is a web-based application designed to provide detailed information (i.e. application statistics) that impacts decision-makers throughout the enterprise.  Individual’s at all organizational levels and job functions will have the ability to run standard MISO application reports for their designated admin code ranges only.  All MISO applications that have standard reports will be available for generation through ER.
For example, a CDC Management Official would like know compliancy statistics for his/her organization (center, branch) for all employees required to file a Confidential Financial Disclosure report.  The Management Official will access ER and generate reports from the Ethics Program Activity Tracking application. 

The Enterprise Reporting System (ERS) is the platform and the technology that will process the data.  However, reports generated by ERS would fall inside the certification boundary of the system using ERS e.g. CDC Global, Visitor Management System, etc.  So, the BSI and the PIA for each system already has the PII elements mentioned.  As Enterprise Reporting is used by a system for reporting (none use it yet), a CR would be generated for that system.  The CR would describe the report and the BSI of the system would be updated to list Enterprise reporting as a dependency.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system supports numerous systems with various needs for different PII elements. Who those systems share PII with is listed in the individual system PIA’s.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Enterprise Reporting system is a web-based application designed to provide detailed information (i.e. application statistics) that impacts decision-makers throughout the enterprise.  Individual’s at all organizational levels and job functions will have the ability to run standard MISO application reports for their designated admin code ranges only.  All MISO applications that have standard reports will be available for generation through ER.  This system itself will not collect PII data but supports numerous systems that collect PII and those PII elements will pass through Enterprise Reporting but will not be stored.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This is performed by each supported system individually and it not handled by Enterprise Reporting.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Each supported system is responsible for its own administrative, technical, and physical controls for PII. 

IIF collected
E-Authentication Assurance level = N/A
Risk Analysis Date = 5/26/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/17/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Enterprise Reporting System (CERS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/30/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID 2109
7. System Name (Align with system Item name):  CDC Enterprise Reporting System (CERS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Morris Campbell
10. Provide an overview of the system:  The CDC Enterprise Reporting System is a web-based application designed to provide access to list of reports (i.e. staffing count) in MISO supported applications. Individual’s at all organizational levels and job functions will have the ability to execute reports for all systems for which they have an established role. All MISO applications that have standard reports will be available for generation through the CERS as well as those systems that do not have reporting features.
For example, a CDC Management Official would like compliancy statistics for his/her organization (center, branch) for all employees required to file a Confidential Financial Disclosure report.  The Management Official will access CERS and generate reports from the Ethics Program Activity Tracking application. 

CERS is the platform and the technology that will display the data.  However, reports generated by CERS would fall inside the certification boundary of the system using CERS e.g. CDC Global, Visitor Management System, etc.  As the CDC Enterprise Reporting System is used by a system for reporting, a CR would be generated for that system.  The CR would describe the report and the BSI of the system would be updated to list the CDC Enterprise Reporting System as dependent.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The CDC Enterprise Reporting System is a web-based application designed to provide detailed information (i.e. application statistics) that impacts decision-makers throughout the enterprise.  Individual’s at all organizational levels and job functions will have the ability to run MISO application reports for all systems for which they have an established role.  All MISO applications that have standard reports will be available for generation through the CERS as well as those systems that do not have reporting features.
1)   CERS will not collect, maintain, or disseminate PII.
2)   N/A
3)   There is no data and therefore no PII in CERS
4)   N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This is performed by each supported system individually and it not handled by the CDC Enterprise Reporting System.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Each supported system is responsible for its own administrative, technical, and physical controls for PII. No records are retained in CERS.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/30/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Enterprise Systems Catalog (ESCII) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  3/1/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-0877-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1970
7. System Name (Align with system Item name):  Enterprise Systems Catalog (ESC II)

Enterprise Systems Catalog (ESCII)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandra McGill
10. Provide an overview of the system:  The system is used by CDC’s CPIC office to address the responsibilities assigned to the CDC under HHS and Federal Guidelines for IT Capital Planning and Investment Control.  All active CDC IT investments that store, analyze, process, manage, distribute, and/or  provide access to electronic information are entered into ESC and this information is used by the CDC to  accurately report and categorize IT spending.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  ESCII is available for stewards and system owners to see the Capital Planning Investment information and security information for their system.  It lists the first and last name and User ID of the individual stewards (security, technical, business) if there are any questions/issues surrounding that system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The ESC II captures detailed data as well as provides aggregate summary data for each CDC investment. The ESC II contains data on over 625 systems in which financial information is captured for each system.  In addition ESC II also tracks all updates and prior information that can be retrieved at any time.  The ESC II demonstrates the benefits of a consolidated database inventory supporting multiple CDC needs. The ESC II data is used by the CPIC office and CDC Centers and Offices as well as CDC Enterprise Architecture (e.g., EA for their metrics reports, Security for their Monthly Reports, and Possible Surveillance System Reports). Steward Information is collected for each investment and includes First and Last Name, and User ID and only represents federal contact data. All stewards are notified of their role as “stewards” before entry into ESC II. In addition the ESCII captures diseases and conditions, population characteristics, import and export and collection and dissemination. Diseases and conditions and population characteristics are required for surveillance.  Information collected is mandatory for this system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  When a system is entered into the ESC II, it asks the employee and or contractor to list the names of the stewards of the system and their User ID.  If there are changes to these names, the administrator can go into the system and make those corrections.  The stewards are identified, notified and aware that they are listed as a steward in the ESC II for the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is collected.
Administrative Controls:  New users must have approval of the business stewards to view capital planning data. All CDC users have ready-only access to system overview screens that displays other usernames that are assigned to business, data, security or data steward roles.  User access privileges are revoked when a user leaves the CDC or a user no longer requires access to the system.
Technical Controls:  User access to IIF is role based.
Physical Controls:  IIS and SQL servers secured in ITSO facility at the CDC Roybal Campus in Atlanta
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/1/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Environmental Health Portfolio Management (EHPM) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/15/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 2090
7. System Name (Align with system Item name):  Environmental Health Portfolio Management (EHPM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kyle Dickson
10. Provide an overview of the system:  The purpose of the Environmental Health Portfolio Management System will be to enable real time management and tracking of work requests and projects.  It will provide leadership with the ability to oversee, manage and track overall resource activities, assist with priority setting, handle automatic notification and communications, validate timelines for work requests and projects and serve as a means for users to locate information to address inquiries by internal and external parties.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) EHPM will collect and maintain names, business phone number, job title, and other business contact information.  EHPM will also collect, maintain and disseminate narrative information for inquiry requests.

(2) The agency will use the contact information for automatic notification and communication purposes.  Other information will be used to provide leadership with the ability to oversee, manage and track overall resource activities, assist with priority setting, validate timelines for work requests and projects and serve as a means for users to locate information to address inquiries by internal and external parties

(3) The system does not contain PII.

(4) N/A. The system does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  The system does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/15/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Environmental Health WebMaps [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/25/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1493
7. System Name (Align with system Item name):  Environmental Health WebMaps (WebMaps)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Marianne Hartin
10. Provide an overview of the system:  Environmental Health WebMaps (WebMaps) is a content delivery mechanism and GIS web application. WebMaps provides information in a single source application that is currently accessible on the CDC/NCEH/ATSDR Internet web site.  WebMaps is built on ASP.NET technology and uses a Microsoft SQL Server 2000 to hold the data and a GIS server to generate maps.  WebMaps is a user interactive program that allows users to actively select criteria for lists and manipulate returned data in user friendly format, both in data and a graphical map. WebMaps does not gather any information from users of the system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) WebMaps provides either direct access to health information or redirect users to related information by other web pages and web sites.

(2) WebMaps is designed to provide an interactive online application that will enable visitors to the NCEH and ATSDR Web sites to access health information easily and efficiently through a user-friendly interface.

(3) WebMaps contains no PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF
Risk Analysis date: 11/2/2007
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Environmental Legionella Isolation Techniques Evaluation [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9621-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1607
7. System Name (Align with system Item name):  Environmental Legionella Isolation Techniques Evaluation (ELITE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Pamela Jones
10. Provide an overview of the system:  ELITE is a voluntary proficiency testing program for commercial laboratories to encourage uniform standards in the industry and to provide the LLRDB with a database of regional commercial laboratories that can be recommended in the case of an outbreak. 

The ELITE website will be an avenue for the public to find general information about Legionella testing, test participants’ combined grades, a list of qualified testing facilities, and all other information pertaining to the program. The website will have its own URL but will also be linked from the CDC Legionellosis website under the quick links section. Online reporting shall be made available to Participants and the General public. Test sample results shall be entered through this site and enrollment into the program shall also take place on this site.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No, System does not share or disclose information
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The surveillance data on symptoms, diagnosis, interview, lab results, and vaccine verification are used to evaluate the impact of new vaccines and vaccine policies
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative controls: data is backed up daily and copies stored in a separate facility. The SQL Server database administration is maintained by ITSO.  All modification to the database conforms to ITSO CM.  Technical controls: Access to the data is controlled by user ID and password in addition to the user ID and password needed to access the network. Physical controls include security guards, ID badges, cardkeys.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Epi Clearance Tracking [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1668
7. System Name (Align with system Item name):  EPI Clearance Tracking
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Peter Kilmarx
10. Provide an overview of the system:  EPI Clearance Tracking tracks study protocols, publications, papers and abstracts and to collect metrics of the EPI Branch research projects for monitoring over time.  The metrics collected can be used by the EPI branch teams where applicable but are not intended for evaluation of individual staff members.  Reports will be prepared for distribution at the semi-annual branch meeting that covers the branch activities for the prior calendar year.  EPI Clearance Tracking also captures the productivity, quality, and impact information that will be used by the branch staff.   EPI Clearance Tracking will only be accessible to the EPI branch staff, both domestic and international.  It is role based that is integrated with Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  EPI Clearance Tracking does not contain any PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.) EPI Clearance Tracking tracks study protocols, publications, papers, and abstracts and to collect metrics of the EPI Branch research projects.  It also captures the productivity, quality and impact information about the research projects.
2.) To track the time required for clearances for project protocols, publications, papers and abstracts for all the EPI Branch research projects at various levels.
3.) EPI Clearance Tracking does not collect PII information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  EPI Clearance Tracking does not contain any PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  EPI Clearance Tracking does not contain any PII
No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = July 01, 2009

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Epidemiological Investigative Service Secure Website (EIS-SW) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0138
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  The Epidemic Intelligence Service Secure Website (EIS-SW) has system ID 1467.  It is a special system for Capital Planning Purposes:  funds for it are rolled up into UPI 00920-01-02-02-9123-00, ESC system ID 1310 (named CDC Public Health Communications fo
7. System Name (Align with system Item name):  Epidemic Intelligence Service Secure Website (EIS-SW)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Douglas H (Doug) Hamilton
10. Provide an overview of the system:  The Epidemic Intelligence Service Secure Website (EIS-SW) is a 2-year postgraduate training program of service and on-the-job training in applied epidemiology for health professionals. The mission is to develop a cadre of well-trained health professionals to meet emerging and continuing needs for applied epidemiologic skills that are vital to public health and for continuing CDC's mission of preventing disease and injury and promoting healthy lifestyles
EIS-SW allows CDC's EIS Officers (CDC employed health professionals), with authentication credentials including key fobs, to enter and update relevant contact information about themselves.  It is used to track officers who are in Field EIS, offers a discussion forum, and has Activity Reports for Current Field EIS Officers.  User and password information is maintained by Administrators in OWCD/CDD/EISB.  The EIS-SW purpose is to provide a centrally managed repository of data as it relates to information about EIS officers.  CDD/EIS staff Administrators can update information about progress in the EIS Fellowship, whereas EIS officers can enter and update information about only themselves.  Primarily, CDD/EISB staff use this system to track officers as they serve their initial field EIS assignments.  It also provides a method by which EIS officers can enter information about their career plans during and after their participation in the EIS program.

Specific Functionality:
EIS officers tracking
Officer career plans post EIS
Individual activity reports
EIS Discussion forum
EIS Roster
Program guidelines
Training and resources

Technologies:
Classic ASP.
JavaScript.
Microsoft SQL Server.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  -- Present or Past EIS Officers (CDC Employees, for data verification-correction of their own records)
-- CDC/OD/SEPDPO EIS Administrators (for processing application data, selection of qualified candidates, maintaining a current database, documenting th
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  All submissions are voluntary.  Standard CDC Human Resources use for CDC employees, for keeping emergency contact info. & capabilities in case EIS Officers are needed for emergency response.  Elements include:  Name, Email Address, Mailing Address, Phone Numbers, Fellowship Entry Year, Citizenship Information, Education and Training, Work Experience, Volunteer Activities, Research Grants, Presentations, Publications, Interests, Skills and Abilities.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Standard CDC Human Resources Processes (all Officers and Admins are CDC employees)
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Standard CDC Human Resources Processes (all Officers and Admins are CDC employees).  All data, software, and hardware are supplied and supported by CDC ITSO.  All access will be through AD or CITGO through authentication to include key fobs.
 
Admin.: Access only to their own records by EIS Officers and applicants, or to all records by CDC/OD/OSELS Administrators.
 
Technical: Located in DMZ, encryption of passwords.
 
Physical: DSS Data Center under ITSO controls.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Epidemiology and Prevention Branch Dashboard (EPB Dashboard) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A, System does not constitute a “system of records” under the Privacy Act.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Epidemiology and Prevention Branch Dashboard (EPB Dashboard)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  LCDR Charlene Majersky
10. Provide an overview of the system:  The overall goal of the EPB Dashboard is to establish a user friendly information management system that will ensure easy accessibility to information, increase project visibility, improve financial management processes and accountability, and maximize alignment with broader CDC/OID goals and priorities to assure successful project implementation.
·   To integrate data and other key information generated from EPB work (including: projects, funding, publications and other records) in a central portal to facilitate easy access and timely disseminate on to EPB staff.
·   To describe the roles and responsibilities for maintaining and updating data and other information in the EPB Dashboard database.
·   To establish a functional system that can be linked to other information sources to allow automatic data and information downloads to the EPB Dashboard.
·   To improve information sharing across all areas of EPB as well as its partners. 
·   To establish a financial management system capable of producing timely accountability and project cost analysis.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No, System does not contain any PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No, System does not contain any PII
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No, System does not contain any PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No, System does not contain any PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC EPMO Project Profile (Name recently changed from GCS Project Profile) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9509-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1817
7. System Name (Align with system Item name):  EPMO Project Profile
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Theresa Larkin
10. Provide an overview of the system:  EPMO Project Profile does not collect, store, or process SSN’s or PII. EPMO Project Profile is web-based ASP.NET application that connects to a Structured Query Language (SQL) database. The application files and database are located within the CDC firewall on the CDC Intranet.  All users are internal to the CDC.  EPMO Project Profile uses Active Directory Windows Authentication to gain access to the application. EPMO Project Profile is not interconnected to any other system(s); however, there is information sharing with HIV Lead, GCS eXTRA and GCS SAIEF360.  HIV Lead, GCS eXTRA and GCS SAIEF360 have a database relationship with EPMO Project Profile where the applications share database information.  GCS eXTRA and GCS SAIEF360 read data to populate a list of EPMO Project Profile projects by pulling the data directly from the EPMO Project Profile database through SQL views.  Neither application modifies data in the other’s database.  This approach keeps the list of projects between GCS eXTRA and GCS SAIEF360 and EPMO Project Profile current without having to keep duplicate data in the GCS eXTRA and GCS SAIEF360 databases.  In the case of HIV Lead, the Business Steward contacts the Database Administrator to withdraw the information from EPMO Project Profile’s database using SQL scripts.  The Database Administrator saves the information directly in HIV Lead’s database.  The data is read unilaterally.  EPMO Project Profile does not access the HIV Lead data at all.  EPMO Project Profile is not dependent on any other systems to fulfill its function nor are there any systems that depend on it.
EPMO Project Profile provides limited information on both budget and program status which is needed in the Division of HIV/AIDS Prevention (DHAP) at all levels.  When someone needs more detailed information they can access other systems.  EPMO Project Profile serves multiple purposes depending on where the user sits in the organization. 
Functions of EPMO Project Profile at the branch level:
•        Reduce duplication of budgetary data entry; information entered into EPMO Project Profile at the branch level is fed into HIV Lead and other systems
•        Reduce the need to query the branch regarding target populations, age groups, risk behavior, etc.
•        Submission and tracking of new projects for funding
•        Provide a listing of all projects in a branch
•        Provide information on projects in other branches in DHAP
•        Provide tracking system for the yearly funding cycle
•        Provide a historical record of all project funding
Functions of EPMO Project Profile at the division level:
•        Complete listing of all projects in DHAP
•        Provide a system to be used submit new projects to be funded
•        Standardization of data elements between different systems
•        Provide database of information to produce reproducible reports that are requested by NCHHSTP, CDC, grantees, constituents, Congress,  and the general public
•        Increase accountability of HIV funding
•        Define need for data
•        Define use of data
Track miscellaneous Intramural projects
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1/2) EPMO Project Profile collects and maintains limited budget and program data for the purpose of managing projects and reporting. For example, Project Name, Project Period, purpose, goals, objectives, target and special populations (3) The information collected does not contain PII. (4) N/A.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  EPMO Project Profile does not collect PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  EPMO Project Profile does not collect PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Equal Employment Opportunity Tracking (EEO Tracking) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  (FY07): 009-20-01-01-02-1000-00-402

(FY08)  009-20-01-01-02-1000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1301
7. System Name (Align with system Item name):  Equal Employment Opportunity Tracking (EEO Tracking)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug Correll
10. Provide an overview of the system:  The EEO Tracking System automates the complaint process for NCHHSTP. The Prevention and Support Office (PSO) serves as a coordinator of documentation requests for these complaints. Complaints and documentation requests help PSO determine which issues to address in future training sessions for employees and management. The scope of the EEO Tracking System will include a data entry vehicle for NCHHSTP/PSO to store EEO complaints and reporting capability for all information entered.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects specific information related to each EEO complaint. Example of data collected: Date reported, Date Assigned, Complaint Type, Name (Complainant), Organization, City, State, Complaint Against (Name), Case Number, Due Date, Resolution,  and Comments. Personal Information is collected voluntarily from the complainant.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All applicable NIST SP 800-53 Administrative, Technical, and Physical controls have been implemented on the servers and workstations accessing this application.
N/A – PII is collected.
EAAL = N/A
Risk Analysis Date = 4/1/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  7/1/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Ethics Program Activity Tracking System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/5/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OGE/GOVT-2
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1657
7. System Name (Align with system Item name):  CDC Ethics Management System (EPATS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Teresa Walker-Mason
10. Provide an overview of the system:  CDC Ethics Management System (EPATS) is a web-based application that provides Senior Executive CDC personnel with the ability to electronically complete and sign (e-sign) reports, manage system dates, submit, review and certify the Confidential Financial Disclosure form (OGE 450).  The purpose of the OGE 450 form is to assist employees and their agencies in avoiding conflict of interest between official duties and private financial interests (contracting, procurement, and administration of grants and licenses, etc).  EPATS will provide users with the capability to track the status of a submitted OGE 450 report throughout the approval process.  In addition, EPATS users can send email notifications and alerts during various workflow activities, assign tasks, and send email notifications of annual ethics training to individuals.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system shares information with members of the Ethics Program Activity for the purpose of conducting conflict of interest analysis for OGE 450 report filer.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The information that EPATS will contain Personable Identifiable Information (PII), such as the name, business or personal mailing address, business or personal phone number, financial account information, legal documents, and business or personal email address.  EPATS will provide the CDC Ethics Office the ability to effectively manage the receipt of thousands of Confidential Financial Disclosure forms (OGE 450), as well as, the ability to review and electronically certify the Confidential Financial Disclosure form (OGE 450).
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This is mandatory as a condition of employment for the government and CDC and is given during in-processing of the employee following employment.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative:  Records are maintained according with CDC’s record control schedule and record control policy.  The info is secured using the CDC/IS Active Directory authentication process and role-based application control.

Technical:  Monitored by the Network and IT security controls which administered by OCISO and ITSO.

Physical:  Controls are managed by guards, ID badges, and key card restrictions.

Yes IIF
Risk Analysis Date: 1/26/2010
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/6/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Ethiopia IT Infrastructure (GAP Ethiopia) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/9/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02­1104-00-114-042
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC NCHHSTP GAP Ethiopia GAP Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Ethiopia operations. The IT infrastructure provides file server, exchange server and webmail server. Authentication is performed by a locally administered Active Directory for authenticating local users only. Failover is to local AD at the site. Local does not send or receive information from the main HHS/CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = October 3, 2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  2/10/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Etiological Agent Import Permit Program (EAIP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-8121-00-110-218
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-0199
6. Other Identifying Number(s):  ESC# 546
7. System Name (Align with system Item name):  Etiological Agent Importation Permit System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Barry Copeland
10. Provide an overview of the system:  The Centers for Disease Control and Prevention (CDC) is authorized to issue Import Permits for etiological agents under 42 CFR Part 71.54. Etiologic agents are defined as microorganisms and microbial toxins that cause disease in humans, including bacteria, bacterial toxins, viruses, fungi, rickettsiae, protozoans, and parasites. Any materials containing etiologic agents for import into the United States must be properly packaged and labeled, and be accompanied by a valid U.S. Public Health Service importation permit.

 

In addition, individuals wishing to import select agents and toxins must be registered with CDC's SAP in accordance with 42 CFR Part 73 (Possession, Use, and Transfer of Select Agents and Toxins; Final Rule) for the select agent(s) and toxin(s) listed on the import permit application. Also, In accordance with 42 CFR Part 73.16(a), an APHIS/CDC Form 2 must be completed and submitted to the CDC Select Agent Program and granted approval prior to the shipment of the select agents or toxins under the import permit.

The purpose of the EAIP system is to provide a secure database and processing environment, to include data entry and reporting capability in support of the EAIP Program.  The system was developed as a stand-alone Windows-based system using Microsoft Access in 1995, and has been operational since then with very little enhancements. The system is currently housed on a standalone workstation in a secure location without connectivity to any other system or access to the local CDC network or the Internet. 
The EAIP provides the following essential system functions:
·           Database management
·           Reporting engine and capability
·           User interface
·           Issuance of permits

System input will be received via the traditional methods currently in place (mail, fax, or email).  Input received via email or through electronic means will be virus scanned, and transported electronically via secure technology from the public side to the SBU processing environment (secure space).  Input received by traditional methods will be reviewed and hand-carried into the secure space.

 

Once within the secure space the, input documents will be further reviewed for completeness, and controlled using the Electronic Document Management System (EDMS).  Data will be transferred through manual entry from the hard copy input documents into the database. These inputs would include information contained in the import permit application.

 

System output is in the form of hard-copy paper reports that are appropriately marked in compliance with the Health and Human Services (HHS) security classification guidance.  In addition, backups of all system electronic files are generated regularly and securely stored off-site in support of the Business Continuity Plan (BCP).
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A; no PII is contained in the system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The EAIPP system is limited to storing data from import permit applications that is used to generate the import permit which are approved to receive a permit and generating a paper permit.  The information collected, maintained and/or disseminated is solely for the purpose of issuing the permit for the requestor and is not considered PII. Other information from the application such as email addresses and bio-safety data that is not used to generate the permit is not entered or stored in the EAIPP system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The information collected by the EAIP program is governed by the USPHS 42 CFR - Part 71 Foreign Quarantine. Part 71.54 Etiologic agents, hosts, and vectors federal regulation and information is submitted via import permit application covered under OMB form NO. 0920-0199. In addition, the issuance of select agent permits for etiological agents is governed under 42 CFR Part 71.54. (as identified in 42 C.F.R. Part 74, 7 C.F.R. Part 331, and 0 C.F.R part 121) through the submission of CDC-APHIS form 2.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IFF collected

E-Authentication = N/A

Risk Analysis Date = April 1, 2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Evaluation of Enhanced Comprehensive HIV Prevention Planning and Implementation for Metropolitan Statistical Areas Most Affected by HIV (ECHPP) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/18/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-0922
6. Other Identifying Number(s):  ESC# 1978
7. System Name (Align with system Item name):  Evaluation of Enhanced Comprehensive HIV Prevention Planning and Implementation for Metropolitan Statistical Areas Most Affected by HIV
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dale Stratford
10. Provide an overview of the system:  Evaluation of Enhanced Comprehensive HIV Prevention Planning and Implementation for Metropolitan Statistical Areas Most Affected by HIV (ECHPP) does not collect, process, transmit, or store PII or SSN data. The scope of the HIV epidemic in the United States is significant, particularly in large urban areas where cases are concentrated. In 2006, approximately 56,000 new HIV infections occurred in the U.S., demonstrating the need to expand targeted HIV prevention efforts. In addition to broad strategies for the general U.S. population that provide essential knowledge and support an environment conducive to HIV prevention, three targeted strategies are crucial to reducing HIV incidence:

1. Increasing knowledge of HIV status among people living with HIV and their partners
2. Reducing the risk of HIV transmission from people living with HIV
3. Reducing HIV acquisition among persons at high risk for infection

Realizing the benefits of these strategies also depends on focusing on structural issues that act as barriers to effectively implementing HIV prevention and on adequate support for a rigorous, evidence-based approach to HIV prevention that directs resources to the individuals, populations, communities, and activities that will result in the largest reductions of new HIV infections. HIV prevention in the U.S. must be focused and integrated, including an optimal mix of behavioral, biomedical, and structural interventions, adequately funded, and tailored so that levels of services are appropriate to personal and community-level risk of acquiring or transmitting HIV. To harness the full potential of advances in HIV prevention and treatment, jurisdictions with high AIDS prevalence must:
1) Enhance HIV prevention planning efforts for maximal effectiveness, and
2) Coordinate the implementation of and capacity building for activities addressing HIV prevention, care, and treatment. To this end, CDC has funded a new program to facilitate the development and implementation of Enhanced Comprehensive Prevention Plans (ECHPPs) for Metropolitan Statistical Areas (MSA’s) most affected by the HIV epidemic in order   to reduce HIV risk and incidence in those areas.
The evaluation of the ECHPP Program will include three levels of indicators:
1) Impact evaluation indicators monitored with existing surveillance systems
2) Outcome evaluation indicators monitored through primary data collection and existing behavioral surveillance data
3) Process evaluation indicators monitored with existing program data as well as capturing additional information on new interventions or interventions that CDC has not previously supported.
A final report encompassing trends at the impact, outcome, and process levels will serve as the evaluation of this project.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) HIV prevention services delivered, HIV related behaviors, Use of prevention services among persons with HIV  and persons with highest risk of infection, Changes in disease rates in cities that are participating in planning and implementation of ECHPP, Age, Ethnicity, Race, County of Residence, education level, Zip Code, City, Gender.
2) A final report encompassing trends at the impact, outcome, and process levels will serve as the evaluation of this project.
3) ECHPP does not process, collect, transmit, or store PII data.
4) No PII submitted.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/18/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC EvaluationWeb [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Evaluation Web (Eval-Web)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dale Stratford
10. Provide an overview of the system:  Evaluation Web does not collect SSN’s or PII. The primary purpose of Evaluation Web is to provide a standardized data collection, analysis, and reporting tool for CDC HIV prevention program grantees.  Community-based organizations (CBOs) and state and local health departments funded by CDC will use Evaluation Web to report on HIV prevention activities they are funded to implement. These data will be used by CDC to monitor and report on the domestic HIV/AIDS prevention program and will help CDC to promulgate best practices, redesign interventions that are inefficient or not effective in reducing risky behaviors that could result in HIV infection, and identify grantees that need assistance to better deliver effective prevention services. De-identified data from the Evaluation Web system will be sent to the CDC via SDN.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Local Client ID, Date of Birth – Year Only, Ethnicity, Race, State/Territory of Residence, Current Gender Identity, Relationship Status
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Export Tracking and Document System (EXPTRACK) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/2/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 76
7. System Name (Align with system Item name):  Export Tracking and Document System (EXPTRACK)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Suzette Bartley
10. Provide an overview of the system:  Export Tracking System (ETS) is an innovative LAN application focused on export records and shipments.  This system tracks all CDC exports.  It generates documents required to be affixed to the shipments.   The system stores business contact information for the shipments and also provides full expected and actual tracking information to the users.   The data is required per the US Department of Commerce Export Administration Regulations 15 CFR Parts 730-774.  Users are able to access ETS from their individual workstations.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = July 26, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/7/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Extensis (EXT) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Extensis
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Gabrielle Benenson
10. Provide an overview of the system:  Extensis will serve as a centralized image and multimedia repository which allows division-wide access to catalog, upload, organize, tag, report on and search all types of digital assets. Currently, over 15,000 photos are not organized and are stored in various locations, such as in personal e-mail inboxes and the DGMQ shared drive. These images are visual representations of DGMQ’s work in action and show how our division fulfills its mission. The images have been obtained from DGMQ staff in the field and at headquarters, purchased photo stock images, historical quarantine images, and communication and educational materials such as posters, flyers, etc. It is important that DGMQ has a centralized system so that images and other media can be shared and used for internal and external presentations, health communication and education materials, and other documents, reports, and materials about DGMQ. By establishing a system for fast and easy access to digital assets through the media library, DGMQ will be able to quickly and more efficiently disseminate health information to help reduce morbidity and mortality among globally mobile populations to prevent the introduction, transmission, and spread of communicable diseases.

A Media Library will significantly improve the way DGMQ manages digital assets such as images or videos. By creating this system, countless staff hours will be saved from time spent searching for these images. Extensis will also be able to address two of CDC’s strategic goals by enhancing the quality, availability, and delivery of these digital assets to employees, thus fostering innovation, collaboration, and more efficient work performance among staff in DGMQ. The system will also offer customizable permission levels for access control, in addition to a user friendly web-interface for ease of use so that media can be found and utilized more effectively.

System administrators will ensure no PII is associated with any media file loaded in the system.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information collected, maintained, or disseminated about the media files
Why and for what purposeContains PIIVoluntary or Mandatory
Media number To use as a search criteria and to organize the filesNoAutomatically generated
Name and work e-mail address of the person submitting media files government/government contractor contact data only.To use as a search criteria and to contact the individual if questions arise
NoMandatory
Submission dateTo use as a search criteriaNoAutomatically generated
Date of creationTo use as a search criteria NoVoluntary
Source name and credit instructions - this includes name of the source of the media file, for example, the photographer or creator of the media file. Government/government contractor contact data only To use as a search criteria and to appropriately provide source credit, proper acknowledgement, and a full citation to the media file
NoVoluntary
Format, for example: photo, illustration, video, audio recording, webinar, animation, other
To use as a search criteriaNoMandatory
Brief description – may include name and job titles of people in the media files. Government/government contractor contact data onlyTo use as a search criteria NoMandatory
Keywords - may include name and job titles of people in the media files. Government/government contractor contact data only
To use as a search criteriaNoMandatory
Consent obtained (Yes or no field)To use as a search criteriaNoMandatory
Use restrictions - may include name and job titles of people in the media files. Government/government contractor contact data onlyTo use as a search criteriaNoVoluntary
File sizeTo use as a search criteriaNoAutomatically generated
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC External Partner Activate (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  External Partner Activate
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Crawley
10. Provide an overview of the system:  The purpose of the EPEA website is to allow External Partners to activate their CDC user account.  Prior to accessing this website the External Partner user will have received an email notification.  This notification would have provided them with the name of their user account, and a description of how to determine their password.  This notification also contains a link to the EPEA activation web site. 
The activation process has 3 parts. Part 1, the initial user credentials are authenticated.  Once the credentials are authenticated, the user is transferred to the Quest Password Manager (QPM) web site.  Part 2, in the QPM site the authenticated user is requested to enter the answers to several security questions, which are stored for later verification. Part 3, the authenticated user is required to change their password.  Once this is done the External Partners user account is available for system authentication.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E walker
Sign-off Date:  5/18/2011
Approved for Web Publishing:  Yes

Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC External Public Open Source Environment (ExPOSE) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  Conversions 
1. Date of this Submission:  5/15/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-1414-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1520
7. System Name (Align with system Item name):  External Public Open Source Environment (ExPOSE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  ExPOSE is a hosting environment for external facing, public, web-based applications and has been set up specifically to support open source collaborative tools
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  ExPOSE is a hosting environment that will only host systems with Low data
ExPOSE does not use any information
ExPOSE does not collect any PII
Information is not submitted to ExPOSE
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/15/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Extramural Tracking and Reporting Application [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1798
7. System Name (Align with system Item name):  Grants Central Station Extramural Tracking and Reporting Application
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Theresa Larkin
10. Provide an overview of the system:  GCS eXTRA does not process, collect, store, or transmit PII or SSN Data. Each year, Division of HIV/AIDS Prevention (DHAP) awards approximately $560 million dollars using extramural funding mechanisms.  In 2004, an assessment led to several key findings to improve DHAP’s current processes for information flow.  Some of the recommendations included the need to (1) streamline how requests are handled for consistency across branches and into the division, (2) identify points of contact for each branch for data requests and information requests, (3) develop an electronic division-wide tracking system, (4) publish and distribute documents to reduce data and information requests, (5) improve data and information storage system, (6) enhance search and access to reports and systems across the division, (7) facilitate more communication guidance for collaboration and information sharing division-wide.  In June 2005, the Deputy Director for Management and Operations initiated a series of meetings to determine the range of automation needs.  It was agreed by all that the development of an application to track the process of the funding mechanism documents, along with an element of version control, should be pursued.
The purpose of GCS eXTRA is to monitor and track document preparation and approval of funding mechanism documents for DHAP.  The most common funding mechanisms are program announcements (PA) and contracts.  The originating branch will prepare the FOA and review it within their branch.  When ready, the originating branch will post the FOA document to GCS eXTRA.  The Extramural Program Management Office (EPMO) and other branches within the division will download the document from GCS eXTRA for review, posting any feedback to GCS eXTRA when finished.  After incorporating pertinent feedback, the originating branch will repost the document for the Technical Information and Communication Branch (TICB) to review.  TICB will post any comments, and the originating branch will incorporate those before reposting the document for review by the Deputy Director of Science, the Deputy Director of Prevention, and the Associate Division Directors.  After all comments are posted, the originating branch will incorporate any feedback and repost the document.  It is then reviewed/approved by the Deputy of Management and Operations, EPMO, and NCHSTP before submission for higher approval.
The objectives of the 3.0 upgrade are to:
·         Move the application from Visual Studio 2005 to Visual Studio 2008
·         Update functionality and processing methodologies from Visual Studio 2003 to Visual Studio 2008
·         Enhance Graphical User Interface (GUI) to align with other GCS applications
·         Enhance Application to align with Division Leadership directives
Enhance Application to respond to feedback from users
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  All processes surrounding creation, approval, dis-approval, and reporting of Funding Opportunity Announcements ( FOAs).
Creation, approval, dis-approval, and reporting of Funding Opportunity Announcements ( FOAs).
GCS eXTRA does not contain PII data.
Submission of Business Contact Information in response to FOA’s is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Extranet Access System (EAS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/1/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Extranet Access System (EAS) formerly known as Netscaler VPN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dave Ausefski
10. Provide an overview of the system:  The Extranet Access System in a result of the development of an enclave has been set up so that public facing applications can be secured and delivered to DMZ based users who will collaborate with internal CDC Users.  The term for this is the “Moat”.  This environment will provide both authentication and content delivery for both CDC and Non-CDC users by authenticating against resource domains as well as the CDC.GOV domain.  The aim of the EAS Project is to provide secured access to this environment in a manner that adheres to the NIST 800-53. 
Access to internal resources will be delivered by a FIPS 140-2 Level II Compliant Netscaler 9010 appliance.  The Netscaler is a hardened BSD Appliance produced by Citrix that provides multi-homed access to the CDC MOAT.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/1/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Federal Advisory Committee Management [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/20/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0059
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Federal Advisory
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Thurmond
10. Provide an overview of the system:  This system is a record of Federal Advisory committees to use in submitting federal register notices and completing member conflicts of interest.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Federal Advisory Committee Management
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  contact information - mandatory
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Limited full access to database – provided only to the team in MASO
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/19/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Fellowship Management System (FMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  6/29/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  Component of CDC PH Communications for Workforce & Career Development (system UID # 1310)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  SORN 09-20-0112: Fellowship Program and Guest Researcher Records
5. OMB Information Collection Approval Number:  0920-0765
6. Other Identifying Number(s):  ESC# 1418
7. System Name (Align with system Item name):  Fellowship Management System (FMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mehran Massoudi
10. Provide an overview of the system:  The Fellowship Management System allows applicants to apply to CDC fellowships on-line and will track fellowship alumni in one integrated database.  The target audience consists of professionals in public health, epidemiology, medicine, economics, information science, veterinary medicine, nursing, pharmacy, public policy and related professions, and medical, veterinary, and graduate students.  Applicants choosing to apply to one or more CDC fellowship(s) will enter their information once and alumni who choose to participate in the alumni directory will have the option of providing updates to information that has changed.  Information about alumni who provide consent will be included in standard downloadable reports including the alumni directory.  Alumni will use the directory to facilitate networking, per their request.  CDC will use the information collected for processing application data, selection of qualified candidates, maintaining a current alumni database, documenting the impact of the fellowships, and generating reports.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  -- Present or Past applicants (they can only access their own information for verification/correction of their own data).
-- CDC/OD/OWCD Fellowship Administrators (for processing application data, selection of qualified candidates, maintaining a current
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  PII includes: Name, Date of Birth, Email Address, Mailing Address, Phone Numbers, Fellowship Entry Year, Citizenship Information, Education and Training, Work Experience, Volunteer Activities, Research Grants, Presentations, Publications, Interests, Skills and Abilities.  CDC will use the information collected for processing application data, selection of qualified candidates, maintaining a current alumni database, documenting the impact of the fellowships, and generating standard downloadable reports including the alumni directory and a listing of current fellows.  All submissions of data are voluntary including participation in the alumni directory. See attached listed for complete list of all the data fields that are collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Should major changes ever occur to the system,  CDC/OSELS/SEPDPO Administrators will notify individuals whose PII is in the system by email asking them to log on to the system to provide electronic consent as appropriate.  The Fellowship programs’ Bulletin will also include an announcement of notification and request alumni to log on to the system to provide electronic consent as appropriate. 

Individuals will be notified as to what PII is being collected from them and how the information will be used or shared when they first log into the system as an applicant or an alumnus and will be available for their review every time they log onto the system thereafter.  Alumni will provide electronic consent before they can enter their own data and they will always have the option of retracting their consent.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Admin. - Access only by applicants to their own records, access only by alumni to their own records, or by CDC/OSELS/SEPDPO Administrators to all records.

Technical - Located in DMZ, encryption of passwords.

Physical -  Mid-tier Data Center under ITSO controls.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/29/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Flu Geographical Information System (FluGIS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/19/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1866
7. System Name (Align with system Item name):  Flu Geographical Information System (FluGIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lynnette Brammer
10. Provide an overview of the system:  The Geographical Information System (FluGIS) is a web application to support the Epidemiology branch on their analysis and reporting to internal management.  The data this system utilizes come from Flu’s surveillance systems such as Influenza Sentinel Providers Surveillance Network, 122 Cities Mortality Reporting System, and WHO collaborating Laboratories.  The data is for reporting purposes only and is pulled into this system.  At a high level, the security of the system uses user credential from Windows NT Challenge/Response and checks for access against the database table.  If access is allowed then an access role is assigned to the user which controls role based web pages.  An application account and password is used to connect to the database schema.  The operation of FluGIS is as follows.  The end-user logs into FluGIS using his/her LAN credential.  Once the user is validated, a system defined role for the user is assigned.  Based on the role, access to the appropriate web pages is granted. 
To gain access to FluGIS, an end-user must also have an authorization from the Epidemiology branch and an assigned user role.  The role controls role-based security on every web page.  Extensive data validation and security capability is written into each web page. Access to the application allows a variety of reports to be run against the data.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not collect PII Information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
E Auth Level = Low 1
Risk Analysis date 09/24/10
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Maden
Sign-off Date:  10/20/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Flu Tool (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/23/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Flu Tool
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Alan Davis (ALD7@cdc.gov)
10. Provide an overview of the system:  The Flu Tool improves the ability of public health partners to monitor influenza activity across the nation, provide situational awareness related to seasonal and non-seasonal influenza, and present influenza-like illness data from various sources in a common format and interface available to public health decision-makers. This purpose of this tool is to serve as a general surveillance application. Information in the Flu Tool is updated on a weekly basis.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Flu Tool does not collect, maintain, or disseminate PII/IIF. The system has been developed to improve the ability of public health to monitor influenza activity across the nation, provide situational awareness of seasonal and non-seasonal influenza, and present influenza-like illness data from various sources in a common format and interface available to public health decision-makers. Information processed by the system is listed in the following chart:

DoD/VA DiagnosisBioSense Departments of Defense and Veterans Affairs Outpatient Clinic Data, ILI Diagnoses
BioSense Hospitals DiagnosisBioSense Hospitals Emergency Department, ILI Diagnoses
BioSense Hospitals Chief ComplaintBioSense Hospitals Emergency Department, ILI Chief Complaints
Sentinel ProvidersPercentage of Visits for Influenza-like Illness (ILI) Reported by the US Outpatient Influenza-like Illness Surveillance Network (ILINET)
WHO/NREVSS LabsInfluenza Positive Tests Reported to CDC by U.S. World Health Organization (WHO) and National Respiratory and Enteric Virus Surveillance System (NREVSS) Collaborating Laboratories
State and Territorial Epidemiologists Weekly Influenza Activity Estimates Reported by State and Territorial Epidemiologists*
Antiviral PrescriptionAntiviral Prescription
LabCorp LaboratoryInfluenza Positive Tests Reported by LabCorp
Quest LaboratoryInfluenza Positive Tests Reported by Quest
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  
Sr. Official for Privacy Name:  Thomas P MAdden
Sign-off Date:  3/23/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Flu Vaccine Finder [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  Initial PIA Migration to ProSight 
1. Date of this Submission:  1/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9621-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1492
7. System Name (Align with system Item name):  Flu Vaccine Finder (FVF)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa Galloway
10. Provide an overview of the system:  To aide the visibility of influenza vaccine distribution, the Centers for Disease Control and Prevention (CDC) is making available jurisdiction-level summary reports of influenza vaccine distribution data to state and local public health officials.  The CDC has coordinated agreements with several distributors and several manufacturers to provide distribution information on a weekly basis.  The information is consolidated and mapped to common variables for reporting then published to secure environment.  Access to this information is restricted to a limited number of individuals per jurisdiction.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system collects flu vaccine distribution information, including the distributor name, the amount distributed, and the date distributed, and to whom the vaccine was distributed.  No IIF is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative controls: The data will be secured by logical access controls. Technical controls: Access to the data is controlled by user ID and password, digital certificate, firewall.  Internal physical controls include security guards, ID badges, and cardkeys.

No IIF Collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = October 5, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/14/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC FMO Portal (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1684
7. System Name (Align with system Item name):  FMO Portal
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Chare Brown
10. Provide an overview of the system:  The FMO Portal system is designed to support FMO branches during the system development process.  The system is composed of a main website, document libraries, and contact lists.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The FMO Portal is designed to support the Financial Management Office (FMO) in the areas of Project Management and Staff Management.  The system is composed of several intranet sites for each FMO branch and an umbrella intranet site for all of FMO.  The websites are used by FMO employees to manage project documents and schedules, branch staff calendars, and branch-related information.  The only PII collected by the system are user names and email addresses.  This information is collected via the Active Directory Global Catalog.  The system is only used within CDC and the names and email addresses are readily available to all CDC employees through other systems.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  PII will stay internal to individuals with network passwords at the agency.
PII is obtained from the Active Directory Global Catalog.  Consent to list this information in the Active Directory Global Catalog is given when the user requests a CDC network password.  It is understood by the user that names and email addresses will be used within CDC to conduct official business.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII is secured by numerous methods including, firewalls and password authentication.  The data is kept within a controlled access facility, which includes security guards, card key access, and identification badges.
No PII collected
Risk Analysis Date = 12/24/2009
EAAL = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC FOA Applicant Approval System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9124-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1671
7. System Name (Align with system Item name):  FAO Applicant Approval System (FAAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Theresa Larkin
10. Provide an overview of the system:  The Funding Applicant Approval System “FAAS” project is initiated to partner with the Strategic Science and Program Unit (SSPU) to automate the evaluation of applications for DHAP Funding. 
The major Business Functions of this project are CDC/Branch functions which will be conducted in collaboration with System Administrative functions as stipulated by DHAP.
·         FAAS establishes an automated, best practices process for initiating and managing the evaluation of applications (SF 424) for Funding Opportunity Announcements including:
o   Reviewer recruitment
o   Letters of Intent “LOI”
o   Establishing an automated, best practices process for conducting Special Emphasis Panel “SEP” activities
o   Establishing an automated best practices process for conducting Pre-Decisional Site Visit “PDSV” activities
FAAS will establish and maintain a list of potential and actual SEP reviewers to review, evaluate, and score SF 424 Grant applicants. Reviewers, who have been validated by CDC as qualified to participate in SEP activities, will be granted limited (time) access to the FAAS application during review process (less than 60 days), after which reviewer accounts are automatically deactivated. Reviewers will access the FAAS application via the Internet during SEP activities. CDC employees participating in SEP activities will also use a limited (time) FAAS account to access the application from the Internet.
FAAS is a web-based application, developed using Microsoft .NET and SQL Server 2005 technology. The application is used to support the application, evaluation, and notification of Federal Grants for HIV prevention.  Only Business IIF information is collected, processed, or stored within FAAS.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Business/organization applicant information for various federal grants, such as Organizational DUNS, TIN or EIN, legal name, Department, Division. Complete business address, business phone number, business fax number, and business E-mail, type of application, description of applicant’s project, and Congressional district of applicant.
Business IIF Information is collected to assist in evaluations of business/organization applicant qualifications for various grants.
PII information is not collected, processed, or stored within the application.
Submission of information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC FoodNet Population Survey Cube [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0164
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1678
7. System Name (Align with system Item name):  FoodNet Population Survey Cube (FPSC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Barbara Mahon
10. Provide an overview of the system:  The FoodNet Population Survey Cube (FPSC) is a data storage device which will be connected to by members of the FoodNet team.  Its purpose is to store the data collected from the FoodNet Population Survey and structure it in a way that allows for fast, easy aggregation.  The data is obtained via a SAS dataset, formatted to fit into the database structure.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Only internal CDC personnel
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The FoodNet Population Survey Cube (FPSC) is a data storage device which will be connected to by members of the FoodNet team.  Its purpose is to store the data collected from the FoodNet Population Survey and structure it in a way that allows for fast, easy aggregation.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This is an internal system that resides behind the CDC firewall and will only be accessed by internal CDC personnel only. Access control is role based and managed by AD.

IIF is collected and the proper controls are utilized to safeguard sensitive information.

E-Authentication Assurance Level = N/A

Risk Analysis Date = August 3, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/11/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Freedom of Information Act Xpress (FOIAXpress) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/5/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 89
7. System Name (Align with system Item name):  Freedom of Information Act Xpress (FOIAXpress)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Bruno Viana
10. Provide an overview of the system:  Multi-function FOIA case management system.  A requestor will request a CDC document through this system for multiple reasons including contractual suits, application of contracts, insurance documents, etc.  These requesters are authorized to pull documents by the actual author, center, or individual to which the document refers.
For External users, the capability to check the status by entering their FOIA number.
Many PII data elements may be stored and transmitted on the FOIAXpress system including but not limited to SSN, Name, Home Address, Passport information, Email address, and Home Phone Number, etc.  For inquiries surrounding an individuals’ PII, a consent form must be downloaded from the FOIAXpress website and filled out by the requestor and the individual about whom the information pertains, signed by both parties authorizing release, and notarized.  This form is then submitted to FOIAXpress via US Mail and the information is then authorized to be released.  These types of inquiries typically surround legal and contractual investigations.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system retrieves and disseminates documents requested for various purposes and may or may not include IIF.  This system shares information with contractors, FTE’s and other Government agencies.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Voluntary in most cases but Mandatory in others.  Name, DOB, SSN. Photographic Identifiers, Driver’s License, Mother’s Maiden Name, Vehicle Identifiers, Mailing Address, Phone Numbers, Medical Notes, Medical Record Numbers, Certificates, Legal Documents, Device Identifiers, Web URLs, Email, Address, Education Records, Military Status, Employment Status, Foreign Activities, and UserID.  These are stored for various reasons including but not limited to legal inquiries, application of contracts, insurance documents, et.  This is a multi-function system that retrieves documents upon request to satisfy the Freedom of Information Act.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The documents already exist and should PII be included on any documents requested, an authorization form has to be filled out.  Notification and consent is not obtained from the FOIA office but is provided voluntary at the originating center. Information is shared that contains PII only when a legal inquiry is requested and the individual whose information is being disclosed is given notice and provides written consent.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is secured using ITSO guidelines.  UserID and Password as well as application specific UserID and Passwords are used to restrict access.  It is secured in a building with guards at the doors and proper fire/water damage controls.

Risk Analysis date: 12/30/2009
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/18/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top