Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Centers for Disease Control - Page 4

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / CDC Freezerworks (N/A) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 

PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/17/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Freezerworks
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  David Wang
10. Provide an overview of the system:  The freezerworks is a high volume sample tracking software.  We use it to track the exact locations within various freezers of our viruses, controls and sera samples.  The software provides the means for us to search the inventory and look at information associated with the sample, without having to manually search through each freezer.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII is contained within the system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system is used to track the exact locations within various freezers of our viruses, controls and sera samples.  The software provides the means for us to search the inventory and look at information associated with the sample. No PII is contained within the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII is contained within the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is contained within the system.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/17/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC FTP Request Tool (FTP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/12/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  FTP Request Tool
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wayne Knight
10. Provide an overview of the system:  FTP Request Tool will allow CDC users to request private password protected FTP sites or public FTP sites following an approval process by the user’s manager, ISSO and TSE.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data collected, disseminated, and/or collected pertains to network information, ADP information, and CDC user information without any distinguishing identifiable information
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated, or maintained in the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No Information in Identifiable Form is collected or transmitted.

No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = July 24, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/13/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Funding Opportunity Announcement Builder (FOAB) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/14/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-1000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1404
7. System Name (Align with system Item name):  Funding Opportunity Announcement Builder (FOAB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michael Melneck
10. Provide an overview of the system:  The primary purpose of FOAB is to help the Project Officers in the field develop a Program Announcement using existing standards and templates.  The system will:
•              Enable the Project Officers in the field to build Program Announcements
•              Track the Program Announcement through the approval process
•              Track revisions to the Program Announcement
FOAB was developed as a web-based system in order for FOAB Project Officers to access the system while in the field.  FOAB Users submit data to build Reports/Program Announcements with pre-existing templates.  These templates are a combination of free-form text fields and drop-down menus.  The web interface collects aggregate data.  Collected data is transferred to the FOAB Database for further processing.  The total number and type of users is approximately 100 (includes the Project officers in the field, Global AIDS Program users, and Procurement and Grants Office Users).  All users will have a valid CDC User ID and most users/Project Officers will be located in the field.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No iIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =7/31/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles  OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/18/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC GAP South Africa IT Infrastructure (South Africa GAP) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/5/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC-South Africa GAP Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP South Africa operations. The IT infrastructure provides file server, exchange server and webmail server. Authentication is performed by a locally administered Active Directory for authenticating local users only. Failover is to local AD at the site. Local does not send or receive information from the main HHS/CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  nN/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = Oct 9, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC GAP Syslog Server (Syslog) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/12/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC-Syslog Server
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Thailand operations. The IT infrastructure provides file server, exchange server and webmail server. Authentication is performed by a locally administered Active Directory for authenticating local users only. Failover is to local AD at the site. Local does not send or receive information from the main HHS/CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is present.
Risk Analysis Date = December 4, 2009
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/12/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Genomics (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/23/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-0623-00-110-031
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1479
7. System Name (Align with system Item name):  Genomics
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Anne Whitney
10. Provide an overview of the system:  Genomics tracks samples analysis request submitted to the laboratory. Replaces current paper based log entry allowing the lab to track sample submissions by division, user id, type of analysis requested.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 02 June 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/29/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC GeoSentinel: Global Emerging Infections Sentinel Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 885
7. System Name (Align with system Item name):  Global Emerging Infections Sentinel Network (GeoSentinel)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mark Sotir
10. Provide an overview of the system:  GeoSentinel is a surveillance system that collects information on significant health risks and alerts on important disease risks and outbreaks.  The contributors consist of more than 50 travel/tropical medicine clinics (sites) around the world.  These sites in collaboration with CDC and other international organizations (channeled through these clinics) are participating in active surveillance to monitor geographic and temporal trends in morbidity among travelers and other globally mobile populations.  Passive surveillance and response capabilities are also extended to a broader network of GeoSentinel Network members. Most users of the system are nurses and physicians in the different sites and are non-CDC personnel.
Since this is a surveillance system for health risk trends, there are no patient personal identifiers collected.  Specific attention was paid to eliminate impact due to privacy regulations.  It does not share any information with other systems.  The system uses internal user-based application security.  Database security includes role-based permission to system functions.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Most users of the system are nurses and physicians in the different sites and are non-CDC personnel.
Since this is a surveillance system for health risk trends, there are no patient personal identifiers collected.  Specific attention was paid to eliminate impact due to privacy regulations.  It does not share any information with other systems.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC GID Travel and Consultancy Web Application [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  6/15/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9309-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1365
7. System Name (Align with system Item name):  GID TRAVEL
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kim Fears
10. Provide an overview of the system:  The GID Trav system collects data on prospective travel candidates for NCIRD/GID’s international travel programs including the STOP program.  The site also allows GID staff to enter their travel itineraries to support the reporting requirements of CDC’s international partners
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Names of persons traveling abroad are shared with CDC’s Partners – WHO, UNICEF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information collected includes name, DOB, phone, address, employment status, email address, foreign activities, and gender.  Submission of all data is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No change policies exist.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is collected and the proper controls are utilized to safeguard sensitive information.

E-Authentication Assurance Level = N/A

Risk Analysis Date = April 21, 2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/15/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC GIS Internet Mapping Systems (GISIMS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/15/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  ATSDR GRASP GIS Internet Mapping System (GISIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Andrew Dent
10. Provide an overview of the system:  ATSDR GRASPS Geographical Information System (GIS) Internet Mapping System (GISIMS) is a set of web-based Knowledgebase and Content Management components drawn on a single data source (datasets from GIS) and hosted by the GIS General Support System (GSS). The Agency for Toxic Substances and Disease Registry (ATSDR) staff will be the primary users of GISIMS.  GISIMS is used to deliver data content in various formats and reports based on the functionality of each component.  GISIMS does not contain any Personally Identifiable Information (PII).
GISIMS is comprised of three (3) different components noted as follows:
Geospatial Research, Analysis, and Services Program (GRASP) – is a component that is a public web page that provides information regarding ATSDR’s GIS role and support for CDC/ATSDR.  GRASP provides GIS technologists with tools that help enable a variety of CDC efforts including disease surveillance, hazardous substance tracking, and reporting on a variety of issues including workplace injury, drinking water safety, and birth defects.  GRASP provides the GIS framework, resources and technical expertise for CDC/ATSDR information systems to utilize GIS technologies.  The GRASP web page falls outside the definition of a static web page by using dynamic content (.aspx).
Community Health Status Indicators (CHSI) – is a component that allows the public to dynamically view indicators for a county, select desired Indicator Group, Indicator, State, and County via a pull down menu selection then display them in a geographically marked up map. CHSI is designed to provide information for improving community health in a geospatial format from a read-only database.   
FluView – is a component that allows the public to dynamically display flu rates by geography and time via a pull down menu options from a read-only database.  It allows users to visualize trend data to analyze geographical and temporal patterns of Flu intensity data.  Users can create reports to export data in Excel or JPEG format.
Rabies – is a component that allows the public and Rabies Division partners to dynamically display rabies data by time and geography from data stored in a read-only database. Only Rabies Division from State and County Health departments can log-in and only Business contact information is collected, used, and stored.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1. GISIMS will maintain and disseminate information regarding ATSDR’s GIS role and support for CDC/ATSDR, community health status indicators information, and trend data for flu.
2. ATSDR uses GISIMS to provide information for improving community health, analyzing geographical and temporal patterns of Flu intensity data, and to enable a variety of CDC efforts including disease surveillance, hazardous substance tracking, and reporting on a variety of issues including workplace injury, drinking water safety, and birth defects.
3. N/A.  GISIMS does not contain PII.
4. N/A.  GISIMS does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  GISIMS does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
E Auth Level = Low 1
Risk Analysis Date: 10/15/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Global Cancer Atlas [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DCPC GA - Atlas
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Interactive version of The Cancer Atlas publication.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Global Help Business System (CDC GLB) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/24/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-02-0984-00-404-142
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Global Health Business System (CDC GLB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Nick Farrell
10. Provide an overview of the system:  The Coordinating Office for Global Health (COGH) maintains information for international travelers in databases and spreadsheets.  This information supports approximately 10,000 including overseas persons working in some capacity for CDC.  Travel preparers and administrators access the system to retrieve information on a traveler’s status to support the international travel process for employers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Department of State for the tracking of personnel travelling on behalf of the government.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Due to the private nature of much of the information, there is a need to house the data in a secure manner and to ensure accessibility and availability (of the data) for daily operations and in cases of emergency.  The new CDC Global Health Business Systems (CDC GLB) application will consolidate the existing data stores and business processes in an effort to create a streamlined approach to monitor and approve international travel and resources.  In addition, the CDC GLB application will provide an interactive interface allowing persons working abroad to manage their profiles.  This system collects Name, UserID, Photographic Identifiers, Personal Mailing Address and Phone Numbers, Medical Notes, Personal Email Address, Education Records, Employment Status, Foreign Activities, Employment status and Security Clearance and Passport information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The PII is mandatory and protected under FTE personnel agreements for official business travel.  There will be a required acknowledgment that data will be used only within this system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Technical controls – User ID, Password, Firewall, Encryption
Physical controls – Guards, Identification Badges, Key Cards, Cipher Locks
Administrative controls – Passwords expire after a set period of time, accounts are locked after asset period of inactivity.  Minimum length of passwords is eight characters.  Passwords must be a combination of uppercase, lowercase, and special characters. Accounts are locked after a set number of incorrect entry attempts.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  11/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Global Migration Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/13/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1382
7. System Name (Align with system Item name):  Global Migration Database (Global Migration)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rob Murphy
10. Provide an overview of the system:  The Global Migration project is an effort to gather air traffic data for modeling and analysis purposes. A data feed has been established with the Federal Aviation Administration’s (FAA) Enhanced Traffic Management System (ETMS). DGMQ receives a daily summary of flight information pulled from the archive process supported by the ETMS system. This feed is public data and available to and used by a number of commercial air traffic websites. The unique and powerful aspect of this project for CDC is the collection of the daily data feed into one large database (dataset) for statistical and situational analysis. At this point there is no user interface, the database servers as an air traffic warehouse to be accessed by statisticians, data analysts and queried for situation driven information.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Global Migration project is an effort to gather air traffic data, from the Federal Aviation Administration (FAA), for modeling and analysis purposes. DGMQ receives a daily summary of flight information pulled from the archive process supported by the ETMS system. This feed is public data and available to and used by a number of commercial air traffic websites.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/8/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Gonococcal Isolate Surveillance Project (GISP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/23/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0090
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 347
7. System Name (Align with system Item name):  Gonococcal Isolate Surveillance Project (GISP) Web
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Hillard Weinstock
10. Provide an overview of the system:  The Gonococcal Isolate Surveillance Project (GISP) project was established to monitor trends in antimicrobial susceptibilities of strains of N. gonorrhea in the United States and to establish a rational basis for the selection of gonococcal therapies.  The GISP Web application was designed to shorten the reporting cycles of the data forms by allowing its users to electronically enter data into the system and forward the data automatically to CDC.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  PII (date of birth) is voluntarily collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There are currently no processes in place to obtain consent of an individual. The Gonococcal Isolate Surveillance Project (GISP) project was established to monitor trends in antimicrobial susceptibilities of strains of N. gonorrhea in the United States and to establish a rational basis for the selection of gonococcal therapies.  The GISP Web application was designed to shorten the reporting cycles of the data forms by allowing its users to electronically enter data into the system and forward the data automatically to CDC.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Role-based security, digital certificates, username, and password.
IIF is collected and the proper controls are utilized to safeguard sensitive information.

E-Authentication Assurance Level = 1

Risk Analysis Date = July 10, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / CDC Good Messaging (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Good Messaging
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  This software resides on a virtual server and manages non-blackberry handheld devices to allow CDC users access to their CDCMail for Email, Contacts, and Calendaring functions while keeping the CDC information in a secure “bubble” to protect the data. This client Application bubble is managed by policy from the management server, which uses HTTPS over port 443 to access the GOOD TECHNOLOGY NOC to control the flow of data to and from the handheld devices.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Grants Central Station (GCS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Grants Central Station (GCS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Theresa Larkin
10. Provide an overview of the system:  Grants Central Station (GCS) does not collect, store, or use PII or SSN information. GCS serves as a central portal for access to many DHAP sponsored applications.  These applications include EPMO Project Profile, GCS Extramural Tracking and Reporting Application (GCS eXTRA), Funding Opportunity Announcement (FOA) Applicant Approval System (FAAS), GCS System for Analysis of Intramural and Extramural Funds 360 (GCS SAIEF 360) and GCS Reports.  From GCS, users can view important news, set preferences and get information related to application releases.  Developers can add/maintain application users, maintain application information, maintain report information and activate Maintenance Mode for any GCS application.  This project would allow for a technology upgrade, enhancement/addition of user accessed functions as well as adding needed enhancements to the functionality and processing methodology.

The objectives of the GCS Upgrade are as follows:
·         Move GCS and GCS Reports applications from Visual Studio 2005 to Visual Studio 2010
·         Update functionality and processing methodologies from Visual Studio 2005 to
Visual Studio 2010
·         Add needed functionality enhancements
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Business name, address, email, and phone information will be obtained for Grantees by some applications. Funding Opportunity Announcement information.
Track grants provided to various agencies, track funding opportunities, track recipients (Grantees).
No PII or SSN data is collected.
Submission of business information is voluntary, however, failure to provide may affect the governments ability to process funding requests.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Green and Healthy Assessment and Challenge (GHAC) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/7/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Green and Healthy Assessment and Challenge (GHAC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Liz York
10. Provide an overview of the system:  Green and Healthy Assessment and Challenge (GHAC) is a web-based assessment tool that allows CDC workforce to identify the impacts related to the significant activities of their work.  Using Environmental Management System (EMS) objectives and the Executive Order 13423 as the foundation, the tool can identify and rank their impacts and create a personalized action plan for users that helps them work towards CDC’s goals.  The user will answer a series of questions about their practices at work in 8-10 categories.  Based on their answers to the assessment, individuals will be provided with a tip sheet that provides awareness information and feasible steps for achieving greener healthier behaviors.  In addition, individuals will be able to create or select a personal challenge, track progress on that challenge, and when completed, a list their accomplishment in a separate Brag Board list and/or as tagline in their email signature block.  The information collected within the GHAC system will include CDC Federal Business information only, such as CDC Personnel Name, CDC mailing address, CDC email address, CDC employment status, and CDC UserID.  GHAC is not subject to Personable Identifiable Information (PII) of any sort.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will store CDC Personnel Name, CDC mailing address, CDC email address, CDC employment status, and CDC UserID to record what Green and Healthy initiatives are completed by participants.  This information is voluntary if the user chooses to participate.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Disclaimer prior to survey with the following text in all capital letters:

Participating in this survey is voluntary.  By responding through your workstation and with your user network ID, CDC will match up your work location (including your building information and division) and your responses for the purpose of producing reports for CDC Management on how CDC employees in different buildings and centers are being green and healthy in the workplace.  These reports will not identify survey respondents on an individual basis.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The data this system contains is secured by being internal to the data base.  It is used to create reports as aggregated data, but is never reported in the reports so as to minimize exposure of this information.  Databases use standard security policies to insure protection of data at the element level.  All other information is pulled from system of record through queries, used to calculate reports and results are stored.

PII = No
E Auth Level = N/A
Risk Analysis Date = 12/03/2010
PIA Approval
PIA Reviewer Approval:  
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/7/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Group Event Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/20/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9509-00
N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  The PII collected is exempt due to the business PII
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1287
7. System Name (Align with system Item name):  Group Event Management System (GEMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rashad Burgess
10. Provide an overview of the system:  The GEMS mission is to enable the Capacity Building Branch (CBB) to reduce the manual administration of training efforts that are aimed towards increasing the capacity of health departments and community based organizations to deliver HIV prevention intervention.  The GEMS web-based application will be launched from the Capacity Building Assistance Portal (CBAP) bringing together CDC employees, Capacity Building Assistance (CBA) providers, directly funded Community Based Organizations (CBO) and Health Departments to a single online gateway to access CBA resources.  CBAP is located at the following web site: http://wwwdev.cdc.gov/hiv/cba/default.htm.  GEMS currently consists of two functional areas: a training calendar enabling registrants to register for events and coordinators to post and un-post events, and a profile management center enabling registrants to submit business contact information to create and modify their own profiles.
GEMS Training Calendar events are posted to GEMS by the Calendar Coordinator.  Training is offered by the CBB Training and Development (T&D) team.  This team provides logistics, instructors, and technical assistance.  GEMS registrants can complete event registration requests, which are received by the system and placed on the course roster or waitlist according to programmed business rules.  The system sends an email confirmation of enrollment to the registrant.  The system will also provide analytical and transactional reporting.
A highlight of GEMS essential system functions are as follows:
•           Maintain training calendar
•           Register for events
•           Issue completion certificates
•           Submit events
•           Generate reports
•           Administer the system
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Name and contact information of organization employees will be shared with Capacity Building Assistance Providers who will be conducting the class for which the person is registered.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  System collects the business address of the organization the person is employed by and uses it to send course completion certificates after course completion. The system does not collect any personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  There is no personal information collected therefore no special security is needed. Data is stored in a SQL database which is accessible only via the application. Only those with admin rights in GEMS can access the information.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/19/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Guatemala IT Infrastructure (GAP Guatemala) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Guatemala IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Guatemala and provides file servers, application server, exchange server, and webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC H1N1 Data Collection Application (H1N1 DCA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/22/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0167
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1746
7. System Name (Align with system Item name):  H1N1 Data Collection Application (H1N1 DCA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Toby Slusher
10. Provide an overview of the system:  This system will collect surveillance data related to the 2009-H1N1 flu outbreak in the United States. Relevant data collection includes flu case investigation and contact tracing.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system discloses and shares PII data for the purpose of case reporting and analysis. The data will be disclosed only to authorize parties.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Case reporting and contact tracing collection forms attached. These forms are the basis for the data being collected by the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system will be hosted by the CDC Secure Data Network (SDN) and will utilize enterprise security controls provided by SDN including (but not limited to): user authentication and authorization, auditing, and monitoring.

IIF is collected and the proper controls are utilized to safeguard sensitive information.

E-Authentication Assurance Level = 2

Risk Analysis Date = July 11, 2009

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/22/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC HAI Prevalence Survey (HAIPS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/14/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC # 1854
7. System Name (Align with system Item name):  HAI Prevalence Survey (HAIPS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Marla Albitz
10. Provide an overview of the system:  Healthcare-Associated Infections Prevalence Survey (HAIPS) is a point prevalence survey that will be administered in selected acute healthcare facilities within the 10 Emerging Infections Program (EIP) sites (CA, CO, CT, GA, MD, MN, NM, NY, OR, TN). HAIPS allows case report data to be entered into a database for analysis at the CDC.  Case reports encompass Antimicrobrial Use and Healthcare Associated Infections.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Preventing Healthcare Associated Infections is a priority of the Centers for Disease Control and Prevention (CDC) and other federal agencies since it is a major public health problem. HAIPS allows case report data to be entered into a database for analysis at the CDC.  Case reports encompass antimicrobrial use and HAIs. This data does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII=No
E-Authentication Assurance Level = Moderate

Risk Analysis Date =09/20/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/14/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC HDSP Management Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/25/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-0
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  DHDSP HDSP MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris (CTR)
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Health eCards (eCards) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/13/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1457
7. System Name (Align with system Item name):  CDC Health eCards
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  Web site that allows the public to send electronic greeting cards / health reminders to others on health topics such as flu vaccinations, regular mammograms, checking blood pressure and cholesterol, etc.  Visitors will be able to choose from a variety of graphical card designs with health messages, add a personal greeting and send an email invitation link to someone.  The system will not maintain a list of email addresses associated with each card, and the cards will be deleted from the system after 90 days.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF
Risk Analysis Date: February 2, 2010
E-Auth level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/13/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Health Impact Planning (HI.net) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/3/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Health Impact Planning (HI.net)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dan Tuten
10. Provide an overview of the system:  Health Impact Planning (HI.net) is a web-based system designed to take a major step towards a suite of web-enabled tools for agency-wide planning, execution, and performance that contains budget, strategy, and extramural information.  HI.net extends the functionality of IRIS to a Microsoft XML Web Services platform (.NET) environment and HI.net is designed to transparently provide CDC leaders, at all levels, with the basic information they need to manage complex portfolios of public health activities to achieve CDC's Health Protection Goals and implement CDC's Strategic Imperatives.
HI.net is designed to be a "full life-cycle" agency-wide budget planning and execution suite of tools.  HI.net will support agency planning as far down to the project level, and as high up as the sub-budget activity/division.  UFMS, CDC's accounting system of record, will eventually supply extracts to HI.net along with other systems, such as Grants Management Information System (GMIS), Integrated Contracts Expert (ICE), Managing Accounting Credit Card System (MACCS) and Information Management, Planning, Analysis, and Coordination (IMPACII).
Key strategy information includes alignment of CDC investments to goals, objectives, focus areas, and population characteristics; and allocation of these investments across basic CDC areas of work including: intervention/technical assistance, research, surveillance, education/training/exercise, and information technology/informatics.  For extramural programs and procurement of other services, HI.net includes information on the sectors and organizations being engaged, and what agreements are planned or in place to work with these partners.
HI.net will also facilitate basic project management with ability to capture milestones, activities, risks and risk mitigation plans.  HI.net will automate the requesting and tracking of projects to align with budget and goal level details.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A – this system is a set of tools and does not collect an PII
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected.
Risk Analysis Date: 2/9/10
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/10/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Health Indicators Warehouse (HIW) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/17/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Health Indicators Warehouse (HIW)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  James Craver
10. Provide an overview of the system:  This project will develop an integrated web-based, user-friendly, relational database and query system of national, state, and local level health indicators, including health outcomes and health determinants, along with evidence-based public health or policy interventions shown to be effective in improving these health measures. Users of the database could compare their indicators to other peer groups of interest, either by geography or population characteristic (e.g., age, income, sex, race and ethnicity) as data availability permits.

Investment in this work would allow HHS and its many data stewards to more easily meet the demands of their customers who frequently request information on health indicators and health determinants at various geographic levels, or for different age or sociodemographic groups.  Indicators to be included in the initial design of the database would include Robert Wood Johnson Foundation (RWJ) Mobilize Action Toward Community Health (MATCH) Project indicators used to rank counties within states, and State of the USA (SUSA) health indicators, along with selected measures or objectives from Healthy People 2010/2020 (HP) and the Community Health Status Indicators (CHSI) project. Additional indicators will be added based on user requests, as resources permit. This database will serve as a hub for the multiple data requests as well as to provide users with summaries, tables, charts, graphs, and GIS mapping of indicators.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The system will not collect information.  The system does not contain any personally identifiable information.  The information that will be maintained and disseminated through the system will include aggregated pre-tabulated public use data not in individually identifiable form.  These data have been collected by NCHS and other federal agencies in the course of conducting other, separate projects.  The Health Indicators Warehouse does not collect, access, use, maintain, or disseminate PII.
(2) The information in the Health Indicators Warehouse is used by federal, state, and local users for the purpose of understanding better the public health issues of health outcomes and health determinants.  Users of the database could compare their indicators to other peer groups of interest, either by geography or population characteristic (e.g., age, income, sex, race and ethnicity).
(3) The system does not contain any personally identifiable information.
Submission of personal information is not allowed and this is neither voluntary or mandatory; it is not possible.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII will be collected, stored, maintained, disseminated or otherwise used by the system.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  12/20/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Health Related Quality of Life Trend Data [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - HRQOL
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Health Related Quality of Life - Displays health-quality indicator statistics from BRFSS data.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC HealthCalc (HCALC) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0161
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1553
7. System Name (Align with system Item name):  HealthCalc
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Christie Zerbe
10. Provide an overview of the system:  Used to track all fitness center membership and participation in Atlanta and Hyattsville fitness centers.  Also used to generate fitness evaluation results in Atlanta and Hyattsville.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  While HealthCalc does not disclose most IIF, it does pull from the system to meet the needs of visits.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Name
DOB
Photographic Identifiers

Mailing Address
Phone Numbers
Medical Notes
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  IIF is collected and maintained in the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Admin controls – all users must be approved by OHS fitness center director; users are removed when they leave CDC or no longer require access to the system.  There are periodic reviews of system users and their permissions, users are assigned appropriate roles by the system administrator in consultation with fitness center staff.  Technical controls – the system uses role based access controls which limits users access to data, the application resides on desktop computers whose access is limited to fitness center staff by an AD group.  Physical controls – ID Badges, Key Cards and CCTV
 
IIF Collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = 24 November 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E. Walker
Sign-off Date:  4/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Hepatitis Primate Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/13/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9122-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 105
7. System Name (Align with system Item name):  Hepatitis Experimental Primate System (HEPS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kris Krawczynski, MD, PhD
10. Provide an overview of the system:  HEPS is a CDC Intranet web application in Experimental Pathology Laboratory (EPL), Division of Virual Hepatitis (DVH), NCHHSTP, CDC.  It helps EPL technologists and supervisors to collect, manage, analyze and report animal (mainly primate) hepatitis experimental data. The information includes when and from where the animal is received at CDC, its date of retirement, basic health information, physical and physiological measurements, clinical serologies, liver function assays, In-House PCR results and sample storage info. Study protocols are documented in the online system. All the information stored in the database can be retrieved in a number of ways. The HEPS system also interfaces with the DMS to allow orders for serological testing on an animal's serum, and the retrieval of test results
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No (No sensitive info collected)
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No (No sensitive info collected)
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

NO IIF Collected.

E-Authentication Assurance Level = n/a

Risk Analysis Date = 7/6/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/5/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Hepatitis Reference Laboratory Data Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/11/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9521-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 106
7. System Name (Align with system Item name):  Hepatitis Reference Laboratory Data Management System (HRL DMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dr. Saleem Kamili
10. Provide an overview of the system:  The Data Management System (DMS) is a SQL database for the collection of raw data generated by testing clinical and epidemiological samples in the Hepatitis Reference Laboratory. All samples are entered into the system as members of a study (either clinical testing, research or epidemiology). The database uses quality control algorithms to ensure the data is sound. The raw data are transformed to yield final results. All required testing and retesting of samples is managed through the database and final reports are generated by the database. User access to the SQL database is through a graphic user interface.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   Hepatitis samples 2) Analyze samples and Research 3) No PII 4) N/A No PII
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/11/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC HHS Accenture (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/28/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1782
7. System Name (Align with system Item name):  HHS Accenture
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  "Accenture Digital Diagnostics" compliance monitor is a Section 508 Compliance scanning and reporting software product provided by HHS to all of its OPDIVs.  This product enables CDC Web developers to scan and report on their respective Web sites to ensure compliance with (both) HHS Web standards and policies as well as Federal regulations. Section 508 Compliance is a required activity of any Federally-conducted program, and refers to Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), which requires Federal agencies to develop, procure, maintain, or use electronic and information technology that is accessible to Federal employees and members of the public with disabilities. Section 508 (29 U.S.C. § 794d) requires Federal agencies to provide employees and members of the public with disabilities access to electronic and information technology that is comparable to the access available to individuals without disabilities. The law applies to all Federal agencies when they develop, procure, maintain, or use electronic and information technology (EIT).
Achieving and maintaining Section 508 compliance requires project team consideration throughout the project lifecycle during IT project design, development, procurement, or implementation activities.
The HHS Tools website (http://www.hhs.gov/web/tools/index.html) includes contact information for the Accenture Digital Diagnostics compliance monitor that may be used to check a website’s conformance for Section 508 technical standards. Tools such as Accenture can test websites the detection of broken links, spelling errors slow loading pages, and other problems that affect website usability and accessibility. It should be noted that more comprehensive and meaningful testing for accessibility requires the use of methods in addition to automated tools (which can and do give false readings), such as the use of actual use of assistive technology, e.g., JAWS and/or the inclusion of persons with disabilities during development and testing stage.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Accenture does not collect any data.  It is a compliance scanning tool for Section 508.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC HIV Outpatient Study [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Discovere Registries (HOPS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Taraz Samandari
10. Provide an overview of the system:  CDC Sponsored Multi-site prospective observational cohort study designed to describe and monitor trends in the demographics, symptoms, diagnoses and treatments in a population of HIV-infected outpatients in clinics across the United States; and to describe factors associated with clinical, immunologic, and virologic successes, such as prolonged survival, and emerging issues with long-term HIV infection and its treatment.
The goals of the HIV Outpatient Study (HOPS) are:
to monitor the demographics, symptoms, diagnoses and treatments related to HIV infection and attendant prolonged survival
to identify behavioral risk factors associated with the development of other medical complications associated with HIV infection
describe factors associated with clinical, immunologic, and virologic successes and emerging issues with long-term HIV infection and treatment.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The HOPS is designed to enroll and follow a cohort of HIV-infected outpatient adults receiving care at HIV specialty clinics in 6 U.S. cities: Denver, Tampa, Chicago, Philadelphia, Stonybrook and Washington, DC. The HOPS involves medical record abstraction data on demographics and risk factors at baseline, and data on symptoms, diagnoses, treatments and laboratory results at baseline and at each  subsequent clinic visit or intercurrent medical event at the participating sites.  Data collected through chart abstraction by trained data collectors at each site are entered into an electronic data collection system.  Cerner Corporation is responsible for data management, quality control, and data analyses, and provides pooled, cleaned datasets to CDC quarterly for additional analysis.  
Cerner Discovere Registries is an integrated study management & electronic data capture solution for patient registries and observational studies. Cerner Discovere Registries provides functionality designed to support the execution of research registries, including data capture and management. Cerner Discovere Registries provides capabilities such as consent management and milestone monitoring in order to allow the researcher to automate the process of running a research registry. Cerner Discovere Registries supports: patient registries; disease registries; observational studies; post-market studies; and safety surveillance leveraging existing EHR infrastructure.

Sites access Cerner's Discovere via the Internet to enter data which is stored at secure Cerner-owned data center facilities. Physical access to all Cerner locations is controlled both by security guards and biometrics. Each site is only able to access its own data, and access is limited by the username and password assigned to the system user. A Cerner associate working on the HOPS project then extracts de-identified data from the data entered by each of the sites. Cerner then combines this data with data received from external "Central Readers" who create data based on the non-invasive imaging scans and Human Biological specimens that the sites send them.
No PII data is collected, stored, or processed.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC HIV Waiver Tracking [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  Initial PIA Migration to ProSight 
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1417
7. System Name (Align with system Item name):  HIV Waiver Tracking System (HIV Waiver)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Pam McSpadden
10. Provide an overview of the system:  HIV Waiver Tracking helps organize and automate the process of tracking and confirming completed HIV Waivers for incoming aliens (and current alien residents that are changing status) that are HIV positive. The system holds the alien’s identifying data and status of their waiver. It generates letters to be sent to the submitting offices, health car providers, or aliens themselves when waivers are incomplete or for follow-up. Quarantine station officers will access a limited set of the data to confirm that an incoming alien has a waiver on file. The system is web-based with SQL Server database back end.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  DGMQ staff requires access to data that will enable them identify and locate at risk individuals in a short period of time.  HIV Waiver Tracking System (HIV Waiver) is a web-based system that helps organize and automate the process of tracking and confirming completed HIV waivers for incoming alien residents and current alien residents that are changing status and that are HIV positive.  The system stores an alien’s PII data and status of their HIV waiver.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The data is collected as part of the alien processing when a foreign national comes to live in the U.S., so all consents are given during that process conducted primarily by Immigration and Customs Enforcement (ICE).  The Department of Homeland Security (DHS) and Department of State (DOS) forwards the information to CDC based on pertinent regulations and policies regarding waiver processing.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Only users of the system will have access to the system which is controlled by AD. The servers are managed by ITSO and located in MTDC.
PII is present.  DGMQ staff requires access to data that will enable them identify and locate at risk individuals in a short period of time.
Risk Analysis Date = December 17, 2009
E- Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC IBM Rational Toolset (RATS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID 2074
7. System Name (Align with system Item name):  IBM Rational Toolset (RATS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Morris Campbell
10. Provide an overview of the system:  The IBM/Rational software (a suite of several tools) serves to allow for tracking the development of software assets (code, requirements, defects, enhancements, etc) throughout the development life cycle. The system consists of ClearCase (code versioning tool), ClearQuest (defect/enhancement/issue/risk tracking), RequisitePro (requirements elicitation/development/documentation/traceability), Functional Tester (testing of software assets against requirements), and Rose Data Modeler (development of database management assets).
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Each of the tools within the toolset has a GUI interface that serves to populate various backend SQL databases that contain the record elements of each software asset, requirement, test data, defect, etc.   This is used for auditing purposes.
No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/21/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC IDAS Platform
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/17/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0777
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Intrusion Detection and Assessment System (IDAS) Platform
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wayne Buchheit
10. Provide an overview of the system:  As related to IIF, the physical access control subsystem (PACS)of the Intrusion Detection and Assessment System (IDAS) is utilized for the control of physical access to CDC controlled facilities and buildings.  Each CDC campus or site is serviced by either the Atlanta local P2000 host or a dedicated local site host.  Each local host controls physical access in a distributed architecture through CK720 or CK721 controllers located near the controlled door.  All local site P2000 hosts connect to the CDC Enterprise P2000 host to share a common database utilizing SQL Replication in a publish/subscribe relationship to transfer Cardholder, badge, and configuration data up to the CDC Enterprise P2000 host and then out to each local P2000 host.   The IDAS Platform system consists of multiple computing and functional components at multiple locations that include Atlanta, Cincinnati, Fort Collins, Morgantown, Research Triangle Park, Hyattsville, San Juan, and Anchorage.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Routine uses of records maintained in the system include discloser of information required for personal identify verification sufficient to allow physical access to CDC facilities and assets.  Information will be presented to security guards, OSEP personnel, and electronic access control systems.  Additional information regarding lawful disclosures is available at CDC Policy CDC-GA-2000-01, CDC Policy on Implementing the Privacy Act.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  IDAS categories of records may include personal identifying information such as names, last four digits of social security numbers, photographic identifiers, biometric identifiers, and employment status.

Records maintained by this system are required in connection actions required to issue either a CDC Internal PIV Credential, an HHS Smartcard PIV Credential, or CDC Cardkey.  They provide the baseline of factual data required to establish the identity of an individual seeking to gain access to a CDC facility or asset.  Routine uses of records maintained in the system include discloser of information required for personal identify verification sufficient to allow physical access to CDC facilities and assets.  Information will be presented to security guards, OSEP personnel, and electronic access control systems.  Additional information regarding lawful disclosures is available at CDC Policy CDC-GA-2000-01, CDC Policy on Implementing the Privacy Act.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Form 1137N and 1137R Both have privacy act notices. Privacy act fact sheets are available per CDC policy CDC-GA-2000-01 CDC Policy on implementing the privacy act.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Paper records are stored in locked cabinets or in secured rooms with access limited to those personnel whose official duties require access.   P2000:  Access to computerized records is limited, through use of access USERIDs and password entry in accordance with the MODERATE requirements of NIST 800-53 to those whose official duties require access.  Records removed from the system and issued to those whose official duties require access shall be marked as being, “SENSITIVE BUT UNCLASSIFIED”. 
Risk Analysis Date = December 14, 2009
E-Authentication Assurance Level = N/A
IIF Collected = Yes
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Incident Manager [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/23/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1589
7. System Name (Align with system Item name):  Incident Manager
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  William Scott (wms4)
10. Provide an overview of the system:  Incident Manager is a web-based solution for tracking issues, bugs and tasks for projects. Stakeholders and team members can submit their own issues. Then, the system allows issues to be assigned to the appropriate team members with notifications being sent via email. Stakeholders and team members can check on the status of and update their own issues.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =
9/24/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/24/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC India IT Infrastructure (GAP-India) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/2/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  India IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP India and provides file servers, application server, exchange server, and webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF is collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = September 21, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/2/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Individual Learning Account [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/7/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-02-1015-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0018
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1446
7. System Name (Align with system Item name):  Individual Learning Account
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Angela Cox
10. Provide an overview of the system:  Individual Learning Account (ILA) will provide the capability to track and manage all training and financial information for all CDC employee Individual Learning Accounts (ILA’s).  The primary purpose of the system is to maintain training records for the individuals involved in accordance with requirements specified by OPM and ILA funds usage.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  HHS to provide training records to the HHS system for tracking all employee courses taken.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The application collects the data required by OPM for the completion of attendees training records.  The application provides an efficient means of cost distribution and tracking to aid in the budgetary process within CDC.  The ILA tracks funds associated with the training record for CDC employees regarding training that was received, and when it was received.  The submission of the information is voluntary. This system maintain/stores name, personal mailing address, education records, and employment status and is populated by Capital HR.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Most of the PII contained in ILA system is obtained from other systems.  Individual training records are directly input into the ILA system by the training administrator or personnel with a valid system role and permission within an access data range.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The ILA system uses Active Directory and is protected by the CDC firewall.  This system is located within a building with guards at the front door and requiring a key card for entry.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  10/7/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Influenza Associated Pediatric Flu Surveillance System (Pediatric Flu/PedFlu) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/15/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-0007
6. Other Identifying Number(s):  ESC# 1300
7. System Name (Align with system Item name):  Influenza-Associated Pediatric Death Surveillance System (PedFlu)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sang Kang
10. Provide an overview of the system:  Pedflu is an internet based reporting information system.  PedFlu gathers surveillance data about pediatric deaths related to influenza.  It also stores and organizes data for further investigation, and provides data for the Morbidity and Mortality Weekly Report (MMWR).  The PedFlu System provides the application architecture for the acquisition, aggregation, and analysis of adverse healthcare events. Data can be entered by state health health influenza surveillance coordinator or CDC influenza surveillance staff.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Pedflu provides summary data for the Morbidity and Mortality Weekly Report (MMWR) on pediatric deaths related to influenza only.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A, but a system notice can be sent if desired
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The collected information will be secured on CDC data warehouse and only certified and pre-approved public health official will have access to the data through a SDN certificate.   Further, the Rules of Behavior document paper document must be completed and returned by postal mail or fax to PedFlu program administrators before a digital certificate is granted.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Influenza Sentinel Providers Surveillance Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  0920-0004
6. Other Identifying Number(s):  ESC# 715
7. System Name (Align with system Item name):  Influenza Sentinel Provider Surveillance Network  (ISPSN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lynnette Brammer
10. Provide an overview of the system:  Approximately 2400 physician around the country report each week the total number of patients seen and the number of those patients with influenza-like illness by age group. Data can be entered either by the physician, the state influenza surveillance coordinator, or CDC influenza surveillance staff.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Approximately 2400 physician around the country report each week the total number of patients seen and the number of those patients with influenza-like illness by age group. Summary data only.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Information Collection Request Online (ICR Online) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1842
7. System Name (Align with system Item name):  Information Collection Request (ICR) Online
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Terence Chorba

10. Provide an overview of the system:  a web-based system to track submission of an ICR to the National Center's (NC)-OMB Coordinator, revision control, communications, and the final submission to the Office of Scientific Regulartory Services (OSRS). Access to the system would be restricted to authorized users and would be role-based. The system would allow for tracking of the packets, storing of documents within the packets and their different versions and assigning meta-data to the OMB packets for easy search and retrieval. The system would also generate electronic notifications and provided role-based accurate and up-to-date reporting. The system would be available 24/7 and that would allow for easy tracking by users and managers.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A (No PII)
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System contains no PII
EAAL = N/A
Risk Analysis Date = 06/18/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Information for Management, Planning, Analysis, and Coordination (IMPAC II) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/12/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0025
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 93
7. System Name (Align with system Item name):  Information for Management, Planning, Analysis, and Coordination (IMPAC II)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Terrance Perry
10. Provide an overview of the system:  Information for Management, Planning, Analysis, and Coordination (IMPAC II) is the successor to the National Institute of Health’s (NIH) original IMPAC information management system.  Designed by ROW Sciences, Inc. under the supervision of the Office of Extramural Research and with input from Joint Application (JAD) groups including managers and users, IMPAC II has the flexibility to serve many purposes and to be easily upgraded.  IMPAC II is integrated with the NIH electronic research organization (eRA) Commons to ensure a smooth, secure, two-way flow of information between NIH and the external research community.  IMPAC II is designed for the purpose of managing new and continuing research grants with cooperative agreements for research and non-research activities.
IMPAC II does contain Personable Identifiable Information (PII), such as names, business address with option of home address, phone numbers, business UserID, business and/or personal email addresses.  The purpose of the PII is to obtain data for grant award recipients to be used for grant management.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PGO – The Grants Management Office and they need access to the data to review Grant Awards.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  IMPAC II does contain Personable Identifiable Information (PII), such as names, business address with option of home address, phone numbers, business UserID, business and/or personal email addresses.  This information is collected to manage grant applications.  This information is mandatory because without it, the PGO can not track grants.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is secured using ITSO guidelines.  UserID are used to restrict access.  It is secured in a building with guards at the doors and proper fire/water damage controls.

IIF Collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = 7/22/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/13/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Information on Migrant Population (IMP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/16/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1220
7. System Name (Align with system Item name):  Information on Migrant Population (IMP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michelle Weinberg
10. Provide an overview of the system:  The IMP system tracks follow-up procedures for aliens who have been diagnosed with TB before entering the U.S. Demographic & medical information of refugees & immigrants with medical condition to the U.S. are entered into PCs at the Quarantine Stations. Data is sent daily/weekly/monthly via United States Postal Service to CDC’s Division of Global Migration and Quarantine to create consolidated data for all Quarantine stations. Further data entry of medical exam in U.S is entered at Head quarters in DQ.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Notify states and local health departments of immigrants and refugees arriving in their jurisdictions with health conditions.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.  The Immigration and Nationality Act requires health evaluations for all immigrants and refugees seeking  permanent residence in the United States-which establish specific inadmissible conditions for which migrants can be excluded from entry into the United States. Migrants found to have inadmissible conditions are required to be treated for these diseases, or to obtain a medical waiver before they could migrate to the United States. 
2. The US Refugee Act, a provision of the INA, grants the US DHHS/CDC an expanded role in health evaluations for refugees entering the Untied States.  It delegates CDC responsibility for identifying and addressing conditions of public health significance—regardless of their designation as inadmissible conditions.  In addition, the act delegates CDC responsibility for monitoring the quality of the health evaluations performed overseas.
3.  Third, the Act also makes the CDC responsible for staffing ports of entry to meet arriving refugees, and to notify and transfer medical information to U.S. health departments so that refugees will receive appropriate follow-up and treatment in the US. Fourth, the act authorizes grants to U.S. State and local health departments to provide medical screening and treatment to refugees after arrival in the U.S. 
4. Finally, through Federal Quarantine Regulations, the CDC Division of Global Migration and Quarantine has responsibility for preventing the importation of infectious diseases, through monitoring the health status of persons arriving in the U.S.
The information collected contains personal medical information which requires protecting the Confidentiality of the information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The immigrants or refugees carry packets which consist of Department of State forms (DS) 2053; 3024; 3025; 3026 when migrating to United States.  DGMQ staff enters the information at the port of entry Quarantine Stations using these forms. After the information is entered in the database an electronic notification is send to the state / local health department and the immigrant / refugee is notified by mail.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The data collected is secured via the application, database, network and server control mechanisms including userID and password, and physical restrictions for access to infrastructure components.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/20/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Information Support (I.Support) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1337
7. System Name (Align with system Item name):  Informatation Support (i.Support)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug Correll
10. Provide an overview of the system:  i.Support® from GWI Software is a comprehensive help desk/customer support application that allows support organizations to coordinate and manage everyday support activities as well as track assets, build a knowledge base and provide customer self-help.
Designed and developed using the Microsoft® .NET Framework, i.Support provides the best overall value by leveraging our existing investment in Microsoft® systems, servers, and infrastructure. i.Support will integrate with Microsoft Active Directory®, Domino Directory, a Microsoft SQL database, and/or Microsoft® CRM.
There are two basic types of users with regard to i.Support, those who submit an incident (Customers) and those who record and work the incident (Representatives). Currently Representatives comprise Fulltime Employees (FTE), CDC Contractors, and CDC Resources.  Each CDC Program, as service stakeholder, defines the CDC resource. Customers are internal CDC End Users and Grantee’s depending upon the application for which support is being provided. Customers can also be CDC resources. The organizations using this product vary widely based the services managed by the deployed instance of i.Support. Each CDC organization makes the determination as to who submits and who works the incidents within i.Support. The type of data and processing is focused around the details of the, representative, customer, incident (service request), correspondence and knowledge management. Incident, correspondence and knowledge management information is categorized and associated with a representative and customer.  Each customer is associated with a company. Contact information is retained for the representative, customer and the customer’s company. Information processing is sourced from customer phone calls, email and web portal.  Information remains historical for analysis and reporting.
i.Support interconnects with Windows Active Directory, IIS Servers, CDC Firewalls, HHS Mail, and a Microsoft SQL Database. i.Support does not share information across other Federal organizations and departments.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Name, Business email address, Business phone, Business Web-URLs, and Business mailing address.  Submission is mandatory. The application does not collect, process, or store PII data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Information Systems Development, Implementation and Database Support for HELD (ISDID HELD) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 977
7. System Name (Align with system Item name):  Information Systems Development, Implementation and Database Support for HELD (HELD ISDID)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Eric Knutsen
10. Provide an overview of the system:  The system is the Intranet system for the division providing information about the division to internal personnel.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IFF Collected
E-Authentication = N/A
Risk Analysis Date = April 8, 2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Information Systems Development, Implementation, and Database support for the HELD [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9522-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1331
7. System Name (Align with system Item name):  CDC NIOSH HELD Publication Management System (HELD iPubs)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Eric Knutsen
10. Provide an overview of the system:  The system is a publication management system for the Heatlh Effects Laboratory Division.  It facilitates the processes associated with publications including clearance, status monitoring, and division /branch/team/individual level reporting on publication production.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Inorganic and Radiological Analytic Toxicology Data Submission [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/2/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1626
7. System Name (Align with system Item name):  Inorganic Radiological Analytic Toxicology Data Submission (IRATDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Rollins
10. Provide an overview of the system:  Inorganic and Radiological Analytic Toxicology Data Submission (IRATDS) is a custom web-based application designed to collect Quality Assurance (QA)/Quality Control (QC) analysis results from external laboratories for internal analysis by the Division of Laboratory Science’s Inorganic and Radiological Analytical Toxicology branch (IRAT), as well as to provide a means by which those laboratories can access performance reports created from previously submitted data.  During each quarterly round the IRAT laboratory provides vials of blood and urine containing quantities of specific chemical compounds (lead, for example) to participating domestic and international laboratories for sample analysis.  These quality control sample vials are processed by scientists, researchers or technicians from each external laboratory who then access the IRATDS online system to report their results using an online web-based form.  The result data, which consists almost entirely of numeric values contains no Personally Identifiable Information (PII), is stored in a SQL Server database for later retrieval and internal analysis by the IRAT laboratory at the end of each quarter, resulting in the performance reports.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  The system does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) IRATDS collects Quality Assurance (QA)/Quality Control (QC) analysis results from external laboratories and provides a means by which those laboratories can access performance reports created from previously submitted data. 
(2) IRATDS is used for internal analysis by the Division of Laboratory Science’s Inorganic and Radiological Analytical Toxicology branch (IRAT).
(3) IRATDS does not contain any PII.
(4) N/A.  IRATDS does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  IRATDS does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  IRATDS does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/2/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Institutional Review Board Tracking (IRB) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/3/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  (FY-07): 009-20-01-02-02-9122-00-110-246

(FY-08): 009-20-01-02-02-9122-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 539
7. System Name (Align with system Item name):  Institutional Review Board Protocol Tracking System (IRB Protocol Tracking)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Terence Chorba
10. Provide an overview of the system:  The Institutional Review Board Tracking System (IRB) is a web-based application that performs the automation of the clearance process of protocol requests within NCHHSTP.  This data is only transmitted and used by CDC personnel.  This system will reside in the CDC Intranet.
IRB  tracks both research (domestic/international) and non-research (domestic/international) protocol requests from the time NCHHSTP/Office of the Director (OD) Associate Director of Science (ADS) receives them from the respective Divisions until the protocols are terminated as well as the automation and electronic storage of protocol documents, clearance/approval forms and the array of associated attachments.  The system also collaborates with the NCHHSTP/OD/OHS (Office of Human Subjects).
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System contains no PII
EAAL = N/A
Risk Analysis Date = 06/15/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey l Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Integrated Contracts Expert (ICE) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  6/18/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-01-2017-00-405-143; (09-20-01-04-01-1020-02)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  GSA/GOVT-8
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 292
7. System Name (Align with system Item name):  Integrated Contracts Expert (ICE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Evan Willis
10. Provide an overview of the system:  The ICE system provides to the CDC a single system for managing the full procurement cycle from procurement request to closing out a contract for all types of procurements.  The ICE systems’ function is to meet the following Integrated Acquisition objectives: 1) Modern, integrated acquisition automation tool and streamlined processes, 2) Reducing cycle times for all types of procurement actions, 3) Accurate, real-time acquisition related information that can be used by management to make strategic and planning decisions, 4) Ability to interface with CCR/IVPN, 5) Ability to integrate with standard government-wide standard requirements.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Internal CDC offices (financial management, material management, program office), HHS (DCIS). This is required by the FPDS (Federal Procurement Data System) that all procurement data be reported to show the allocation of federal procurement money.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The ICE system data consists of acquisition, vendor, and financial data.  Vendor data from the Central Contractor Registration (CCR) is made available to ICE via the Unified Financial Management System (UFMS) vendor file.  For vendors not available from CCR or UFMS (mainly foreign vendors), vendor data is entered manually into ICE.  Acquisition data is entered and processed in ICE by purchasing agents and contract specialists.  ICE sends financial records to the CDC financial system (UFMS) on a nightly basis.  ICE sends data about procurement requests and awarded procurement actions at the line-item level to the IRIS system on a nightly basis.  ICE sends workload tracking data to the WITS system on a real-time basis.  Information regarding any contractor/vendor is kept to a minimum but does include the vendor’s Duns & Bradstreet D-U-N-S number (DUNS) and/or Taxpayer Identification Number (TIM) for U.S vendors.  ICE uses these numbers for the recording of commitment and obligation information to the Financial Management System only.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  ICE depends on the mandatory requirement for the vendor to register with CCR/IVPN.  ICE obtains the vendor’s profile from CCR via the UFMS vendor table.  As far as consent and the opportunity for consent, that is up to CCF/IVPN; ICE assumes that has been done at that level since those responsible for that network for registration would have to have addressed the issues.  ICE does, however, provide the vendor with the understanding that their information will be shared with the Financial Management system, but that too is based on the requirement for EFT/ACH transactions by Treasury.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The ICE system uses Active Directory/Windows Authentication for granting access to each user of the system.  In addition, users are restricted to limited information in the system based on the role(s) assigned to them by the system administrator.  Before being granted access to ICE, new users must attend ICE training, provided via CDC Corporate University in collaboration with the PGO Program Management Office.  The ICE database is maintained in a secure environment at CDC’s Mid Tier Data Center (MTDC).  Both the ICE system and the Mid Tier Data Center have been issued CDC security certification and accreditation.

PII yes
Risk Analysis date: 3/18/2010
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/21/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Integrated Library System (ILS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1154
7. System Name (Align with system Item name):  CDC Integrated Library System (CDC ILS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Leslyn McNabb
10. Provide an overview of the system:  CDC ILS is the Integrated Library System for the IC and its dependent system, Checkpoint.  The ILS system is called Voyager.  It has one dependent system, Checkpoint, which controls material circulation and security for several libraries.  The ILS manages all functions related to Acquisitions, Circulation, Cataloging, Reporting, and provides the Web Online Public Access Catalog (OPAC).  This is the "backbone" or support system that supports the existence of the library.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Integrated Resources Information System (IRIS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/6/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-0117-00-402-125
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0055
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1452
7. System Name (Align with system Item name):  Integrated Resources Information System (CDC-IRIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kim Jennings
10. Provide an overview of the system:  CDC-IRIS is a suite of applications covering a wide range of functions to assist CDC/ATSDR management in budget, staffing, reporting, and project planning and tracking.  CDC-IRIS is the major reporting tool for financial and staffing information at CDC/ATSDR.  CDC-IRIS extracts information, CDC-IRIS is a one-stop shopping tool for daily financial reporting, budget planning and tracking, and salary projections.  CDC –IRIS user include management at all levels, budget preparers, administrative users and FMO Budget Analysts.  The new financial system UFMS will continue to provide daily downloads of needed financial, staffing and budget data.  CDC-IRIS will reflect the new accounting structure and processes, but will allow historical review of data in its current format.  CDC-IRIS is not a UFMS feeder system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PII is disclosed to CDC, Financial Management Office Budget Analysts for the purpose of monitoring, tracking and managing of staffing funding levels for CDC.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC-IRIS will collect Name, DOB, Financial Information, Employment Status. This information is used to identify the employee requesting projects with budget and goal level details and assists tracking of those requests.  The information collected is mandatory and does contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There is a disclosure statement that is presented when the user first logs onto the system. The user must click the ‘ok’ button as a form of consent.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII is secured using encryption and active directory authentication for specific users.  PII can only be accessed by authenticated users behind the firewall.  Access is limited by user roles and access ranges.  Physical access to the hardware is monitored and controlled according to ITSO Network policies and procedures.

PII yes
E-Auth Level = N/A
Risk Analysis Date = 7/6/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden, OCISO
Sign-off Date:  8/10/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Internal Control Review Portal (ICR) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  1/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC System ID: 1506
7. System Name (Align with system Item name):  CDC Internal Control Review Portal
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  This system will implement the A-123 program and serve as a repository of documentation of program functions.  It collects and displays information relating to CDC Internal Controls. The documentation of program functions relates to risk assessments, operating procedures and controls for the ongoing prudent management of government projects and funds. Examples of internal controls that are monitored and documented include: “Updated policies and procedures - should be updated at least every 5 years, or sooner in some areas,” “Separation of duties - key duties should be separated among individuals” and Training - should ensure competency and knowledge of internal controls.” There are no instances of personal data being entered into the system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Internet Services (Internet Services) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/11/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A- System does not constitute a "System of Records" under the Privacy Act.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Internet Services
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  James D. Seligman
10. Provide an overview of the system:  CDC Internet Services provides the following:  Video servers streaming non-sensitive content for Internet/Intranet access as required, including Public Health education purposes; E-mail List-Server functionality for the CDC, affiliated agencies, and the general public as a form of information distribution; Public and Private (secure) File Transfer Protocol (FTP) Internet access; Internet caching services and content filtering for security purposes.  The Internet Services system is comprised of 12 Windows-based servers running commercial-off-the-shelf (COTS) products.  Several servers are deployed in pairs for functionality, redundancy and load-sharing.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system

E-Authentication Assurance Level = 1

Risk Analysis Date = September 29, 2009
PIA Approval

PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden, OCISO
Sign-off Date:  8/11/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Inteum - Infectious Diseases Technology Development (Inteum IDTD) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/11/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1815
7. System Name (Align with system Item name):  Inteum –Infectious Disease Technology Development (IDTD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa Blake-DiSpigna
10. Provide an overview of the system:  CDC- Infectious Diseases Technology Development (IDTD) is a client server SQL database which contains data on infectious diseases and other CDC components concerning specific research and development projects.   The database includes data related to the identity of the party, liability, funding, intellectual property, personnel and other appropriate provisions specific to the research and development projects.  In addition, the database contains the various types of agreements that are used to formalize business relationships with the private and public sectors and records specific timelines during the agreement negotiation process.  This system is a manually updated database.  Only Business IIF is collected.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/19/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Inteum CS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/14/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9324-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1679
7. System Name (Align with system Item name):  Inteum
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cynthia Sherwood
10. Provide an overview of the system:  Inteum is a client server SQL database which contains data on CDC’s intellectual property (IP) such as scientific, industry, financial and personnel.  The IP includes data containing employee invention reports (EIRs) on technology created by CDC scientist and labs, patent applications filed and issued on these EIRs and various types of license agreements to market the technology to private sector and public use sectors.  The license agreements include a variety of other reimbursement types and technical services agreements, Patent License Agreements, Proprietary Technology License Agreements, Patent Pending Material Transfer Agreements, Biological Material License Agreements, and Cooperative Research and Development Agreements.  This database system also contains information on royalties receipt and distribution.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = May 13, 2009

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/18/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Intranet Search [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/27/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-0610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1605
7. System Name (Align with system Item name):  CDC NCPHI DIOE Intranet Search
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert Swain
10. Provide an overview of the system:  The Intranet Search system provides search functionality on the CDC Intranet.  The Intranet Search system leverages the use of Google Search Appliances to increase the effectiveness of search on the intranet.  The primary function of the application is to return search results of intranet pages and documents based on search criteria provided.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The intranet Google Search Appliances will index the content available on CDC intranet web servers.  To our knowledge, this content does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected
EAAL = N/A
Risk Analysis Date = February 23, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/2/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Involuntary Smoking SGR Bibliography [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  OSH GA - Involuntary Smoking SGR Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC IP Tool (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/1/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-­1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  IPTool
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dave Ausefski
10. Provide an overview of the system:  IP Tool will allow CDC ITSO users to search for an IP address and view its physical location.  In addition, the authenticated and authorized users on the networking team will be able to create, assign and reclaim subnets information.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC ITSO users to search for an IP address and view its physical location
N/A No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/1/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC IS Administrative Codes (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/28/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 6
7. System Name (Align with system Item name):  CDC IS Administrative Codes
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly James
10. Provide an overview of the system:  CDC IS Administrative Codes is a web-based application designed to control and manage all official and administrative codes for the CDC in relation to the hierarchy of moving offices at the CDC.  This can include but is not limited to offices that can be moved from one place to another, subdividing an office into several different offices, or several offices being combined into one office.
CDC IS Administrative Codes assists the CDC by providing reorganization automation support for future enhancements, and by building key building blocks into the management of resources and assets.  CDC IS Administrative Codes will enable the CDC to manage and track the history of each admin code that a given organization has ever used in regards to the movement of offices.  This system will not contain any Personable Identifiable Information (PII) of any sort.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A - The system does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC IS Administrative Codes is a web-based application designed to control and manage all official and administrative codes for the CDC in relation to the hierarchy of moving offices at the CDC.  This can include but is not limited to offices that can be moved from one place to another, subdividing an office into several different offices, or several offices being combined into one office.
CDC IS Administrative Codes assists the CDC by providing reorganization automation support for future enhancements, and by building key building blocks into the management of resources and assets.  CDC IS Administrative Codes will enable the CDC to manage and track the history of each admin code that a given organization has ever used in regards to the movement of offices.  This system will not contain any Personable Identifiable Information (PII) of any sort.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A - This system does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ITSO Global - Malawi (GAP Malawi) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Malawi IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Malawi and provides a file servers, application servers, exchange server, and webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ITSO Global - Zimbabwe [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Zimbabwe IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Zimbabwe and provides a file servers, application servers, exchange server, and webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ITSO Global Infrastructure Site to Site VPN (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/2/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1104
7. System Name (Align with system Item name):  Site to Site VPN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  Site to Site  VPN will support the CDC’s IT infrastructure by providing remote access capability through VPN services to international locations
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected
E-Authentication Assurance Level = (0) N/A
Risk analysis Date = 09/04/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/7/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC ITSO Questionnaire (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  ITSO Questionnaire
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  David Ausefski
10. Provide an overview of the system:  The ITSO Questionnaire is an online application for tracking and analyzing responses from CDC customers to a set of unique questions.  The questions presented upon the site are unique to a specific survey and will be periodically changed via Change Management. A customer can update their responses at anytime, which will replace their existing set of responses in the database.  Each customer is presented a set of questions which they can respond to and provide comments for.  Only one questionnaire per customer can be submitted to the system.  The feedback will help the project team in their decision making process.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 6/9/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/21/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Juniper VPN (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Juniper VPN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michael Patrick
10. Provide an overview of the system:  Juniper VPN will support the CDC’s IT infrastructure by providing remote access capability through VPN services.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Kazakhstan IT Infrastructure (GAP-Kazakhstan) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Kazakhstan IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Kazakhstan and provides file servers, application server, exchange server, and webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Knowledge Management Technical Infrastructure (KMTI) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/3/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1604
7. System Name (Align with system Item name):  Knowledge Management Technical Infrastructure (KMTI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert Swain
10. Provide an overview of the system:  The Knowledge Management Technical Infrastructure (KMTI) is a general support system (GSS) hosting applications that advance knowledge management through content management, document management, and collaboration. The KMTI GSS is able to host internal facing applications with a C&A rating of moderate or lower.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  As a GSS, KMTI provides architecture and security controls for its supported systems. It does not transmit, process, or store data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected
EAAL = N/A
Risk Analysis Date = 03/23/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/13/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Information Management System Lite (LIMS Lite) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/3/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Laboratory Information Management System Lite (LIMS Lite)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa Harper
10. Provide an overview of the system:  Laboratory Information Management System Lite (LIMS Lite) does not collect SSN’s or PII. LIMS Lite is software developed by the Epidemiology Branch, DHAP, to support the operations of CDC's International Labs. The software helps in managing the Freezers and other storages, managing specimens and vials, aliquoting, check-in and check-out of vials, and shipping specimens between labs and clinics.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  LIMS Lite does not collect, store, process, or transmit PII data. The software helps in managing the Freezers and other storages, managing specimens and vials, aliquoting, check-in and check-out of vials, and shipping specimens between labs and clinics. Version 1.1 of LIMS Lite involves addition of a new module for handling the Lab specimen requests.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF is Collected
E-Authentication Assurance Level = N\A
Risk Analysis Date = 11/18/10
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/6/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Information Tracking System (LITS Plus) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/23/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0106
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 126
7. System Name (Align with system Item name):  Laboratory Information Tracking System (LITSPlus)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  James Tolson
10. Provide an overview of the system:  The Laboratory Information Tracking System LITSPlus) is a laboratory information management system (LIMS) that provides a mechanism to enter, edit, analyze & report laboratory specimen and test results electronically.  The specimen information collected within the system parallels individual laboratory samples that come into (or are generated by) the CDC. Once the information about the specimen is entered into the system users can examine all the data about the specimen they are working with; including data from other CDC laboratories that performed tests on the specimen.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A, System does not share or disclose PII information
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) to enter, edit, analyze & report laboratory specimen and test results
2) to track product requests and fulfillment
3) The product captures employee, business and patient PII information.
4) Employee and business PII is voluntary.  Patient PII is captured at the state health labs, hospitals and private laboratories and submitted to CDC.  The policy for submission of PII would be the responsibility of these centers.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1) Notices are sent to employees and business partners via email.  Patients should be notified by the submitting agencies.
2) Employees are asked for their office location and phone number.  Business partners submit name, address, phone number and email voluntarily.  Patient PII is captured at the state health labs, hospitals and private laboratories and submitted to CDC.  The policy for submission of PII would be the responsibility of these centers
3) Employee information is stored to communicate changes to the employee.  Business information is stored to report specimen test results back to the submitter.  Patient information is stored to associate a specimen with a patent.  The information is not shared.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative controls: The data will be secured by logical access controls. Technical controls: Access to the data is controlled by user ID and password, firewall.  Internal physical controls include security guards, ID badges, and cardkeys.

IIF collected for research purposes
EAAL = N/A
Risk Analysis Date = March 10, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/24/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Outreach Communication System (LOCS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Laboratory Outreach Communication System (LOCS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ryan McCormick
10. Provide an overview of the system:  The CDC Laboratory Outreach Communications System (LOCS) has been introduced as a mechanism for CDC to address existing gaps in laboratory-related communication with the broad clinical community. LOCS is intended to help enhance CDC’s existing communication structures to reach various audiences. The vision for the system is to meet laboratory professionals’ information needs through communication channels between CDC and professional laboratory associations.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The agency will maintain and distribute laboratory specific information, including, but not limited to: emergent issues, changes in regulations, disaster relief, standards and recommended practices.  The information is maintained and distributed as a benefit to the laboratory community. The system contains no PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Response Branch Enterprise Quality Management System (LRB EQMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/3/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1318
7. System Name (Align with system Item name):  Laboratory Response Branch Enterprise Quality Management System (LRB EQMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dr. Harvey Holmes
10. Provide an overview of the system:  Laboratory Response Branch Enterprise Quality Management System (LRB EQMS) is a web based application that will be located in the CDC MTDC behind the firewall; there will be no external access to the internet. The main function of the system is to enable DBPR to better manage their Quality Management System (QMS), provide a strong document management system, and provide management more visibility into the quality lifecycle. The overall high-level objectives for the LRB EQMS Implementation are to: provide an integrated Document Management System, perform basic Corrective and Preventive Actions (CAPA) /Complaints management as well as enhance metrics and perform basic QSR auditing functions.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  LRB EQMS does not collect PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The overall high-level objectives for the LRB EQMS Implementation are to: provide an integrated Document Management System, perform basic Corrective and Preventive Actions (CAPA) /Complaints management as well as enhance metrics and perform basic QSR auditing functions. There is no PII on the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  LRB EQMS does not collect PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/3/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Response Network 2.0 (LRN 2) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/24/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-0881-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 881
7. System Name (Align with system Item name):  Laboratory Response Network (LRN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sherrie Bruce
10. Provide an overview of the system:  The LRN web application allows users to view protocol documents, order inventory items, view communications and receive email broadcast announcements, and communicate to the LRN.

The LRN web application contains data that users of facilities participating in response related activities will find useful in prevention preparedness and response activities.  Such data include: laboratory referral information for locating your next nearest neighbor during an emergency, agent protocol information that instructs users in proper protocols and procedures during emergencies and communication sections that keep the users current on preparedness and response needs.  LRN also contains ordering systems that allow users to order items that will assist them in testing capacities.

LRN 2 data do not contain any personally identifying information.  Access to the system is controlled by role-based security.  Each user is assigned a role and their permissions within the system is based on their role.

Users access the LRN 2 system via a web-based interface using the FIPS 140-2 approved standard of Transport Layer Security (TLS) version 1.0.  users input a username and password into the system in order to gain access to their data.  Users are only given usernames and passwords after signing an ROB document.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A – LRN 2 does not contain any PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The LRN 2 web application contains data that users of facilities participating in response related activities will find useful in prevention preparedness and response activities.  Such data include laboratory referral information for locating your nearest neighbor during an emergency, agent protocol information and communication sections that keep the users current on preparedness and response needs.  LRN 2 also has an ordering system that allows users to order items that will assist them in testing capacities.  There is no PII collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A – LRN 2 does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – LRN 2 does not contain any PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/24/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Response Network Results Viewer (LRN RV) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/29/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Laboratory Response Network Results Viewer (LRN RV)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Emory Meeks
10. Provide an overview of the system:  The Laboratory Response Network Results Viewer (LRN RV) supports U.S. laboratories’ efforts to quickly respond to bioterrorism (BT) events.  LRN RV services CCID/NCPDCID Division of Bioterrorism Preparedness and Response (DBPR), other CDC users, and laboratory users. LRN RV receives lab results that are submitted utilizing industry standards for exchanging health data. This means that data are received in a standard format (Health Level Seven (HL7) messages), and these messages are composed using standard vocabulary sets to describe laboratory samples, tests, and results (LOINC and SNOMED). All lab results received are formatted and composed the same way for easy interpretation.

Laboratories that are members of the Laboratory Response Network (LRN) are able to use the LRN RV to view the results they submitted to CDC, as part of the LRN program. Local laboratories use the distributed LRN Results Messenger (LRN RM) client application to submit data to the LRN RV at CDC.  The LRN RM is not hosted at CDC and not part of the LRN RV C&A boundary unless it is implemented at a CDC laboratory. Each laboratory hosts its own instance of the LRN RM.

LRN RV is a "closed" system in that it does not accept data from any submitting laboratory, but is limited to laboratories participating in the LRN.  In order for a new laboratory to be added to the LRN RV, notification is received from the LRN coordinating office located in CCID DBPR, which manages and maintains all information regarding laboratories, laboratories’ membership and LRN participation.  A request is made to create an Object Identifier (OID) for the new laboratory.  The OID and laboratory's name are held in the LRN RV, but no identifying attribute data on that lab is held in the LRN RV.

Laboratory results related to the BioWatch program are submitted daily to CDC via the LRN RV/RM.  A subset of LRN labs conduct testing for BioWatch, which is an environmental detection program in place in large cities in the U.S. to test for the presence of certain bioterrorism agents in the environment.  Since BioWatch data are related to environmental (specifically air) sampling, there is no testing on specimens collected from human beings.  Therefore, no PII data are collected or stored for BioWatch samples.

LRN RV relates to BioSense only by routing daily BioWatch samples to BioSense.  There is no two-way data exchange with BioSense; it is strictly one way, with data flowing from LRN RV to BioSense.  BioSense presents the daily BioWatch results by giving users access to a very high-level view of these results, which does not include details on BioWatch sensor locations.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  LRN RV does not share or disclose PII data with other government or non-government agencies. Records can be searched according to the LRN RM laboratory that conducted the testing and submitted the test results.  Records are grouped and displayed by the name of the sending laboratory.  It is not possible to search for laboratory data associated with a particular person.  It is not possible at this time for users to retrieve PII by searching for data associated with a particular city or state.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  PII data stored and processed includes name, DOB, SSN, mailing address and medical records numbers of public citizens and patients. Laboratories may send PII data in association with a public health response in order for laboratory data to be linked with other data sets for case identification, such as outbreak management, countermeasure and response, and so on. LRN RV is not the source system collecting the PII data and has no responsibility or control whether the data is voluntarily submitted or mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  LRN RV is not the source system collecting the PII data and has no responsibility or control in obtaining individual notification or consent, regarding system changes or data usage. LRN RV only stores and processes PII data, if laboratories send this data.  None of this data is required, and laboratories have the option of sending de-identified data.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  LRN RV is hosted within the Secure Data Network (SDN) and Mid-Tier Data Center (MDTC) environments, which are secured CDC facilities. Only authorized LRN users will access the site, using SDN digital certificates. No public access allowed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/8/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Sample Tracking and Reporting System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/4/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1458
7. System Name (Align with system Item name):  Laboratory Sample Track and Reporting System (LSTARS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Rollins
10. Provide an overview of the system:  The purpose of LSTARS is to collect sample information and track samples and report laboratory test results.  LSTARS associates test results and other data with a given specimen.  It electronically collects information from NCEH/DLS Laboratory Information Management Systems and reports specimen information and laboratory results to the Specimen Tracking and Results Reporting System (STARRS) during both routine and emergency public health response events.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) LSTARS electronically collects information from National Center Environmental Health (NCEH)/Division of Laboratory Sciences (DLS) Laboratory Information Management Systems and reports specimen information and laboratory results to the Specimen Tracking and Results Reporting System (STARRS) during both routine and emergency public health response events. All of the data regarding studies, specimens, and test results are stored indefinitely for future reference.
The system provides specimen descriptions, specimen test orders, and specimen test results to the following organizations:
·    National Center for Environmental Health (NCEH)
·    National Institute of Occupational Health and Safety (NIOSH)
·    Office of the Director (OD)
·    National Center for Health Statistics (NCHS)
·    CDC and ATSDR Specimen Packaging, Inventory, and Repository (CASPIR)
(2) LSTARS associates test results and other data with a given specimen.
(3) The information does not contain PII, yet it does contain test results. The test results contain no direct information regarding any of the patients.
(4) N/A.  The system does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  The system does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/4/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Support for Influenza Surveillance (CLSIS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/29/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1797
7. System Name (Align with system Item name):  CDC Laboratory Support for Influenza Surveillance
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mary Hoelscher
10. Provide an overview of the system:  The web application is a communication tool for members of the domestic public health labs and global National Influenza Centers. This consists of a network of public health and military laboratories that provides laboratory diagnostics and disseminated testing capacity to support public health preparedness and response to influenza.  Procedures, reagent ordering, completion of eMTAs, and laboratory capacity information are available through this secure web application.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected
EAAL = 1
Risk Analysis Date = 13 May 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laptop Encryption Exceptions (LEE) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/4/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Laptop Encryption Exceptions (LEE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wayne Knight
10. Provide an overview of the system:  Laptop Encryption Exceptions is a dynamic application that provides an approval process for exempting laptops used exclusively in CDC laboratory facilities.  Laptops do not store or process any PII, is most often secured to furniture or rack with appropriate cable lock to discourage theft, is dedicated to a specific piece of laboratory equipment and is not the requester’s primary or only computer.  The final approval process is either accepted or denied by CDC Office of the Chief Information Security Officer
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = July 10, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicai P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/10/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Laptop Loaner Tool (LLT) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/9/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Laptop Loaner Tool (LLT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dave Ausefski
10. Provide an overview of the system:  This system will allow CDC staff to request a laptop for up to 45 days for official CDC purpose (travel, temporary workstation, off-site meetings, etc.)  The system will allow the following: 
1. Allow customers to request a loaner laptop.
2. Route loaner laptop requests through an approval workflow process.
3. Allow CSB and Emergency Preparedness Support Team to review requests.
4.  Create a SC ticket for approved loaner laptop request
5.  Send expiration reminders to return the laptop
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data collected, disseminated, and/or collected pertains to network information, ADP information, and CDC user information without any distinguishing identifiable information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated, or maintained in the system. No IIF is collected, disseminated, or maintained in the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = January 11, 2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Legacy for Children Longitudinal Follow-Up Study (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/24/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  NO
6. Other Identifying Number(s):  ESC# 1921
7. System Name (Align with system Item name):  Legacy for Children™ Longitudinal Follow-up Study
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa V. John, PhD, PMP (Battelle
10. Provide an overview of the system:  The purpose of this system is to support the data collection activities for the CDC Legacy for Children™ Longitudinal Follow-up Study. The Legacy for Children™ study is a longitudinal study of 3rd graders recruited in two cities – Miami and Los Angeles.  Data collection activities will be repeated when the child is in the 5th and 7th grades. The data collection activities include:
·          In-home assessments of the child and the primary care giver
·          Lab visit
o   Child is administered a standard test
o    Primary care giver is interviewed
·          School visit
o   Classroom observation of child’s classroom
o   School record abstraction (unless school provides later electronically)
·          Teacher web survey
·          Quarterly phone contacts with primary care giver
·          Neighborhood Observation

Attachment A - SSN Elimination or Usage Approval Request is on file with OCISO.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PII is disclosed to study supervisors to manage cases, to tracing staff to locate respondents, to vendors of tracing databases that are standard sources for researchers, and to the field data collectors to enable them to contact study participants and collect data from them. PII may be disclosed to the Prime contractor if necessary and to CDC per contractual terms and conditions.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.    The information consists of the participants’ contact information and responses to the surveys designed for the follow-up study.
2.    The surveys are collecting identifying and personal health information of children and their mothers and/or primary care providers. The surveys also collect extensive information regarding the psychosocial status of the child, home and neighborhood observations, teacher assessments, parent-child interactions, and educational record information. 
3.    Collecting identifying and personal health information of children and their mothers and/or primary care providers.
4.    Submission of personal information is voluntary and covered by Battelle and CNA Institutional Review Boards approvals.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1.    Any changes in disclosure and/or data uses will be submitted to the Battelle and CAN IRBs and approved protocols will be followed to notify study participants.
2.    Legal guardians of the children whose PII is being collected have signed informed consent forms that have been approved by the IRBs of Battelle, CNA, and CDC.
3.     PII will be used to verify identity of study participants.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The Legacy for Children™ Longitudinal Follow-up Study system resides in a VLAN environment in an isolated segment of the Battelle network that has been configured for compliance with FISMA controls at the Moderate security level designation. All data in the system is stored in this environment in encrypted format. Users of the system connect via SSL. Field staff access the system using Battelle tablet PCs with whole disk encryption and authenticate to these laptops using two-factor authentication with RSA SecurID® 800 Authenticators as smart cards. No data is stored on these laptops. Battelle has System Security Plans for the Legacy for Children™ Longitudinal Follow-up Study system and for the FISMA compliant environment in which this system is housed that address the NIST SP800-53 administrative, technical, and physical controls that are applied to this system.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/24/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Legislative Information Database (LID) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/2/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC 1592
7. System Name (Align with system Item name):  Legislative Information Database (LID)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Alexander (Xan) Herrington (FSS7)
10. Provide an overview of the system:  The LID provides a means for the Budget Formulation staff to store contact information and biographical information of US congressional committee members and their staff, as well as additional CDC-related notes such as logs of member's visits to CDC, public health interests, questions for the record, recent public health legislative acitivity, etc.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Federal contact information and publicly available biographical information of US congresspersons and their staff will be maintained in the database.  In addition, notes relating to recent CDC visits and member’s public health interests and legislative activity will be recorded.  This information does not contain PII. No PII collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/2/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Lipid and Clinical Chemistry Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  12/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1614
7. System Name (Align with system Item name):  Lipid and Clinical Chemistry Databases (LCCDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Rollins
10. Provide an overview of the system:  The Lipid and Clinical Chemistry Databases (LCCDB) is a non-web based modular Lab Information Management System (LIMS) and Data Analysis System.  LCCDB is designed to provide different functional analysis and data entry points based on role related duties.  Lab data is from sources and direct import from lab equipment in the form of text files.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) LCCDB is designed to provide different functional analysis and data entry points based on role related duties.  Lab data are from sources and direct import from lab equipment in the form of text files.
(2) The purpose of the system is to provide surveillance for the DLS/CCB staff to provide staffing, funding and resource management.  LCCDB is funded to serve the purpose of the NCEH/DLS/CCB managerial staff for decision making purposes.
(3) No.  The system does not contain any PII.
(4) N/A.  The system does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The system does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Lipid Standardization Program Data Submission [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/7/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1625
7. System Name (Align with system Item name):  CDC CCEHIP NCEH Lipid Standardization Program Data Submission (LSPDS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mary Kimberly
10. Provide an overview of the system:  Lipid Standardization Program, aka LSP, Data Submission (LSPDS) is a custom web-based application designed to collect Quality Assurance (QA)/Quality Control (QC) analysis results from external laboratories for internal analysis by the Division of Laboratory Science’s Clinical Chemistry branch (CCB), as well as to provide a means by which those laboratories can access performance reports created from previously submitted data.  During each quarterly round the LSP laboratory provides vials of serum to participating domestic and international laboratories for sample analysis to measure levels of cholesterol.  These quality control sample vials are processed by scientists, researchers or technicians from each external health laboratory who then access the LSPDS online system to report their results using a web-based form.  The results from the data, which consists almost entirely of numeric values and contains no Personally Identifiable Information (PII), is stored in a SQL Server database for later retrieval and internal analysis by the LSP laboratory at the end of each quarter, resulting in the performance reports.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The information collected does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The information collected does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The information collected does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/12/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC ListServ (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC ListServ
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  LISTSERV is an electronic mailing list software application, consisting of a set of email addresses for a group in which the sender can send one email and it will reach a variety of people.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects email addresses in support of the ListServ functionality.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The system does not share or disclose PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The required CDC EMSSP controls are implemented for the system.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Lync (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Lync
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Richard Self
10. Provide an overview of the system:  Lync Communications Server 2010 (Lync) is a software powered unified communication solution comprised of multiple server roles on WINTEL platform servers and running Microsoft Windows Server 2008 R2 operating systems. The main server roles required are Front End servers (FE) which provide for SIP (TLS-based) communications between clients and the Backend Server that provides for a real time data store for state information and is based on Microsoft SQL Server. To interconnect with legacy based TDM systems, Lync 2010  utilizes a server role known as the mediation server, which provides a secure and interoperable connection to media gateways with the appropriate physical interface and protocol types.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mail  DPM (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDCMail DPM
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  The purpose of this system is to backup the CDC Mail Exchange databases and the CDC SQL Mail databases.  This allows for snapshot type backups to occur at regular intervals.  The retention period is for 14 days.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to store or retain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to store or retain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to store or retain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to store or retain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mail BES (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/28/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDCMail BES
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  The system will provide CDC employees who have Blackberry mobile devices access to CDC email and calendar information through the mobile devices.  The system will replace the current BB services provided by Unisys.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to store or retain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to store or retain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to store or retain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to store or retain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mail Hyper V Host (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/18/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDCMail Hyper V Host
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  This system provides for the hosting of HyperV virtual images for the CDC Mail Exchange CAS/HUB servers, CDC Mail DPM servers, CDC Mail SQL servers, and CDC Mail BES/BAS servers.  The listed servers all run as virtual machines on top of the HyperV host servers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to store or retain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to store or retain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to store or retain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to store or retain PII.

No IIF Collected.
E-Authentication Assurance Level = (2) Moderate
Risk analysis Date = 10/12/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mail ISA System (Mail ISA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC Mail ISA
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  Mail ISA servers will provide the two factor authentication mechanism for any user accessing e-mail through Outlook Web Access (OWA) via integration with the CDC RSA SecurID system and CDC Active Directory system.
ISA Server 2006 is an integrated network edge security gateway that helps protect IT environments from Internet-based threats while providing users fast and secure remote access to applications and data. ISA Server 2006 provides hybrid proxy-firewall architecture, deep content inspection, granular policies, and comprehensive alerting and monitoring capabilities to manage and protect the network.
ISA Server validates the credentials against Active Directory via LDAP. It can work with Kerberos constrained Delegation if ISA Server is a domain member. It supports native LDAP Authentication in ISA Server 2006 in a form of an LDAP Authentication Webfilter. LDAPS (Secure LDAP) is being used to secure the communication with the Active Directory Server.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mail SQL (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/10/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDCMail SQL
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  This system provides the database and database processing for the CDC Mail BES/BAS servers.  The system contains configuration information for the BES application and configuration information for all Blackberry mobile accounts.  Also, the DPM databases are also contained on the SQL servers.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to store or retain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to store or retain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to store or retain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to store or retain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerry L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mailbox Size Exception Tool (MSE) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Mailbox Size Exception Tool (MSE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ryan Shaver
10. Provide an overview of the system:  The MSE is a web based application (tool) that will be hosted on the ITSO Tools Intranet Server.  The MSE Tool allows CDC Staff to request an exception to the default 3GB mail quota provided by the CDCMail System..  The request follows an approval process from the customer's manager then to the customers TSE. Upon approval, the system will generate a ticket in Service Center and inform the customer of the increase in storage to 10GB.
The application is only available on the CDC Intranet.  The website is secured using Active Directory and Groups Authentication as well as application security roles based on user categorization.  Everything is presented to users dynamically by the application.  Any unauthorized users will be detected and routed to an error page instead of the requested page.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Mainframe - Enterprise Extender (Mainframe EE) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-01-1152-00-404-139
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Mainframe – Enterprise Extender (EE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  James H. Landers
10. Provide an overview of the system:  The CDC Mainframe provides a secured repository and platform for user's data.  Numerous systems reside on the CDC Mainframe.  The system does not collect, maintain or disseminate the information stored by the individual systems.  Each system is responsible for those functions and the policies and procedures which they follow to perform their government function.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Data shared with National Institutes of Health to process and provide for grant applications.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The CDC Mainframe provides a repository for user's data.  The users of the CDC Mainframe are centers and divisions within CDC, and one user outside of CDC which is HHS Core Accounting.  Each system owner is responsible for the content, collecting, maintaining, retrieving and disseminating of their own data.  The purpose of the CDC Mainframe to provide a secure platform where the data can be utilized by its authorized owners and users designated by its owners.  
Numerous systems reside on the CDC Mainframe.  The system does not collect, maintain or disseminate the information stored by the individual systems.  Each system is responsible for those functions and the policies and procedures which they follow to perform their government function.  Each system determines if they will maintain information containing IIF and if submission of the data is voluntary or mandatory.  The CDC Mainframe provides physical security by limiting access to the data center where the CDC mainframe is housed.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Any notification or consent takes place within the respective system housed on the Mainframe. IIF is obtained and collected by individual systems based upon their established policies and procedures.  Communication with suppliers and subjects of IIF is determined by the individual system's policies and procedures.  The system owners of the systems housed on the Mainframe are responsible for preparing a PIA for the respective system.  Those PIAs will address consent changes in data disclosure, etc.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative Controls: RACF - a security tool used on the Mainframe to restrict access to specific files.
Technical Controls: User ID, passwords, firewall, VPN, encryption, Smart Cards.  Physical Controls: Guards, ID badges, key cards, CCTV.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Management Consultation and technical Assistance Contract Tracking [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  1510
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC System ID: 1216
7. System Name (Align with system Item name):  Management Consultation and Technical Assistance Contract Tracking (MCTA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  The Management Consultation and Technical Assistance (MCTA) Contract system tracks all task orders from pre-award to post-award.   The purpose of this task-order contract is to provide CDC with a ready source of management and technical expertise in carrying out projects related to strategic planning, organization development, project management, technical assistance, pre-award assessments, and improving administrative effectiveness. 

The system allows the MASO personnel who are responsible for tracking the task-order requests to enter them into the system and to update the status of the requests, including modifications and deletions, until an award has been made to a contractor and thereafter throughout the contract life cycle.  The system is a management-only tool which provides reports to management on the status and the cost of these task-order requests.

Additionally, the system also provides automatic important six month reminder notices that alert MASO and PGO that contractors need to submit their (required) semi-annual reports on subcontractor hours worked during the prior six month period.  The tracking system has a built-in alert that notifies PGO and MASO of the pending close-out date for the task orders.  In this way, the two organizations can adequately prepare to implement contract close-out processes, to include, initiating contact with the Technical Monitors to begin the contractor performance evaluation action.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 01/03/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Managing Accounting Credit Card System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-1262-00-405-143
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0024
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1262
7. System Name (Align with system Item name):  Managing Accounting Credit Card System (MACCS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Evan Willis
10. Provide an overview of the system:  
MACCS is a web-based software solution that automates the logging, tracking, and obligation of credit card transactions.  Each business day, MACCS receives credit card transaction records from JPMorgan Chase via secure FTP.   And each business day, MACCS sends obligation records to UFMS for those transactions that are matched and registered against purchases logged into MACCS by users (cardholders and approvers).   Once a month, MACCS receives an invoice file from JPMorgan Chase and reconciles this monthly summary with the daily transactions from the previous month.  This function is used by FMO Accounts Payable in determining if the invoice from JPMorgan Chase is accurate.  The MACCS project at CDC is a shared venture between FMO, PGO, and MISO.

It helps to support the GSA SmartPay VISA Purchase Card program that is administered at CDC by the Procurement & Grants Office (PGO).
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  MACCS discloses the names of CDC VISA credit card holders and their CDC VISA credit card numbers.  In addition, MACCS discloses the names of merchants for CDC VISA transactions, and in the case of VISA check transactions, the merchants’ addresses and their taxpayer identification numbers.  This is available to only authorized personnel within CDC for the purpose of financial management of federal credit card purchases.   Card numbers are masked (except for the last 5 digits) to all users except administrators.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Card user name and credit card number; approving official name and approving official account number; VISA merchant name, address, and TIN.  The purpose of collecting this information is for the financial management of federal credit card purchases. Submission of this information is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No data uses have changed since the notice at the time of the original collection.

Any changes to the system would be driven by the needs of the GSA SmartPay VISA Purchase Card program administered at CDC by PGO.  The program administrator at CDC/PGO notifies all program participants and MACCS users of program changes, and their related impact to MACCS.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Network and security controls for the web servers and databases are in place as well as network security monitoring and security audits. The system is only available on the intranet, mitigating the exposure outside the firewall. Access to the system and to specific information is controlled using Windows Integrated Authentication so users have to have a valid and active network profile before they are allowed system access.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC MASO Employee Organization Announcements (EOA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1513
7. System Name (Align with system Item name):  Employee Organization Announcements
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  This is an informational system for the various employee organizations at CDC/ATSDR.  It stores the officers and constitution bylaws of each of  the employee organizations at CDC/ATSDR.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/APII = No
EAL = N/A
Risk Analysis Date = 01/03/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC MASO Reorganizations Database (REORG) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 603
7. System Name (Align with system Item name):  MASO Reorganizations Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  The Organizations and Functions system accesses the Reorganization Database for all the data relating to reorganization proposals.  It tracks the status of reorganization proposals.  It provides search capabilities and data can be viewed by all of CDC.  MASO maintains the data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
EMPLOYEE ORGANIZATIONS does not collect or share IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 01/04/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote

Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC MASO Signature Log [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/13/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1526
7. System Name (Align with system Item name):  Signature Log
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson
10. Provide an overview of the system:  Signature Log keeps track of all documents signed by the MASO director, as well as those documents presented to but not signed by the MASO director. The system also stores downloadable copies of the signed documents.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not collect information. It keeps track of all documents signed by the MASO director.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF
Risk Analysis Date: 5/7/2008
E-Auth level= NA
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/12/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC MC2 Interactive Cost Estimating System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/30/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1754
7. System Name (Align with system Item name):  MC2 Interactive Cost Estimating System (MC2 ICE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Judy F. Asher
10. Provide an overview of the system:  ICE is used for cost estimating of facility and infrastructure construction projects.  The software is a complete facility construction and renovation cost estimate program with various types of knowledge data bases.  Information is input regarding building type, building construction, room sizes, room heights along with the type of flooring,wall or ceiling material, wall construction, lighting types, etc. to be used and the cost is automatically calculated for materials and installation along with overhead and profit.  Modifications can be made during the process to refine the estimates.  All costs for labor and material is based on what area of the country the project is located.  The use of the various knowledge bases provided helps avoid errors and omissions that are commonly associated with traditional cost estimating procedures, particularly during planning and early design phases.
This system will be used to help in the budgeting process for capital projects, when doing renovations or smaller projects within CDC by BFO staff members in doing Capital Project Budgets, FPAA’s, and smaller projects.  The costs are automatically entered using the various knowledge bases provided, historical data, or the Means database provided.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII.

No IIF is collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = September 22, 2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles, OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  11/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Medgate GX (N/A) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/9/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0013
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Medgate GX
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Christie Zerbe
10. Provide an overview of the system:  The purchase and use of an electronic medical records software system (Medgate GX) by OSHE for use by the clinic will aid in accomplishing the following: 1) increase reliability of data through daily systems back-ups, and enhanced diagnostic ability, 2) provide greater confidentiality and security of records, 3) increase efficiency of all staff members, 4) provide readily available deployment records, 5) improve compliance tracking, 6) reduce record error and omissions, and 7) provide effortless report generation.
Data repository for occupational health, safety and disability management.
Legislation - Executive Order 12196, 29 CFR 1960, SHARE Initiative (Safety Health And Return to Employment), from the President through the Department of Labor.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  While Medgate does not store or disclose most IIF, it does pull information from the Mainframe based on User ID to meet the needs of the clinical visit (e.g. eligibility of services, case history etc.).
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information collected:
1     DOB, User ID
2     We Collect User ID and view any key information needed to complete the clinical visit (i.e. eligibility, case history etc.)  We collect/store date of birth as it is not collected for contractors and it is needed for clinical purposes.
3     IIF is being collected.
4     Personal information is voluntary but is required for medical appointments.
Patients Medical Information is voluntary and not required to schedule an appointment in the clinic but is mandatory to provide the service.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This information collection is inherent for a clinical visit and is explained by nature during the clinical visit.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  User Id, Passwords (with expiration), Firewall, Guards, ID badges, Key Cards and CCTV

IIF Collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = 01/30/2012
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/9/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Media Campaign Resource Center [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/25/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  OSH MCRC
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris (CTR)
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Media Relations Inquiry Tracking (MRIT) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/5/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-10-0004
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1408
7. System Name (Align with system Item name):  Media Relations Inquiry Tracking
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Glen Nowak
10. Provide an overview of the system:  The Division of Media Relations (DMR) provides reporters, news producers, and others working on news programs or stories with public health and CDC-specific information, materials, and resources.  The Media Inquiry System provides an electronic method for DMR to log and track media inquiries, direct inquiries to subject matter experts, and record resolutions to inquiries.  By centralizing these tasks, the Media Inquiry System simplifies the office process, provides a single point of access for all media inquiries, and streamlines the DMR workflow.  The Media Relations Inquiry Tracking facilitates the resolution of inquiries by automatically directing inquiries to the appropriate press officer and giving management, press officers, and press assistants a single interface in which to view the status of all inquiries to the office.  It also provides reporting capabilities that DMR uses to quantify and produce metrics for CDC and HHS management.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  IIF is occasionally shared with subject matter experts (SME’s) in the centers whose input is required to respond to media inquiries in the system.  Official responses to special inquiries are forwarded to the HHS Office of enterprise communication for clearance.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Media Relations Inquiry Tracking facilitates the resolution of inquiries by automatically directing inquiries to the appropriate press officer and giving management, press officers, and press assistants a single interface in which to view the status of all inquiries to the office.  It also provides reporting capabilities that the Division of Media Relations uses to quantify and produce metrics for CDC and HHS management.  The information distributed to the SME’s within the CDC contains IIF.  Submission of the IIF is voluntary and not mandatory.  The IIF is collected so that the Division of Media Relations can correspond with the appropriate requester.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  CDC receives multiples calls on a daily basis from media outlet inquiring about different subjects. When the Media Relation office representatives receive those calls, they ask the caller to provide them with personal information such as their names, affiliation, telephone number and e-mail address. They notify the caller that their personal information will be used to contact them and may be sent to CDC personnel who will deal with their questions.  This information is mandatory because the CDC will have no way to communicate back with the inquiry from that specific user.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative:  Records are maintained according with CDC’s record control schedule and record control policy.  The IIF is secured using the CDC/IS Active Directory authentication process and role-based application control.

Technical:  Monitored by the Network and IT security controls which administered by OCISO and ITSO.

Physical:  Controls are managed by guards, ID badges, and key card restrictions.

IIF Collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = 10/16/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles, OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  11/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Media Tracking System (MTS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/10/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Media Tracking System (MTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Eva Margolies
10. Provide an overview of the system:  The Media Tracking System (MTS) is an internal database that keeps track of all incoming requests we receive from the news media.  MTS is only used by members of the NCHHSTP Media Team.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Tracks media request, no PII, on used by NCHHSTP media personnel.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Medical Record Abstraction 3.0 (MRA 3.0) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/9/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-0740
6. Other Identifying Number(s):  ESC# 1476
7. System Name (Align with system Item name):  Medical Record Abstraction 3.0 (MRA 3.0)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dawn Gnesda
10. Provide an overview of the system:  The Medical Monitoring Project (MMP) serves to collect nationally representative, population-based surveillance data on clinical outcomes, behaviors and the quality of HIV care in the United States.  A two-part data collection approach is implemented.  First, a Patient Interview Questionnaire will capture information through interviews of sampled HIV-infected patients on the current levels of behaviors that may facilitate HIV transmission: patients’ access to, use of, and barriers to HIV-related secondary prevention services; utilization of HIV-related medical services; and adherence to drug regimens.  Secondly, Medical Record Abstractions will capture information on clinical conditions that occur in HIV-infected persons as a result of their disease or the medications they take as well as the HIV care and support services being received by these patients and the quality of these services.  Ultimately, this surveillance project led by the Centers for Disease Control and Prevention (CDC) will produce data annually about met and unmet needs for HIV care and prevention services which can be used to evaluate these services and to direct future resources for HIV-infected patients.

Twenty six program areas will participate in this data collection effort.  Programs will utilize interviewers and abstractors to collect and codify information defined for the Patient Interviews and Medical Record Abstractions.  An electronic system has been developed for the Patient Interview data collection and paper forms will be utilized for the Medical Record Abstraction until an electronic system has been created and tested.

Medical Record Abstraction would permit program area staff to enter medical records directly into laptops, export records into standardized flat files and transmit encrypted results through the Secure Data Network (SDN) to CDC. Only select CDC program individuals are authorized access to this data here at the CDC and none of it contains any personal identifiable information. Medical Record Abstraction software would be mailed via CD-Rom to each designated program area at a specified time and date and installed on each designated laptop to be used by program area staff. The scope of this release will also include the development of a Medical Record Extraction feature outputting files to the SDN to transport data to the Data Management Tracking organization.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF data will be shared with CDC.
E-Authentication Assurance Level = N/A
Risk Analysis Date = 10/22/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/14/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Medicare Provider and Analysis Review (MedPAR) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/1/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Medicare Provider and Analysis Review (MedPAR) File
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John Jernigan
10. Provide an overview of the system:  The Division of Healthcare Quality Promotion, National Center for Emerging and Zoonotic Diseases, Centers for Disease Control and Prevention (CDC/NCEZID/DHQP) has entered into an interagency agreement  ( IA 11-35) with the Office of Research, Development, and Information ;  Centers for Medicare and Medicaid Services (CMS/ORDI) to obtain research identifiable data files of hospitalized Medicare patients that are protected under The Privacy Act of 1974, 5 U.S.C. § 552a, Public Law No. 93-579, (Dec. 31, 1974).  The CMS data will only be used for the purposes of conducting an evaluation of the disease burden associated with healthcare-associated infections (HAIs) and their cost to the healthcare system and the federal government.  The study protocol (#5976) has been granted exemption status by CDC’s Institutional Review Board.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Division of Healthcare Quality Promotion , National Center for Emerging and Zoonotic Diseases, Centers for Disease Control and Prevention (CDC/NCEZID/DHQP) has entered into an interagency agreement  ( IA 11-35) with the Office of Research, Development, and Information ;  Centers for Medicare and Medicaid Services (CMS/ORDI) to obtain research identifiable data files of hospitalized Medicare patients that are protected under The Privacy Act of 1974, 5 U.S.C. § 552a, Public Law No. 93-579, (Dec. 31, 1974).  The CMS data will only be used for the purposes of conducting an evaluation of the disease burden associated with healthcare-associated infections (HAIs) and their cost to the healthcare system and the federal government.  The study protocol (#5976) has been granted exemption status by CDC’s Institutional Review Board.

The CMS data will only be used for the purposes of conducting an evaluation of current disease burden and the costs associated with HAIs in the Medicare population.    Users of the data will have “read access” only and will not be able to alter the data.  Along with the CMS data, HAI surveillance data from CDC’s National Healthcare Safety Network, along with additional (publicly available) hospital discharge data from the State Inpatient Database (from the Healthcare Cost and Utilization Project) and the CMS Hospital Cost Reports, will be placed in the system so they can be linked to the Medicare beneficiary data in order to evaluate the impact of HAIs on the hospitalized Medicare population.

The only user organization will be DHQP.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The Medicare Provider and Analysis Review File (MEDPAR) contains inpatient hospital and skilled nursing facility (SNF) final action stay records of Medicare beneficiaries that institutions is collected by the Centers for Medicare and Medicaid Services (CMS) for document reimbursements to these institutions under Medicare Part A.  The System Of Record for this data that has been approved by CMS is 09-70-0514. The Denominator file and the Beneficiary Annual Summary File (BASF) contain demographic and enrollment information that CMS collects about each beneficiary enrolled in Medicare during a calendar year.  The System
Of Record for this data that has been approved by CMS is 09–70–0573.  As CMS is the agency responsible for collecting these data, responsibility for any notification and consent lies with CMS in accordance with their privacy policy (see attached document).  CDC/DHQP has obtained access for to this data for research/evaluation purposes only under conditions stipulated by the Data Use Agreement and the Interagency Agreement number IA 11-35 with CMS.  The datasets provided to CDC have very few personal identifying variables.  There is no social security number, name or street address contained in any of the datasets.  The key identifying variable is a beneficiary identification number that has been assigned to only the records in the datasets.  CDC/DHQP will not use the data to make contact with any beneficiary under any circumstances nor will it be involved in any changes to CMS’s data collection system.  Statistical, aggregate or summarized information created as a result of analysis conducted using identifiable CMS data obtained under CMS-approved projects/studies may only be disclosed if the data are not individual-specific and the data are aggregated to a level where no data cells contain 10 or fewer individuals. CMS reviews all reports, manuscripts, files, etc. to be re-released. This review pertains to all forms of publication, including information to be posted to the Internet. This review ensures that the reports, manuscripts, files, websites, etc. contain no data elements or combinations of data elements that by themselves or in addition to other data files and/or sources, could allow for the deduction of the identity of an individual and that the level of cell size aggregation meets the stated requirement. Only after such review has occurred and CMS has provided written approval for the re-release of the reformatted CMS information (includes e-mail correspondence) is the data requestor legally authorized to re-release the data.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The database will be managed by ITSO, within the CDC firewall. ITSO SQL Support assigns security levels governed by HHS Security Policy as outlined in NIST SP 800-14.

When assigning rights to a database ITSO assign the two indicated administrators to the database and then assign them to the DB_DDLADMIN and DB_SECURITYADMIN roles. This conforms to HHS Security Policy as outlined in NIST SP 800-14 to assign minimal security rights required to perform job function.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/1/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Metropolitan Atlanta Developmental Disabilities Surveillance Program [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/22/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-0138-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 138
7. System Name (Align with system Item name):  Metropolitan Atlanta Developmental Disabilities Surveillance Program (MADDSP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Andrew R. Autry, PhD
10. Provide an overview of the system:  The Metropolitan Atlanta Developmental Disabilities Surveillance Program (MADDSP) is an ongoing, multiple source ascertainment surveillance system that has been functioning since its inception in 1991.  It is the model surveillance system by which states and localities collect surveillance data for developmental disabilities.  The purposes of the MADDSP were to develop surveillance case definitions for five developmental disabilities (mental retardation, cerebral palsy, visual impairment, hearing impairment, and epilepsy) and provide prevalence estimates for the five disabilities in the metropolitan Atlanta area (counties of Clayton, Cobb, DeKalb, Fulton, and Gwinnett).
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This is public health surveillance, not research.  The participants do not know that their private data are being collected. The IIF allows for linkages of the abstracted data with birth and death certificates.  It is also used to de duplicate the database.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The participants do not know that their private data are being collected.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This is public health surveillance, not research.  The participants do not know that their private data are being collected.

IIF is Collected by system

E-Authentication Assurance Level = N/A

Risk Analysis Date = 12/09/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles  OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/27/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC MicrobeNet (MicroNet) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  3/24/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1789
7. System Name (Align with system Item name):  MicrobeNet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wendy Wise
10. Provide an overview of the system:  The MicrobeNet web application allows users to search for and compare known genetic data against user supplied genetic data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/24/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Microsoft Office SharePoint Service-Internal-Procurement and Grants Office  (MOSS-I-PGO) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Microsoft Office SharePoint Service-Internal-Procurement and Grants Office (Moss-I-PGO)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jamie Legier
10. Provide an overview of the system:  MOSS-I-PGO is a web-based system that will be used by the Procurement and Grants Office and its offices, divisions, and branches to ensure the proper management and record retention of files, to create backups through versioning, and to offer collaboration, workflows, and project and document management.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Microsoft Office SharePoint Services – External – NCEH/ATSDR Site Collection (MOSS-E-NCEH) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/9/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC # 2066
7. System Name (Align with system Item name):  Microsoft Office SharePoint Services – External – NCEH/ATSDR Site Collection
(MOSS-E-NCEH )
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jeff McCarthy
10. Provide an overview of the system:  MOSS-E-NCEH is a web-based system that will be used by the National Center For Enviromental Health/ Agency for Toxic Substances and Disease Registry (NCEH/ATSDR) and its offices, divisions, and branches to ensure the proper management and record keeping of files, to create backups through versioning of files, to reduce the number of manual communications, to serve as part of the NCEH/ATSDR Extranet, and to share news and information with partners and staff through a common forum.  These activities ensure that NCEH/ATSDR  operations are better streamlined and positioned to offer aid to partners in support of the CDC mission.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  The system does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/9/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top