Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Centers for Disease Control - Page 6

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / CDC NPCR Annual Program Evaluation [System] 
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  

1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DCPC GA-Program Contacts (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC NTB Identity Lifecycle Manager (ILM) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  None
5. OMB Information Collection Approval Number:  None
6. Other Identifying Number(s):  None
7. System Name (Align with system Item name):  CDC Identity Lifecycle Manager (ILM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug McClelland
10. Provide an overview of the system:  The Identity Lifecycle Manager system will synchronize identity information for HHS OpDivs to the CDC Mail System via CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to collect, process, or store PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to collect, process, or store PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to collect, process, or store PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to collect, process, or store PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC NTB NetMon (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  None
5. OMB Information Collection Approval Number:  None
6. Other Identifying Number(s):  None
7. System Name (Align with system Item name):  NTB NetMon
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Vijande Burr
10. Provide an overview of the system:  The network monitoring system is composed of network taps which provide traffic flows of the CDC network to various monitoring systems utilized by ITSO and OCISO.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to collect, process, or store PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to collect, process, or store PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to collect, process, or store PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to collect, process, or store PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC NTB Quest Access Manager (NTB QAM) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/26/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  NTB Quest Access Manager (NTB QAM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Crawley
10. Provide an overview of the system:  Quest Access Manager provides a single console that identifies the Windows based files, folders, shares and other entitlements that users and groups can access throughout the CDC enterprise. It is designed to help the CDC generate reports to meet compliance requirements and control operational cost.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to collect, process, or store PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Windows based files, folders
generate reports to meet compliance requirements and control operational cost.
No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to collect, process, or store PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to collect, process, or store PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/26/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Nutritionist Pro (Nutritionist) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0161
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1554
7. System Name (Align with system Item name):  Nutritionist Pro
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Christie Zerbe
10. Provide an overview of the system:  Contains a database of nutrition information that allows for dietary analysis of recipes and eating habits after entering name, height, wt, age, eating logs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Lifestyle Program Staff Member—Registered Dietitian (Internal Use)
-Enters information into the system for weight management analysis
-Utilized the analysis to generate a report with dietary recommendation for the participant.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information collected:
(1)    Name, DOB, Phone Numbers
(2)    Contains a database of nutrition information that allows for dietary analysis of recipes and eating habits after entering name, height, wt, age, eating logs.
(3)    IIF is being collected
(4)    Personal information is voluntary but is required if a dietary analysis of recipes and eating habits are to be conducted.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1)    Users are notified via a general OD announcement when changes occur in the system. Users are also asked to update and validate their information on a yearly basis. A privacy notice opens when the user first accesses their contact information.
(2)    IIF is collected and maintained by CDC.
IIF may be used to search for individual records, but never disclosed except by signed authorization.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  User Id
Passwords
ID Badges
Key Cards
CCTV

IIF Collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = 24 November 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thimas P Madden
Sign-off Date:  4/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Occupation Emergency Response [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1555
7. System Name (Align with system Item name):  Occupant Emergency Plan (OEP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Deborah McClanahan
10. Provide an overview of the system:  The OEP is an emergency action plan for building evacuation and shelter in place procedures for personnel and visitors in the event of a fire, explosion, terrorist threats, or other emergencies occurring at all CDC/ATSDR locations.  The CDC/ATSDR are responsible for the safety and security  of all persons while they are on CDC/ATSDR property.  The OEP is one of the many ways by which these agencies carry out this responsibilities.  The OEP is a short-term emergency action plan that establishes procedures for safeguarding lives and property.  The OEP consists of specific procedures for evacuation and shelter in place emergencies.  Specal situations, such as potential or confirmed contamination of a laboratory or the discovery of a suspicious letter or package, may require building occupants to evacuate or shelter in place
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated or maintained on the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = 10 June 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Aanval (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/8/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO Aanval
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dixie Tuschl
10. Provide an overview of the system:  Annval is the console that will be used for OCISO Snort sensor data management.  It runs on a Red Hat server.  Snort is a network intrusion prevention and detection system (IPS/IDS) that provides signature, protocol and anomaly-based network traffic inspection.  Each individual sensor is a single machine running Red Hat.  The machine has two interfaces, one of which is used for managing the machine and communicating information back to the database, and the other of which is used for listening to network traffic.  Interface 2 is in promiscuous mode and does not have an IP address.  The pf firewall on the system is set to only allow SSH connections from the database machine on Interface 1 to limit the machine’s exposure to the network.  All other traffic to the machine on Interface 1 is denied.  Snort is configured to listen to traffic on Interface 2 and log alerts in the unified log format.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data from DNS, firewall, anti-virus, and IPS/IDS logs and/or events are fed into the Aanval console from the Snort sensors.  OCISO will view data via a limited-access web-based dashboard hosted on the Aanval system.  The data is used to monitor network activity and investigate security events.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Physical controls include servers are housed in secured Designated Server Sites (DSSs).
PII=No
Risk Analysis Date:  September 28, 2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/12/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Appscan (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO Appscan
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Harry Newsome
10. Provide an overview of the system:  The CDC Appscan Vulnerability Scanner assesses all areas of a web application using Appscan Enterprise.  Due to the fact that each web application functions uniquely and based on how it was developed, each application must be scanned in a custom fashion. Because of this, several stages of scanning are required to ensure the application is scanned as comprehensively as possible.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The CDC Appscan Vulnerability Scanner assesses all areas of a web application using Appscan Enterprise.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Port-based and Active Directory group-based access.  It is secured in a building with guards at the doors and proper fire/water damage controls. 
Risk Analysis Date: February 8, 2011
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Commvault (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Commvault Simpana
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rodney Conley
10. Provide an overview of the system:  CDC OCISO is implementing an integrated incident management solution for use by the CDC Security Operations Center (SOC).  Incidents are currently reported to and tracked within the Incident Management Solution run by the US Department of Health and Human Services (HHS) of which the CDC is a major operating component.  Once an incident is reported to HHS, it is tracked by both the CDC and HHS.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The backup solution is used to archive all OCISO data; therefore it will have data at the highest level that OCISO as a whole utilizes.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Physical controls include servers are housed in secured Designated Server Sites (DSSs).
Risk Analysis Date:  November 29, 2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/31/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Firewall (FW) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/24/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-0569-00-404-40
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 569
7. System Name (Align with system Item name):  CDC OCISO Firewall
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kerey Carter
10. Provide an overview of the system:  The Firewall Infrastructure controls inbound and outbound network traffic for the CDC Internal Network. The Management Consoles are used to develop policy and apply them to the individual Firewall Gateway Enforcement Points.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  e-Authorization Assurance Level = 3 (Local)

Risk Analysis Date = 10/23/2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  10/24/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO IBM Tivoli (BigFix) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO IBM Tivoli (BigFix)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rodney Conley
10. Provide an overview of the system:  CDC OCISO is implementing an integrated incident management solution for use by the CDC Security Operations Center (SOC).  Incidents are currently reported to and tracked within the Incident Management Solution run by the US Department of Health and Human Services (HHS) of which the CDC is a major operating component.  Once an incident is reported to HHS, it is tracked by both the CDC and HHS.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The only type of data that this tool gathers is the patch levels of each server that is scanned.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Physical controls include servers are housed in secured Designated Server Sites (DSSs).
Risk Analysis Date:  November 29, 2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO IT Infrastructure (N/A) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/26/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-0569-00-404-140
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 569
7. System Name (Align with system Item name):  OCISO IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rodney Conley
10. Provide an overview of the system:  The OCISO IT Infrastructure consists of the systems used to accomplish the mission of OCISO within the CDC. This includes monitoring applications, network traffic, and machine configurations for compliance with the security policies of CDC. The infrastructure enables OCISO personnel to track accomplishments, protect hosts, and facilitates the discovery process during events and incidents. The information contained within these systems can include DNS names, IP addresses, systems settings, network traffic, and vulnerability information pertaining to CDC systems. As such, these systems are secured from unauthorized use.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Raw network packets are collected for analysis purposes. 
The network data is collected for analysis to locate, identify, and remediate information security threats.
The nature of the network packet data is such that it may contain PII.
4.As this is an infrastructure system, any PII is subject to the processes of the owning organization and system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1)N/A – No PII is collected, and any PII stored is in a non structured format preventing reassembly (2) N/A - No PII is collected, and any PII stored is in a non structured format preventing reassembly (3) Information is analyzed to locate, identify, and remediate information security threats. The information is not disseminated.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls:  Technical Controls:  All data collected is limited to being access to the OCISO network enclave.  This is tightly restricted through the use of firewalls.  Usernames/Passwords, ID address restrictions, Audit Logs.
Administrative Controls:  Role Based Training
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/26/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Nagios (N/A) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/15/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO Nagios
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dixie Tuschl
10. Provide an overview of the system:  Nagios XI is a monitoring and alerting solution that provides OCISO with extended insight of their IT infrastructure before problems affect critical business processes.  It provides monitoring of all infrastructure components including applications, services, operating systems, network protocols, systems metrics, and network infrastructure.
The OCISO Nagios XI system takes input from many OCISO devices.  The data captured will be real-time system and network information allowing for better performance management and capacity planning of the OCISO infrastructure.
The Nagios XI system is used internally by OCISO staff on the Operations, Analysis, and Response (OA&R) team.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data from DNS, Firewall, Anti-virus, and IDS logs and/or events are fed into the Nagios database and OCISO will view data via a web based dashboard hosted on the Nagios system.  The data is used to monitor network activity and investigate security events.  The system is currently licenses at a 100GB daily index limit.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Physical controls include servers are housed in secured Designated Server Sites (DSSs).
Risk Analysis Date:  July 7, 2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO One Click Harvester (OCCH) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO One Click Collect Harvester (OCCH)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ray Hathcock
10. Provide an overview of the system:  One Click Collect Harvester (OCCH) is a forensic document collection tool.  This product is server based and can be programmed through job scripts.  The intent of the software is to provide forensically sound copies of documents that can be used in a court without questions of authenticity.  The software provides documentation for each file copied, such as MD5 hashes and date/time of copy.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The CDC One Click Collect Harvester (OCCH) Vulnerability Scanner assesses all areas of a web application using One Click Collect Harvester (OCCH) Enterprise.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Port-based and Active Directory group-based access.  It is secured in a building with guards at the doors and proper fire/water damage controls. 
Risk Analysis Date: March 31, 2011
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO PGP Universal Server (PGP) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO PGP Universal Server
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Amy Edmonds O’Dell
10. Provide an overview of the system:  OCISO is implementing PGP Universal Server as a Pilot Enterprise service to CDC users who have the need to encrypt sensitive data/information. 
The function of PGP Universal Server is to provide central key management and central key recovery for CDC PGP users.  Central Key Management will allow authorized personnel in OCISO to decrypt sensitive data when contingency recovery is necessary.
PGP Universal Server 3.1.2 SP3 was purchased with 1000 PGP Desktop licenses.  PGP Desktop 10.1.2 SP3 will be distributed to authorized CDC users and is required for encrypting and decrypting files, folders, and email.  Licensing is available for PGP NetShare, Zip, Messaging and Whole Disk Encryption.  PGP Desktop will be installed to integrate with PGP Universal Server 3.1.2 SP3 where specific policies will be defined for user consumption. 
PGP Universal server provides organizations with a single console to manage multiple encryption applications from the PGP Platform.  PGP key features are as follows:
·         Central Administration – single console to manage multiple encryption applications from the PGP Platform.
·         Policy enforcement – assigned security policies to ensure data protection is operating within expected parameters.
·         Reporting and logging – Provides oversight alongside the status of data protection to satisfy auditing requirements.
·         Key Management – creates, distributes, and stores encryption keys while maintaining the ability to recover data.
·         Extensible framework – Reduces cost and accelerates deployment using a single unified console to oversee operations.
PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and public-key cryptography.  PGP Universal server will be configured to utilize the PGP FIPS 140-2 validated encryption algorithms.
PGP Universal Server does not collect, process, or store Personally Identifiable Information (PII).
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system will collect CDC user IDs and CDC email addresses to enroll users and associate PGP Keys for encryption/decryption utilization. The system will not collect, store, transmit, or process PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Security Center 4 (SC4) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Security Center 4 (SC4)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Danny Connely
10. Provide an overview of the system:  CDC OCISO is implementing an integrated incident management solution for use by the CDC Security Operations Center (SOC).  Incidents are currently reported to and tracked within the Incident Management Solution run by the US Department of Health and Human Services (HHS) of which the CDC is a major operating component.  Once an incident is reported to HHS, it is tracked by both the CDC and HHS.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data will be input collected from distributed scanners and sent to the SC4. Information will be use for auditing and compliance and vulnerability issue will be sent to ITSO for mitigation

No PII
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Physical controls include servers are housed in secured Designated Server Sites (DSSs).
Risk Analysis Date:  November 29, 2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Splunk (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO Splunk
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dixie Tuschl
10. Provide an overview of the system:  Splunk allows OCISO to search, report, monitor and analyze live streaming and historical data across the IT infrastructure from one place in real time.  It gives OCISO unique visibility into the IT data that represents user transactions, customer behavior, machine behavior, security threats and fraudulent activity.
Splunk is used to monitor network activity and investigate security incidents.  OCISO will implement dashboards to view data from system logs and data dumps (e.g. DNS information extracted from TCP dumps performed on Intrusion Detection System (IDS) sensors).  The system allows engineers easy correlation of data from multiple sources allowing OCISO to validate suspicious activity on the CDC enterprise.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data from DNS, Firewall, Anti-virus, and IDS logs and/or events are fed into the Splunk database and OCISO will view data via a web based dashboard hosted on the Splunk system.  The data is used to monitor network activity and investigate security events.  The system is currently licenses at a 100GB daily index limit.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Physical controls include servers are housed in secured Designated Server Sites (DSSs).
Risk Analysis Date: August 23, 2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/7/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCISO Website (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/20/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OCISO Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Danny Connelly
10. Provide an overview of the system:  The OCISO website provides CDC Intranet users with information related to security support and services provided by OCISO.  The website describes OCISO’s policies and procedures that encompass the cyber security program at CDC.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected
E-Authentication Assurance Level = (0) N/A
Risk analysis Date = 10/08/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/20/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO BFO Integrated Facilities Management System (IFMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Integrated Facilities Management System (IFMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Stanley Davis
10. Provide an overview of the system:  IFMS is the integrated facility management system that manages all projects, tasks and process that are related to CDC facilities. IFMS business modules includes Real Property Management (Portfolio, Lease, Space), Computer Aided Facility Management, Operation and Maintenance, Facility Condition Assessment, Project Management and Document Management
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC internal user name, work phone, work Email. Mandatory to get a system user account
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System is located at MTDC
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO FMO Automated Travel System (ATS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/25/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  GSA/GOVT-4
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Automated Travel System (ATS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Betty Miller-Barnard
10. Provide an overview of the system:  The Automated Travel System (ATS) supports all activities involved with the official travel of CDC employees and non-employees who work in association with the CDC through automated preparation, approval, and financial processing of travel orders and vouchers.  The Automated Travel System application is the means by which CDC official travel is prepared, processed, and stored.  Currently this system has a few old travel vouchers that are waiting to be close out and is also acting as a repository for GovTrip data.  This system has been replaced by GovTrip and will be retired when the mainframe is retired approximately March 2010.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Financial Management/UFMS – for payment of expenses.  Airline – booking agents, Vendors – hotels/car rentals – purpose of booking.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects financial information, travel itinerary detail, personnel information for the purpose of arranging government sponsored travel and reimbursement of such expenses.  Furnishing the personal information is mandatory for ATS to be approved.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative Controls:  Roles and access privileges are defined within the CDC mainframe system.  Technical Controls:  Consist of UserID, password, and firewall control.  Passwords expire after set period of time, accounts are locked after multiple invalid attempts; minimum password lengths are required.  The physical controls include guards, key cards, and ID badges to enter the facility.
IIF Collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = 9/16/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/29/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO FMO Local Travel System (Local Travel)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/13/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  GSA/GOVT-4
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Local Travel System (Local Travel)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Betty Miller-Barnard
10. Provide an overview of the system:  The Local Travel System provides the capability to complete, edit, and submit local travel vouchers for reimbursement, and the functionality to review, assign, audit, and approve or reject travel vouchers.

New Local Travel System includes:  Copy, sort, calendar selection, voucher total, and mandatory explanation (reason) field.  Auditors will be able to do multiple audit assigns, view audit status that have been returned, and Level 1 auditors will be able to view workload of all auditors.

Travel claims are limited to mileage, parking, and local transportation expenses associated with traveling for CDC within a 50-mile radius of a CDC site.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  CDC Travel System – for submission and processing of travel expenses
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The PII is mandatory for travel voucher submission.  The system will collect and disseminate the voucher information to the CDC Travel system.  There PII is the specific information for local travel expenses. Name, SSN, and email address are collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  PII is voluntarily submitted when employee applies for Travel and submits voucher but is required as a condition of travel with CDC.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The IIF is secured using encryption and Active Directory authentication for specific users.  This system is located in a locked room with guards at the front of the building.
Yes IIF
Risk Analysis Date: 08/30/2007
E-Auth Level = NA
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/14/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO CDC-Barbados IT Infrastructure
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/23/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC-Barbados IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Uganda operations. The IT infrastructure provides file server, exchange server and webmail server. Authentication is performed by a locally administered Active Directory for authenticating local users only. Failover is to local AD at the site. Local does not send or receive information from the main HHS/CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF is collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = May 01, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Guyana GAP Site
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC-Guyana GAP Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Guyana IT Infrastructure with file server, exchange server, and webmail server. Authentication is performed via local AD that does not send or receive data from the main HHS/CDC Active directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =8/25/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/11/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Prism EventTracker (PET)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/1/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Prism EventTracker (PET)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lee Nelson
10. Provide an overview of the system:  Event Tracker is a commercial software package that collects, compresses, archives and analyzes log files from CISCO Router,  PIX Firewalls and switches and Windows servers.   The software has the capability to provide this service to other platforms such as Citrix, Jupiter, VERITAS, Dell Open Manage, Check Point and several others.  However, NTB has no plans to use the software for log management beyond CISCO, PIX Firewalls and Windows Servers owned and managed by NTB.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system

GCS Project Profile does not collect PII.
E-Authentication Assurance Level = N/A
Risk Analysis Date = 10/30/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/2/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MISO PMAP (PMAP/PPB Support Services)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/7/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC PMAP/PPB Support Services (PMAP/PPB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Ruth Williams
10. Provide an overview of the system:  The CDC PMAP/PPB Support Services (PMAP/PBB) measures employee’s performance by assigning ratings to performance standards.  The system uses a cascading concept to link performance requirements to HHS strategic plan and the new “Top Twenty” (One-HHS Management and Program objectives).  The system identifies two critical element categories and has a multi-level rating system to facilitate performance distinctions.  A numerical system is used to derive summary ratings which will link awards to performance.  The system tracks employees’ personnel, rating, and award allocation information.  The system has extensive calculations in order to determine monetary award amounts given to employees receiving Exceptional or Fully Successful performance ratings.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system will collect employee name and performance data that includes ratings, scores, and awards notifications.  No PII is collected and the information is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Employees manually sign forms verifying their personnel data, earnings data, ratings and scores.  A PDF of the information is also emailed to the employee and their reviewing official.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – This system does not collect any PII.
No IIF
Risk Analysis Date: 6/18/2007
E-Auth level = NA
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/10/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO PGO CDC Property Management System (Property)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/28/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Property Management System (Property)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Terrance Perry
10. Provide an overview of the system:  The Property System is a web-enabled application which allows PGO to receive property into CDC, transfer or delete property, update property info, and update unit cost of property.  It also provides numerous reports in support of their daily property responsibilities.  In addition PGO/MMB has ability to maintain users, role, custodial account areas, custodial accounts, and assignments.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A – No PII is collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Property system is used to collect information about the location of CDC equipment, as well as who the equipment is assigned to.  The agency, CDC, uses the information to keep track of it’s equipment, including such things as cars, backhoes, laboratory equipment and computers.  The system does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A – No IIF is collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No IIF is collected
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/1/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Internal Controls Program - (ICP)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  1506
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Internal Controls Program
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Thurmond
10. Provide an overview of the system:  This system will implement the A-123 program and serve as a repository of documentation of program functions.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Evaluation of CDC’s ICS as required by OMB-A-123
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  3/28/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OD Osiris Scientific Regulatory Service Information (OSIRIS) [System]

PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/30/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-02-00-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC$# 1442
7. System Name (Align with system Item name):  OSIRIS Scientific Regulatory Service Information Management (OSIRIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Lane
10. Provide an overview of the system:  The Human Research Protection Office (HRPO) assures that all research involving human participants and conducted or supported by the CDC complies with the HHS Policy for Protection of Human Research Subjects.   One of the primary functions of the office is to review human research protocols. OSIRIS provides an electronic submission path, through its web portal, for CDC Centers to submit human protocols to HRPO for review. Additionally, the portal provides the office support system needed by the HRPO staff to track protocols during the human research review process.
By centralizing these tasks, OSIRIS simplifies the process for regulatory review of human information collections CDC-wide, provides a single point of access for all related submissions, and streamlines the HRPO workflow.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  HRPO – to ensure that all research involving human participants and conducted or supported by the CDC complies with the HHS Policy for Protection of Human Research Subjects.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The OSIRIS system only collects First/Last Names, DOB, Photo Identifiers, Mother’s Maiden Name, Medical Record Numbers, Medical Notes, Employment Status, Foreign Activities, and GPS Coordinates.  The system will use these data elements to pull up Human Research Protocol records by a unique identifier. PII will only be contained in the attachments that are uploaded into the application.  The attachments have to be opened by the user to view the PII.  The attachments are retrieved by protocol number.  The system is internal only, however the information collected is on public citizens.  The application tracks information related to human research studies conducted by CDC.  The data collected is required to facilitate the requirements for each study conducted. Submission of PII is Voluntary
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  HRPO collects consent for obtaining PII and this is independent of the application.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF can only be accessed by authenticated users behind the firewall. Access is limited by user roles and access ranges. Physical access to the hardware is monitored and controlled according to ITSO Network policies and procedures.  All attachments will be encrypted in the database.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/30/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OEC CDC Connects Article Tracking [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/5/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
N/A
6. Other Identifying Number(s):  ESC ID: 1642
7. System Name (Align with system Item name):  OEC CDC Connects Article Training (CAT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Shaunette Crawford
10. Provide an overview of the system:  OEC CDC Connects Article Tracking (CAT) is a web-based application that provides a user-friendly method to track articles from inception to publication.  Story ideas are submitted within the OEC office or by CDC intranet users.  OEC personnel can assign a reporter to a story idea, and the reporter can enter text and attach photos and files, so that all story material is easy to retrieve for publication.  Story ideas that are not assigned to a reporter are retained in the database for possible future use.
Users can easily determine where a story is in the publication process since the application captures due dates, scheduled run dates, and review dates.  A Calendar provides a quick overview of the stories scheduled for publication over the coming weeks, and can display out-of-office time scheduled by the office staff.  A user can also request statistical reports profiling the stories that were published during a specified time period.  CAT will not contain any Personable Identifiable Information (PII) of any sort.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The system does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected. E-Authentication Assurance Level = N/ARisk Analysis Date = June 17, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Office of Communications Intranet Applications (OCIA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1616
7. System Name (Align with system Item name):  Office of Communications Intranet Applications (OCIA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Marianne Hartin
10. Provide an overview of the system:  The Office of Communication Intranet Applications (OCIA) is a set of web-based knowledgebase and content management system components drawn on a single data source. The National Center for Environmental Health (NCEH) / Agency for Toxic Substances and Disease Registry (ATSDR)/ Office of Communication (OC) staff will be the primary users of OCIA.  OCIA is used to deliver data in various formats and reports based on the functionality of each component.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  OCIA does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1. OCIA collects and maintains News clips data, job and volunteer information.
2. The Office of Communication will use this information to track job requisitions, track news items that are directly or indirectly related to NCEH/ATSDR environmental health activates, allow staff to request work from the OC E-Health Activity, and allow employees to sign up and volunteer to help support conferences, forums and other activities.
3. OCIA does not contain PII.
4. OCIA does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  OCIA does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC OHS Respiratory Protection Program [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/19/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1279
7. System Name (Align with system Item name):  OSHE Repiratory Protection Program (RPP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jean Gaunce
10. Provide an overview of the system:  The Office of Health and Safety (OSHE) works with CDC management and staff to create a healthy and safe working environment by identifying hazards, assessing and controlling risk, and preventing work related injury and environmental damage.  The Respiratory Protection Program of OHS provides advice, equipment, and training to employees that work in environments that require respiratory protection. 
Information about required training in the use and fitting of repiratory protection equipment is maintained in this system.  This information is then used in the deployment of CDC personnel for different emergency responses.  It is also used to maintain information about the equipping of employees as needed to safely and successfully complete their regular work duties.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A – No PII is collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will collect name and user id in order to link person with RPP training status.  This system does not collect PII but the information collected is mandatory in order to ensure that each person requiring respiratory protection training completes it.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A – No PII is collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/14/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OID Vaccine Tracking System (VTrckS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/14/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-01-1030-02
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 278
7. System Name (Align with system Item name):  Vaccine Tracking System (VTrckS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lance Rodewald, MD
10. Provide an overview of the system:  The Office of Infectious Diseases (OID) Vaccine Tracking System (VTrckS) is a SAP Commercial off-the-shelf (COTS) product. It is a web based single integrated system that provides the CDC constant visibility into inventories maintained at the vaccine distributor and provider locations. In addition, VTrckS allows CDC personnel to understand how federal dollars associated with vaccine programs are being spent nationally.

VTrckS will be a CDC-wide system that integrates vaccine ordering, vaccine forecasting, budget management, and contract management for CDC, grantees, and health care providers.  This system will enable more effective and efficient management of CDC’s public vaccine programs.  VTrcks will improve the efficiency of the management of vaccines funded through the Vaccines for Children (VFC) program, CDC’s Immunization Grant Program (Section 317), and state and local funds. Essential system functions: 

Needs & Forecasts

The Forecast funding and vaccine forecast need is at the national and local (grantee) and provider level.  The vaccine preferences are defined and funded at the local (grantee) level.

Manage Contract Balances

The manufacturer contracts are captured, adjusted, monitored and reconciled.  Additionally, the manufacturer defines and monitor against contract thresholds.

Manage Vaccine Inventory

Define master formulary and manage replenishment through (bulk) ordering.  The inventory levels monitored include backorder, short-dated vaccine, and other vaccine stockpile.  The inventory service level agreements are defined and monitored as well.

Provider Ordering

The provider submits the vaccine orders, support documentation, and vaccine transactions on-line.  Then the provider process the vaccine order exceptions and maintain the provider account. The provider/grantee communications is through the use of e-mail and fax.  They are able to access their order history.

Grantee Monitoring

The grantee target budget is established and vaccine allocation (during shortage) constraints by monitoring aggregate usage (provider orders) against aggregate forecasts (spend plans).  Monitoring provider usage (provider orders) against grantee forecast (spend plan) is done as well.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  VTrckS will be used by the CDC, Immunization Grantees and Providers to order, distribute, track and record information concerning publicly funded (VFC, 317 and state) vaccine purchases. The type of data includes Physicians first and last name, Physician number, Medicaid number, vaccine shipment address, type of vaccine, order quantity.

No PII is used.  Submission of this information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/14/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Oil Spill Worker Rostering Project (SpillWorker) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0147
5. OMB Information Collection Approval Number:  0920-0851
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Oil Spill Worker Rostering Project (SpillWorker)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Elizabeth Whelan
10. Provide an overview of the system:  The system will be used to collect information on worker safety and health related to the ongoing oil spill in the Gulf of Mexico.  SpillWorker consists of an external web facing survey application, a standalone MS Access database, and a paper survey forms.  Name, Date of Birth and Partial SSN will be used to uniquely identify participants and allow for follow-up.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  n/a
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1: Demographic information: Work place, Name, Date of Birth, Partial SSN, Sex, Race, Telephone, E-mail, Address, Name of a Person to Notify and their phone number, Employer name, Employer type, usual job, years at that job
Response work:   job responsibilities, oil exposure, tasks, deployment location, length of time, protective equipment for skin, protective equipment for eyes, respiratory equipment, fit testing in last year, smoke, number smoked per day, training, tetanus, notes.  The data in the system ONLY represents federal contact data.
2: This information will be used to roster individuals who are working on the oil spill, provide information for potential future contact for worker safety and health outcome issues, and gather data on their jobs, training, and exposures. 
3: This system contain PII information on the subject.
4: Submission of data is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1: The data will be stored and maintained electronically.  If contact with individuals is required, attempted follow-up would be conducted using the information stored in this database. Format of follow-up contact could be written or electronic.
2: A data use and disclosure form is presented at the time of data collection. Format could be written or electronic.
3: The data use and disclosure form states that the data will be used to monitor potential health effects among workers involved in oil spill response activities. Data will become part of the CDC Privacy Act System (09-20-0147) and will be protected to the extent allowed by law.  Reports prepared from theses data will include only summary data.  Format could be written or electronic.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  CDC Enterprise Master System Security Plan Moderate External controls are in place.
Administrative: Limited Access/Least Privilege, NIOSH Sensitive Data Security Plan
Technical: User identification, Passwords, Firewall, Intrusion Detection System and Public Key Infrastructure
Physical: Guards, Locks, Identification Badges, Key Cards, Closed Circuit TV

PII yes
E-Auth Level = N/A
Risk Analysis date: 6/9/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OMB Tracking (OMB Tracking) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/6/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OMB Tracking System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Maryam Daneshvar
10. Provide an overview of the system:  OMB Tracking System is a web-based application designed to enable personnel within the Office of the Chief Science Officer (OCSO)/OMB (Office of Management and Budget) office to log and track OMB Clearance projects for the sole purpose of management decision making.  The OMB Clearance projects consist of: Federal Register Notice, Clearances, Privacy Act Reviews, Audits, Reports, etc.  All requests for OMB Clearance come from the Chief Information Officer (CIO’s) are attached to form 83-I, and encompasses the requestor’s plan in which to collect data (project name, project title, CDC ID, OMB ID, time last updated, activity dates, and visibility requirements).  This request is received by OMB Clearance at the OCSO/OMB office, and are logged into a tracking application where a number is assigned to it.  This request is then processed through several stages including review, comments (suggested changes), and approval.  All stages are tracked in the tracking application.  Reports for current status of OMB Clearance requests are available on demand.  This system contains no Personable Identifiable Information (PII) of any sort.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  OMB Tracking System is a web-based application designed to enable personnel within the Office of the Chief Science Officer (OCSO)/OMB (Office of Management and Budget) office to log and track OMB Clearance projects for the sole purpose of management decision making.  The OMB Clearance projects consist of: Federal Register Notice, Clearances, Privacy Act Reviews, Audits, Reports, etc.  All requests for OMB Clearance come from the Chief Information Officer (CIO’s) are attached to form 83-I, and encompasses the requestor’s plan in which to collect data (project name, project title, CDC ID, OMB ID, time last updated, activity dates, and visibility requirements).  This request is received by OMB Clearance at the OCSO/OMB office, and are logged into a tracking application where a number is assigned to it.  This request is then processed through several stages including review, comments (suggested changes), and approval.  All stages are tracked in the tracking application.  Reports for current status of OMB Clearance requests are available on demand.  This system contains no Personable Identifiable Information (PII) of any sort.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected.
Risk Analysis Date: 7/13/2010
E-Authentication Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/10/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC One Team (ONETEAM) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/3/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-8121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0169
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1575
7. System Name (Align with system Item name):  OneTeam
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Josh Giles
10. Provide an overview of the system:  OneTeam is a web-based application to help the Coordinating Office for Terrorism Preparedness and Emergency Response (COTPER) Division of Business Services (DBS) track staff and vacancy information for all of COTPER.  Developed as an expanded replacement for the COTPER Vacancy Action Tracking System (CVATS), OneTeam will combine the ability to track and report information related to vacancies with tracking and reporting of information related to staff members and positions throughout COTPER.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The application will collect information base on COTPER Positions (both vacant and occupied).  Such data includes, but not limited to:  Job Title, Division, Branch, Grade, Job Series, Employee Type (Contractor vs FTE), and General Remarks.

Additional data collected about a vacancy will include: Assigned to (a pre-defined list), Date assigned, the vacancy action, and general comments.

Occupied position will collect the person’s name, email and dated they were assigned to that position.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All information will be stored on the CDC internal network.
Access to OneTeam will be based on the CDC’s Windows Authentication, allowing only a pre-determined list of user access to the system via the CDC Intranet.  Physical and additional technical controls are handled by ITSO and OSEP per appropriate C&A security controls.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/20/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Online Waste Ticket System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1545
7. System Name (Align with system Item name):  Online Hazardous Chemical Waste Ticketing System (OWT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sunil Patel
10. Provide an overview of the system:  The Hazardous Chemical Waste Disposal Program at CDC operates in accordance with the Resource Conservation and Recovery Act (RCRA) and the 1984 Hazardous and Solid Waste Amendments to RCRA.

Hazardous chemical wastes generated at CDC facilities in Atlanta are collected and packed by a licensed hazardous waste contractor. The waste is collected from labs, shops, or other work areas and is transported to the designated hazardous waste storage areas; Building 7, Clifton Road, and Building 1, Chamblee. The waste is segregated and stored in the storage areas until it is packed for shipment and transported to a final permitted recycling, treatment, or disposal facility. In accordance with RCRA and the Federal Facilities Compliance Act, all CDC personnel who handle hazardous waste must receive training in specific aspects of hazardous waste management procedures. This training is provided by OHS. Only individuals who have met this training requirement may request disposal of their hazardous chemical waste. Waste disposal request is generated by completing an "Online Hazardous Chemical Waste Disposal Ticket" and attaching the printout to the container of waste.
The OWT automates the creation of a label that is placed on each hazardous waste generated.  It tracks type of waste, container size and type, generator information, and location of waste.

The information on the label is verified by the Environmental Project Officer and is passed on to the chemical waste disposal contractor who makes arrangements with the generator of the waste to pick up the waste. Under the current hazardous chemical waste contract, the contractor conducts pickups one day per week at both the Clifton Road facility and the Chamblee facility.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF is collected, disseminated or maintained on the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = 17 November 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/8/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OPHPR Intranet [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/11/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-8121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1500
7. System Name (Align with system Item name):  COTPER Intranet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Joseph Dell
10. Provide an overview of the system:  The COTPER Intranet is an internally-facing web-based application designed with Microsoft classic ASP.  The Intranet is used by COTPER to convey its vision and accomplishments across the agency. The intranet site hosts a variety of applications that have improved the efficiency of COTPER’s business operations.  Staff can now visit the website to update site content dynamically, review policies and procedures, and fill-out and submit administrative forms.
The system architecture contains a web front-end with a Microsoft SQL backend which is hosted in the Designated Server Site (DSS) and managed by ITSO. 
While the data on the intranet site may be viewed by anyone within CDC, the target audience is the ~500 users within COTPER.  Users must be on the CDC network to access the Intranet.  No non-CDC users can access the Intranet. 
No Personally Identifiable Information (PII) is contained within the COTPER Intranet system.  There are no system dependencies beyond the ITSO server which the system is hosted on.  The application does not generate any reports nor does it share any information across other federal agencies.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No IIF or PII is collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No information is collected, only disseminated.  No PII is involved.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/14/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC OPHPR Survey Tool (OPHPR Survey) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/3/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  OPHPR Survey Tool
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dan Tuten
10. Provide an overview of the system:  OPHPR Survey Tool is based on the SPSS MR Interview COTS application designed for the creation and distribution of electronic surveys.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  OPHPR Survey Tool collects non-PII, non-CUI data from internal and external OPHPR users.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  11/3/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Oral Health Data Resource Center [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/24/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DOH Oral Health Data Resource Center
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Serves as a resource on dental, oral and craniofacial data for the oral health research community, clinical practitioners, public health planners and policy makers, advocates and the general public.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ORAU Team Dose Reconstruction System (ORAUDOSREC) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0147
5. OMB Information Collection Approval Number:  OMB No. 0920-0530

6. Other Identifying Number(s):  ESC ID: 1769
7. System Name (Align with system Item name):  Oak Ridge Associated Universities (ORAU) Dose Reconstruction System (ORAUDOSEREC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Regina Roesch
10. Provide an overview of the system:  NIOSH established the Office of Compensation Analysis and Support (OCAS) to assist with implementing a program created by the Energy Employees Occupational Illness Compensation Program Act of 2000 (EEOICPA or The Act) which provides compensation and medical benefits for nuclear weapons workers who may have developed certain work-related illnesses. The mission of the NIOSH Dose Reconstruction System is to determine eligibility for compensation and support the process of and track claims for compensation and medical benefits from the Department of Labor (DOL) for government nuclear weapons workers under the EEOICPA for radiation dose reconstruction.  In support of this program, NIOSH/OCAS has contracted with ORAU to perform Radiation Dose Estimation, Dose Reconstruction and Evaluation of SEC Petitions Under EEOICPA.   The ORAUDOSEREC system manages, operates, maintains, secures, and supports comprehensive and accessible databases to serve dose reconstructions and administrative reviews of dose reconstructions and Special Exposure Cohort (SEC) petitions.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Department of Labor (DOL) for the purpose of determining eligibility for compensation.
 
Department of Justice (DOJ) for the purpose of enforcement of the law and defense of the interests of the United States according to the law and for notifying uranium workers eligible for benefits under the RECA that they may also receive compensation from DOL under The Act.
 
DHHS/Office of the Secretary for approval of a special exposure cohort class definition.
 
Oak Ridge Associated Universities (ORAU) – contractor for Dose Reconstruction Contract
 
See for more information:  http://www.cdc.gov/niosh/ocas/pdfs/orau/drcntrt2.pdf
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects PII information that is submitted voluntarily by former government nuclear weapons workers and/or their families under the EEOICPA.  Collection of this data facilitates radiation dose reconstruction to determine eligibility so that a claim for compensation and medical benefits can be filed with the Department of Labor.  The mandatory PII information that we collect, maintain and disseminate, (name, date of birth, social security number, mailing address, phone number, medical records numbers, medical notes, legal documents, e-mail address, and employment status) is used to perform dose reconstruction under EEOICPA and other analysis required to process financial claims brought against the US government by individual claimants.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There is no process to notify affected individuals when any system changes are made.
 
All PII contained in this system had previously been collected by the site where the individual worked. Release of their PII at that time was a condition of employment. Claimants under the EEOICPA act sign a Privacy Act advisement that provides notice that the project will store and use their PII data.
 
Department of Energy personnel access the Site Research Database (SRDB) to determine if there are any classification issues with the documents being stored. Upon request, we provide documents to the Department of Labor to support EEOICPA, Part E – chemical exposure. Documents that are accessed may contain PII data.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  A unique ID and password is required to access the information on the
ORAU-COC network.  Access permissions are based on the new employee’s task and any other pertinent information provided on ORAUT-FORM-0010, New Hire and Change Request Notification. All users on the ORAU-COC network are required to take New Hire Training which includes Privacy Act training prior to being granted access.  A firewall is utilized to restrict access to the server that contains this information from the internet and unauthorized users.
 
This is covered in ORAUT-PLAN-0012 Computer Security Plan and
The ORAU Dose Reconstruction System Security Plan.
 
PII yes
E-Auth Level = 2
Risk Analysis date: 5/5/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC OSEP BI (IDMS-BI) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-1OPM/GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1649
7. System Name (Align with system Item name):  OSEP BI (IDMS-BI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Jacqueline Edwards
10. Provide an overview of the system:  Office of Security and Emergency Preparedness (OSEP) OSEP BI (IDMS-BI) is a web-based application designed to allow the Office of Security and Emergency Preparedness (OSEP) to consolidate information from other databases in order to produce reports and projected numbers based on initiated and completed National Agency Checks with Written Inquiries (NACI) and security clearance data.  This database will also serve as a collection point for bulk load data that will be migrated into the HHS-IDMS.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  To record the NACI or security clearance investigation(s) processed for the individual in meeting CDC policy for physical and logical access to CDC facilities and networks.  Also used for the production of smart cards.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  BI records the NACI or security clearance investigation(s), SF312 briefing and debriefing dates, and person of interest information.  It displays name, userID, last 4 digits of the SSN, Employee Type, Entrance on Duty Date, Citizenship, Years of Service, Grade, Mobile Phone, Work Phone, Email, Primary Work Location, Supervisor, Expiration Date.  This information is used to assist and track the processing of NACI or security clearance investigation(s)
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  OSEP and the organizations work with the individuals when collecting the information.  The information is used only within the CDC to process clearance for logical and physical access.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The system is located in a locked room with guards posted in the lobby entrances.  Users are authenticated via Active Directory.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Outbreak Management System (OMS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  12/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-1088-00-110-218
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1088
7. System Name (Align with system Item name):  Outbreak Management System (OMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Gerald Jones
10. Provide an overview of the system:  The Outbreak Management System (OMS) is an informatics tool designed to assist public health professionals in management of investigations.  OMS uses Public Health Information Network (PHIN) standards to provide data capture, management, and analysis capabilities.  This includes standard demographic and investigation data, exposures and relationships between entities, laboratory data, countermeasures, and customized questionnaires.  The system allows for case follow-up, contact tracing, data import/export, and data analysis.  OMS does not run at CDC nor does it transmit any data to CDC.  All data is owned and managed by external users.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The Outbreak Management System is given to state health departments to use during an outbreak to track exposures. The CDC agency does not collect, maintain or disseminate data. It is simply a tool provided to the states for use by and for the state. No PII is submitted.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/20/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Particulate Emmissions Monitoring System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1722
7. System Name (Align with system Item name):  Particulate Emissions Monitoring System (PEMS_1)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sunil Patel
10. Provide an overview of the system:  CDC’s air permits (example: Reference 1) are issued by the Georgia Environmental Protection Division (GA EPD) in accordance with Federal and State Regulations (Reference 2 and 3).  These permits govern CDC’s operation of its infrastructure systems and equipment, including our incinerators, boilers and generators, through defined emission limits for various regulated pollutants (Opacity, Particulate Matter, CO, NOX, SO2, Dioxin/Furan, HCl, Cadmium, Lead, and Mercury).  System operating limits/parameters are tied directly to these emission limits.  The CDC Environmental Protection Section (EPS) employs the Permit Emissions Monitoring System (PEMS) to monitor and record emissions and certain operating parameters.  CDC EPS reports the PEMS emission data to GA EPD on a semi-annual basis in accordance with the permits.  As an example, on the Roybal Campus Bldg 18 incinerator, the PEMS is programmed to notify the operator when one operating limit is out of range.  By monitoring certain operating parameters, the PEMS does not allow emission violations to occur. 
Software required tracking and monitoring emission:
SIMATIC WinCC by Siemens Automation
Data Monitor v 5.99 by Trace Environmental
Data Explorer v 2.0 by Trace Environmental

Reference 1:  Georgia Environmental Protection Division (GA EPD) Part 70 Operating Permit (Title V Air Quality Permit), Roybal Campus, No. 9431-089-0005-V-02-0

Reference 2:  40 Code of Federal Regulations Part 60 Subpart Ec

Reference 3:  GA Environmental Rule 391-3-1 Air Quality Control (Section 391-3-1-.02 and .03)
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII.

No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = August  12, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/11/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PASW Data Collection Dimension mrInterview 5.6 (MrInterview 5.6) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/5/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1253
7. System Name (Align with system Item name):  PASW Data Collection Dimension mrInterview 5.6
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tonya Martin
10. Provide an overview of the system:  mrInterview 5.6 is a solution for creating, fielding, and managing large or small surveys through a browser-based interface.  mrInterview 5.6 allows CDC to tabulate results, create graphs, and make survey insights from the data collected.  Results are stored in a database which can then be easily manipulated through SAS, SPSS, or Microsoft Excel.  MrInterview 5.6 is an internal facing application that creates the surveys that is accessible only by CDC personnel and contractors, however the surveys that are created with MrInterview 5.6 are external facing.
The data collected through the surveys can be used for a variety of purposes ranging from emergency pandemic outbreak data collection to applications for a review board.  Once a survey respondent submits his/her survey, he/she does not have access to the survey data.  Information is passed one-way from the survey to the database with no way for external users to retrieve information from the database.
Aggregate data from the surveys will be analyzed by CDC personnel.  Since users offer information voluntarily and are not required by CDC to complete any surveys, we can keep the e-authentication level at 1 or 2.  mrInterview 5.6 does not have a mechanism to identity proof people using the surveys.  For this reason, the integrity rating has been lowered to a rating of a Low.
The Project Officer will sign an addendum acknowledging the fact that they can potentially receive bogus information through these surveys as a risk they are willing to accept.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Voluntary surveys may collect PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Surveys are generated with MrInterview 5.6 in order to collect information for different purposes.  PII/IIF is collected in order to contact the survey respondent for future CDC tasks or contacts.  Surveys are created that may collect contact information about the respondents.  Any information submitted is done on a voluntary basis and is not required or mandatory.  The information collected will be analyzed by CDC personnel.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The individuals are not notified at the time of the survey what PII is being collected.  The surveys are voluntarily taken, so if a respondent does not want to give his/her PII, he/she does not have to take the survey.  There is a possibility a respondent will give false PII to conceal their true identity.  The information taken from the surveys will be used for a variety of analysis purposes.  Each survey is designed with a different mission and purpose in mind.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The data is stored on CDC machines that reside in a secure server room.  Users must authenticate to the CDC network before gaining access to MrInterview 5.6 through another authentication mechanism.

IFF – yes.
Risk Analysis Date: 12/23/2009
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/18/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Pathology Report Information (IDPA Pathology) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/15/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-1481-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0106
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 36
7. System Name (Align with system Item name):  CDC Pathology Report Information (IDPA Pathology)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dr. Sharif Zaki
10. Provide an overview of the system:  The IDPB Lab Database application is used to support the operational activities of the laboratory covering the full specimen lifecycle.  For all specimens, the system allows you to accession the specimen and case info, and contact information for the submitters; Pathologists can request tests to be performed, and setup & generate the final report that is sent to the submitters; Technologists can view the pending tests, setup the experiment, and enter the results.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not share PII.  The system, in the form of report, only discloses the decedent’s or patient’s name, if known, to the health official(s) that submitted the specimens to IDPB.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The system collects specimen and case information related to confirmed or suspected pathogens. (2) The data is used internally by IDPB staff members and consists of, for the most part, PII text data related to cases submitted to IDPB for testing of infectious diseases. (3). The information contains PII. (4) The information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  All information is obtained at the State Health Department level.  CDC does not interact with any individual and therefore all responsibility for patient notification resides with the State.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This is an internal facing system on the CDC network behind the firewall with no interconnections to any other outward facing system. CDC users go through yearly Computer Security training to address basic computer security issues. The DB is housed in a secure environment.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/15/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PedNSS/PNSS Data Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/7/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  09-20-01-03-02-9121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Pediatric Nutrition Surveillance System (PedNSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Karen Dalenius
10. Provide an overview of the system:  The PedNSS collects clinic data for children <20 years of age, primarily for children age <5 years, from state, territorial and Indian Tribal Organizations WIC and other public health programs around the country; logs incoming files and performs extensive editing on the file records; produces data quality reports detailing the results of the edits and transmits those reports back to the contributors; merges the edited data into master files in a SQL Server data warehouse; and produces and publishes statistical reports, and graphics/maps based on aggregated data from the data warehouse.  Locate a system overview on our website at http://www.cdc.gov/pednss.

We use the term “contributor” to refer to the state and territorial health departments and Indian Tribal Organizations (ITO’s) that submit data to the PedNSS.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system shares PII only with an original PedNSS contributor when that contributor requests copies of their cleaned and edited files. If non-contributors request PedNSS records, the following fields are stripped from the files: State and Substate, Clinic code, Date of Visit, Date of Birth and ID.  If a non-contributor needs one or more of these fields on the PedNSS files, they must obtain written permission from the contributor(s) whose records they are requesting. Identifiers are stripped at the request of contributors. Under FOIA requests data that are identifiable to a specific individual are protected from disclosure.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.     The following critical and core fields are currently populated on most PedNSS records and/or have been populated on PedNSS records in the past: State Code, Substate Code, Clinic/School Code, County Code, Source of Data, Record Type, Date of Visit, Child’s Alphanumeric Identifier, Date of Birth, Sex, Race/Ethnicity, Household Size, Household Income, Birthweight, Height, Weight, Date of Height/Weight Measure, Hemoglobin, Hematocrit, Date of Hemoglobin/Hematocrit Measure, Currently Breastfed, Ever Breastfed, Length of Time Breastfed, and Date of Most Recent Breastfeeding Response.  The following supplemental fields are currently populated on most PedNSS records and/or have been populated on some PedNSS records in the past: Zip Code, Migrant Status, WIC/Food Stamp/Medicaid/TANF Participation, Introduction to Supplementary Feeding, TV Viewing, Household Smoking, Cholesterol, and FEP.
2.     CDC uses this information to monitor trends in the prevalence of growth and nutrition-related health problems in children, and to provide summary data to contributors to assess coverage, targeting, and effectiveness of pediatric health programs.
3.     Information contains PII as indicated in part #1.
4.     Information provided voluntarily.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1.     If there is a significant change to the use of the data, individuals will be asked to sign a new consent form.
2.     PedNSS records are collected and submitted by state, territorial, and Indian Tribal Organization WIC programs, Medicaid (EPSDT) programs, and state MCH programs, all of which require informed consents to be signed by participants upon program enrollment.
3.     Participants sign written consent form
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII is secured following all applicable administrative, technical, and physical controls required by CDC & NIST. Details of these controls are provided in the System Baseline Worksheet.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/7/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC People Processing [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/7/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-1295-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM-GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1295
7. System Name (Align with system Item name):  CDC People Processing
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Krishen Kota
10. Provide an overview of the system:  The People Processing application will become the foundation application for development of an enterprise in- and out-processing and lifecycle system to better manage CDC’s growing global workforce. The application will track the in-processing, transfers, details and out-processing of individuals.  It will also verify clearance for logical and physical access to CDC resources.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Collects IIF on individuals in order to in-process them into the CDC, granting them logical and physical access to CDC resources. Emergency and contact information is voluntary, and is only used by emergency responders.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The agency collects people information to support the maintenance of a primary datastore/system of record for all people at CDC. This datastore supports other systems requiring source information on people. The information is used for administrative, security, IT and financial systems to determine active records for CDC staff. Emergency and contact information is voluntary, and is only used by emergency responders.  Submission of all IFF is voluntary.  Submission of basic IIF (name/address/ SSN) is required for employment.  Submission of emergency contact information is voluntary. The IIF is used for emergency preparedness and deployment for critical health and CDC-mission related activities only.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There is a process in place where the employee or contractor can verify the data.  The employee or contractor clicks on the “Validate” icon from within the CDC Neighborhood, which immediately updates People Processing. Through CDC Neighborhood, users are requested to review and then explicitly validate their information yearly. The system records the date of the user’s validation. The system also displays privacy and system usage information on the web pages.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII is secured using encryption and active directory authentication for specific users.  PII can only be accessed by authenticated users behind the firewall.  Access is limited by user roles and access ranges.  Contact and address information can only be entered and viewed by the user, unless the user has explicitly given permission to authorized admin staff to enter and update information.  Physical access to the hardware is monitored and controlled according to ITSO Network policies and procedures.

Yes IIF
Risk Analysis Date: February 4, 2010
E-Auth level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Performance Management Appraisal System (PMAS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1637
7. System Name (Align with system Item name):  Performance Management Appraisal System (PMAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Vanessa Palmore
10. Provide an overview of the system:  The Performance Management Appraisal System (PMAS) system measures employee’s performance by assigning ratings to performance standards.  The system uses a cascading concept to link performance requirements to HHS strategic Plan and the new “Top Twenty” (One-HHS Management and Program objectives).  The system identifies two critical element categories and has a multi-level rating system to facilitate performance distinctions.  A numerical system is used to derive summary ratings which will link awards to performance.  The system tracks employees’ personnel, rating and award allocation information. The system has extensive calculations in order to determine monetary award amounts given to employees receiving Exceptional or Fully Successful performance ratings.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Rating, Scores and Award information for employee’s receiving Exceptional and Fully Successful ratings is shared with Users, Supervisors, Top CDC Management Officials, PMAS Coordinators, Contractors, Budget Analyst, AHRC and HHS for entering ratings, budgeting and award processing.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Employee’s Rating, Scores and Award information for employee’s receiving Exceptional and Fully Successful ratings for award processing.   Name and other personnel information stored within the PMAS system is retrieved from the Official Personnel file EHRP, part of the Capital HR system.   The Capital HR system is defined and maintained by HHS.   PMAS must use and retrieve the information in the format provided.  Submission of Name is mandatory.  Employment Status is matched up against Capital HR.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Users are notified upon employment how their PII is going to be used within the CDC and is required as a condition of employment. Consent is gained during employee intakeUsers are notified upon employment how their PII is going to be used within the CDC and is required as a condition of employment. Consent is gained during employee intake. Users are notified upon employment how their PII is going to be used within the CDC and is required as a condition of employment. Consent is gained during employee intake.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF can only be accessed by authenticated users behind the firewall. Access is limited by user roles and access ranges. Name and other personnel information is retrieved from the Official Personnel file EHRP.
Physical access to the hardware is monitored and controlled according to ITSO Network policies and procedures.

IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 2/2/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Performance Measurement and Evaluation (PME) Webform [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/15/2007
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-8121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  PMET Terrorism Project Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Joseph Dell
10. Provide an overview of the system:  Provide a comprehensive description of the Low umbrella Minor Application’s function.  Attach application concept of operations, vision statements, and/or project justification documents if available. 
Prior to each reporting period, project milestones and success factors from the Health Impact.net database are imported into the COTPER PMET webform for projects to enter their updates. At the conclusion of each reporting period, the PMET enters their project analysis via the working webform.
At the conclusion of each reporting period, the PMET will publish an Operational Status Report for each project indicating project progress for the reporting period.

For more information please refer to the Webform Submission Guidance: http://intra-apps.cdc.gov/od/otper/spendplan/FY2007/docs/FY2007%20Reporting%20Period%203%20Guidance.pdf

The system architecture contains a web front-end with a Microsoft SQL backend which is hosted in the Designated Server Site (DSS) and managed by ITSO. 

While the data on the intranet site may be viewed by anyone within CDC, the target audience is the ~280 users within COTPER.  Users must be on the CDC network to access the Intranet.  No non-CDC users can access the Intranet. 

No Personally Identifiable Information (PII) is contained within the PMET system.  There are no system dependencies beyond the ITSO server which the system is hosted on.  The application does not generate any reports nor does it share any information across other federal agencies.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No IIF or PII is collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No information is collected, only disseminated.  No PII is involved.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M. Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/4/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PERLC 2.0 External Program Activity Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/24/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC #1739
7. System Name (Align with system Item name):  CPHP External Program Activity Database (CPHP DB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Josh Giles
10. Provide an overview of the system:  The CPHP External Program Activity Database is a web-based tool that allows CPHP Project Officers and CPHP Grantees (external to CDC) access to electronically view, update, and add activity information such as activity descriptions, community partners and audiences, evaluation information, and progress.  Project Officers can view a list of all CPHP activities or filter the list of activities based on several parameters.  Database capabilities allow refinement of searches to see detailed information on individual activities.  Project Officers and Grantees will have the ability to edit activities, add new activities, and cancel activities.  These functions provide a one-stop-shop for tracking and reporting that enhances CDC’s ability to manage program activities and provide leadership at CDC, DHHS, and other agencies, transparency into the activities and accomplishments of the CPHP program.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.) The system will collect the following information regarding a Center’s Preparedness activities: 
·          A comparison of actual accomplishments to the objectives established for the period. Where the output of the project can be quantified, a computation of the cost per unit of output may be required if that information will be useful.  The reasons for slippage if established objectives were not met.
·          The reasons for slippage if established objectives were not met.
·          Additional pertinent information including, when appropriate, analysis and explanation of cost overruns or high unit costs.
·          Significant developments. Events may occur between the scheduled performance reporting dates which have significant impact upon the grant or subgrant supported activity. In such cases, the grantee must inform the Federal agency as soon as the following types of conditions become known:
·          Problems, delays, or adverse conditions which will materially impair the ability to meet the objective of the award. This disclosure must include a statement of the action taken, or contemplated, and any assistance needed to resolve the situation.
·          Favorable developments which enable meeting time schedules and objectives sooner or at less cost than anticipated or producing more beneficial results than originally planned.
·          Contact information incase the Project Officer needs to get in touch with the Activity owners.

2.) Used to evaluate the Centers for Public Health terrorism and emergency preparedness activities to strengthen preparedness by linking academic expertise to state and local health agency needs.

3.) Grantee contact information is gathered (Business IIF):  Name, work email, work address, and work phone number

4.) Business IIF collected from the system is mandatory
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1.) Users will be notified (via email) by the CPHP Project Officers of any changes to the System

2.)  The user will select a consent notification before they are allowed access the system.

3.) Electronic notice submitted via the application
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All information will be stored on the CDC MTDC network.
Access to the system will be based on user authentication (user name and password), allowing only a pre-determined list of user access to the system.  Physical and additional technical controls are handled by ITSO and OSEP per appropriate C&A security controls.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Pesticide Sample Tracking, Analysis, and Reporting System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 

Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9623-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1496
7. System Name (Align with system Item name):  Pesticide Sample Tracking, Analysis, and Reporting System (PSTARS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Rollins
10. Provide an overview of the system:  Pesticide Sample Tracking, Analysis, and Reporting System (PSTARS) is a form of a Lab Information Management System (LIMS).  The system is non-web based and is designed to track samples from receipt through reporting.  The samples are received from the National Center for Environmental Health (NCEH)/ Division of Laboratory Sciences (DLS) Sample Logistics section along with a printout of sample IDs.  The sample IDs are then transferred to an Excel spreadsheet for importing to PSTARS.  Sample IDs are associated with a Study, Lab Method, and Matrix upon import.  Samples are tracked through the laboratory process in PSTARS for creating Runsheets, cleanup, creating an Excel Sequence for importing to the lab instruments, importing Excel spreadsheet result data from lab instruments, and exporting formatted results to a spreadsheet.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  The system contains no PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1)    PSTARS tracks samples received from the National Center for Environmental Health (NCEH)/ Division of Laboratory Sciences (DLS) and exports results data.
(2)    PSTARS is used as a Lab Information Management System (LIMS).
(3)    PSTARS does not contain PII.
(4)  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  PSTARS does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system contains no PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PHIN Directory (PHINDir) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1686
7. System Name (Align with system Item name):  Public Health Directory (PHINDIR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Darlyne Wright
10. Provide an overview of the system:  The PHINDIR is a centralized repository for public health information and is the CDC’s implementation of a Directory in support of PHIN requirements. It is designed to enhance the communication abilities of public health agencies by facilitating access to accurate contact information.

This includes information about people in public health, their jurisdictions and organizations; attributes used by agency applications to make authorization decisions; and data specific to particular public health systems. Information about people includes their contact information; the roles they have in public health; other application-specific roles they may have for a particular application; their areas of expertise; and the languages, degrees, relationships, and licenses they have. Jurisdiction information includes their types and relationships to other jurisdictions. Organization information includes their locations, contacts, and contact information. Authorization attributes include information about people (i.e. role, jurisdiction, organization, etc.) that can used by applications to determine allowed actions within their systems. Customized data attributes are also defined and implemented on a per-application basis.

PHINDIR consists of tables containing both the data and the relationships that exist between the data elements, which can be conceptualized as a series of trees.  Trees can be public, application-specific, template, or backup.  The PHINDIR tree is a public tree and contains a structure of jurisdictions, sub-jurisdictions, and organizations.  An application with read-only access to the Directory that does not need a specific tree structure could simply access the PHINDIR tree for information.  Another application with different needs might require an application-specific tree that is structured to provide information the way that application requires it.  An application-specific tree may or may not share common characteristics with other trees.  Template trees can be “cloned” for an application’s use as needed.

Navigation through a tree is accomplished using the concept of nodes.  Nodes can be mapped to jurisdictions, organizations, or an application-specific grouping.

When the PHINDIR Administrator creates a tree, a record is added to the tree table and the root node of the new tree is created.  An Application Administrator and Registrar can then be assigned to this root node.  The Application Administrator is tasked with the responsibility of managing the application’s tree, designing the structure it will take and adding nodes beneath the root to attach jurisdictions, sub-jurisdictions, organizations, and application-specific node types as needed.  The Registrar is tasked with the responsibility of managing information about the users of the application. 

Users can be assigned to any node in the tree and can be assigned a role at that node.  In this way, people can be mapped to the organization(s) they work with. 

There are three types of roles -- secured, common, and application specific.

Secured roles include the PHINDIR Administrator, the Owner, the Application Administrator, and the Registrar.  The PHINDIR Administrator is a “super user” responsible for creating trees, managing the PHINDIR tree, and managing the controlled vocabulary, jurisdictions, and roles.  The PHINDIR Administrator can also maintain an application’s tree and users, if needed.  The Application Administrator manages the application tree, and can maintain the people associated with that application, if needed.  The Registrar manages the people on the application tree, including maintaining their contact information and roles. 

The Owner is a specialized secured role.  Normally, a Registrar of any application that has a person assigned to their tree can update that person’s contact information.  If an application’s information collection process is unusually robust, the PHINDIR Administrator may grant the applicatio
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  With whom and for what purposes:
STARRS – – People, Organizations, and Jurisdictions along with their associated relationships will be stored in the centralized repository. This reduces the data duplication issues with data throughout the CDC. Application authorization decisions will be made based on information stored in the repository.
CRA – People, Organizations, and Jurisdictions along with their associated relationships will be stored in the centralized repository. This reduces the data duplication issues with data throughout the CDC. Application authorization decisions will be made based on information stored in the repository.

Public Health Partners Portal – Public Person, Organization, and Role information will be made available to portal users (SDN users) including partner and agency personnel for white pages functionality.
CDC Alerting– Alerting Public Person, Organization, Jurisdiction, contact and Role information will be made available to the CDC Alerting system for the purpose of alerting Federal, State and Local people within Jurisdictions.

PHINDIR Management App – Person, Organization, Jurisdiction, and Role information will be maintained using this application.  Users with appropriate rights will be able to add and maintain data using this application.
Directory Exchange with Partners – In a future release, directory exchange will be implemented with our state and local partners.

IIF shared:
Personal Information:
Name

Mailing address
Phone numbers (e.g., phone, fax, and cell) Business only
E-mail address
Other: Home phone may be captured for certain people in the directory needing to be alerted during off hours. This information is protected and only made available to certain systems requiring this information (i.e. Alerting Systems)
Other: We keep track of a person’s degrees and licenses. The information is limited to the name and type of degree and/or license. We don’t capture or maintain detail information about degrees and/or licenses
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1 - No notification is made to individuals listed in PHINDIR when changes occur in the system.
2 – Any personal (non-work) information) provided by an employee or partner system is done so voluntarily.
3 – Personal information is available through PHINDIR on a ‘need to know’ basis.   Only individuals who have been granted secured roles in PHINDIR have access to any personal information about anyone other than themselves.  The systems which receive data from PHINDIR are also tasked with protecting it from other than secured users via our Rules of Behavior. 
4 – Any personal (non-work) information) provided by an employee or partner system is done so voluntarily.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1 - No notification is made to individuals listed in PHINDIR when changes occur in the system.
2 – Any personal (non-work) information) provided by an employee or partner system is done so voluntarily.
3 – Personal information is available through PHINDIR on a ‘need to know’ basis.   Only individuals who have been granted secured roles in PHINDIR have access to any personal information about anyone other than themselves.  The systems which receive data from PHINDIR are also tasked with protecting it from other than secured users via our Rules of Behavior.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII data is secured physically by being housed in secure locations requiring identification badges and key cards.  Guards and closed circuit TV are in place.  Access from outside of CDC is controlled by use of secure access through SDN.  Access from inside of CDC uses Active Directory authentication.  Also, all users of PHINDIR must have secured roles in order to access the data.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PHIN National Environmental Health Tracking Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/17/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-01-0615-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC #: 615
7. System Name (Align with system Item name):  CDC National Environmental Public Health Tracking Network (NEPHTN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Craig Kassinger
10. Provide an overview of the system:  National Environmental Public Health Tracking Network (NEPHTN) is a web-based Survey and Analysis Information System that provides a “one-stop” resource for identifying data specifically related to understanding environmental-health interactions.  NEPHTN supplements and leverages the work others have done to add to and enhance the knowledge base of environmental contributions to health outcomes.  NEPHTN provides the means to identify, access, and organize hazard, exposure, and health data from these various sources.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) NEPHTN collects and shares electronic health and environmental data. 

(2) NEPHTN provides the means to identify, access, research and organize hazard, exposure, and health data from various sources.

(3) No.  The system does not contain any PII.

(4) N/A.  The system does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1) N/A.  The system does not contain any PII.

(2) N/A.  The system does not contain any PII.

(3) N/A.  The system does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain any PII.
EAAL = N/A
Risk Analysis Date = 5/10/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  6/21/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PHIN Vocabulary Access and Distribution System (PHIN VADS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  2/2/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-01-0908-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  None
5. OMB Information Collection Approval Number:  None
6. Other Identifying Number(s):  ESC# 1529
7. System Name (Align with system Item name):  Public Health Information Network Vocabulary Access and Distribution System (PHIN VADS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Toby Slusher
10. Provide an overview of the system:  PHIN VADS is a web-based enterprise vocabulary system for accessing, searching, and distributing vocabularies used within the PHIN. It promotes the use of standards-based vocabulary within PHIN systems to support the exchange of consistent information among Public Health Partners. Access and view vocabularies in the context of public health with file download options for Value Sets, Value Set Concepts, Code Systems, and Code System Concepts available in a tab-delimited text, Excel, or XML format. PHIN VADS provides standard vocabularies to CDC and its Public Health Partners in one place
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PHIN VADS does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system will collect,  maintain, and disseminate public health vocabulary data as Value Sets, Value Set Concepts, Code Systems, and Code System Concepts. This information promotes the use of standards-based vocabulary within PHIN systems to support the exchange of consistent information among Public Health Partners. This information does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  PHIN VADS does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PHIN VADS does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/2/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PHIN: Countermeasure and Response Administration System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/25/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-1101-00-110-218
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136, “Epidemiologic Studies and Surveillance of Disease Problems,” and 09-20-0113, “Epidemic Investigation Case Records.”
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Countermeasure Response Administration (CRA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John Lindsey
10. Provide an overview of the system:  CRA (Originally Pre-Event Vaccination System) was created by NCPHI to assist in collecting the required data from the Grantees behind the CDC Secure Data Network (SDN).  The SDN requires the use of a digital certificate for access to the application.  Further, the CRA application also requires a userid and password.  Each user is assigned various roles which determine what data the user has access to and what functionality they have.  The application allows entry of organization data, patient data, vaccination data, vaccine batch data, and access to various reports.  CRA also allows Grantees to upload full sets of their data if they have a system that provides similar functionality to CRA.  Non-identified data entered in the CRA application is combined with similar data that is uploaded and shared with the NIP datamart.  The data in the datamart is used to create various aggregate reports for the Grantees and for internal research at CDC.participating in the program.  CRA is a web-based application that is hosted.

The Countermeasure and Response Administration (CRA) system is a Web-based  application that tracks patients and the countermeasures they receive during a public health event.  CRA enables Global Administrators and Public Health Administrators to quickly set up the system, define parameters to tailor the system (including a field for the SSN), to input patient information and countermeasures, send/receive data, report aggregate counts, run reports, generate extracts, and view maps.  When an event needs to be added to CRA, Global Administrators and Public Health Administrators are authorized to perform this task.  A Global Administrator is a CDC representative responsible for supporting the system and providing assistance to jurisdictional users. He/she has full access rights to all CRA functionality and access rights to the data of all jurisdictions.  A Public Health Administrator maintains administrative information for the top-level jurisdiction and may maintain jurisdiction, organization, staff, and user data for partner jurisdictions and subordinate jurisdictions.  A CDC user is a CDC representative who is authorized to view and run reports at the partner jurisdiction level (these reports do not identify patients or organizations). 
When an event needs to be added – the following information can be collected: entering the basic information (event name, start date, end date, etc.), configuring aggregate groups, configuring countermeasures, configuring group contact information for group dispensing, deciding which patient demographic fields will be displayed (including SSN), and in which order, when adding patients to the event (optional), assigning jurisdictions and organizations to the event, and specifying that the event is ready for synchronization.   When an event is added, a field for SSN can be selected and SSNs can be collected for this event.  CRA does have the potential to collect SSNs if the authorized user requests this field. In CRA when creating the layout for the patient countermeasure fields that display when adding patient countermeasures to CRA, the person configuring the event  might choose to create user-defined fields to meet their  particular requirements, so the user could add SSN anyway. We have included it at the request of the user groups.
CRA collects staff and public health official IIF for the purpose of identifying individuals who have come into contact with infected persons.  This enables Public Health Officials to coordinate dispensing vaccinations and medications by officials who have already had physical contact with infected person and to inform and contact public health officials in cases where they may have unknowingly come into contact with infected individuals. 

CRA collects patient IIF for the purpose of following up and giving necessary vaccinations, medications, and potentially quarantine infected individuals and to monitor the progress of said individuals
Per
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  CDC/NIP Datamart: To create various aggregate reports for the Grantees and for internal research at CDC
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.      CRA collects, maintains, and disseminates grantee organization name, patient countermeasures records (e.g., vaccination, medications), and PII in terms of Patient demographics. The PII will vary from event to event (an anthrax event is different from H1N1, for example), and is determined by the grantee organizations. In configuring an event, the grantees can select among a predetermined list of data categories, including PII; this list no longer includes SSN. (See Appendix A for additional discussion of SSN in CRA.). The grantee can also choose to elicit additional data using a User Defined Fields feature. PII that may be included, based on the grantee’s needs include name (for purposes other than contacting federal employees); date of birth; social security number (SSN); driver’s license; personal mailing address; personal phone numbers; medical records numbers; medical notes; personal email address; employment status;  ethnicity; gender; and & passport number.  More detail below
·         CRA enables Global Administrators and Public Health Administrators to quickly set up the system, define parameters to tailor the system (including a field for the SSN), to input patient information and countermeasures, send/receive data, report aggregate counts, run reports, generate extracts, and view maps.  When an event needs to be added to CRA, Global Administrators and Public Health Administrators are authorized to perform this task.  A Global Administrator is a CDC representative responsible for supporting the system and providing assistance to jurisdictional users. He/she has full access rights to all CRA functionality and access rights to the data of all jurisdictions.  A Public Health Administrator maintains administrative information for the top-level jurisdiction and may maintain jurisdiction, organization, staff, and user data for partner jurisdictions and subordinate jurisdictions.  A CDC user is a CDC representative who is authorized to view and run reports at the partner jurisdiction level (these reports do not identify patients or organizations)
·         When an event needs to be added – the following information can be collected: entering the basic information (event name, start date, end date, etc.), configuring aggregate groups, configuring countermeasures, configuring group contact information for group dispensing, deciding which patient demographic fields will be displayed, and in which order, when adding patients to the event (optional), assigning jurisdictions and organizations to the event, and specifying that the event is ready for synchronization.   CRA does have the potential to collect SSNs if the authorized user requests this field. In CRA when creating the layout for the patient countermeasure fields that display when adding patient countermeasures to CRA, the person configuring the event might choose to create user-defined fields to meet their particular requirements, so the user could add SSN anyway.
2.     The data collected by CRA comes from CRA grantees.  CRA is an emergency preparedness and response asset useful for any event involving tracking of vaccine administration, dispensing of pharmaceuticals and medical materiel, or implementation of social distancing measures.  CRA supports analysis of safety, coverage, and effectiveness during an event which improves patient outcomes.  More detail below.
·         CRA collects staff and public health official IIF for the purpose of identifying individuals who have come into contact with infected persons.  This enables Public Health Officials to coordinate dispensing vaccinations and medications by officials who have already had physical contact with infected person and to inform and contact public health officials in cases where they may have unknowingly come into contact with infected individuals. 
·         CRA collects patient IIF for the purpose of following up and giving necessary vaccinations, medications, and potentially quarantine infect
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  CRA does not have any processes in place to notify or obtain consent from individuals whose PII has been provided to CRA. CRA receives data per the Privacy Rule.  CRA does not notify or obtain consent from individuals regarding what PII is being collected from them. The information in CRA includes: entry of organization data, patient data, vaccination data, vaccine batch data, and access to various reports.  CRA also allows Grantees to upload full sets of their data if they have a system that provides similar functionality to CRA.  Non-identified data entered in the CRA application is combined with similar data that is uploaded and shared with the NIP datamart.  The data in the datamart is used to create various aggregate reports for the Grantees and for internal research at CDC.
However, the data sent to CRA comes from CRA grantees.  The grantees are HIPAA covered entities and are responsible for providing notice to individuals of the use of their data within the CRA program.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is subject to CDC Certification and Accreditation process, and is accredited as a moderate system. It uses PKI to secure logins, complies with CDC policies and requirements for technical security, and is located in a physically secure area.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PHITPO Informatics Research and Development Lab (IRDlab) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/8/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  PHITPO Informatics Research and Development Lab (IRDLab)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tom Savell
10. Provide an overview of the system:  The PHITPO Informatics (formerly NCPHI) Research & Development Laboratory (IRDLab) was created in 2007 to meet the need for on-going informatics-related research and development activities, both within the National Center for Public Health Informatics and to other CDC entities that seek to perform informatics research. Specifically, the lab supports activities such as: rapid prototyping and testing of hardware and software solutions, hosting of demonstration software and hardware, responding to public health emergencies, and temporary response to ameliorating technical barriers within the CDC network.   Due to CDC policy, technology, and security constraints- this lab was created as an entity separate from the standard CDC network.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  IRDLab does not contain PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The IRDLab will be used for many testing purposes.  At no time will it contain sensitive information and will only collect, maintain or disseminate test data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  IRDLab does not contain PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IRDLab does not contain PII
PII No
E- Auth Level = Yes
Risk Analysis date 08/02/10
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  10/14/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PMAP Reporting (PMAP R) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/13/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-2OPM/GOVT-2
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1836
7. System Name (Align with system Item name):  PMAP Reporting
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Vanessa Palmore
10. Provide an overview of the system:  PMAP Reporting System is designed to view and summarize employee’s personnel rating and award allocation information via a web-interface.  The system is programmed using Statistical Analysis System (SAS) and it is a read only application.
Data can be summarized by Coordinating Center, Chief Information Office (CIO), Division and Branches.  The data shows completion information and percentages of employees who have PMAP plans developed and rated.  The system shows the type of rating an employee received and whether the employee was eligible for a QSI, Cash or Time-Off award.  The report also shows demographic information relating to employees in particular Pay-Plans, Grades and Series.
The system displays Pay-Out Dollar estimates for employees who received fully successful and exceptional ratings.  Employees receiving fully successful ratings are eligible to receive cash awards up to 2% of the earned actual salary for the rating year and exceptional employees are eligible to receive 2.5 to 5% of the actual earned salary for the rating year.  Exceptional employees may also be eligible for Quality Step Increase awards.  Dollar estimates may also include Federal Insurance Contributions Act (FICA) taxes of 7.65%.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Yes, Employee name, rating and award information is shared with AHRC who sends the PMAP rating and award information to HHS via the PMAP Statistics role.  This is a restricted role based upon access via MISO’s RBAC application and is shared with PMAP Raters and Reviewers, PMAP Coordinators, Top management Officials and AHRC.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Employee’s Rating, Scores and Award information for employee’s receiving Exceptional and Fully Successful ratings for award processing.   Name and other personnel information stored within the PMAP Reporting system is retrieved from the Official Personnel file EHRP, part of the Capital HR system.   The Capital HR system is defined and maintained by HHS.   PMAP Reporting must use and retrieve the information in the format provided.  The Capital HR system is the main personnel system for FTEs.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Users are notified upon employment how their PII is going to be used within the CDC and is required as a condition of employment. Consent is gained during employee intake
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Access to PMAP reporting is controlled by the FAME application which is admin code driven. The system is located within a locked room w/ guards posted in the lobby

PII Yes

E auth N/A

Risk date 7/22/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/18/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PME WebForm (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/24/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID 1502
7. System Name (Align with system Item name):  Performance Measurement and Evaluation (PME) Webform
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Josh Giles (ewa8)
10. Provide an overview of the system:  At the start of each fiscal year, the Performance Measurement and Evaluation Team (PMET) requests a data extract from HealthImpact.net.  The data extract includes activity specific project plan information for each TPER-funded activity.  This information is then imported into the PME SQL database.
Following the import, the Deloitte IT team develops the webform. The webform includes information specific to each activity’s project plan, as well as general questions for significant accomplishments, post-award requirements, and anticipated funding obligations.
The PMET disseminates the webform each Reporting Period to activity leads, contacts, and budget analysts via an e-mail with a link to the webform. Activity leads and contacts are given three weeks to complete and submit the webform for their activity.
Following each Reporting Period, the PMET analyzes the updates provided by each activity and requests additional information when needed. The activity updates and PMET analysis are then used to create the Operational Reports which depict progress for each individual activity.
The current data collection process and reports offer several limitations.  The data import from HealthImpact.net requires significant coordination with MISO and any changes made to HealthImpact.net following the extract are not reflected in the webform. 
The webform itself is limited by its current platform. The current webform is a single page that the user must scroll through to complete all updates.  For larger activities, the webform is quite lengthy and it is difficult to distinguish the individual sections of the webform. In addition, the current webform does not support validation increasing the likelihood that submissions will be incomplete. To compensate for any missing information, the PMET requests additional information from any activities submitting incomplete webforms.
Aside from the Operational Reports, the current platform does not offer any other reporting capabilities. When additional reports or information are needed, the PMET must manipulate and format the information outside of the database and reports.
All of these factors lead to an inefficient process of collecting data and limited reporting capabilities.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system will collect progress information for TPER-funded activities across the CDC, such as:
Activity analysis
Milestone progress
Significant developments
Risk and Issues
Federal contact information
Publication or manuscripts
Financial Obligations
IT components 
Research Requirements
External Peer Review

Used to evaluate TPER-funded activities
Federal Contact PII only
N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII Collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No PII
Risk Analysis date: 3/1/2010
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/24/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Podcast (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1465
7. System Name (Align with system Item name):  Podcast
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  Web site used to promote and distribute CDC podcasts, video podcasts and RSS feeds to the public.  External site will allow visitors to listen to or watch CDC podcasts on line in a web browser or subscribe to the podcasts RSS feed through iTunes or another podcatcher/RSS reader software.  Full transcripts will be stored and will allow users to search all podcast transcripts.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
Risk Analysis Date = March 28, 2007
E-authentication assurance level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Polio Entero Virus Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/24/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9621-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  POAM to be created
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1599
7. System Name (Align with system Item name):  Polio Entero Virus Database (EVDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Wendi Kuhnert
10. Provide an overview of the system:  The EVDB was designed to support the accessioning, testing, tracking, results recording and reporting for all specimens processed by the Entero viruses Laboratory. The laboratory functions as one of the global specialized laboratories within the Global Polio Laboratory Network; thus, the majority of the diagnostic samples received are in support of the Global Polio Eradication Initiative (GPEI). The GPEI dictates the dataflow for polio specimens, including the need to track the original case-based unique identifier, track the unique laboratory-assigned, specimen-based numbers that have been assigned at non-CDC labs, and report results in the context of the epidemiologic data that must also be captured.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII information is shared.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Collect basic clinical data and specimen identifiers pertaining to patients whose Clinical specimens are to be tested.  The information is submitted by the physician, hospital, or public health agency.  Submission of PII is voluntary on their part.  Contains name and DOB.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1. There is not a process in place to notify individuals if major changes occur to the system.
2. CDC does not collect PII from individuals, it is obtained by submitter. Consent is given to the submitter.
3. No PII data is shared
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The backend storage, which is SQL Server, will be protected through explicit account creation for those authorized to access the data.  The security of the SQL Server is provided by ITSO SQL group.  ITSO Change Management porocedures are followed
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/24/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Position Description Library [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  10/28/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-09-02-0540-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 540
7. System Name (Align with system Item name):  Position Description (PD) Library
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug Correll
10. Provide an overview of the system:  
PDL is a Web-based central repository for position descriptions. The system was designed in close collaboration with AHRC so managers could easily access position description templates or modify existing PDs within the repository and electronically submit them to AHRC for approval. It’s simple design and ease of use has made it one of our most popular applications. The system provides extensive sort and search capabilities and can store any number of associated documents such as evaluation plans, crediting plans and performance plans.
13. Indicate if the system is new or an existing one being modified:  Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC Position Descriptions. Information does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Poxvirus Freezer Inventory [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/5/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1761
7. System Name (Align with system Item name):  Pox Virus Freezer Inventory Program (PVFI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Inger Damon
10. Provide an overview of the system:  *10. Provide an overview of the system:  Pox Virus Freezer Inventory Program is an internal facing application that is designed to provide placements for scabs in the lab.  PVFI is an internal client server application developed in Visual Basic 6 that connects to an internal SQL server. This information will be generally available to interested parties through an Intranet based interface.  These contents will be managed through an Intranet-based interface accessible only within the CDC network and by users with appropriate User ID and Password access. The application is utilizing Microsoft Structured Query Language (SQL) Server platform for data storage and management.  The systems SQL Server database is located on server SQP-CON4\QSRV2 at Chamblee.
These specimens are shipped from researchers, state or local health departments. All entries consists of required fields to fill out which are marked with a red circle.  There are Drop-Down menus that are located throughout the form to help facilitate filling in the fields with minimal typographical errors.  If applicable any additional information you have should be placed in the comment field as well.  After filling in all the required fields and saving your data entry a user must find a place in inventory for the specimen by selecting option “search all”.  After a selection has been made PVFI will determine where to house the specimen.   Pox Virus Freezer Inventory Program can remove a specimen by accessioning number this operation will remove all specimens from freezer.  This system can relocate an entire Freezer if required in order to do so you will have to change the freezer name and by doing so, you will relocating an entire box works, but you have to move these boxes between freezers.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = December 15, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/18/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PPB Information Portal/PPB Grantee Management System (PIP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/29/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  PPB Information Portal/PPB Grantee Management System (PIP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Stanley Phillip
10. Provide an overview of the system:  The PIP environment (formerly called Prevention Program Branch Support System (PPBSS)) was established in 2005 to address the recommendation of the McKing Consulting Firm for system automation within the Prevention Program Branch.  Z-Tech developers created a general support system that will operationally support the future development of PPB applications.  The system consists of a web server and an SQL server data repository that supports not only data collection, but, additional administrative and reporting needs for the branch.  The development of PIP has facilitated the move from all paper field processes for grantee files to automated processing of information, thereby increasing system efficiency.  The application is only accessible on the CDC intranet.
The primary purpose of PIP is to process and manage grantee information and make such information available to all PPB staff, both on and off site.
The functions of the PIP environment will be as follows:
•        Data collection
•        Manage Grantee information
•        Manage Agency information/contacts
•        Manage proposed target populations
The majority of applications that will be operating within the PIP environment will have data flows as detailed below:
•        User inputs information into system
•        User manages collected information
•        User runs reports to review submitted information
Manual processes within PPB have already been identified and plans to develop applications to replace those processes have already been documented.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  PIP collects various business related information from Community Based Organizations and State Health Departments. This information is used to help them determine if an organization should be provided grant funding.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/29/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PRAMS Integrated Data Collection System (PIDS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/13/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0160
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1482
7. System Name (Align with system Item name):  PRAMS Integrated Data Collection System (PIDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Aspy Taraporewalla
10. Provide an overview of the system:  Pregnancy Risk Assessment Monitoring System (PRAMS) is an ongoing state-specific, population-based surveillance system designed to monitor selected maternal behaviors and experiences that occur before, during, and after pregnancy among women who deliver live-born infants. 
PRAMS Integrated Data Collection System (PIDS) is a project that will integrate SugarCRM Professional and IBM SPSS Data Collection. PIDS will replace the current PRAMS surveillance system.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  PII is not shared outside of the state users of the system. PII is gathered for the purpose of making contact with mothers having a recent live birth.  Names, addresses, and telephone numbers are loaded into the system by the state to support mailings and telephone contacts.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   The agency will collect names, addresses, and telephone numbers of mothers having a recent live birth.  Access to this information shall be controlled so that it is only available to the state users that submit the information and other state users with delegated authority to access the information. 
2)   CDC will house the information to centralize and standardize the process by which states make mail and phone contacts with mothers selected to receive the PRAMS survey. 
3)   Information will include PII (names, addresses, and telephone numbers). 
4)   Submission of PII is done by the state and not the individual.  Submission is voluntary, but may be necessary for the full functionality of the system to work for the state.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1)   None. PII is not collected directly from individuals.
2)   Individuals contacted in association with the program are notified of their inclusion in the study and of protections to ensure that their information is kept private to the extent permitted by law. 
3)   The PII will not be shared outside the system. PII is not maintained in the system beyond the protocol period for making contact (currently about 90 days).
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The PII is secured following all applicable administrative, technical, and physical controls required by CDC & NIST.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/13/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PRC Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/29/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9022-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC DACH PRC MIS (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  System to record funded Prevention Research Centers research activities.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Prevention Research Synthesis (PRS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/9/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-1000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1323
7. System Name (Align with system Item name):  Prevention Research Synthesis (PRS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  David Purcell
10. Provide an overview of the system:  HIV/AIDS Prevention Research Synthesis (PRS) Application is a project designed around a Microsoft SQL database consisting of all HIV/AIDS, social and policy prevention intervention studies to meet the needs of HIV prevention researchers, service providers and users, planners, policy makers and others. The PRS project has several aims:

1.       To permit systematic reviews that address the population, intervention, study design, setting and outcome factors associated with intervention effectiveness;
2.       To identify methodologically rigorous studies that have significant positive results; and
To identify gaps in the existing research and directions for future study.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/10/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Progeny v 8.0 (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Progeny v 8.0
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Keith Story
10. Provide an overview of the system:  Progeny is a complete genotype data management system for whole genome association, targeted or linkage studies.  Progeny tracks genotypic and phenotypic data in one centralized, secure database, with ability to manage genotypes, samples, plates, SNP/STR maps, and output to analysis packages.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Genetic data that have coded identifiers will be submitted, maintained, and disseminated.  These data have been collected by NCBDDD and Centers for Birth Defects Research and Prevention grantees and will be used in the study of birth defects.  No PII is linked to these data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/17/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Program Annual Progress Assessment [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/17/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-04-00-02-1036-00-402-124
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1036
7. System Name (Align with system Item name):  Program Annual Progress Assessments (PAPA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Karron Singleton
10. Provide an overview of the system:  PAPA is a Point of contact (POC) Business communications portal for Grants.  It is a SDN Web-based data collection application which is used by 64 grantees (States, US territories and several US cities) health Departments.  PAPA collects data the grantees are required to provide each year as a part of their grant conditions.  The system provides an electronic interface for the grantees to enter program data on various immunization programs and public health area.  Some of the services PAPA provides uniquely identify grantees through the use of grantee-specific id/Password via SDN.  It has menu driven access to all report sections, dated stamped input, transaction logs, and logical and clerical data validity checking prior to submission.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  ONLY represents federal contact data
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII.
EAAL = 1
Risk Analysis Date = April 6, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  6/21/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Progress Reporting System (PERRC) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/9/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID # 1903
7. System Name (Align with system Item name):  PERRC Progress Reporting System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Josh Giles
10. Provide an overview of the system:  The PERRC Reporting Application is an Internet-based (ASP.Net) tool that allows ERPO Project Officers to electronically view information collected from each PERRC regarding the Center’s s research activities.  The web application will allow ERPO Project Officers the ability to monitor the progress of each PERRC throughout the program lifecycle.  No SSN will be collected via the application.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1.) The system will collect the following information regarding a Center’s Preparedness research projects: 
·          A comparison of actual accomplishments to the objectives established for the period. Where the output of the project can be quantified, a computation of the cost per unit of output may be required if that information will be useful.  The reasons for slippage if established objectives were not met.
·          Leveraging CDC expertise to provide grantees with program guidance and technical assistance
·          Collecting and documenting key findings, publications, trainings, and other products produced as a result of OPHPR funding
·          Sharing success stories, lessons learned, and best practices with partners, other academic institutions, and state and local health agencies
·          Responding to program inquiries from congress and other external sources
·          Facilitating collaboration between grantees, CDC, state and local health agencies, and other public health partners
·          Significant developments. Events may occur between the scheduled performance reporting dates which have significant impact upon the grant or subawardee supported activity. In such cases, the grantee must inform the Federal agency as soon as the following types of conditions become known:
·          Problems, delays, or adverse conditions which will materially impair the ability to meet the objective of the award. This disclosure must include a statement of the action taken, or contemplated, and any assistance needed to resolve the situation.
·          Contact information in case the Project Officer needs to get in touch with the Activity owners.

2.) Used to evaluate the research Centers and connect public health with scientists involved in business, engineering, legal, and social sciences fields to incorporate multiple perspectives into preparedness and response research, which can be used to strengthen our nation’s response capability


3.) Grantee contact information is gathered (Business IIF):  Name, work email, work address, and work phone number


4.) Business IIF collected from the system is mandatory
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1.) Users will be notified (via email) by the ERPO Project Officers of any changes to the System

2.)  The user will select a consent notification before they are allowed access the system.

3.) Electronic notice submitted via the application
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Project Planning and Budget Itegration Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-1479-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1596
7. System Name (Align with system Item name):  Project Planning and Budget Integration Database (Vertical Planning)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Karen Stamey
10. Provide an overview of the system:  In order to provide consistency for planning and budget integration across the Center, NCEZID has chartered a working group, composed of representatives from each division, to develop a central NCEZID database to be used as a management tool for vertical and horizontal planning, budget and planning integration, mapping branch projects to division, center, coordinating center and CDC goals, and that serves as a building block for future performance measurement processes. Use of this database enables a unified approach to expressing the public health priorities and impacts as measured by Center and CDC goals.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/31/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Project Profile System (PPS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/14/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1297
7. System Name (Align with system Item name):  Project Profile System (PPS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mary Campbell
10. Provide an overview of the system:  Project Profile is NCEH/ATSDR's system for initiating project-specific budget planning for the fiscal year. Project Profile primarily consolidates, standardizes, and centralizes the process of requesting and tracking funded projects. The system allows for the reconciliation between annual spending plans at the beginning of the fiscal year and the actual work conducted.

As fiscal year planning occurs, each division is given a chance to request their budget through projects entered in Project Profile. The data maintained in the system contains detailed information about the project, including project funding, project narratives, milestones, strategic planning data, intramural and extramural funding, etc.

Project Profile serves as an integral part of NCEH/ATSDR's budget planning management system. The system manages and tracks the Agency's budget and performance information throughout the year on a project-specific basis. The data is used to monitor planned and actual expenditures, to identify deviations from the spending plan, and to identify sources of funds available for distribution. The system also provides detailed and summary information for senior management to make appropriate budget decisions and provide required information to meet the needs of HealthImpact.Net.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  ) Budget requests and funding information

(2) The data is used to monitor planned and actual expenditures, to identify deviations from the spending plan, and to identify sources of funds available for distribution.

(3) PP does not contain any PII.

(4) N/A.  No PII collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No. PPS does not contain PII.

No IIF Collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = 8/20/2007
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/18/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Property - Remote Inventory Verification [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-01-02-1132-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1630
7. System Name (Align with system Item name):  Property – Remote Inventory Verification (RIV)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mike Daley
10. Provide an overview of the system:  Property – Remote Inventory Verification (RIV) is a web-based system designed to track the remote inventory of CDC property.  RIV collects remote inventory information from CDC users to integrate with the Health and Human Services (HHS) standard Property Management Information System (PMIS).  This system is critical to ensure that all CDC remote equipment is appropriately located and documented during inventory.  All remote users (who have a Secure ID keyfob) will be encouraged to access the questionnaire via CITGO or intranet URL.  Users will receive a link/icon to access the Remote Inventory Questionnaire.  All users will be required to enter barcode number(s) of all offsite equipment or certify they have none; failure to comply will result in their Secure ID KeyFob being disabled.  This system contains no Personable Identifiable Information (PII) of any sort.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Property – Remote Inventory Verification (RIV) is a web-based system designed to track the remote inventory of CDC property.  RIV collects remote inventory information from CDC users to integrate with the Health and Human Services (HHS) standard Property Management Information System (PMIS).  This system is critical to ensure that all CDC remote equipment is appropriately located and documented during inventory.  All remote users (who have a Secure ID keyfob) will be encouraged to access the questionnaire via CITGO or intranet URL.  Users will receive a link/icon to access the Remote Inventory Questionnaire.  All users will be required to enter barcode number(s) of all offsite equipment or certify they have none; failure to comply will result in their Secure ID KeyFob being disabled.  This system contains no Personable Identifiable Information (PII) of any sort.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A – No PII collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date =8/12/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Property Reporting [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/25/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1132
7. System Name (Align with system Item name):  Property Reporting
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Terrance Perry
10. Provide an overview of the system:  The Property Reporting System is a web-enabled application which allows all CDC users to generate various reports out of MISO PMIS (Property Management Information System) database . The reports include views by bar code and serial number as well as list of assets by user name and purchase order, plus list of all Custodial Officers across of CDC.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will use Name/UserID in order to link CDC property to the person.  IIF information to link the name of the CDC employee, contractor, fellow or student and what property is associated with that person and in their possession.  Submission of this information is mandatory in order for that person to gain access and possession of CDC property.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None

32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system uses standard ITSO controls.  The server is located in a locked room.  AD access is required to access the information, and the administrator periodically reviews information as it is logged in.
 
IIF is collected and the proper controls are utilized to safeguard sensitive information.
 
E-Authentication Assurance Level = N/A
 
Risk Analysis Date = June 3, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/26/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Access Portal (CPAP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/2/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Public Access Portal (CPAP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert Swain
10. Provide an overview of the system:  The purpose of the Public Access project is to make publications and other multimedia products that come from work supported by federal funding freely available to the general public and scientific community.  The project’s goals are to:
Create a stable, permanent archive (institutional repository) of publications and other materials resulting from CDC-funded research
Implement a robust search of this archive for use by CDC and its awardees in managing research portfolios, monitoring productivity, and setting research priorities
Make published results of CDC-funded research more accessible to the public, health care providers, educators and scientists
To enable public access to publications of CDC and its grantees, this project will develop
1) necessary agency policies and procedures, and 2) the technical applications and associated processes.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) CPAP allows for the search and display of publications and other multimedia works.   CPAP maintains the names of the author/co-author(s) in order to support the validity, respect, kudos, and for citation requirements as it relates to the published work.  If the author(s) included their business email address in their original work, this too is maintained. 
(2) The purpose of the Public Access project is to make publications and other multimedia products that come from work supported by federal funding freely available to the general public and scientific community.
(3) No PII 
N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII will be collected or maintained.  The system maintains and disseminates the business contact information of author(s) only - name and email.  This information was provided by the author(s) at the original publication time for the purpose of dissemination.  Since the original intent of the work is for general public and scientific consumption, it is a reasonable assumption that consent to include names and emails was given at the original time of publication.  CPAP does not notify or obtain continued consent for any work post- publication.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII will be collected or maintained.  The system maintains and disseminates the business contact information of author(s) only - name and email.  Since CPAP’s mission is to provide a system with which the general public can search for and read CDC’s published works, the system does not restrict the reading of the author(s)’s name or business email.  CPAP restricts the modification of this data to properly-vetted CDC administrative personnel using a policy of least privilege.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/2/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Health Assessments & Health Consultations [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/30/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9623-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1620
7. System Name (Align with system Item name):  Public Health Assessments & Health Consultations (PHAHC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Marianne Hartin
10. Provide an overview of the system:  Public Health Assessments & Health Consultations (PHAHC) is a web-based content delivery application that users visiting the CDC/NCEH/ATSDR website can access Public Health Statements (PHAs) and Health Consultations (HCs).  These documents are findings and information pertaining to hazardous waste sites the CDC and ATSDR are involved in during the investigation and clean-up process.  The application allows a user to select a state from an interactive map or from a page that lists states and regions and generates a list of publications that can be accessed.  The content is accessed by the public meaning that anyone of interest in knowing about hazardous waste sites can view findings from a particular site.  The public in this case is defined as anyone a public official, health professional, students and/or any concerned citizen.  The content, the publications have been approved for public viewing.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) PHAHC maintains Public Health Statements and Health Consultation documentation pertaining to hazardous waste sites. These documents are findings and information pertaining to hazardous waste sites the CDC and ATSDR are involved in during the investigation and clean-up process.  The content is accessed by the public meaning that anyone of interest in knowing about hazardous waste sites can view findings from a particular site.

(2) PHAHC allows users visiting the CDC/National Center for Environmental Health (NCEH)/Agency for Toxic Substance Disease Registry (ATSDR) web site to access PHA’s and Health Consultations (HCs).  These documents are findings and information pertaining to hazardous waste sites the CDC and ATSDR are involved in during the investigation and clean-up process. 

(3) PHAHC does not contain any PII.

(4) N/A. PHAHC contains no PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1) N/A. PHAHC contains no PII.

(2) N/A. PHAHC contains no PII.

(3) N/A. PHAHC contains no PII.

32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  None. PHAHC does not contain IIF.

E-Authentication Assurance Level = N/A (Public Access)

Risk Analysis Date = 10/15/2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris (CTR)                                  Date
OCISO C&A Analyst Michael W. Harris (CTR)
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  10/30/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Health Image Library (PHIL) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/28/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 835
7. System Name (Align with system Item name):  Public Health Image Library (PHIL)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  The Public Health Image Library (PHIL) is a publically accessible repository of images, medical illustrations, video, motion graphics and other multi-media files for open and free use by the media and the general public.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII is collected.  PHIL will disseminate images for the media and public consumption.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII is collected or stored.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is collected.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerry L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Health Informatics Virtual Conference (PHIVC) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/19/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Public Health Informatics Virtual Conference (PHIVC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Adam Arthur
10. Provide an overview of the system:  The Public Health Informatics 2011 Virtual Conference (PHIVC) is an initiative that is being undertaken by the Division of Informatics Practice, Policy and Coordination (DIPPC), in the Public Heath Informatics and Technology Program Office (PHITPO), within the Office of Surveillance, Epidemiology and Laboratory Services (OSELS). 

The PHIVC will utilize the existing online offering of virtual conference application software by procuring a vendor through the PGO process. The chosen vendor will help DIPPC/PHITPO/OSELS create a customized solution that will provide an online version of the 2011 Public Health Informatics Conference, (the physical conference). Therefore, both the PHIVC and the Public Health Informatics Conference will run simultaneously as a hybrid conference.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Health Information Network Messaging System (PHIN-MS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/6/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  9.2001240109e+021
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1470
7. System Name (Align with system Item name):  Public Health Information Network (PHIN) Messaging System (MS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tim Morris
10. Provide an overview of the system:  PHIN-MS is a secure, reliable message transport system used to send information between national laboritories, state health departments, and the CDC via the internet.  PHIN-MS is key to assisting local and state public health organzations accomplish syndrome surveillance.  As health information comes in from sources across the nation, epidemiology CDC analyze it and watch for trends that would indicate a disease cluster is is occurring in specific neighborhoods.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No IIF in the system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system does not collect, maintain or dissiminate data.  PHIN_MS provides the transporting of de-identified health reporting data from the public health installations to CDC systems.  It does not store the information or mine the information.  Information being transported is cancer data, STD and HIV data, Nationally Notifiable Disease, BioSense-RT, and emergency room data, NBS, Laboratory Research Network, and census data, CDC surveys and Electronic Lab Reports.  No IIF transported through the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No IIF in the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System does not contain nor transport IIF.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  David Knowles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  5/6/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Health Laboratory Information Systems 2 (PHLIS2) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  12/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-2045-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 224
7. System Name (Align with system Item name):  CDC DFBMD NCZVED Public Health Laboratory Information System 2 (PHLIS2)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kathleen Fullerton
10. Provide an overview of the system:  Public Health Laboratory Information System 2 (PHLIS2) is a CDC-developed application to capture surveillance data about laboratory specimens. Data from this system is used for disease monitoring and analysis at CDC. The old system was a DOS-based standalone application distributed to all State Public Health Laboratories.  The PHLIS2 system will replace the old DOS system.  During the design phase of the PHLIS2, it was determined that states no longer needed all the functionality provided by the old DOS system so the functionality was narrowed down to a secure mechanism for transporting data from Public Health Sites to CDC.

PHLIS2 is a combination of procedures and applications for transmitting laboratory surveillance data from external sites to CDC.  External sites are given disease specific instructions to develop an ascii delimited file from their Laboratory Information Management System (LIMS). This file is transported through Public Health Information Network Messaging System (PHINMS) to CDC.  Once the data is received at CDC, a CDC developed ASP tool validates file contents, stores errors in an error log, copies the file and some of the manifest components to a disease specific working database and then copies the same information to an ASCII file that is stored for archival and validation purposes.  The CDC tool is scheduled to run at regular intervals and is customized and stored separately for each disease program.  The disease specific database is used by programs for disease monitoring and statistical analysis.

External sites are typically Public Health Laboratories or organizations that collect public health information.  External Sites manage their own PHINMS installation and are walked thru the setup by a PHINMS Helpdesk at CDC.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII data is shared or disclosed.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The purpose of the system is to conduct National Surveillance on specific Foodborne pathogens.   This information is collected from State Health Laboratories and Epi Offices.   Detailed isolate information is collected along with minimal demographic information such as State, County, Sex and Age.  Once or twice a year, case studies are conducted and the interview questions are transmitted and added to the database.  No PII data is collected for case studies.  The data is stored in a SQL table and only designated program personnel have access to it.  The data is used to report national trends, outbreak detection and to guide and promote CDC’s programs in reducing Foodborne illness.  Some of the pathogens are on the nationally notifiable list, but personal information submission is deemed voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  All information is obtained at the State Health Department level.  CDC does not interact with any individual and therefore all responsibility for patient notification resides with the State.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Any potential PII data is securely encrypted and transmitted via the CDC approved PHINMS program.   Once received, the data is extracted and stored in a secure SQL table.  Access to the table is controlled by the program using CDC approved methods.  Only CDC authorized staff who are given explicit rights to the table can access it.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Interactive Communications System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/18/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-1414-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  None
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1710
7. System Name (Align with system Item name):  Public Interactive Communication System (PICS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert Swain
10. Provide an overview of the system:  The Public  Interactive Communication System (PICS) is being created to host collaborative open source applications to interact with partners and the general public.  The initial application on PICS will be blogging software, which will create another communication channel for the CDC.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Collect:  IP addresses of external contributers – Applications like blogs will allow users to submit comments.  IP addresses will be captured with the comments.

Collect:  User supplied data – Comments captured by the system will contain any information that the user chooses to submit, however comments will be moderated and the ROB will instruct moderators to reject any comments that contain PIA.

Disseminate:  Comments – Once approved, comments will be shown to the public.

None of the above information contains IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =05/01/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/25/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Public Web Portal (PWP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/18/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-0610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1628
7. System Name (Align with system Item name):  Public Web Portal (PWP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  PWP is a general support system (GSS) which hosts CDC static web sites and externally facing Java-based applications.  The PWP also provides functionality such as search, printer friendly version, and content syndication.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The public web portal collects no information directly from the user except for terms used to search within the content.   Search terms are not IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII collected
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  4/18/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Publications Management System (PUBS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/25/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 226
7. System Name (Align with system Item name):  Publication Management System (PUBS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Charmaine J. Graves
10. Provide an overview of the system:  The Publications Fulfillment system is a publication inventory management system which currently resides on the several ITSO controlled consolidated servers and  is conduit for CDC’s division in distributing health-related publications to the general public and health partners. The system is an in-house designed data repository and inventory management system to over 4,500 different CDC and ATSDR publication titles which are ordered from CDC-INFO national contact center, CDC’s programs, health partners, general public and dissemenated by the warehouse.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)    The CDC-INFO Publication Fulfillment collects information from users so that requests for hard-copy health related publications can be distributed.   Information collected from users include organization, full name, mailing address, city, state, zip code and country and the requested publication(s).
2)    This information collected is core to the function of CDC-INFO Publication Fulfillment requests so that publications are distributed to the general public and health partners.
3)    The information collected is considered PII
4)    Submission of the PII is completely voluntary.  The information collected will only be utilized by the CDC-INFO technical steward and staff working to view and fulfill the orders.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1)    Users will be notified of any major changes to the PUBS system and/or policies through a notification posted on the PUBS homepage (http://www.cdc.gov/publications), as well as written correspondence to the user (this acceptable use is listed in the PUBS privacy policy).
2)    The PUBS privacy policy will be displayed to individuals before any information is collected and users have the ability to either enter personal information. 
3)    The PUBS privacy policy (displayed electronically on the PUBS homepage) explicitly states that information collected will be used for only two purposes: to fulfill orders and to notify users of major changes to the system.  It further states that information will not be published, shared, or otherwise disclosed without written consent from the user.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Access to the IIF information is only permitted to individuals granted elevated permissions to the account.  These permissions are tied to their Active Directory accounts.  The servers for this application are located within the DMZ and are only accessible to individuals with the appropriate credentials.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC PWS/AT Automated Routing [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  1516
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1516
7. System Name (Align with system Item name):  Management Consultation and Technical Assistance Contract Tracking (MCTA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  The Performance Work Statement/Agency Tender (PWS/AT) Change Request System is an electronic navigational tool to aid Most Efficient Organization (MEO) project officers and program managers through the process of documenting growth and/or reductions of a MEO.  This system allows for all changes and supporting justification to be documented and approved electronically. The system expedites the review and approval process and also facilitates centralized records management for the MEO Implementation Advisor and the CDC Contract Officer.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII = No
EAL = N/A
Risk Analysis Date = 01/03/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/19/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Q-Bank [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9421-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-222
6. Other Identifying Number(s):  ESC ID: 1528
7. System Name (Align with system Item name):  Q-Bank
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kristen Miller with Aaron Maitland as alternate.
10. Provide an overview of the system:  Q-Bank was designed as a unique analytical and research tool for researchers and survey professionals. It contains no personal information or personal identifiable information (no PII is stored in Q-Bank) other than Principal Investigator and Investigator/Interviewer Team Names, which are already published and released publicly by NCHS in the final report.  While these names are PII they do not need to have their confidentiality protected.

Q-Bank is used by, and receives data and funding from, various government agencies including The Bureau of the Census, The National Science Foundation, The National Cancer Institute, and The Bureau of Labor Statistics, as well as CDC/NCHS.  Q-Bank’s development and management is under the direction of a Project Manager, an NCHS Project Officer, and an Inter-Agency Steering Committee. While Q-Bank is in an Operational/Maintenance Phase enhancements and modifications are being made to Q-Bank at the direction of the Inter-Agency Steering Committee and the Project Officer. 

The Q-Bank application stores survey questions which have been tested to determine the effectiveness of the question. It also contains the Researchers final report, including findings and recommendations based upon the analysis conducted. Questions are indexed and searchable by some 26 categories and endless combinations. Common terms and a common definition of terms and formats across participating agencies were developed to ensure the integrity, common understanding, and effective categorization of the data.  No answers are contained in the data.

Q-Bank consists of five modules.  The Q-Bank database which is hosted in ITSO SQL in Atlanta, the Q-Bank GUI which is hosted in the MTDC in Atlanta, Q-Bank Admin which is hosted in ITSO DSS in Atlanta, the Registration Module which is hosted in the MTDC in Atlanta, and the Q-Notes module which is hosted in the MTDC in Atlanta.  Q-Bank was originally developed using Sybase’s database and PowerBuilder products. It was then transitioned to Microsoft SQL Server and .net products at the request of NCHS OIT.

Data elements in the Q-Bank database and Q-Bank admin include:
Survey Title
Survey Year
Evaluation Type
Test Date
Sponsor
Testing Agency
Universe
Mode
Field Mode
Documentation
Global Instructions
Separate Instructions
Target Population
Question Topic
Question Type
Information Type
Index Status
Flash Card
Introductory Text
Sequence Number
Core Question
Response Text
Response Category
Response Error
Where Error Occurs
Keywords

The Q-Notes module supports standardized collection of QDRL project investigators and interviewers notes.   This module contains the Principal Investigator and Investigator/Interviewer names which are similar to Federal or business contact information.  These individuals are limited to a known and defined researcher/interviewer population as determined or required by each QDRL project.  Confidentially of these names do not need to be protected in this application.  A second URL in support of this data collection will be utilized, in addition to sign on and password controls.    

Data elements for this notes module (Q-Notes) are:
Date
Project Name
Principal Investigator
Respondent ID (random numeric identifier)
Interviewer Name
Narrative Notes
Meta Notes

The registration module collects contact information from individuals who are interested in attending Q-Bank conferences.  This module collects basic information from attendees in order to establish contact with them and provide information on Q-Bank events of interest.  We collect basic business information like names, mail addresses, phone numbers, and other relevant information for attending an event or providing information about events.  This information does not require any special protection since such business contact information is routinely released publicly in order to encourage communic
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  NO PII Stored in Q-Bank with the exception of the Principal Investigator and Investigator Team names, which are already publicly released in the Final Report.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Q-Bank was designed as a unique analytical and research tool for researchers and survey professionals.

Q-Bank is used by, and receives data and funding from, various government agencies including The Bureau of the Census, The National Science Foundation, The National Cancer Institute, and The Bureau of Labor Statistics, as well as CDC/NCHS.  Q-Bank’s development and management is under the direction of a Project Manager, an NCHS Project Officer, and an Inter-Agency Steering Committee. While Q-Bank is in an Operational/Maintenance Phase enhancements and modifications are being made to Q-Bank at the direction of the Inter-Agency Steering Committee and the Project Officer. 

The Q-Bank application stores survey questions which have been tested to determine the effectiveness of the question. It also contains the Researchers final report, including findings and recommendations based upon the analysis conducted. Questions are indexed and searchable by some 26 categories and endless combinations. Common terms and a common definition of terms and formats across participating agencies were developed to ensure the integrity, common understanding, and effective categorization of the data.  No answers are contained in the data.

Q-Bank consists of five modules.  The Q-Bank database which is hosted in ITSO SQL in Atlanta, the Q-Bank GUI which is hosted in the MTDC in Atlanta, Q-Bank Admin which is hosted in ITSO DSS in Atlanta, the Registration Module which is hosted in the MTDC in Atlanta, and the Q-Notes module which is hosted in the MTDC in Atlanta.  Q-Bank was originally developed using Sybase’s database and PowerBuilder products. It was then transitioned to Microsoft SQL Server and .net products at the request of NCHS OIT.

Data elements in the Q-Bank database and Q-Bank admin include:

Survey Title
Survey Year
Evaluation Type
Test Date
Sponsor
Testing Agency
Universe
Mode
Field Mode
Documentation
Global Instructions
Separate Instructions
Target Population
Question Topic
Question Type
Information Type

Index Status
Flash Card
Introductory Text
Sequence Number
Core Question
Response Text
Response Category
Response Error
Where Error Occurs
Keywords
 
The Q-Notes module supports standardized collection of QDRL project investigators and interviewers notes.   This module contains the Principal Investigator and Investigator/Interviewer names which are similar to Federal or business contact information.  These individuals are limited to a known and defined researcher/interviewer population as determined or required by each QDRL project.  Confidentially of these names do not need to be protected in this application.  A second URL in support of this data collection will be utilized, in addition to sign on and password controls.    
 
Data elements for this notes module (Q-Notes) are:
Date
Project Name
Principal Investigator
Respondent ID (random numeric identifier)
Interviewer Name
Narrative Notes
Meta Notes
 
The registration module that collects business contact information from individuals who are interested in attending Q-Bank conferences.  This module collects basic business information from attendees in order to establish contact with them and provide information on Q-Bank events of interest.  We collect basic business information like names, e-mail addresses, phone numbers, and other relevant information for attending an event or providing information about events.  Although the registration module collects PII in the form of business names and contact information, this information does not require any special protection since such information is routinely released publicly in order to encourage communication of research findings amongst users of NCHS and Q-Bank data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The Project Investigation Team including Principal Investigator and Investigator (Interviewer) names are included in publically released reports supporting the findings of the Project or Investigation.   They provide points of contact and reference, as well as credibility, to the investigation and published reports and the contents contained in the reports.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  While data in Q-Bank is used by a targeted audience of researchers and investigators it is not restricted from the public.  The only PII being the names of the Project Investigation Team, which are included in publicly released reports, there is no requirement or intent to secure this PII.  The fourth module (Q-Notes) does have a unique URL (separate from the first three modules of Q-Bank), and sign-on and password controls, however this is not intended to protect PII as much as facilitate the Investigation Team members, collection, grouping, accessing, and dissemination of notes.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC QPR [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/26/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-8121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1539
7. System Name (Align with system Item name):  QPR (QPR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dan Tuten
10. Provide an overview of the system:  QPR is a COTS application which helps COTPER track progress against its organizational excellence assessment (OEA) measures and initiatives.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII is in the system
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Performance measures, goals, objectives, narrative descriptions of projects for each organizational unit in the center.  No PII is in the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  NA - No PII is in the system
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  NA - No PII is in the system
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  7/26/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Qualitative Research Inventory [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/22/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DNPA GA - DNPA Qualitative Research Inventory
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Provides information about qualitative research that has been conducted in the fields of nutrition, physical activity, and other related fields.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Quality Project Information Data System (QPIDS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/4/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Quality Project Information and Dashboard System (QPIDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dan Tuten
10. Provide an overview of the system:  QPIDS is a combination of several applications within HP BTO suite incorporates several products offered by HP. This suite offers three applications (referred by HP as Centers) that OPHPR has defined a need of use across divisions.  HP Service Management Center, HP Quality Center, and HP Project and Portfolio Management Center.
Quality Center manages and governs quality processes and automates software testing across the application environment. It arms the application with the capabilities needed to manage the release process and make more informed release decisions. By using consistent, repeatable and standardized processes, HP Quality Center can help to reduce costs and risk, increase quality and produce more frequent releases.
Service Management Center is a comprehensive and fully integrated IT service management suite that helps you decrease the time it takes to resolve problems. ITIL-based best practices and a highly scalable service-oriented architecture let you deploy consistent, integrated processes throughout your IT organization. This software enables you to automate all your IT service management capabilities. Service level management and catalog-based service request capabilities add further value. HP Service Management Center helps your organization orchestrate and automate key IT processes across process domains, enable the complete financial management of IT, ensure that each identity has the right entitlement and access at all times to support the business , drive rapid tactical and strategic decisions based on quantitative business intelligence. Service Management also offers asset manager software used to record and track software in use and/or available for use within organization entities.
HP Project Portfolio Management has several different modules that give value individually but are also integrated to give and end-to-end capability on an SDLC level.  The modules that are included are Deployment Management, Oracle E-business Object Migrator, Demand Management, Portfolio Management, Program Management, Project Management, and Administrator and Configuration.  These modules give the ability to track an IT effort from initiation to closure and provide full traceability of all events associated with the issues or event. Provide the ability to Identify and focus on IT projects that are strategic to the business, Leverage top-down planning capabilities that are supported with detailed project plans, Gain early indications of budget deviations, Achieve governance through secure, automated checkpoints and approvals and gain real-time visibility and control over project processes, issues, risks, resources and dependencies
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will only collect individuals professional federal contact information. This information will be used to contact the individual in regards to the information being requested or submitted to the system. No PII data is included in the system
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None; no PII data is included
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is contained within the system.
E-Authentication Assurance Level = N/a

Risk Analysis Date = November 24, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Quarantine Activity Reporting System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  4/13/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  2007 - 009-20-01-02-02-9721-00-110-246

2008 - 009-20-01-02-02-9721-00

2008 - 009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0171
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1390
7. System Name (Align with system Item name):  Quarantine Activity Reporting System (QARS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Nina Marano
10. Provide an overview of the system:  The Division of Global Migration and Quarantine (DGMQ) commissioned the development of a Quarantine Activity Reporting System (QARS) as a subset of the DGMQ Intranet project, as a way to boost internal communications within the division and enable the DGMQ to track the activities recorded in this application.

Currently, each of the eight quarantine stations produces a daily activity report (DAR) of the significant activities occurring at their stations. These reports are then sent to DQ Headquarters, where DGMQ personnel review and consolidate all reports into a Quarantine Activity Daily Report for distribution at the CDC center level and above.

The quarantine stations are involved on a daily basis in various activities, including responding to reports of ill passengers, inspecting imported shipments of nonhuman primates, and monitoring the arrival of immigrants and refugees. These activities are recorded and summarized individually at each quarantine station. Monthly, counts of activities are submitted by each station for a monthly activity report.

The QARS will allow the Quarantine Station personnel to enter their daily activities in an electronic standardized format, using controlled vocabulary. The QARS allows both Quarantine Station personnel and Headquarters personnel to enter follow-up reports to responses and investigations, as well as information gathered after the creation of the initial report. The QARS will enable DGMQ personnel to generate the Quarantine Daily Activity Report in a timelier and uniform manner. The information collected on a daily basis will be collated and stored in a database that can be utilized to generate reports on a monthly, quarterly, and annual basis. The system will facilitate the provision of required data for the Office of Management and Budget. The QARS will allow for the assessment of the volume and type of activities that the quarantine stations perform in order to better allocate resources and personnel. The information gathered through the illness investigation reports will enable the quantification and analysis of the information acquired during illness responses and investigations.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  DGMQ quarantine station public health officers, medical officers, head quarter staff to perform duties as required by regulations.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The information submitted is mandatory. Information is used to follow up with ill passengers, trace contacts or inform exposed persons of possible exposure.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  There is currently no process in place and no notification or consent is being obtained. DGMQ has a legal mandate to do an illness or death investigation when a case of an ill or deceased passenger is reported. This information is then entered into QARS and is then used for contact investigation if there is a concern it is an infectious disease of public health concern. This system maintains records on the conduct of activities (e.g., quarantine, isolation) that fulfill HHS's and CDC's statutory authority under sections 311, 361-368 of the Public Health Service Act to prevent the introduction, transmission and spread of communicable diseases.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  ITSO Controlled
Only those individuals that need to see information in order to perform duties have access to the IIF. All others see blanks or initials if that is required to prevent miscommunication.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/14/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Radiation Studies Bibliographic Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1600
7. System Name (Align with system Item name):  Radiation Studies Bibliographic Database (RSBD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert (Bob) Whitcomb
10. Provide an overview of the system:  Radiation Studies Bibliographic Database (RSBD) is a web-based system designed to identify potentially harmful environmental exposures (such as radiation effects from nuclear weapons exposures) and examine all health risks that are associated with the identified exposures.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  RSBD does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The RSBD system is comprised of three (3) different areas as indicated below:
Los Alamos National Laboratory (LANL): The historical records contain unclassified information and the system does not contain any sort of Personable Identifiable Information (PII).  The users of this system consist of the general public and members of the Department of Energy (DOE).
Idaho National Engineering and Environmental Laboratory (INEEL):  The database contains detailed information about all of the documents identified by the CDC scientists or CDC contractors as being relevant to dose reconstruction regarding radiation and chemical exposures.  In addition, the information is considered to be open in nature, and therefore, does not contain any sort of Personable Identifiable Information (PII).
Savannah River Site (SRS): The database contains detailed information about all of the documents used in the Savannah River Site Environmental Dose Reconstruction Project Phase II.  This consists of the source term calculation and the Ingestion Pathway Retrieval Evaluation of materials released from the Savannah River Site report.  In addition, the information is considered to be open in nature, and therefore, does not contain any sort of Personable Identifiable Information (PII).
The database also includes the full names of Authors and information regarding their works (abstract, document name, etc.).  This information is public knowledge and is considered business information only and is not subject to the Privacy Act.
(2) The purpose for collecting the data:
Los Alamos National Laboratory (LANL): The LANL system is designed to locate and review all historical records that may contribute information about pass off-site radionuclide and chemical releases from the LANL. 
Idaho National Engineering and Environmental Laboratory (INEEL): The INEEL system designed to provide the general public, Health Physicists, and the DOE with the ability to examine the study of dose reconstruction.  This involves identifying the release of chemicals and radioactive materials since the INEEL site opened and assist in determining those exposures that would have the highest potential of health effects of these releases on the community.
Savannah River Site (SRS): The SRS system is designed to provide CDC Health Physicists, Department of Health and Human Services (HHS), and the DOE with the ability to study the estimated quantities of radioactive and chemical material release from the Savannah River Site between the years of 1954 through 2002.
(3) RSBD does not contain PII.
(4) N/A. RSBD does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  RSBD does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A. RSBD does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  10/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Rapid Data Collector [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9421-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N\A
5. OMB Information Collection Approval Number:  N\A
6. Other Identifying Number(s):  ESC ID: 1349
7. System Name (Align with system Item name):  Rapid Data Collector (RDC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Carol E. Waller
10. Provide an overview of the system:  Rapid Data Collection (RDC) is a web-based generic survey form and data collection system created for the purpose of analyzing emergency situations, possible natural disasters, possible acts of terrorism, and general data collection purposes.  RDC was designed to allow scientists and epidemiologists to collect data and input data into the RDC system through the use of user created forms and general surveys while working in the field.  State health agencies collect information (through interviews and surveys), and are granted access to RDC only on an individual basis.  The information supplied to RDC is submitted on a voluntary basis.  The information collected from the forms and general surveys eliminates the need for programming and database expertise when creating and changing data collection forms, and is used to assist the CDC for reviewing data trends.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A. RDC does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1)  RDC collects non-sensitive data.
(2)  RDC was designed to allow scientists and epidemiologists to collect data and input data into the RDC system through the use of user created forms and general surveys while working in the field.  State health agencies collect information (through interviews and surveys), and are granted access to RDC only on an individual basis.  The information collected from the forms and general surveys eliminates the need for programming and database expertise when creating and changing data collection forms, and is used to assist the CDC for reviewing data trends, analyzing emergency situations, possible natural disasters, possible acts of terrorism, and general data collection purposes, etc.
(3)  No, RDC does not contain PII.
(4)  N/A.  RDC does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  RDC does not contain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  RDC does not contain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Reagent Inventory (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1781
7. System Name (Align with system Item name):  ReagentInventory
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa Bulkow
10. Provide an overview of the system:  This is a database for use by one of AIPs labs to manage their inventory of pneumococcal reagents, which will be used by a few people in the lab. The lab receives large vials of the reagents, which are then aliquoted into smaller vials for each of the people working on the lab. The inventory system will allow for tracking of these aliquots.

Microsoft Access is used as a front-end for this database. The only reason the application was moved to the SQL server was to provide better views and stored procedures to create a more user-friendly front-end.  This system is not web-based.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
The system does not contain any PII.
Risk Analysis Date = 2/4/2010
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Records Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/23/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  382
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC System ID: 382
7. System Name (Align with system Item name):  Records Management System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Tim Day (tgd2)
10. Provide an overview of the system:  The Records Management Database facilitates the management of approximately 50,000 retired CDC/ATSDR records located in five Federal Records Centers across the US.  The system tracks use and reference of records by lawyers, staff, public, scientists, and others.  It also assists in the destruction process and transfer of permanent records to NARA, preserves metadata, and indicates closure and access data on the records.
This database has been expanded to better track the individual activities and statistics of CIOs.  It will allow virtually all records retirement processes such as disposals, reference, tracking, destruction, donation, and permanent transfer processes to be conducted in a completely automated format.  The search and report capability of the system have been expanded so that individual CIO’s can print out reports on their records, perform complex  boolean searches, and use the database without major training from MASO. There is no PII stored in this system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No PII
Risk Analysis date: 3/19/2008
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/23/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Regulatory Affairs Information Management System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/1/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1760
7. System Name (Align with system Item name):  Regulatory Affairs Information Management System (RA IMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Hye-Joo Kim
10. Provide an overview of the system:  The users have requested that a web-based system be developed to track all submission packages to FDA and all incoming correspondences.  Access to the system would be restricted to authorized users and would be role-based.  The system would allow for tracking of the submissions, storing of documents within the submissions, storing of correspondence received from FDA for each submission and assigning meta-data to the applications and submissions for each search and retrieval. The system would also generate electronic notifications and provide role-based accurate and up-to-date reporting. The system would be available 24/7 and that would allow for easy tracking by users and managers.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  RA IMS will track regulatory submission packages mailed to the FDA.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A (No PII)
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII collected
E-Authentication Assurance Level = N/A
Risk Analysis Date = October 21, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/2/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Remote Usability Testing Platform (UZ) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/22/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC Remote Usability Testing Platform (UZ)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Nick Sabadosh
10. Provide an overview of the system:  CDC Remote Usability Testing Platform (UZ) is a web browser-based tool for creating unmoderated remote usability tests, surveys, and other evaluation methods for web sites, mobile sites, social media, and other electronic media. The data gathered with UZ will be used to improve the user experience, user satisfaction, and effectiveness of CDC’s digital media products. The data will also provide CDC with essential information for understanding users of its electronic media products.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC Remote Usability Testing Platform (UZ) is a web browser-based tool for creating unmoderated remote usability tests, surveys, and other evaluation methods for web sites, mobile sites, social media, and other electronic media. The data gathered with UZ will be used to improve the user experience, user satisfaction, and effectiveness of CDC’s digital media products. The data will also provide CDC with essential information for understanding users of its electronic media products. There is no PII data in the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Requisition and Purchase Information Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/1/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9221-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC ID: 1611
7. System Name (Align with system Item name):  Requisition and Purchase Information Database (RAPID)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kathleen Caldwell
10. Provide an overview of the system:  Requisition And Purchase Information Database (RAPID) is a web-based purchase order management application that receives requests for purchases from users, presents the requests to authorized reviewers, and, if the purchase is approved, provides the purchasing staff with the information required to complete the purchases.  The users designated for the RAPID systems includes laboratory scientists, administrative staff, team leaders, quality control staff, study managers, and the branch manager of the Inorganic Radiological and Analytical Toxicology (IRAT) Branch, Division of Laboratory Sciences (DLS).  The RAPID application allows users to enter purchase requests by filling out online forms.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The information contained within the purchase request(s) includes the following: purchase justification, purchase dates, items, quantities, prices and details of the complete review process, changes to the original request, receipt of purchased items delivery and pickup dates, temporary storage locations, vendor information and names of sales staff, internal requestor information.
(2) RAPID is used for purchase order management.
(3) RAPID does not contain PII.
(4) N/A.  RAPID does not collect PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A.  RAPID does not collect PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  RAPID does not collect PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  12/1/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top