Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

National Institutes of Health Privacy Impact Assessments - Page 4

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID NIAID Intramural NIAID Research Opportunities Program [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8529-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0014
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID NIAID Intramural NIAID Research Opportunities Program (INRO)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan, 301.443.8439 , croghanj@niaid.nih.gov
10. Provide an overview of the system: INRO introduces minority students to research and training opportunities in NIAID's Division of Intramural Research and the Vaccine Research Center. To support this endeavor, SEB created the INRO system. INRO provides an on-line application process for students interested in the INRO Program, and enables reviewers to assign ratings and select students for participation. It serves as a resource for INRO program administrators.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Per SORN 09-25-0014. Information may be used to respond to congressional inquiries regarding constituents who have applied for training programs. Information may be used to respond to hospitals and other healthcare institutions seeking verification of training for physicians who trained in NIH clinical programs.
Information may be used to respond to congressional inquiries regarding constituents who have applied for training programs.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Students will enter the following data. Submission is voluntary and used to manage selections for the intern program.

- Name
- Date of Birth
- Alien Registration Number
- Medical Notes
Mailing Address
·Phone Numbers (e.g., phone, fax, and cell)
· Email Address
· Education Records
· Race
· National Origin
· Country of birth
· Gender
· Emergency Contact Name
· Emergency Contact Phone
· Dates of Winter Break
- Sponsor Name
· Sponsor E-mail
· Sponsor Telephone
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Students supply information voluntarily as part of the application process for a internship opportunity at the NIH. IIF is collected at the time of application for the internship. Students are informed of the need and intended use of the IIF at the point of collection, and they are given the choice to opt out by not completing and submitting the application for an internship.

They are advised that the information collected is to be used strictly for administering the INRO program.

They may opt out of the submission by not submitting an application.

Notification is made electronically, and in some cases by mail, if changes occur that warrant notification to enrollees.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Data security in accordance with the HHS, NIH, and NIAID IT security guidelines, and the guidelines of the Office of Training and Special Emphasis Programs (OTSEP).
Measures to prevent the unauthorized disclosure of information covered under the Privacy Act are implemented for each training program administered through the Office of Education.
Authorized Users: Staff in the Office of Education are instructed to disclose information only to NIH personnel who are involved in the evaluation and selection of candidates for intramural training programs.
Physical Safeguards: Paper files and disks are stored in cabinets in a locked room that is under constant surveillance by security personnel. Electronic databases are accessible only with a password on secure web sites.
Procedural safeguards: Access to the paper files is strictly controlled by the Office of Education staff. Files may be removed only with the approval of the system manager or other authorized official(s).
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor/Margaret Moore
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID NIAID Planning and Reporting System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-8504-00-301-092
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Planning and Reporting System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan, 301.443.8439 , croghanj@niaid.nih.gov
10. Provide an overview of the system: NIAID Planning and Reporting System (NPARS) is a web based application that enables NIAID staff to monitor, process, and report on the status of competing and noncompeting grant applications. NIAID division offices use it internally to track and manage grant applications processes, such as review, approve, release and award grant applications. It is segmented into the following modules: NIAID Funding Plan, RFA/PA Award System, Bridge Awards System, Select Pay Awards System,
Merit Pay System, Merit Extensions, FY Grants Tracking System, GrayZone Comments Select Pay and Bridge, Request For Administrative Supplement, and GMB Special Actions. The system also has a number of council reports.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does Not Share
Per SORN (09-25-0036) disclosures may be made to a Federal Agency, The Department, or another NIH organization according to the guidelines stipulated in the SORN.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: As part of the Institute's research management business function, this system contains Names, Mailing Addresses, and Phone numbers of Principal Investigators involved in research funded by the Institute. This information is voluntarily submitted by principal investigators seeking NIH funding for research. There is an opt out choice. The information collected is used to manage NIH business functions.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Grant applicants are given copies of NIAID's Privacy Policy during the application process. Consent is obtained upon application. IIF within this system is not disclosed or utilized outside of the functions of managing the Institute's business. Individuals are notified of changes in writing per NIAID's Privacy Policy.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Access Controls: Employees who maintain records in this system are instructed to grant regular access only to NIH extramural and advisory committee staff, NIH contract management staff, and Federal acquisition personnel. One-time and special access by other employees is granted only when specifically authorized by the System manager.

Technical Controls: Access to the contractor performance files is restricted through the use of secure socket layer encryption and through an IBM password protection system. Only authorized government contracting personnel are permitted access. Access is monitored and controlled by OAMP. Access to source data files is strictly controlled by files staff. Records may be removed from files only at the request of the System manager or other authorized employee. Access to computer files is controlled by the use of registered accounts, registered initials, keywords, and similar limited access systems. NPARS system has been through a full C&A and received an ATO from NIAID's CIO. The system benefits from double firewall, user authentication, least access privileges, and controlled access points.

Physical Controls: Physical access to Office of Extramural Research (OER) work areas is restricted to OER employees. Physical access to the Office of Acquisition and Policy (OAMP) work areas is restricted to OAMP employees. Physical access to the Office of Federal Advisory Committee Policy (OFACP) work areas is restricted to OFACP employees. The system resides on servers that are in a locked server facility with restricted access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor/Margaret Moore
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID Program Management Tool (PMT)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/18/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-8508-00-301-092
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Program Management Tool (PMT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan, 301.443.8439 , croghanj@niaid.nih.gov
10. Provide an overview of the system: The Program Management Tool (PMT) is an Intranet, web-based application that was developed for Program Officers (PO) within the Division of Microbiology and Infectious Diseases (DMID) of the extramural branch as an aid for organizing and managing their grants and project applications portfolio. The primary purpose of the application is to assist POs in performing various administrative tasks associated with portfolio management.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system integrates all electronic information resources required to perform the activities of portfolio management . It captures information about the application, awards, and grants. It contains indicators from basic laboratory science to Phase III clinical trials. It has biodefense program information. This system does not collect PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system contains no PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NA
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor/Margaret Moore
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID Reviewer Support Site (RSS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/18/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8534-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Reviewer Support Site (RSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan, 301.443.8439 , croghanj@niaid.nih.gov
10. Provide an overview of the system: The Scientific Review Program (SRP) conducts meetings to perform technical evaluation (a.k.a. peer review) of grant applications and contract proposals. The NIAID Reviewer Support Site (RSS) enhances the communication of information between meeting coordinators and participants throughout the process.
RSS is a secure, Internet-accessible administrative support system that provides a centralized repository of documents and information related to review meetings. The system was updated to provide:
§ Online active forms for collection of pre-review data from reviewers
§ Pre-review reports for meeting staff
§ Electronic review function (assignment tools, collection and management of evaluations, etc.)
§ Improvement to the management, configuration, and presentation of meeting-related files
§ Improvement to the overall user interface
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share it with any other system.
Disclosure may be made to qualified experts not within the definition of Department employees as prescribed in Department regulations for opinions as a part of the application review process.
A record may be disclosed for a research purpose, when the Department: (A) has determined that the use or disclosure does not violate legal or policy limitations under which the record was provided, collected, or obtained.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Very limited IIF is maintained for user identification and communication, and reporting.

Reviewers:
Full name (from NIHExt or NED)
Academic degrees (required)
Rank or title (required)
Work address (from NIHExt or NED)
Work phone # (from NIHExt or NED)
Work fax #
Home address (required)
Home phone # (required)
Cell phone #
Phone # for teleconference
Email address (from NIHExt or NED)
Alternate contact (e.g., assistant’s name, phone #, email address)
Federal employee status
Other appointments or professional affiliations
Gender
Race/Ethnicity

Used for:
Contact info
Meeting management
Submission in government-mandated reports
Submission of IIF is voluntary. Consent is implicit in the reviewer’s agreement to serve on a peer review committee.

Meeting Staff:
Full Name (from NED)
Work email address
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information about NIAID staff will be entered by system administrators or the individuals themselves. Some information about reviewers will be collected via telephone conversation or hardcopy submission and entered by NIAID staff; the rest will be entered online by the individuals themselves. Reviewers are instructed by initial telephone interview that information about them will be used for internal administrative purposes only and will not be shared. Consent is implicit in a reviewer’s agreement to serve on a peer review panel.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system resides on a secure server behind a firewall. Communications between the web browser and system server are encrypted (TLS). User access is by invitation only, via authenticated user ID and password. Passwords comply with HHS/NIH policy (expiration, format, etc.). Permissions are governed by the user’s assigned system-wide and meeting-specific roles. Access to individual meetings (files and other data) terminates after specified dates. Physical access controls include guards, ID badges, and key cards.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID Scientific Initiative Management System (SIMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/18/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8536-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Scientific Initiative Management System (SIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan, 301.443.8439 , croghanj@niaid.nih.gov
10. Provide an overview of the system: The Scientific Initiative Management System (SIMS) is designed to integrate the creation of concepts for initiatives, and the review and approval of selected concepts for development as PFAs, RFPs, PAs and Contracts. It enables phasing (scheduling) and tracking of initiatives from approval through completion stages.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does Not Share
Per SORN 09-25-0036, disclosure to Congress, Federal Agencies, and within the Department are permitted according to specified guidelines.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system contains Names, Email addresses and Phone numbers. The information is used to support centralized grant programs of the Public Health Service. Services are provided in the areas of grant application assignment and referral, initial review, council review, award processing and grant accounting.
Submittal of this information is voluntary. The applicant has the choice to opt out.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Consent is gained at the point of application. The Institute's Privacy Policy is included with application materials and includes intended use of the data by the Institute. An applicant 's consent to the disclosure and use of personal information by submitting an application. The intended use of the information is disclosed at the application process. Applicants are notified via electronic means, postal service, or telephone of all changes that effect their grant or contract status. This includes their file information.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Authorized Users: Employees who maintain records in this system are instructed to grant regular access only to NIH extramural and advisory committee staff, NIH contract management staff, and Federal acquisition personnel. Other one-time and special access by other employees is granted on a need-to-know basis as specifically authorized by the System manager.

Physical Safeguards: Physical access to Office of Extramural Research (OER) work areas is restricted to OER employees. Physical access to the Office of Acquisition and Policy (OAMP) work areas is restricted to OAMP employees. Physical access to Office of Federal Advisory Committee Policy (OFACP) work areas is restricted to OFACP employees. Access to the contractor performance files is restricted through the use of secure socket layer encryption and through an IBM password protection system. Only authorized government contracting personnel are permitted access. Access is monitored and controlled by OAMP.

Procedural Safeguards: Access to source data files is strictly controlled by files staff. Records may be removed from files only at the request of the System manager or other authorized employee. Access to computer files is controlled by the use of registered accounts, registered initials, keywords, and similar limited access systems.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID Scientific Reporting Suite (SRS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/18/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8535-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIAID Scientific Reporting Suite (SRS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan, 301.443.8439 , croghanj@niaid.nih.gov
10. Provide an overview of the system: A series of software support tools for the DEA - primarily scientific reporting tools regarding research, science, grants management, and data analysis.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): There is no PII in this system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not collect or contain any IIF.
It consists of a suite of software support tools for OSPFM. It identifies the scientific codes employed by NIAID to define the type of research employed on research efforts. Each discipline and sub-discipline has specific codes which are used to track the work; primarily scientific reporting tools regarding research,scientific coding, science, grants management, and data analysis.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID Vaccine Research Center Study Manager (VRCSM) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0012
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Vaccine Research Center Study Manager (VRCSM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Huyen, Yentram
10. Provide an overview of the system: This is a clinical trial recruitment and scheduling system for vaccine research. It is used to collect information from individuals who wish to volunteer to participate as healthy participants in clinical trials.

Legislative authority is: 5. U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48 CFR Subpart 15.3 and Subpart 42.15
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does not disclose or share PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The following PII is collected:

· Name (Mandatory)
· Age and date of birth (Mandatory)

ONE method of contact is mandatory (participants choice of):
· Mailing address or
· Telephone number and alternate phone number or
· Email address

Additional information is collected AFTER volunteer provides verbal consent. People who do not wish to provide information are not eligible to participate in voluntary studies.
· Generic medical history of healthy volunteers
· History of sexual behavior (if applicable to the trial)

(2) The information is collected to track potential clinical trial volunteers and determine their suitability for participation in various clinical trials.
(3) The information collected does contain PII.
(4) The submission of personal information is mandatory only if volunteers decide to pursue enrollment.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Individuals agree to have information collected as part of clinical trial screening. Major changes are not contemplated for this system, and data is not shared. The data will never be used for other purposes. Individuals call in and self volunteer for studies.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: User accounts grant access only to those individuals who have a need to know the information in the performance of their duties. Data is not available outside of the dedicated group. System is housed in a locked server room with strict access control kept. Duties are divided to ensure access monitoring. Management review ensures compliance with procedures.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha R. Taylor/Margaret Moore
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/30/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID Visual Status of Funds (VSOF)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-01-02-3198-00-402-125
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Visual Status of Funds (VSOF)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Croghan
10. Provide an overview of the system: This application is used to monitor, track, query and report the Institute’s fiscal and budgetary data in order to monitor obligations and expenditures associated with the current fiscal year.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not collect PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Accounting data and related document information is downloaded from the budget module of the NIH Data Warehouse and is relevant or specific to NIAID for its fiscal year operations. The system contains no IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A - System does not collect PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha R. Taylor
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID VRC Study Manager [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8541-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID Vaccine Research Center Support Suite (VRC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tram Huyen
10. Provide an overview of the system: This is a suite of software applications built for use by Vaccine Research Center (VRC) research scientists and laboratory staff. These systems include features for sophisticated data analysis, information storage, retrieval and sharing, and reporting. The data is scientific in nature and does not have any patient or clinical identifiers.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A - This system contains no IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1. The information is collected and maintained for use by scientists, and consists of plasmid maps, laboratory protocols, and lists of cell lines. It is for internal use only.
2. This information serves as a repository of resources for scientists.
3. There is no PII contained within the system.
4. There is no personal information contained within the system.

No IIF collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is collected or maintained in this system.

Authorized Users: Employees who maintain records in this system are instructed to grant regular access only to NIH extramural and advisory committee staff, NIH contract management staff, and Federal acquisition personnel. Other one-time and special access by other employees is granted on a need-to-know basis as specifically authorized by the System manager.
Physical Safeguards: Physical access to Office of Extramural Research (OER) work areas is restricted to OER employees. Physical access to the Office of Acquisition and Policy (OAMP) work areas is restricted to OAMP employees. Physical access to Office of Federal Advisory Committee Policy (OFACP) work areas is restricted to OFACP employees. Access to the contractor performance files is restricted through the use of secure socket layer encryption and through an IBM password protection system. Only authorized government contracting personnel are permitted access. Access is monitored and controlled by OAMP.
Procedural Safeguards: Access to source data files is strictly controlled by files staff. Records may be removed from files only at the request of the system manager or other authorized employee. Access to computer files is controlled by the use of registered accounts, registered initials, keywords, and similar limited access systems.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor/Margaret Moore
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAID WAN/Internet/Remote Access [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Does not exist.
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAID WAN/Internet/Remote Access - GSS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alex Rosenthal
10. Provide an overview of the system: The NIAID WAN provides a platform for all network functionality. This includes application hosting, network resources, network connectivity to greater NIH resources, internet access, and file storage capabilities. All information that may be utilized by NIAID personnel is potentially stored and/or transmitted via the NIAID WAN. Access to the NIAID WAN is restricted to NIAID facilities; remote access may only be obtained through systems that traverse NIH and NIAID firewalls. Means of remote access consist of Citrix and Virtual Private Network.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does not share.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This is a GSS system and does not collect, maintain, or disseminate PII as a separate system. Minor applications residing on the network each have their own Privacy Impact Assessment which details this information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Each major application which resides on the network and which also contains PII has its own processes.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no PII on the network.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Natasha Taylor/Margaret Moore
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Apex Applications (Apex)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/3/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NIAMS Oracle Application Express (APEX)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet David
10. Provide an overview of the system: The system displays IMPAC II data based on a specific query. IMPAC II – Information for Management, Planning Analysis, and Coordination - is an NIH enterprise application consisting of a series of modules that allow the Extramural Program community to input, track, analyze, manage, and report grant portfolio data. The data pulled is: full grant number, grant title, PI Name, PI Organization, PI Email address, PI Organization address, grant status, Program Class Code, Program Official, budget start date, budget end date, awarded amount, abstract. The legislation authorizing this activity is 5 U.S.C 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521, and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIAMS collects the Name, Address, Telephone Number, FAX Number, and Email Address for Program Officials, Grants Management Officers, and Grants Management Specialists, and Scientific Review Officers. In addition to these fields, the Education/Degree field is captured for the Principal Investigator. Information is used for creating various reports on grant data. The information is for contact purposes and for Freedom of Information Act (FOIA) requests. Contact information is gathered from other systems such as IMPAC II, the NIH global address list, and legacy Administrative Management Budget System (AMBIS) data. The information is necessary if the persons intend on conducting business with the NIH.
Legislation authority: 5. U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521, and Executive Order 10561
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) (1) Individuals provide consent for the use of their information, including when major changes occur to the system, at the time they provide their information into the database.
(2) The Program Official, Grants Management Officer, Grants Management Specialist, and Scientific Review Officer are required to provide their names, addresses, telephone numbers, fax number, and email address to be posted for their assigned grants.” Individuals are notified at the point of entry into the system regarding the PII that is being collected from them and they voluntarily provide consent when entering their data.
(3) Information is used and shared electronically.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the system requires an NIH Login userid and password, The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment.
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/28/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Coding System for Special Emphasis Areas (SEA)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-26-02-8801-00-202-069
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: 0925-0001
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIAMS Coding System for Scientific Emphasis Areas (SEA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet David
10. Provide an overview of the system: In order to respond to the NIH Budget Office requests and congressional inquiries regarding awarded information in relation to disease reporting areas, awarded data on grants, research contracts and intramural projects are “coded” by disease or special emphasis areas (SEA). This system allows the record to be coded and reports generated to respond to requests. The principal investigator's name and address are included on reports for reference. Data is tallied by fiscal year and comparisons made. The purpose of this system is to code the grant, contract or intramural project to obtain the data.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is collected under SOR 09-25-0036. Information is compiled in report format to respond to queries from Congressional offices, scientific associations and for NIH disease reporting information. Data is provided to show projects funded to support the numerous NIAMS disease categories. The data is displayed to show dollars awarded to Institutions/Principal Investigators broken down by disease categories. IIF data is used to identify and credit the project to the specific investigator.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Legislation authority: 5. U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48 CFR Subpart 15.3 and Subpart 42.15.
The name and address information associated with the grant, contract or project is listed on the generated reports as a reference. The grant, contract or project is coded for special emphasis areas (SEA) as it relates to disease reporting. Information is collected to respond to congressional inquiries and budget office requests. Information is usually aggregated for each special emphasis area as well as reports listing the specific grant, contract, and project.
Information is mandatory under the parent eRA/NIH system. (NIAMS is not making it mandatory).
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system is an extension of the enterprise system (eRA/ImpacII) which is authorized to collect data under 0925-0001. If major changes in the enterprise system ocurred, the notification and consent would be through the enterprise system. Changes to the forms or systems that collect the data would notify the individuals when they enter their own data. This system does not collect or use any other data on the individual except what is available through the enterprise system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the system requires an NIH Login userid and password. The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment.
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Employee Database Internet Edition (EDie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: Conversions 
1. Date of this Submission: 7/21/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NIAMS Employee Database Internet Edition (EDie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ms. Valerie Green
10. Provide an overview of the system: EDie is an intranet based application primarily used to manage and track personnel information. Authority for maintenance of the system: 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521 and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is intended for internal administrative use only and will not be shared by other entities. Refer to SORN 09-90-0018, SORN 09-90-0024 and SORN 09-25-0216.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EDie tracks all information pertinent to a personnel file for the purpose of personnel management activities. Information is collected from employees via the Human Resources Database (HRDB) system, Fellowship Payment System (FPS), nVision Data Warehouse and NIH Enterprise Directory (NED). Uses consist of the following: a) tracking a time-limited appointment to ensure renewals are done in a timely manner, thereby avoiding any break in service; b) ensuring that allocated FTE ceilings are maintained; c) ensuring salary equity for various hiring mechanisms; d) providing reports requested by the NIH Director, the IC Director, and other management staff, as requested; and e) maintaining lists of non-FTEs, special volunteers, contractors, and other hiring appointments. The type of information collected constitutes PII and includes, but is not limited to the following data elements: name, date of birth, SSN, race, address, phone numbers, race, etc.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The Information is derived from information supplied by the individual, which is placed in the HRDB or EHRP, or is provided by Department officials. Information is initially supplied by the individual to Human Resources, in writing, at the time of employment. The information is required to process payroll, taxes, benefits, and other actions and determinations. Consent is provided as part of the initial data collection process, for input into HRDB/EHRP and NED.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PII stored in EDie is accessed by a very limited number of administrative staff with a “need-to-know” status. EDie is password protected and sensitive data is encrypted. The system is located at One Democracy Plaza, 6701 Democracy Blvd, Suite 704, Bethesda, MD behind the NIH firewall.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 8/4/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Internet Multi-IC Contract Tracking System (MCTS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-26-02-8801-00-202-069
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: 0990-0115
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): Internet Multi-IC Contract Tracking System (MCTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet David
10. Provide an overview of the system: This system is used to monitor and track deliverables and administrative paperwork on awarded research contracts. System is used to facilitate the work processes within the contract management office and to provide the data for reports for internal sources.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is collected under 09-25-0036. Data is for internal purposes to track and manage the contract paperwork with the office. IIF data is used to identify the principal investigator of the contract.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Legislation authority: 5. U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48 CFR Subpart 15.3 and Subpart 42.15.
Information collected is from the awarded research contract paperwork and is for internal administration of the contract. A contact person's name and mailing address is included for reference and to generate correspondence. The contact name & address is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) If major changes in the enterprise system ocurred (request for contract data), notification and consent would be through the enterprise system. Changes to the forms or systems that collect the data would notify the individuals when they enter their own data and apply for a contract. This system does not collect or use any other data on the individual except what is available through the enterprise system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the system requires an NIH Login userid and password, The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment.
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Internet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-04-02-8812-00-312-165
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable
5. OMB Information Collection Approval Number: Not applicable
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIAMS Internet Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Danny Heise
10. Provide an overview of the system: Information Dissemination - NIAMS receives calls requesting various literature related to the NIAMS mission. In order to send the information, the caller's name, address and, optionally, their email address and telephone number are captured.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is shared with the NIAMS Clearing House that sends out requested literature.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIAMS collects the caller's name and address, and optionally their email and telephone number, plus a description of the information requested. We also collect IP addresses and pages visited in the log.
The data is used to send the requested information to the requestor. The data is shared with a Clearing House who mails out the information. Once the information (brochure, literature, etc.) is mailed, the data is deleted.
The requestor would need to furnish their name and address (or email address) in order for the requested literature to be mailed.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) When/if major changes occur to the system that could affect or change how the individuals information would be shared, each of the existing individuals would be notified, via mail or email, and requested to consent to the new process. All new users would be made aware of the change when they supply or enter their information.

Under the Privacy Statement tab located on the web site, the requestor is notified of what information will be collected and how it will be used.
The requestor's information is deleted after the materials have been mailed. Changes to the system would not affect the requestor.
The name, address, and optionally an email address and telephone number, are collected from the individual who requests literature from the NIAMS. Without the name and address, the literature could not be mailed.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the System requires an NIH Login userid and password. The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment.
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Intranet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-04-02-8812-00-312-165
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: Not applicable
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIAMS Intranet Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Danny Heise
10. Provide an overview of the system: Information dissemination to the NIAMS staff.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Reference SOR # 09-25-0106
The information is shared internally amongst NIAMS Staff. It is used to complete administrative processes/functions.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The agency collects the individual's name, photo, Lab/Branch/Office address, phone numbers, and email address for administrative processes/functions. The photo is voluntary and the other information obtained is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) When/if major changes occur to the system that affect or change how the individuals information will be shared, each of the existing individuals would be notified, via mail or email, and requested to consent to the new process. All new users will be made aware of the change when they enter or supply their information.

The Directory information is mandatory and is provided by the Administrative Office. The photo is voluntary. Staff members must sign a consent form before the photo is taken and placed on the Intranet. The site contains a privacy notice that states, "This is a U.S. Government Internal (Intranet) Web site, which may be accessed and used only for authorized Government business by authorized personnel. Unauthorized access or use of content on this Web site may subject violators to criminal, civil, and/or administrative action. All information on this site may be intercepted, recorded, read, copied, and disclosed by and to authorized personnel for official purposes, including criminal investigations. Such information includes sensitive data encrypted to comply with confidentiality and privacy requirements. Access or use of this Web site by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy when accessing this site. Information on this site relates only to work and data related to NIAMS activities. No information related to non-business activities of personnel will be collected or presented on this site without the explicit written permission of the personnel involved."
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. The data is indexed by employee name. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the Intranet requires an NIH Login userid and password, The NIAMS Intranet is further restricted to only NIAMS employees and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment.
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS NIAMS General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 9/13/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-0200-01-3109-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIAMS Local Area Network (LAN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Brown
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not applicable. The system is a GSS and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not applicable - no PII data.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Oxford/Cambridge Scholars Program
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/3/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: None
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): None
5. OMB Information Collection Approval Number: None
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH-NIAMS Oxford/Cambridge Scholars Program (OXCAM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Bridget Lampert, 301-496-6083
10. Provide an overview of the system: The OXCAM system consists of a web-based application called Lean Project Manager, which serves as a document/file management system to enable the doctoral students of the NIH-Oxford University Scholars in Biomedical Research Program and the NIH-Cambridge University Health Sciences Research Scholars Program to participate in an inter-disciplinary training program and collaborative research project. The students work under the joint mentorship of intramural faculty of two institutions: NIH and either Oxford or Cambridge University. The students spend equal time in NIH and U.K. laboratories as they progress towards their degree. The students submit training plans, research proposals, and other related files for archival. The Lean Project Manager application is installed on a NIAMS server secured with an SSL certificate. The OXCAM Program Director and NIAMS Server Administrator serve as the system gatekeepers. They use the application for document storage and retrieval and grant user access, as appropriate. Students working to earn a D.Phil. degree in biomedical and health research are granted access to post and view their own records for which they must provide a valid NIH email address, username and password. Faculty advisors, in their advisory capacity, are granted access to view the training plans, progress reports and research proposals submitted by the students assigned to them for the purpose of scheduling meetings and monitoring progress.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system does not contain PII. The only attributes tied to each of the US/UK student folders uploaded to the Lean Project Manager IT system are the student’s name, valid NIH email address, and NIH phone number.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The users of the system (students) do not provide any information (PII) that is not publicly available via NIH (e.g. NED). No processes are in place because the system only contains files posted by the author (i.e. the students), along with the author's name, NIH email address and NIH phone number. As noted previously, the information students upload to the system is developed by them and shared with faculty to help inform the advising process.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The application can not be accessed by individuals who do not possess a current NIH password and who have not been granted access to the server by the NIAMS administrator. The OXCAM program director and the NIAMS server administrator are the gatekeepers for who can be permissioned to use the application for document storage and retrieval. Individual tickets must be submitted for each person to be granted access. The server administrator controls what level of access various types of users have. The only information a student may see is what he/she has uploaded to the server. Faculty advisors may view training plans, progress reports and research proposals the students submit.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Resource Management Services Budget (RMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/3/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-01-02-8806-00-
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable
5. OMB Information Collection Approval Number: Not applicable
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIAMS Resource Management Services (RMS) Budget System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet M. David
10. Provide an overview of the system: Create and maintain budget data for the NIAMS Office of the Director programs. The legislation authorizing this activity is 5 U.S.C 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521, and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Reference SOR # 09-90-0018. This information is further addressed in the HHS Privacy Act Systems of Record Notice 09-90-0018, published in the Federal Register, Volume 59, November 9, 1994.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIAMS collects Employee Last and First Names with the salary, grade, and step. Information is used for creating the OD Division budget for each fiscal year.
Data is not matched with any personal identifiers, sensitive data, or Privacy Act data. Data is required to project and create an accurate budget for FTEs.
This information is collected as backup data to create the salary line item for the NIAMS OD budget for the fiscal year.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) When/if major changes occur to the system that affect or change how the individuals information will be shared, each of the existing individuals would be notified, via mail or email, and requested to consent to the new process. All new users will be made aware of the change when they are asked to supply information.

The information is provided by Department officials, only Employee Name, Grade, Step, and Salary information is gathered via biweekly download from the Visual Employment Database System (VEDS).
It is supplied via data download in a separate Oracle table from VEDS.
The information is required, as a condition of employment, to process payroll, taxes, benefits, and other actions and determinations made about an individual while employed.
Written notice is provided to the subject at the time of employment.
Notification procedures include the immediate supervisors of individuals or the administrative offices of the organizational units in which employed. HR may also provide further information concerning the existence of this SOR. Individuals should provide their name, SSN, and organization in which employed.
The information is used by operating officials in carrying out their management responsibilities.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the system requires an NIH Login userid and password. The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS).
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS SF-52 (SF-52)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/3/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-26-02-8801-00-202-069
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: Not applicable
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIAMS SF-52 Tracking
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet M. David
10. Provide an overview of the system: The systems is used to create, modify, route, and track SF-52 (personnel) actions. IIF data collected/used is the employee's name, DOB, SSN, mailing address, and salary. The information is required, as a condition of employment, to process payroll, benefits, taxes, and other actions and determinations made about an individual while employed.
Reference SOR # 09-90-0018.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Reference SOR # 09-90-0018.
The Office of Personnel Management, Merit System Protection Board, Equal Employment Opportunity
Commission, and the Federal Labor Relations Authority in carrying out their functions. Appropriate federal, state or local agencies as deemed relevant or necessary to the Department. Other individuals performing functions for the Department but technically not having the status of agency employees, if they need access to the records in order to perform their assigned agency functions. Used by the NIAMS Administrative Officers (AOs) to track SF52 data. Data collected is required for all SF-52 personnel actions.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The legislation authorizing this activity is 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521, and Exec Order 10561. NIAMS collects employee name, date of birth, SSN, mailing address and salary. The data is needed to create SF-52 actions. Human Resources uses the SF-52 actions to input information into EHRP. Required statistical reports to upper management and higher headquarters are generated from this information. Data collection is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) When/if major changes occur to the system that affect or change how the individuals information will be shared, each of the existing individuals would be notified, via mail or email, and requested to consent to the new process. All new users will be made aware of the change when they supply their information.

(a) The information comes from the individual to whom it applies, is derived from information supplied by the individual, or is provided by Department officials. (b) It is initially supplied by the individual to HR in writing at the time of employment. (c) The information is required, as a condition of employment, to process payroll, taxes, benefits, and other actions and determinations made about an individual while employed.
(d) Written notice is provided to the subject at the time of employment. (e) Notification procedures include the immediate supervisors of individuals or the administrative offices of the organizational units in which employed. HR may also provide further information concerning the existence of this SOR. Individuals should provide their name, SSN, and organization in which employed. The information is used by operating officials in carrying out their personnel management responsibilities.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the system requires an NIH Login userid and password. The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS).
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Sharepoint
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: New Interagency Uses 
1. Date of this Submission: 11/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): NONE
7. System Name (Align with system Item name): NIH NIAMS SharePoint
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet David
10. Provide an overview of the system: This system’s main function is to provide an electronic workspace for NIAMS document collaboration, repository, workflow, and tracking in order to assure timely and appropriate attention of any document that needs to be completed or approved by a specified due date. Examples of these documents include Science Advances, data calls, Funding Opportunity Announcement clearances, meeting notes, application requirements, travel requests, and controlled correspondence.The legislation authorizing this activity is The Health Research Extension Act of 1985, P.L. 99-158.

NIAMS' SharePoint system is strictly an "Employee System" (see Q.17 in this Section) in that the system is restricted to obtaining information to "permit the physical or online contacting of a specific individual employed by the Federal Government" (see Q.30 in this Section).
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: As a condition of employment, NIAMS collects Employee Name, Work Phone Number, and Work E-Mail Address. This information is provided and verified by the Employee. his/her supervisor, and/or the Microsoft Outlook Global Address List. This information can only be accessed by authorized NIAMS staff, and selected and specifically authorized NIH staff (see Q.54 in this Section and Q.32 in the Website Hosting Section. Note that access will not be expanded beyound NIH).

NIAMS uses this information to provide point-of-contact information and to route and track documents in workflows. Data is not matched with any personal identifiers, sensitive data, or Privacy Act data. The information is needed to streamline document approval processes so that data calls and other documents that need approval are tracked, routed, and completed on time.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is supplied via employee or supervisor and may be verified using the Microsoft Outlook Global Address List. The information is required, as a condition of employment, to communicate with the individual while employed. Written notice is provided to the subject at the time of employment. Notification procedures include the immediate supervisors of individuals or the administrative offices of the organizational units in which the individual is employed. The information is used by operating officials in carrying out their management responsibilities.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls are in place to ensure that system owners, operators, contractors, and program managers who use the system have been trained and are made aware of their responsibilities for protecting any personal information collected and maintained. Initial training is required in order to allow access to the system and refresher training is conducted annually. Training is conducted electronically and those who don’t complete the training as specified will have their access revoked.

The SO ensures that user access is restricted to the appropriate site Administrator, and the site Administrator ensures that all users granted access follow all applicable requirements and the Institute's sensitive data policy (2800-NIAMS-OD-SITB-008).
___
Physical controls - Access to the system requires an NIH Login userid and password. The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment. Physical Access Controls to the building, suite, and server room are by identification badges and key cards (fobs).
____
Technical Controls are in place to minimize the possibility of unauthorized access, use or dissemination of the data. The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools. These technical controls include userids and roles, passwords, firewalls, Virtual Private Network (VPN), and an intrusion detection system.

----
Additional safeguards have been implemented as of November 7, 2011. While most users of the system are NIAMS staff, the SO recently allowed selected NIH staff to have access, too. Because of this, the SO has ensured that additional safeguards have been implemented. The firewall was opened for the selected NIH-level users, SSL was added, additional auditing has been implemented, and additional training is provided. Selected NIH employees can be granted access to a specific site provided that site owner utilizes limited access via a Help Desk ticket. If access is granted, access is monitored and removed when no longer required. (Note - system access will not be expanded beyond NIH.)
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/9/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIAMS Status of Funds Internet Edition (SOFie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: TBD (was 09-25-01-01-02-3198-00-402-125 for predecessor, VSOF)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Status of Funds Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Valerie Green
10. Provide an overview of the system: SoFiE is the Institute's budget reporting system used to track costs and generate status reports. It is a multi-user integrated database of financial transactions from the NIH Central Accounting System used by multiple NIH Institutes and centers to monitor the financial status of programs they support.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Accounting data and related document information is downloaded from Accounting and is relevant or specific to NIAMS for its fiscal year operations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not applicable. No PII is collected, shared, or disclosed.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not applicable as no PII is collected, shared, or disclosed. Controls are in place for the system.
Admin Controls - The information is maintained on-line by the system and may be accessed and printed by those authorized access to the information. Access to this data is limited to those persons whose official duties require such access.
Physical controls - Access to the system requires an NIH Login userid and password. The system is further restricted to only NIAMS users and the NIAMS domain (servers, and PCs etc residing in NIAMS). The servers are secured in a locked, controlled environment.
Technical controls - The NIAMS ISSO and Server Team monitor and control access to all NIAMS machines, including the Intranet server using system monitoring and intrusion detection tools.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Lillian Cosme, 301-496-8296
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIBIB Employee Database Internet Edition (EDie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 9/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018, 09-90-0024, 09-25-0216
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NIBIB Employee Database Internet Edition (EDie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Truc Le
10. Provide an overview of the system: EDie is an Intranet based application primarily used to manage and track personnel information. Authority for maintenance of the system: 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521 and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is intended for internal administrative use only and will not be shared by other entities. Refer to SORN 09-90-0018, SORN 09-90-0024 and SORN 09-25-0216.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EDie tracks all information pertinent to a personnel file for the purpose of personnel management activities. Information is collected from employees via the Human Resources Database (HRDB) system, Fellowship Payment System (FPS), nVision Data Warehouse and NIH Enterprise Directory (NED). Uses consist of the following: a) tracking a time-limited appointment to ensure renewals are done in a timely manner, thereby avoiding any break in service; b) ensuring that allocated FTE ceilings are maintained; c) ensuring salary equity for various hiring mechanisms; d) providing reports requested by the NIH Director, the IC Director, and other management staff, as requested; and e) maintaining lists of non-FTEs, special volunteers, contractors, and other hiring appointments. The type of information collected constitutes PII and includes, but is not limited to the following data elements: name, home address, home phone number, social security number and date of birth. The PII collected is mandatory for all employees.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) PII in the system is downloaded from the HRDB, FPS, nVision Data Warehouse and NED. Changes to HRDB or changes in the way information is used is relayed to employees via official notices from the NIH Office of Human Resources (OHR). Individuals are notified of the collection and use of the data as part of the hiring process. This is a mandatory requirement of potential job applicants seeking employment at NIH.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PII stored in EDie is accessed by a very limited number of administrative staff with a “need-to-know” status. EDie is password protected and sensitive data is encrypted. The system is located on a server in a secure server room behind the NIH firewall.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kai Kamerow
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/9/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIBIB Internet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-00-0000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Internal Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Beth Kester
10. Provide an overview of the system: The NIBIB Internet provides mission-related information to multiple constituencies that include other federal agency staff, extramural researchers, health professionals, educators, students, and professionals.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): does not disclose IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The only data collected are for web site usage statisticsand are not retrieved by personal identifier.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) NIBIB website is in compliance with federal law and NIH web policies. The web site does not collect personal data and the privacy notification statement and disclaimers are used and visible from every page, including web pages directed to children. We do not use persistent cookies.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: We do not collect information in identifiable form.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kai Kamerow
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIBIB NIBIB General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-04-00-0000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIBIB General Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lawrence Morton
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kai Kamerow
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIBIB Status of Funds Internet Edition (SOFIE)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: In development
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Status of Funds Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pamela Galpin
10. Provide an overview of the system: SOFie is a web database application that allows institutes to track expenses and the balance of accounts.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The SOFie system gathers financial data together from NIH systems in order to view and manipulate financial information for the ICs needs. The system does not include any personal information or information in identifiable form.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System is password protected. Individuals only view accounts pertinent to their area.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kai Kamerow
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Certification of Confidentiality [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: Not applicable.
6. Other Identifying Number(s): Not applicable.
7. System Name (Align with system Item name): NICHD Extramural Clinical Certificate of Confidentiality System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: The NICHD Extramural Clinical Certificate of Confidentiality System enables investigators who are conducting research in line with NICHD’s mission to apply for a Certificate of Confidentiality from the NICHD and supports the internal processes for finalizing and issuing the Certificate.

The system automates the cumbersome paper-based process of applying for and issuing certificates by providing a public web interface for users to request a certificate and a staff-side module used by staff in the Clinical Director’s office to track and modify the submission and generate the official document for signature.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NICHD will collect the name, email address, mailing address, and phone number of individuals applying for applications for NICHD Extramural Certificates of Confidentiality. The information will contain PII and submission of personal information is voluntary, but necessary if the applicant chooses to apply.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) If a major change were to occur to the information system, individuals would be notified via telephone calls regarding any potential changes to their PII. At that time, they would be able to provide consent acknowledging the change. Individuals are notified of the information that is being collected from them, and consent is obtained twice: (1) via a pop-up notification where they agree t to certain statement regarding their study before the individual is able to access the application and (2) when they submit their information for the certificate of confidentiality. The first portion of the application indicates how the information the individual(s) submit will be used.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to and use of these records is limited to those persons whose official duties require such access. Secured via sign-on and authentication methods. Administrative controls include system security plan, contingency plan, files backed-up and stored off site, user training, and least privilege accesses. Technical access controls include user identification, password, firewall, VPN, encryption, intrusion detection system, common access cards, and public key infrastructure. Physical access controls include guards, identification badges, key cards, cipher locks, and closed circuit TV.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Child Health Information Retrieval Program [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-04-00-02-4401-00-202-069
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): NICHD-0002
7. System Name (Align with system Item name): Child Health Information Retrieval Program (CHIRP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Aubrey Callwood
10. Provide an overview of the system: The Child Health Information Retrieval Program (CHIRP) provides support for grant application and award processing, tracking, scientific coding and report retrieval for the NICHD Extramural program
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: No Information in Indentifiable Form (IIF) is collected or stored. CHIRP Pull grants and Contract Related data from IMPACII.
The Referral and Program Analysis Branch (RPAB) of NICHD’s Office of Scientific Policy, Analysis, and Communication (OSPAC) assigns each project funding application to the appropriate NICHD branch for review. Once funding has been approved, RPAB then applies extensive scientific coding to the grant record based on the areas of research involved. Throughout the pre- and post-funding process, RPAB maintains summary information about each project for reporting purposes. All project records are then given pre-funding preliminary coding and post-funding scientific coding for detailed and accurate classification. Based on all available project data, highly-flexible querying options allow users to generate various standard and customized reports as necessary for interested internal and external entities.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No IIF is collected
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not Applicable
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Clinical Trails Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/12/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: TBD
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: Paperwork Reduction Act notice has been submitted for OMB approval. This will be updated once that information is obtained.
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NIH NICHD Clinical Trials Database (CTDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Aubrey Callwood
10. Provide an overview of the system: The CTDB is a web-based application that supports the NICHD Clinical Trials Program. The NICHD Clinical Trials Program consists of approximately 50 medical investigators and research staff (e.g., nurses, residents). The system supports clinical trial data collection. The Clinical Trials Survey System portion of the CTDB allows individuals participating in clinical trials to fill out questionnaires online. The goal of this application is to provide a user-friendly electronic data collection solution for clinical research. This makes the process of conducting clinical trials easier and more efficient for participants, as well as researchers.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The information the agency will collect includes name, date of birth, mailing address, phone number, medical notes, medical records numbers, and e-mail addresses.
2) The information is collected for the purposes of participating in the study.
3) The type of information collected does contain PII and submission of information is mandatory in order to participate.
4) The submission of personal information is voluntary but mandatory in order to participate.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) 1) The process in place to notify and obtain consent from the individuals whose PII is in the system when a major change occurs to the system is via e-mail notifications to the users and through broadcast lists. All data collected is obtained via Institutional Review Board (IRB) approved protocol.
2) Consent to collect and use the PII from the participants is obtained through the patient consent form.
3) The participants are also notified as to how that information will be used or shared during the time they sign the patient consent form.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to and use of these records is limited to those persons whose official duties require such access. Secured via sign-on and authentication methods. Administrative controls include system security plan, contingency plan, files backed-up and stored off site, user training, and least privilege accesses. Technical access controls include user identification, password, firewall, VPN, encryption, intrusion detection system, common access cards, and public key infrastructure. Physical access controls include guards, identification badges, key cards, cipher locks, and closed circuit TV.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Contracts Module (CM)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable
5. OMB Information Collection Approval Number: Not applicable
6. Other Identifying Number(s): Not applicable.
7. System Name (Align with system Item name): NICHD Contracts Module (CM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: The NICHD Contracts Module is a web-based system designed to allow NICHD staff with contracts responsibilities to more efficiently monitor the contracts budget, as well as provide a high level budget view for discussions with NICHD senior management. The system will be designed to capture contracts financial data at key points in the business process from the relevant NICHD and NIH financial systems and link the data together. The system is initially intended for use by the Finance and Contracts branches, with future extension to Program staff.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The system does not collect PII information. Specifically, the system stores information about each contract for which NICHD is providing funding (contractor name, contract title, and dollar amounts).
2) The system is designed to capture contracts financial data at key points in the business process from the relavant NICHD and NIH financial systems and link the data together in order to more efficiently monitor the contracts budget.
3) The system does not collect or store PII information.
4) User do not submit any personal information to the system. The system does not collect data or PII from users.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No IIF is collected
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not Applicable
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Council Member Website [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): Council Member Website (CMW)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Aubrey Callwood
10. Provide an overview of the system: CMW provides NICHD Advisory Council members with online access to a variety of Council-related information, both for the current council and an archive of data from prior councils. The site also provides Council members with the ability to review and vote on individual applications as well as an En Bloc review which would allow the Council to fulfill their business function without physically meeting at National Institute of Health (NIH).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The system does not collect or store PII information. The system provides NICHD advisory council members with online access to a variety of Council related information. Current council and archive data from prior council is available on the site.
2) The information available on the Council Member Website is used by NICHD staff to access general council information.
3) The system does not collect or store PII information.
4) Not Applicable – Users do not submit PII information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No IIF is collected
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not Applicable
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Diversity Development Database (3D)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/29/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NICHD Diversity Development Database (3D)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: The Diversity Development Database (3-D) system is a web-based application providing a central mechanism for collecting and reporting on data for programs within the Division of Special Populations (DSP). It allows program participants (e.g., Principal Investigators, Mentors, and Scholars) to more easily meet their program’s funding and assessment requirements by providing a centralized location where they can submit relevant data on their progress and achievements at any time. It also aids NIH staff in their duty to evaluate training programs at grantee institutions by increasing data uniformity, decreasing data duplication, and enabling up-to-the-minute reporting, allowing them to see a program’s or individual’s progress at any given time in history.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) 3D maintains business information on individuals requesting grants from NIH (this includes: Name, Personal Mailing Address, Personal Phone Numbers, Personal Email Address, and Educational Information). The name of the individual is requested along with education information such as the school and degree earned (no formal transcripts are requested) as well as the individual’s military history (such as their position and dates in that position), but no formal request is made to the military to obtain this information. The information is also used for the purpose of monitoring progress in one of the diversity related programs.
2) The information is used to contact individuals requesting grants from NIH
3) The system does contain PII
4) THe information submission is voluntary, but necessary in order to participate
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) If a major change were to occur to the system, individuals would be notified via e-mail. Individuals are notified, and consent is obtained, regarding what PII is being collected from them at the time of information collection. During that time, they are also notified how that information is going to be used. At that point, they can determine whether they will participate.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to and use of these records is limited to those persons whose official duties require such access. Secured via sign-on and authentication methods. Administrative controls include system security plan, contingency plan, files backed-up and stored off site, user training, and least privilege accesses. Technical access controls include user identification, password, firewall, VPN, encryption, intrusion detection system, common access cards, and public key infrastructure. Physical access controls include guards, identification badges, key cards, cipher locks, and closed circuit TV.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 10/11/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Division of Intramural Research Website [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/12/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: TBD
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable. This system does not collect personally identifiable information.
5. OMB Information Collection Approval Number: Not applicable. This system does not collect personally identifiable information.
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): Division of Intramural Research Public Website (DIRWeb)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chandan Sastry
10. Provide an overview of the system: The Division of Intramural Research (DIR) attempts to understand and harness the science and technologies which will allow prediction, at or before birth, of diseases to which humans are susceptible, to identify genetic, prenatal (fetal antecedents) and environmental factors that influence expression so that interventions can be developed that will prevent or modify each expression. The DIR studies the biology of development, and examines events from conception through senescence at the molecular, physical/chemical, genetic, and behavioral level in cells, tissues/organs and organisms. The DIR attempts to understand the biological processes of normal and pathological development in human beings. The DIR website delivers research capabilities for the ten programs which make up the DIR: cell biophysics and chemistry, cell regulation and metabolism, and cell metabolism and biology; genomics of differentiation, developmental endocrinology and genetics, developmental immunology; reproductive sciences and medicine, perinatology; and developmental neuroscience.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) DirWeb contains information which attempts to understand and harness the science and technologies which allows prediction, at or before birth, of disease to which humans are susceptible, to identify genetic, prenatal (fetal antecedents) and environmental factors that influence expression so that interventions can be developed that will prevent or modify each expression
2) The DIR studies the biology of development, and examines events from conception through senescence at the molecular, physical/chemical, genetic, and behavioral level in cells, tissues/organs and organisms.
3) The system does not contain PII
4) Not Applicable
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No PII is collected
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect PII, however there are controls in place on the system including the following: administrative controls include a system security plan, a contingency plan, the backing up of files and storing them offsite, as well as methods in place to ensure least privilege access; technical controls include user identification, passwords, firewall, and an intrusion detection system; and physical access controls include identification badges, key cards, and cipher locks.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Insider 2 [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): Insider Intranet 2 (Insider2)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Aubrey Callwood
10. Provide an overview of the system: The Insider provides an Intranet for NICHD Staff to use to view general administrative information online. In addition, program and extramural staff have access to several applications that allow them to submit recommendations for grants funding, reporting, and document tracking
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The system does not collect or store PII information. The system provides general administrative information to staff. The system allows extramural staff to submit non PII information such as recommendation for grants funding, reporting and document tracking.
2) The information available on the Insider Intranet site is used by the NICHD staff to access general administrative information.
3) The system does not collect or store PII information.
4) Not Applicable - Users do not submit PII information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No IIF is collected
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect PII, however there are controls in place on the system including the following: administrative controls include a system security plan, a contingency plan, the backing up of files and storing them offsite, as well as methods in place to ensure least privilege access; technical controls include user identification, passwords, firewall, and an intrusion detection system; and physical access controls include identification badges, key cards, and cipher locks.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Manuscript Tracking System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/12/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: TBD
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable. System does not retrieve information by a personal identifier, and is not subject to the Privacy Act.
5. OMB Information Collection Approval Number: TBD
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Manuscript Tracking System (Mtrac)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chandan Sastry
10. Provide an overview of the system: Researchers routinely publish papers as part of their research. To ensure the highest quality of the publications the Division of Intramural Research at the NICHD established an approval process through which all publications have to go.
The approval process usually follows a bottom-up pattern, by which the manuscript that has been submitted gets successively routed to a direct report. However, there are exceptions to this rule and generally a manuscript can be routed to any person participating in the approval/review process. A person with approval permissions can approve the manuscript for publication. The publication marks the last step in the internal reviewing process.
Mtrac is used to select reviewers and move papers through the peer review process as quickly as possible without compromising accuracy. The Mtrac system will automate a process which is currently being done entirely on paper. It will save a tremendous amount of time and avoid human errors that occur by performing mundane work. In addition the system will enable people to participate in the process that have not been able to participant in the paper model.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose information with any other system or agency.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The Mtrac system will collect name, phone number, and e-mail addresses.
2) The purpose for using this information is to incorporate it into a data base which automates the approval process through which all publications have to undergo. The automated system will save a tremendous amount of time and avoid human errors that occur by performing mundane work.
3) The information collected does include PII, and;
4) Submission of information is voluntary based on whether an individual would like to submit a manuscript for review.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Individuals are notified via e-mail for when a major change occurs to the system. Individuals are notified as to the type of PII that is being collected from them during training, and they provide verbal consent when they choose to sign up for the system. Individuals are also told the system purposes to include: their information being updated in PUBMED, and to keep an account of their activities in publishing.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include a C&A, a system security plan, a contingency place, storing of files offsite, user manuals, and least privilege access. Technical controls include user identification, passwords, firewall, virtual privacy network (VPN), encryption, and intrusion detection system (IDS). Physical controls include guards, identification badges, key cards, and cipher locks.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Menkes Disease and Occipital Horn Syndrome International Registry [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A There are no Other Identifying Numbers the Agency uses.
7. System Name (Align with system Item name): NIH NICHD Menkes Disease and Occipital Horn Syndrome International Registry
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: Menkes allow doctors around the world to seek referrals for patients with Menkes or Occipital Horn syndromes via a public website. Dr. Stephen Kaler is the leading expert on these diseases and is not only the sole source for treatment referrals, but is also the only person who can confirm that the patient has these diseases. This website allow doctors to enter in basic patient personal information as well as data about their symptoms to allow Dr. Kaler to provide referrals for treatment. The registry also allows follow-up information to be posted. Currently, this data is sent to Dr. Kaler via telephone, email, or fax.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is only shared between Dr. Stephen Kaler and his assistant Maryellen Rechen.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) Information is sent to Dr. Kaler regarding patients symptoms (this includes: Name, Date of Birth, Personal Mailing Address, Personal Phone Number, Medical Noters, and Personal Email Address)
2) The information is sent in order for Dr. Kaler to fully assess the patients symptoms and make approprirate for treatment of the specified disease
3) Yes the information contains PII
4) The submission is voluntary because the patients and doctors enter the information themselves in the website
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The information is entered voluntarily, and therefore consent is given by the patients when the information is entered.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include a system security plan, a contingency plan, backing up files and storing them offsite, user manuals, and least privilege access. Technical controls include user identification, passwords, firewall, virtual privacy network (VPN), encryption, and an intrusion detection system (IDS). Physical controls include guards, identification badges, key cards, and cipher locks.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD NICHD General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not applicable. System does not retrieve PII by one or more personal identifiers.
5. OMB Information Collection Approval Number: Not applicable.
6. Other Identifying Number(s): Not applicable. System does not retrieve PII by one or more personal identifiers.
7. System Name (Align with system Item name): NICHD General Support System (GSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: The NICHD GSS is managed out if the NICHD Information Resources Management Branch (IRMB) office. The size of the NICHD GSS is equated to the size of networks found in mid-size corporations. The NICHD GSS is used for internal administrative and scientific purposes, as well as to provide services to the general external public. Additionally, specific extranet projects are supported via NICHD GSS as well. Systems within this GSS include: nichddirsfs1.nichd.nih.gov, nichddirsfs2.nichd.nih.gov, nichdzfish3.nichd.nih.gov, searchdir.nichd.nih.gov, nichdvm10, nichdvm11, nichdvm12, nichdvm13, nichdvm18, nichdvm19, nichdvm20, nichdvm21, nichdmic.nichd.nih.gov , nichdmica.nichd.nih.gov, nichd32t21.nichd.nih.gov (attached to a electron microscope), nichdsws.nichd.nih.gov, zfish.nichd.nih.gov, stbb-lr.nichd.nih.gov, tango.nichd.nih.gov, zfish2.nichd.nih.gov, rafisher.nichd.nih.gov, stbbrock.nichd.nih.gov, nichddevdb.nichd.nih.gov, nichddbprod.nichd.nih.gov, nichdctdbproddb.nichd.hih.gov, nichd-ccdb.nichd.nih.gov, trypsin.nichd.nih.gov, nichdapptest1.nichd.nih.gov, nichdappdev1.nichd.nih.gov, nichdappprod1.nichd.nih.gov, nichdappprod2.nichd.nih.gov, nichd-ctdbapps.nichd.nih.gov, nichddirdevdb.nichd.nih.gov, nichd-rs.nichd.nih.gov, metis.nichd.nih.gov, nichdexp.nichd.nih.gov, nichdctdbldap, nichddesprdev1, nichdapps1, nichd6prts, nichdrock1apps, nichdtripmon, nichdtissuebank, ceres, nichd-webtest, nichdinsidrtst, nichdchirptrain, nichdsp01, nichdsp02, nichdclsql01, nichdclsql02, nichdnmsql01, nichdwsus, nichdmrsd, nichdintnettest, nichdorstest, nichdorptest,nichdmrsdtest, nichdbizobj02, nichdbizobj01, nichdbackup03, nichdextrtst, nichdreport01, nichdmssql02, nichdmsmom, nichdinsightmgr, nichdshareptest, nichdtwtst, nichdtw01, nichdorp, nichdors, nichdpatchscan01, nichdmssql01, nichdmssql03, nichdora1, nichdora2, nichdora3, nichdora4, nichdora5, nichdora6, nichdoramgr, nichdnascan1, nichdnascan2, nichdnascan3, nichdstorage2, nichd49dc1, nichdchirp, nichdextranet1, nichd6100dc1 ,nichdtermsrv1, nichd6100e, nichdvm08, nichdvm02, nichdsharepoint, nichdpoolesvlle, nichdoramgrts, nichdreport, nichdvm09, nichd6100fs1, nichdinsider, nichdcc1, nichdcc3, nichd9fs1, nichd31fs1, nichd6fs1, nichd49fs1, nichdrockfs1, nichd18-32fs1, nichdvm01, nichdvm06, nichdvm07, nichdbackup01, nichdbackup02, nichdrds, nichd31dc, nichdnav, nichdsav, nichdoramgrp, nichdoramgrt, nichdora7, nichdora8, nichdapps2, eroom, and HPBL01C700.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: As the NICHD GSS is the principle component for administrative, scientific, and business data, individual applications may have specific configurations and/or data storage requirements and classifications beyond the scope of this document. Such applications are individually documented by their respective owners. NICHD GSS management personnel continue to provide the platform support, administration, backup, etc., for the systems comprising such applications. This system does not collect, maintain or disseminate PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) As the NICHD GSS is the principle component for administrative, scientific, and business data, individual applications may have specific configurations and/or data storage requirements and classifications beyond the scope of this document. Such applications are individually documented by their respective owners. NICHD GSS management personnel continue to provide the platform support, administration, backup, etc., for the systems comprising such applications. This system does not collect, maintain or disseminate PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include system security plan, contingency plan, files backed-up and stored off site, user training, and least privilege accesses. Technical access controls include user identification, password, firewall, VPN, encryption, intrusion detection system, common access cards, and public key infrastructure. Physical access controls include guards, identification badges, key cards, cipher locks, and closed circuit TV.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name:
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Operational Planning and Scientific Initiatives System of Tracking (OP-ASIST)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NIH NICHD Operational Planning and Scientific Initiative System of Tracking
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Li Huang
10. Provide an overview of the system: OP-ASIST is an automated, web-based tool that supports the Eunice Kennedy Shriver- National Institute of Child Health and Human Development (NICHD) research initiative user community. OP-ASIST provides NICHD with the ability to manage the planning process for grant and contract related scientific initiatives. It facilitates tracking the progress of all scientific initiatives from initial concept development through grant and contract approval.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The information collected, maintained, and disseminated are proposed contract and grant information including the organizations, the background and scope of contract, peer reviews of the initiative, financial information (who’s providing funding, how much, and mechanism), decisions that are made throughout approval process, and the audit of all changes that any user makes
2) Information is collected to provide NICHD with a mechanism to plan future contracts and grants
3) The system does not contain PII
4) Not applicable, there is no submission of personal information by users

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not applicable. System will not collect, maintain, or disseminate any PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not Applicable
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name:
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Reproductive Tissue Sample Repository [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/22/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NIH NICHD Reproductive Tissue Sample Repository (RTSaR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: The RTSaR is a centralized, Web-based system that may be used to track and retrieve information about tissue availability. RTSaR may be used by the tissue banks to enter and maintain current data regarding the availability of tissue samples at their facility to query, the availability of tissue, and to order tissue samples on-line.

RTSaR has been implemented using Java, JSP, HTML, and XML technologies. Data persistence is achieved using an Oracle database. Secure Socket Layer (SSL) has also been put in place to provide security of data being sent across the Internet.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The system holds basic information about Tissue in various repository (size, date, generic statistic about source of tissue). Users that have access to (name, institution, email address, and grant users are funded through). The information collected is includes information about users that are outside the Federal Government.
2) The information is used for scientist to request a sample tissue to perform an NIH funded research. The user information (name, email address, and phone number) is kept so that access information can be granted to users by the system admins.
3) The system does contain PII
4) If users need access to the system, they must submit their name, email address, and phone number. Therefore the submission is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The information is entered voluntarily, and therefore consent is given by the users when the information is entered.

1) An email may be sent out to all users to let them know of change.
2) The information is entered voluntary by users. The users provide their name, email address, and phone numbers in order to gain access to the system.
3) The user information (name, email address, and phone number) is used to contact users, specifically when system admins need to verify their user information (name, email address, and phone number)
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Records are maintained on-line by the system and may be printed by authorized requesters. Access to and use of these records is limited to those persons whose official duties require such access. Secured via sign-on and authentication methods. Administrative controls include system security plan, contingency plan, files backed-up and stored off site, user training, and least privilege accesses. Technical access controls include user identification, password, firewall, VPN, encryption, intrusion detection system, common access cards, and public key infrastructure. Physical access controls include guards, identification badges, key cards, cipher locks, and closed circuit TV.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 10/28/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Sponsored Dashboards (NSD)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/29/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NIH NICHD Sponsored Dashboards (NSD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: The NICHD Dashboard tool was designed to enhance the decision-making efficiency of NICHD senior management by providing simplified, timely access to required information through a set of key performance indicators. Analogous to the way information is displayed on a vehicle dashboard; the Dashboard was intended to allow users to quickly analyze performance across multiple “gauges”. These “gauges” or measures are grouped in categories of interest to NICHD senior management: Extramural, Intramural, Financial, Human Capital and Administration.

The project was originally spearheaded by the prior Executive Officer. The project was intended to be released to Center Directors to allow them to view their portion of the financial budget, their grants portfolio and contracts portfolio. While several of these measures were completed, changes to the financial structure and systems at NICHD and NIH have occurred so several measures have been removed from the system.

NICHD Sponsored Dashboards (NSD) consists of the NIH Dashboard, NCI Dashboard, the NICHD Dashboard and Telework Application and Review System (Telework) applications. NSD is an internal application and is accessible to NIH users via the NIH Intranet only. The dashboards are designed for senior managers and executives and the dashboard information is read only from the source, Human Resources Database (HRDB).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) The NSD contains Extramural, Intramural, Financial, and Administration Information
2) The information is used to enhance the decision-making efficiency of NICHD senior management by providing simplified, timely access to required information through a set of key performance indicators
3) The system does not contain PII
4) Not Applicable
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No PII is collected
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect PII, however there are controls in place on the system including the following: administrative controls include a system security plan, a contingency plan, the backing up of files and storing them offsite, as well as methods in place to ensure least privilege access; technical controls include user identification, passwords, firewall, and an intrusion detection system; and physical access controls include identification badges, key cards, and cipher locks.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 10/11/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NICHD Status of Funds Internet Edition
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/8/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NIH NICHD Status of Funds, Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rodney Rivera
10. Provide an overview of the system: SOFie is a reporting tool that allows NICHD to manipulate and report on financial transactions and general accounting information downloaded from the NIH Central Accounting System (CAS). It tracks budget allocations, open commitments, obligations, invoicing and payments. Transactions are passed through other systems and then downloaded, or linked into the shared data system called nVision Data Warehouse, where it is then uploaded into SOFie and exported to Excel. Downloads are processed on a daily basis, generally in the evening hours to ensure all allocation entries and adjustments are captured in real time. The daily downloads allow administrative and management staff to accurately report on the budgets established within the NICHD office, laboratory, section or branch. Financial transaction details are charged to a Common Accounting Number (CAN) which is part of a hierarchical accounting structure termed the Management Account Structure (MAS). The MAS groups CANs into summary levels which include the appropriation source, allotment number, budget activity, allowance name, cost center and CAN. The CAN is tied to a Project Number, categorized by Object Class Code (OC), and summarized and itemized by individual Document Numbers assigned for reference purposes. Additional manipulation is possible to track expenses by month or fiscal year, by data range, and through several stages of the acquisition process.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) Fiscal year operational information and general accounting data is downloaded from the NIH Central Accounting System (CAS) into a commercial, off-the-shelf (COTS) software product purchased by NICHD and exported to Excel. The financial information is specific to NICHD and is organized by category (Ex. salary, benefit, award, appropriation, central services, etc.).
2) It can be sorted by organizational code, object class code, date or amount of a commitment, expenditure, or obligation, etc.
3) The system contains no personally identifiable information (PII) on any individual.
4) Not Applicable
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not Applicable
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not Applicable
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Aubrey Callwood
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 3/18/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA BIS Collaboration and Scheduling System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIDA BIS Collaboration and Scheduling system
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: Included in this system are applications designed to increase the efficiency of NIDA IRP day to day operation, promote collaborations among researchers for information sharing, and for information distribution. They are office/conference room booking system, BIS Web, BIS Sharepoint and Wiki.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The system collects scheduling information, shared scientific information, serve as entry point for other systems, and store/display documents for administrative purpose for IT and Administrative branch. The information contained in the system ONLY represents federal contact data.
(2) the information is used in aid of scientifc research.
(3) It does not contain PII.
(4) Not applicable. This system does not ask for submission of personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA BIS Inventory and Change Control System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIHNIDA BIS Inventory and Change Control System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: This information system contains two parts. One is for system inventory tracking; the other is for change control tracking. The information system is an in-house application built for BIS to record server configurations along with the changes made to each server and to document the approving process before the actual change is done to the servers.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1)The system collects server configurations, server function, and change control information on servers maintained by the BIS. It is used by the IT department for server tracking. It does not contain contact data.
(2) the information is used for maintaining NIDA IRP Servers.
(3) It does not contain PII.
(4) Not applicable. This system does not ask for submission of personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA Criminal Justice Drug Abuse Treatment Studies (CJDATS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: n/a
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): n/a
7. System Name (Align with system Item name): NIH NIDA Criminal Justice Drug Abuse Treatment Studies
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sarah Duffy
10. Provide an overview of the system: The system supports the CJDATS Research Collaborative, which funds 9 research centers (RCs) through a cooperative agreement mechanism. The RCs conduct three multi-center and multi-site studies to test organizational and professional change strategies to implement evidence-based approaches to assessing and treating drug abuse within criminal justice settings. The three projects include one to improve assessment of clinical needs, one to improve linkages to HIV services, and another to improve practices related to medication-assisted therapy. The system facilitates the processing and aggregation of the study data collected by the RCs; coordination of research-related activities, dissemination of non-identifiable data, and general dissemination of public CJDATS information. Most information is collected by the RCs via survey from employees of correctional institutions and community-based treatment centers. This information includes demographic and position information about the respondents, as well as study-related information such as their perception of functioning of their workplaces, their attitudes towards change, and their perceptions of the interventions being tested. It also collects data about the respondents' perceptions of the interventions being studied. PDF versions of paper forms are uploaded by the RCs to a secure website provided under contract to AMAR International (AMAR). The forms are then fed into Teleforms and converted to SPSS (Statistical Package for the Social Sciences) files. These SPSS files are provided to RCs on an as needed and approved basis so they can conduct statistical analyses. The RCs will also collect information on the quality of patient-level case plans from administrative data. These data will not be linkable to the patient for whom the case plan was created, and will not contain any personal information on the patient him- or herself. The system also contains a website which contains the names of RC, contractor, and NIDA personnel who are working on the project. At the end of the research project, AMAR will make available public use versions of these files for posting in a data archive hosted under a separate contract.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system processes data records that in some cases contain non-informative personal identification numbers, which are included in data records to facilitate linking. These personal identification numbers can be linked by the RC who originally collected the information to personally-identifying information (which is kept under lock and key). A given respondent may fill out several forms, information from which needs to be linked to create a respondent-specific record for use in statistical analysis. Employment status information is implicit, because respondents are all employees. The records containing these non-informative IDs may be shared with others in the Criminal Justice Drug Abuse Treatment Studies (CJDATS 2 - "2" refers to the fact that this is the second CJDATS program funded by NIDA. The first, CJDATS 1 is complete) research cooperative, including designated and approved personnel in any of the 9 RCs, as well as appropriate contractor and NIDA staff. Under SORN 09-25-0200, these records may be disclosed for routine uses and under conditions and contexts specified in the SORN notice such as for research purposes, response to an inquiry by Members of Congress or their staff, litigation purposes to the Department of Justice, to agency contractors, grantees, experts, consultants, collaborating researchers, and volunteers to assist in the performance of a service related to this system of records. Other uses specified in the SORN notice are likely not relevant to this system, because the data needed to inform those uses is not contained in these records. Names of RC, contractor, and NIDA personnel who are working on the project are on the Website for purposes of collaboration, administration, etc. These are not reserach subjects.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1). The study data, which are processed and maintained by the agency's contractor, AMAR International, and its subcontractors, but collected by the RCs, contains survey responses from employees of criminal justice organizations and community-based treatment agencies to a variety of surveys that are conducted as part of the research. These surveys collect information on the characteristics of the individuals, their worksites, and their perceptions about the various professional and organization change strategies under study. The RCs will also collect information on the quality of patient case plans, but this information will not be linkable to individual patients and does not contain information about the patients themselves. Finally, the website contains the names of the RC, contractor, and NIDA staff who are working on the project. (2). This information is being collected to support research conducted under a cooperative agreement. The findings from the studies will be disseminated via peer-reviewed publication and conference presentations, and the purpose of the project is to improve treatment received by drug abusers involved in the criminal justice system. At the end of the study, public use versions of the data files (i.e. de-identified and modified according to findings from a disclosure analysis) likely will be posted on a a public website (likely here http://www.icpsr.umich.edu/icpsrweb/NAHDAP/index.jsp) (3). The data submitted by the RCs to the data processing contractor contain a unique, non-informative respondent identifier to facilitate linking that individuals' responses to various surveys to allow for statistical analysis. Each RC keeps under lock and key information that could be used to link the identifier to an individual. Names of NIDA, RC, and contractor staff working on the project are contained on the website (4). Submission of personal information, and any other survey response, is voluntary.

This activity is authorized under Sections 301 and 405 of the Public Health Service Act as amended (42 USC 241 and 284) and under Federal Regulations 42 CFR 52 and 45 CFR Parts 74 and 92.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) (1). There are no plans to make major changes to the system, including disclosure and use of the data, beyond what was originally consented, in this time-limited research project.. (2). Respondents are notified and consented at each wave of study data collection via individual RC IRB and correction or community services site approved consent forms. For example, the following requirements are from the State of Connecticut:
A. Before commencing a research project requiring participation by staff or inmates, the researcher shall give each participant a written informed consent statement containing the following information: 1. Identification of the researcher; 2. Objectives of the research project; 3. Procedures to be followed in the conduct of research; 4. Purpose of each procedure; 5. Anticipated uses of results of the reserach; 6. A statement of benefits reasonably to be expected; 7. A declaration concerning discomfort and risk, including a description of anticipated discomfort and risk; 8. A statement that participation is completely voluntary and that the participant may withdraw consent and end participation in the project at any time without penalty or prejudice; 9. A statement regarding the confidentiality of the research information and exceptions to any guarantees of confidentiality required by federal or state law; 10. A statement that participation in the research project will have no effect on the inmate's release date or parole eligibility; 11. An offer to answer questions about the research project; and 12. Appropriate additional information as needed to describe adequately the nature and risks of the research project. A researcher in addition to presenting the statement of informed consent to the participant, shall also obtain the participant's signature on the statement of informed consent prior to initiating the research activity. (3). The processed data will be shared with designated and approved members of the CJ DATS reserach consortium for statistical analyses for use in publications and conference presentations. De-identified data that has been modified according to the results of a disclosure analysis may be posted here http://www.icpsr.umich.edu/icpsrweb/NAHDAP/index.jsp.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: Only selected data processing contractor and subcontractor staff, selected NIDA staff, and RC staff specifically identified by the Principal Investigators have access to the data containing PII on the system, which are hosted on a non-public part of the website. Technical Controls: Access to PII database is protected by strong passwords (MS Windows Server 2008 password policy) and the assignment of access rights and permissions. Passwords are changed at 6 month intervals. Windows Authentication is used. Authentication information is required every time the user logs into the website and every time the user opens a document on the website. McAffee Total Protection, Windows Forefront Security, and Windows Firewall are enabled to protect the site, in addition to firewalls provided by the hosting site (FPWeb.net), a subcontractor to the prime (AMAR international). The firewall is set up to reject all outside connections on ports not used by the CJ-DATS website. Physical controls: traditional locks, access controls, and biometric surveillance systems; fire suppression, HVAC, power feeds, hot-swappable servers and routers as provided by FP Web. FP Web has SAS 70 Type II Certification..
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark R. Green, 301.435.1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA Drug Inventory Supply and Control System (DISCS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/19/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Unknown
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0210
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIDA3
7. System Name (Align with system Item name): Drug Inventory Supply and Control System (DISCS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anita LoMonico
10. Provide an overview of the system: This system accounts for research grade drugs made available for distribution for research and analytical purposes. Materials are provided on request from persons authorized by the DEA (Drug Enforcement Administration) and following procedures specified by that agency. This system maintains (1) records of quantities in inventory by DEA classification and locally assigned catalog information, (2) records of all distributions of quantities of materials by inventory account, order number and requesting individual. If shipment is to a secondary address because of DEA registration or radiation safety requirements, that information is also maintained.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not collect, store or share PII as defined by NIH
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Types of information contained in the records are: researchers name, DEA (Drug Enforcement Administration) registration numbers, business address (location of research project), telephone number and e-mail address, requests for substance(s), name and amount of each compound requested and shipped, date material is shipped and received, shipment numbers, and DEA order form numbers. Data collected are the minimum necessary to satisfy DEA record requirements, to allow contact with requestor and, finally, to ship materials to requestor.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There are no procedures to notify users of changes in use of IIF collected. This system serves the single purpose of accounting for drugs distributed primarily for research and analytical purposes and providing the distributor with contact and shipping address information to comply with requests for materials from NIDA supplies. Additional information is collected for the sole purpose of accounting for the drug materials in accordance with law and regulations pertaining.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Authorized users only. The "hard copy" records arephysically located at the Neuroscience Center, Bethesda, Maryland, the main server is physically located at 6116 Executive Blvd, Rockville, MD.. The computerized records are kept in a room with controlled access. The room is locked at all times. The "hard copy" records are stored in locked file cabinets in a room with controlled access. This room is locked when not occupied. The Neuroscience Center has a 24-hour guard patrol service. The terminals are housed in a secured work area with limited admittance. Contract personnel use a password identification system to obtain access and encrypted connections to ensure data security.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green, 301-435-1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA External Collaboration System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIDA External Collaboration System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: External collaboration System hosts several web applications, which don’t include PII and have all been assessed with their own PIAs, to facilitate the collaboration efforts between IRP and the outside entities. It utilizes NIH external AD accounts to grant access to the collaborators. There are three applications included in this system. Data Safety Monitory Board (DSMB)/ IRB Protocol, Image Read, and AgMednet.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) This information system either collects or disseminates information from or to outside entities that are collaborating with NIDA IRP. The contact information contained in the system ONLY represents federal contact data.
(2) the information is used for collaboration with non-NIH entities
(3) It does not contain PII.
(4) Not applicable. This system does not ask for submission of personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 12/9/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA Extramural Project System (NEPS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/19/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-26-02-9301-00-202-069
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): NIDA 1
7. System Name (Align with system Item name): National Institutes on Drug Abuse Extramural Project System (NEPS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anita LoMonico
10. Provide an overview of the system: NEPS is a NIDA corporate extension system to IMPAC II. This system provides online management, reporting, and tracking of grant data.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PII is not shared nor disclosed with other divisions within this agency, external agencies, or other people or organizations outside the agency
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Authority for collection of this information is 5. U.S.C. 301; 42 U.S.C. 217a, 241, 282(b)(6), 284a, and 288. 48 CFR Subpart 15.3 and Subpart 42.15. The IIF that the system captures on the public is obtained from the NIH IMPACII system. This system does not directly collect information but rather retrieves the information from the NIH IMPACII system. The IIF that the system retrieves is about individuals employed by NIDA and involved in the grants business process. IIF includes name, address, phone number, and financial account information. Most information supplied is mandatory as it is needed to process a grant application.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There are no processes in place to notify and obtain consent from individuals regarding the IIF used in this system when major changes have occurred.

Forms used by NIH to collect Privacy information (such as PHS 398) clearly state the purpose of the information being collected.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information is secured using username/passwor­ds, least privilege, separation of duties, firewalls, locks, badge access, background investigations.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green, 301-435-1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA Internet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIDA Internet Server
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mark Fleming
10. Provide an overview of the system: Website for the National Institute on Drug Abuse for public use.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes with contractors for order fulfillment.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Log files for statistical purposes.
The webserver logfile logs the following information
The Internet domain (for example, "xcompany.com" if you use a private Internet access account, or "yourschool.edu" if you connect from a university's domain), and IP address (an IP address is a number that is automatically assigned to your computer whenever you are surfing the Web) from which you access our website
The type of browser and operating system used to access our site,
The date and time you access our site,
The pages you visit, and
If you linked to our website from another website, the address of that website.
Ordering information for product fulfillment. This information is collect through an online form and is only kept long enought to fullfill the obligation. Upon completion, this information is deleted immediately. Voluntary submission by user.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The information is not stored for any length of time and is deleted once completed. No need for notification of change and there are no processes in place to notify individual when major changes occur. The information is sent to the contractor for order fulfillment only.

There are processes in place to obtain consent and information is stored as described in privacy policy.

from privacy policy *
"If you choose to provide us with additional information about yourself through an e-mail message, form, survey, etc., we will only maintain the information as long as needed to respond to your question or to fulfill the stated purpose of the communication."
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Secured through cipher locked office, badge entry to building, passwords, and key card usage.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green, 301-435-1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA Intranet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIDA Intranet Server
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mark Fleming
10. Provide an overview of the system: Internal resources for NIDA staff.
The SOP has confirmed that there is no linkable PII.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Log files for statistical purposes.

The webserver logs the following information
The Internet domain (for example, "xcompany.com" if you use a private Internet access account, or "yourschool.edu" if you connect from a university's domain), and IP address (an IP address is a number that is automatically assigned to your computer whenever you are surfing the Web) from which you access our website
The type of browser and operating system used to access our site,
The date and time you access our site,
The pages you visit, and
If you linked to our website from another website, the address of that website.
There is no IIF data.
The SOP has confirmed that there is no linkable PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green, 301-435-1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/30/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA IRP BSC Review
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIDA Intramural Research Program BSC Review
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: Board of Scientific Counselors (BSC), developed in-house, is hosted at a secure website to allow authorized external scientific review board members to access NIDA IRP primary investigator’s (PI) curriculum vitae (CV), achievements, budget, performance, and publications. Through this system, the initial performance review of a PI is conducted by the scientific review board.

The goal of the BSC review process is to assist the Scientific Director by providing a rigorous external scientific review of the Intramural Research Program, including the performance of the intramural scientists and the quality of their research programs. To assure that the BSCs' evaluations will be most useful to the Scientific Directors in their decision making, the BSCs must be composed of individuals who themselves have outstanding scientific credentials and who are committed to providing rigorous, objective reviews.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The goal of the Board of Scientific Counselor (BSC) review process is to assist the Scientific Director by providing a rigorous external scientific review of the Intramural Research Program, including the performance of the intramural scientists and the quality of their research programs.

BSC composed of individuals who themselves have outstanding scientific credentials and who are committed to providing rigorous, objective reviews. Such as professors from Universities.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) NIDA IRP Primary investigators' CV, achievements, budgets, performance, and publications.
(2) For preliminary performance review of the PIs by the scientific review board.
(3) It contains PII
(4) The applicaiton does not ask for submission of personal informaiton. PIs are instructed to remove all personal and personal contact information from their CVs. The submission of information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) PI’s are notified about how the information will be used or shared at the time their information (CV, budget, employment status, etc…) is submitted into the system. By PI’s voluntarily submitting their information into the system they are providing consent regarding the use of their PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access and permission are granted based on the “need to know” and “least privilege” principles. Authenticaiton is handle by NIH External Active Directory that also dictates strong password protection.

The system resids on NIHnet which binds to NIH network security controls and all its policies and procedures, including password policy and procedures. The website uses SSL for encrypted communication between the server and the client.

The system resides in a building with 24x7 security guards, badge identification, visitor escort, CCTv, and key cards access at restricted area.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green, Deputy Director, OEA, NIDA 301.435.1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 8/4/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA NIDA HQ GSS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIDA HQ Network
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jeff Weiner
10. Provide an overview of the system: This is a local area network (LAN) that hosts NIDA HQ servers and workstations to support the NIDA HQ mission. This LAN is an extension of NIHnet. The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on the GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA NIDA IRP Human Research Information System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-9318-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0203
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIDA 5
7. System Name (Align with system Item name): Human Research Information System (HuRIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: To collect and maintain a database for research activities at NIDA/IRP. To enable Federal drug abuse researchers to evaluate and monitor the subjects' health during participation in a research project. The areas of research include, but are not limited to, biomedical, clinical, behavioral,
pharmacological, psychiatric, psychosocial, epidemiological, etiological, statistical, treatment and prevention of narcotic addiction and drug abuse.
Authority: Public Health Service Act, Section 301(a) (42 U.S.C. 241(a)); Sections 341(a) and 344 (d) (42 U.S.C. 257(a) and 260
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The authorized users at the NIDA/IRP and other authorized individuals according to the Privacy Act System of Records (SOR) Number 09-25-0203. This information is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0203, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The National Institute on Drug Abuse (NIDA) recruits volunteers and screens these individuals for their acceptability to participate in specific research projects. For this purpose, HuRIS is used to collect, manage and maintain information on these participants. The collected data contains information in identifiable form (IIF) and includes, but is not limited to: name, study identification number, address, relevant telephone numbers, social security number, date of birth, weight, height, sex, race, and social, economic and demographic data. In compliance with relevant regulations, NIDA may disclose information to State or local public health departments. Submission of all information by research participants is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The information is strictly used for the purposes for which consent has been obtained. No other use of the data is allowed which is outside the scope of the existing consent; a major change in the research requires new consent. The participants are made well aware of the usage of the information they provide and sign consent for which it is obtained by Federal personnel that they are eligible to participate and consent.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Only authorized NIDA Intramural Research Program staff are allowed access to these files. Physical Safeguards: Files and file rooms are locked after business hours. Building has electronic controlled entry at all times with a 24-hour security guard and television surveillance
system. The computer terminals are in a further secured area.
Procedural Safeguards: All users of personal information in
connection with the performance of their jobs protect information from
unauthorized personnel. Access codes to the research records are available only to the Principal Investigator and his/her research team. Access to the records is strictly limited to those staff members trained in
accordance with the Privacy Act. The contractor staff members are required to secure the information in accordance with the Privacy Act. Project Officer and contracting officials will monitor contractor compliance.
Access to the Human Research Information System (HuRIS): The NIDA IRP computerized medical and research record is strictly limited. All staff must be authorized to use the system and be granted an access code
(user name and password) by the system sponsor (NIDA, IRP Chief of Biomedical Informatics). Passwords are required to be changed every sixty days. Access is limited by job classification and is on a need to know basis only. Data entered is time and date stamped by the staff member’s name. Data is not altered once entered. While logged into the system, the
name of the staff member is displayed on the screen. An activity log of each use is kept. Data is backed up on a daily basis. Implementation
Guidelines: These practices are in compliance with the standards of Chapter 45-13 of the HHS General Administration Manual, "Safeguarding Records Contained in Systems of Records," supplementary Chapter PHS hf: 45-13, and the HHS Automated Information Systems Security Program
Handbook. In addition, because much of the data collected in these esearch projects are sensitive and confidential, special safeguards have been established. Certificates of confidentiality have been issued under Protection of Identity - Research Subjects Regulations (42 CFR Part 2a) to those projects initiated since February 1980. This authorization enables
persons engaged in research on mental health, including research on the use and effect of psychoactive drugs, to protect the privacy of research subjects by withholding their names or other identifying characteristics
from all persons not connected with the conduct of the research. Persons so authorized may not be compelled in any Federal, State, or local civil, criminal, administrative, legislative, or other proceeding to identify such individuals. In addition, these records are subject to 42 CFR Part 2, the Confidentiality of Alcohol and Drug Abuse Patient Records Regulations (42 CFR 2.56), which state: "Where the content of patient records has been disclosed pursuant to these regulations for the purpose of conducting scientific research...information contained therein which would directly or indirectly identify any patient may not be disclosed by the recipient thereof either voluntarily or in response to any legal process whether Federal or State."
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green, 301-435-1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA NIDA IRP Local Area Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-01-02-9315-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIDA IRP Network
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: This is a local area network (Ethernet) that hosting NIDA IRP servers and workstations to support IRP's mission. This LAN is an extension of NIHnet with private T3 line connection. The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark R. Green
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA Status of Funds Internet Edition (SoFIE)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): SOFIE
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Stacy Gardner
10. Provide an overview of the system: The SOFie application supports the efforts of several offices and branches within the IC, allowing budget offices to track expenditures in appropriate funds in a fiscal year. The program contains a tracking mechanism to track prior year funds as well. The application downloads this information from the NIH Data Warehouse weekly. Information entered into the SOFie database is not uploaded into the NIH Data Warehouse database. SOFie is not a source database for other information systems.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The application downloads this information from the NIH Data Warehouse weekly. Information entered into the SOFie database is not uploaded into the NIH Data Warehouse database.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green,
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDA WebEvent
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIDA WebEvent
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pei-Li Chao
10. Provide an overview of the system: A web based calendar application allows event scheduling using Internet Explorer and calendar sharing among multiple users. It is a commercial off the shelf application, purchased and used by IRP to better utilize its resources.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The system collects scheduling data for resource (rooms, instruments, or personnel) allocation. The information contained in the system ONLY represents federal contact data.
(2) the information is used in aid of scientific research.
(3) It does not contain PII.
(4) Not applicable. This system does not ask for submission of personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Mark Green 301.435.1431
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD Content Management System (CMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCD Content Management Server (CMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jenny Wenger, 301-496-7243
10. Provide an overview of the system: The CMS System is a comprehensive solution for managing web content and support’s NIDCD’s mission to the general public. CMS allows creation of dynamic web sites using extensible CMS controls. Users can create, publish, and manage their own web content through the appropriate CMS control. NIDCD General public sites are Internet and StemCell. Internal sites are NIDCD Intranet, NIDCD Board of Scientific Counselors
and Advisory Council.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is used internally to NIDCD only. SOR # 09-25-0106 safeguards are used to ensure only appropriate people have access to the information, and that they are aware of their responsibilities for proper handling of the information. Contractors run and maintain the system and are aware of the above.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Employee contact information is pulled from the NIH Emplolyee Database (NED) system for all NIDCD employees. Fields pulled are: First name, Last name, Phone number, e-mail address, org. unit, Building number, room number, Fax number, NED Classification (employee, fellow, contractor etc) and Mail Stop Code.
The information is displayed on the Intranet site and is used to facilitate communication between employees. The NIDCD CMS system does not feed into any system.
The information is stored in identifiable form.
Inclusion is mandatory since inclusion in NED is mandatory for all people working at NIH who require an ID badge and or AD account.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Consent for the listing of personal information in the NIH Employee Database (NED) is given at the time they are hired \ begin working at the NIH. No additional processes are employed by NIDCD to inform individuals when major system changes are made to the CMS System, or to inform them how their information will be used or shared on the CMS System.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information is in an electronic system on NIH secure network infrastructure and is password protected with access limited to only authorized users. NIDCD periodically reviews and implements policies in line with HHS guidelines.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Luis Ochoa (NIDCD ISSO - 301.402.1128) or Debbie Washington (NIDCD Privacy Coordinator - 301-451-9806)
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD LMG (Olioga) (LMG)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCD Laboratory Molecular Genetics Intranet [LMG Intranet] - Minor Application of NIDCD GSS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Morelll (5RC Staff Scientist, 301.402.4249)
10. Provide an overview of the system: The NIDCD Laboratory of Molecular Genetics (LMG) database system is a comprehensive solution for managing, tracking laboratory specimens\supplies stored in laboratory freezers. The LMG Intranet system supports approximately 32 users in the NIDCD LMG Group located at the 5 Research Court facility.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is used internally only. SOR # 09-25-0200 safeguards are used to ensure only appropriate people have access to the information, and that they are aware of their responsibilities for proper handling of the information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information contained in the LMG System includes patient first name, last name, close familial relation to other individuals contained in the system (such as father, mother, brother, sister, aunt, uncle etc), Hearing loss status (affected vs. not affected), Gene mutation information , only where it relates to the hearing loss trait.
The information is used as part of an IRB approved study to identify, and better understand the relationship between hearing loss and genetics.
The information is stored in Identifiable Form
Inclusion in the study and therefore this database is completely voluntary and there is a process by which a subject can request that they no longer be included in the study \ database.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Patients are informed in writing concerning how their information will be collected, used, and shared during the course of the study. Patient consent for the use of their information is obtained prior to inclusion in the study.
No additional processes are employed by NIDCD to inform individuals when major system changes are made to the LMG System.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF is secured using layered security practices. The information is contained in a password protected database. Physical security of the building does not allow unauthorized people to enter, and the computer facilities are further protected by locked doors. Multiple layers of firewalls also ensure that only appropriate network traffic is allowed to pass.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Luis Ochoa (NIDCD ISSO, 301.402.1128) / Debbie Washington (301-451-9806)
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD Microsoft Office SharePoint Server Intranet (MOSS Intranet)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/20/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCD Microsoft Office SharePoint Server Intranet (NIDCD MOSS Intranet)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jennifer Wenger 301-496-7243
10. Provide an overview of the system: The (NIDCD MOSS Intranet) system is a comprehensive solution for managing web content and support’s NIDCD’s mission. The (NIDCD MOSS Intranet) system allows creation of dynamic web sites using extensible MOSS controls. Users can create, publish, and manage their own web content through the appropriate MOSS controls. The (NIDCD MOSS Intranet) system is for NIDCD internal office use. (Currently in developement; 08-01-10)
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: System is currently not in production. Q14. Identify the life-cycle phase of this system: Initiation phase.
The system does not feed into any system. (DOES NOT COLLECT PII)
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) System is currently not in production. Q14. Identify the life-cycle phase of this system: Initiation phase.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Curently, this system (NIDCD MOSS Intranet) is not in production. Q14. Identify the life-cycle phase of this system: Initiation phase.
Information is in an electronic system on NIH secure network infrastructure and is password protected with access limited to only authorized users. NIDCD periodically reviews and implements policies in line with HHS guidelines.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Luis Ochoa (NIDCD ISSO - 301.402.1128) or Debbie Washington (NIDCD Privacy Coordinator - 301-451-9806)
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD NEI/NIDCD Usher Database
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/28/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No, the system does not meet the requirements for a UPI.
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NEI / NIDCD Usher Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Julie Schultz - borkj@nidcd.nih.gov, Jackie Jones (NIDCD CIO, 301-402-1128)
10. Provide an overview of the system: Centralized repository for storage and analysis of clinical data produced by NEI and NICDC researchers studying Usher Syndrome. FileMaker Pro database that will store clinical and genetic data from Usher Syndrome research subjects collected by NIH investigators
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is used internally only. Safeguards are used to ensure only appropriate people have access to the information, and that they are aware of their responsibilities for proper handling of the information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Investigators will collect patient history, clinical evaluations (audiologic testing, vestibular testing, and ocular testing) and molecular testing. The data and test results will be entered into and stored in the Usher Database.

This database will allow the investigators to share and analyze said data and will improve researcher efficiency versus using a paper-based data collection system.

Yes. the information is PII. (Name, Personal Mailing Address, Personal Telephone Number, Medical Record Numbers, and Medical Notes)

Research subjects sign informed consent to participate in the study and are able to withdraw from the study at any time.

Inclusion in the study and therefore this database is completely voluntary and there is a process by which a subject can request that they no longer be included in the study database.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Investigators will collect patient history, clinical evaluations (audiologic testing, vestibular testing, and ocular testing) and molecular testing.

Patients are informed in writing concerning how their information will be collected, used, and shared during the course of the study.

Patient consent for the use of their information is obtained prior to inclusion in the study.

No additional processes are employed by NIDCD to inform individuals when major system changes are made to the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF/PII is secured using layered security practices. The information is contained in a password protected database. Physical security of the building does not allow unauthorized people to enter, and the computer facilities are further protected by locked doors. Multiple layers of firewalls also ensure that only appropriate network traffic is allowed to pass
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Privacy Coordinator, Debbie washington 301-451-9806
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 4/1/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD NIDCD Employee Database Internet Edition [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/28/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIDCD Employee Database Internet Edition (NIDCD EDIE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Luis Ochoa (NIDCD ISSO, 301-402-1128)
10. Provide an overview of the system: NIDCD EDie system is a personal tracking system for internal use only PHS Act Section 301. The NIDCD EDie system application supports the efforts of the Office of Resource Management’s (ORM) Administrative and Financial Management Branches with tracking employee information. The application downloads this information from the Human Resource Database (HRDB) weekly. Information entered into the NIDCD EDIE system database is not uploaded into the HRDB.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information collected is all information pertinent to a personnel file.
(1) The information contained in the system ONLY represents federal contact data. (Employee Name, Date of Birth, Employee Status, Organizational Unit, Employment End Date, and Salary Information)
(2) There are many uses for this information: (a) tracking a time-limited appointment to ensure renewals are done in a timely manner thereby avoiding any break in service; (b) ensuring that allocated FTE ceilings are maintained; (c) ensuring salary equality for various hiring mechanisms; (d) the ability to provide reports requested by the NIH Director; (e) maintaining lists of non FTEs, special volunteers, contractors, etc. Information is mandatory at time of hire.
(3) The information contains PII. (Employee Name, Date of Birth, Employee Status, Organizational Unit, Employment End Date, and Salary Information)
(4) Submission of personal information is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is collected from documents provided by employees (CV, resumes, etc) at the time of appointment. It is provided in personnel packages submitted through channels in order to affect a hire. This information is put into the EHRP system and subsequently downloaded into NIDCD EDIE system. Individuals are notifed of the collection and use of data as a part of the hiring process. Changes to the system or use of the information is relayed to employees via official notices from HR.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This information is provided to key staff by the administrator. The system is authorized only with a person who has a proper access rights with user name and password. The system is secured in an office with locks and the building is secured by the security guard.
Information is in an electronic system on NIH secure network infrastructure and is password protected with access limited to only authorized users. NIDCD periodically reviews and implements policies in line with HHS guidelines.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: NIDCD ISSO (Luis Ochoa, 301.402.1128) & NIDCD Privacy Coordinator (Debbie Washington,301.451.9806)
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 4/1/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD NIDCD General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: Not Applicable 
1. Date of this Submission: 3/28/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No, the system does not meet the requirements for a UPI.
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCD General Support System [NIDCD GSS]
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Walter Mehlferber (Network Chief, 301-402-1128)
10. Provide an overview of the system: NIDCD General Support System [NIDCD GSS] is an interconnected set of information resources under the same direct management control that share common functionality. Examples of interconnected information resources include data centers, local area networks, workstations and servers that support multiple NIDCD applications. These systems provide information processing services for National Institute of Deafness and Other Communications Disorders' (NIDCD) medical research programs and management programs as well as Department of Health and Human Services (DHHS) and other government agency management programs. The information technology equipment supporting these services are operated and maintained by NIDCD's Information Systems Management Branch.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Debbie Washington (NIDCD Privacy Coordinator) 301-451-9806 & Luis Ochoa (NIDCD ISSO) 301-402-1128
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 4/1/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD Otobase
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/28/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCD Otobase Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carmen Brewer (NIDCD Clinic Audiologist, 301.496.5294), ChristopherZalewski (NIDCD Clinic Audiologist, 301.496.5145)
10. Provide an overview of the system: The Otobase system is used to collect hearing test data directly from the audiometer. It is used to a) generate an audiogram (which would otherwise be hand written), b) store hearing test data. Storing the data in this way provides instant access to past audiograms, and a searchable data base for purposes of research. The computers are all password protected and in addition, access to otobase requires entry of another password.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is used internally only. SOR # 09-25-0200 safeguards are used to ensure only appropriate people have access to the information, and that they are aware of their responsibilities for proper handling of the information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) NIDCD clinicians will collect patient history and clinical evaluations (audiologic testing notes). The data and test results will be entered into and stored in the NIDCD Otobase Database.
(2) This database will allow the clinicians/researchers to share and analyze data and will improve researcher efficiency versus using a paper-based data collection system.
(3) Yes. the information is PII - (Name, Date of Birth, Medical number, Medicate notes)
(4) Patient subjects sign informed consent to participate in the study and are able to withdraw from the study at any time. Inclusion in the study and therefore this database is completely voluntary and there is a process by which a subject can request that they no longer be included in the study \ database.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Clinicians/Researcher will collect patient history, clinical evaluations (audiologic testing). Patients are informed in writing concerning how their information will be collected, used, and shared during the course of the study. Patient consent for the use of their information is obtained prior to inclusion in the study. No additional processes are employed by NIDCD clinician/researchers to inform individuals when major system changes are made to the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF/PII is secured using layered security practices. The information is contained in a password protected database. Physical security of the building does not allow unauthorized people to enter, and the computer facilities are further protected by locked doors. Multiple layers of firewalls also ensure that only appropriate network traffic is allowed to pass.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Debbie Washington 301-451-9806 (Privacy Coordinator) & Luis Ochoa ISSO 301-402-1128
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 4/1/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCD Status of Funds Internet Edition (SOFie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 0
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCD Status of Funds Internet [NIDCD SOFIE]
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mark Rotariu (NIDCD Budget Officer, 301-402-0497)
10. Provide an overview of the system: SOFie is a Web based application. The SOFie application supports the efforts of several offices and branches within NIDCD, allowing budget offices to track expenditures of direct, reimbursable, and non-appropriated funds in a fiscal year. Additionally, SOFie is used to reflect budget allocations and projected expenditures at the operating level. The program also contains a tracking mechanism to track prior year funds. The application downloads this information from the NIH Data Warehouse weekly. Information entered into the SOFie database is not uploaded into the NIH Data Warehouse database. SOFie is not a source database for other information systems.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No PII is collected.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: No PII is collected. Accounting data and related document information is downloaded from a central accounting mainframe and is relevant or specific to an institute or center for its fiscal year operations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No PII is collected.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO PII IS COLLECTED BY THIS SYSTEM
Information is in an electronic system on NIH secure network infrastructure and is password protected with access limited to only authorized users. NIDCD periodically reviews and implements policies in line with HHS guidelines.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Debbie Washington NIDCD Privacy Coordinator 301-451-9806 (8/12/2011)
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCR Employee Database Internet Edition (EDie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/30/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NIDCR Employee Database Internet Edition (EDie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ginger Betson
10. Provide an overview of the system: EDie is an intranet based application primarily used to manage and track personnel information. Authority for maintenance of the system: 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521 and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is intended for internal administrative use only and will not be shared by other entities. Refer to SORN 09-90-0018,
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EDie tracks all information pertinent to a personnel file for the purpose of personnel management activities. Information is collected from employees via the Human Resources Database (HRDB) system, Fellowship Payment System (FPS), nVision Data Warehouse and NIH Enterprise Directory (NED). Uses consist of the following: a) tracking a time-limited appointment to ensure renewals are done in a timely manner, thereby avoiding any break in service; b) ensuring that allocated FTE ceilings are maintained; c) ensuring salary equity for various hiring mechanisms; d) providing reports requested by the NIH Director, the IC Director, and other management staff, as requested; and e) maintaining lists of non-FTEs, special volunteers, contractors, and other hiring appointments. The information collected constitutes PII and is mandatory for all employees. The following PII is included in the system name, date of birth, social security number, personal mailing address, personal phone numbers, personal email address, education records and employment status
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) PII in the system is downloaded from the HRDB, FPS, nVision Data Warehouse and NED. Changes to HRDB or changes in the way information is used is relayed to employees via official notices from the NIH Office of Human Resources (OHR). Individuals are notified of the collection and use of the data as part of the hiring process. This is a mandatory requirement of potential job applicants seeking employment at NIH.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PII stored in EDie is accessed by a very limited number of administrative staff with a “need-to-know” status. EDie is password protected and sensitive data is encrypted. The system is located on a server in a secure server room behind the NIH firewall. Physical controls include cipher locks, key cards, CCTV and identification badges for access to servers.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kajuana Canady (301) 594-4855
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 10/28/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCR Internet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/29/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: 42 U.S.C. 203, 241, 2891-1 and 42 U.S.C. 3101 and Section 301 of the Public Health Act. (*Periodically we run the American Customer Satisfaction Index (ACSI) survey on the NIDCR website).
6. Other Identifying Number(s): NIDCR-8
7. System Name (Align with system Item name): NIDCR Internet Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jody Dove
10. Provide an overview of the system: The web site disseminates information about oral health, research advances, funding and training opportunities, and Institute priorities to researchers, patients, health care providers, policymakers, and the public.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): SOR 09-25-0106; The SOR on file for this system contains language which details potential disclosure of information practices. NIDCR will comply with the SOR. A) The information collected through the publication order form is disclosed only to specific clearinghouse staff so they can process the orders and mail out publications to those who have requested them.
B) The NIDCR website also offers users the option to sign-up for the Institute E-Newsletter. This Listserv list -- NIDCR-NEWSLETTER -- is hosted by the NIH Listserv facility at CIT and has the same privacy policy as all Listserv lists they host: https://list.nih.gov/LISTSERV_WEB/privacy.htm. The NIDCR-NEWSLETTER listserv list is only disclosed to the owners of the list for the purpose of managing, validating, and maintaining the subscriptions with the subscribers' consent.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: A) If someone wishes to order a publication they must supply the following IIF information: name, address, and phone number. This information is required to mail the publication. But it is entirely up to individuals to decide if they wish to order publications.

B) If someone wishes to subscribe to our e-newsletter, they must supply the following IIF information: name and e-mail address. This information is required to e-mail them the newsletter. The sign-up is entirely voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) NIDCR does not plan to make any changes to the system. However, if a change were to occur:

A) NIDCR would post a written notice directly on the publication order form to inform individuals of this change. The publication order form makes clear what information is being collected (name, address, and telephone number) and why (to mail out publications that an individual requests). The order form states that this information is shared only with our clearinghouse for the purpose of complying with the individual’s publication request.

B) Likewise, NIDCR does not plan to make any changes to the e-newsletter sign-up. However, were a change to occur, a notice would be placed directly on the sign-up page to inform individuals of this change. The e-newsletter sign-up page makes clear that the individual's name and e-mail address will only be used for the purpose of e-mailing the newsletter.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: A) If someone wishes to order a publication, they must supply their name, address, and phone number through the publication order form on the NIDCR web site. The information is stored and managed by our clearinghouse, IQ Solutions. Access to IIF requires a password for system access. Such access is limited to authorized system users, administrators, developers, and information technology support personnel.

B) The following security controls are in place for the NIDCR-NEWSLETTER Listserv: IIF will be secured on the system using Listserv basic administrative access control. Only the Listserv designated owners with valid e-mail accounts can manage specific Listserv lists through the NIH Listserv Secured Web User Interface (https). Except for the Listserv system administrators, no one can have access to the Listserv console. Every issued command is validated and confirmed via email (smtp) from/to listserve@list.nih.gov. The Listserv system also is secured inside the data center following the NIH Security for NIH servers:
http://www.cit.nih.gov/ServiceCatalog/DATACENTERSECURITY.HTM
In addition, e-mail distribution to the Listserv is scanned using the best possible virus protection from the NIH Central e-mail system.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kajuana Canady / 451-3392
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCR Intramural Research Training Awards Database (IRTA)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/27/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): NIH 09-25-0158
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIDCR-05
7. System Name (Align with system Item name): NIDCR Intramural Research Training Awards Database (IRTA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Deborah Philp
10. Provide an overview of the system: Records of Appicants and Awardees of the NIH Intramural Research Training Awards Program
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IRTA does not currently share or disclose IIF information. It is covered by the SOR 09-25-0158 for potential disclosures.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Name, Mailing Address, Phone numbers, email Address, Education Records.
This information will be used in generating reports for our programs, but no personal information will be given in these reports. The information does contain IIF and the submission of personal information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No process is in place.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF will be secured using role based assignments and limited computer access. Password controls are inplace for this IIF and I am the only person with access to this system. Technical controls for this system include strong password authentication and fire wall protection. Physical controls include cipher locks, key card access and Identification badges for access to database servers.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kajuana Canady / 451-3392
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCR NIDCR GSS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/28/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIDCR LAN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Prue (301) 594-7552
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name:
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/30/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCR Science Coding and Reporting System (SCORE)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/18/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-26-02-7304-00-202-069
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): NIH 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIDCR-03
7. System Name (Align with system Item name): Scientific Coding and Reporting (SCORE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Timothy Iafolla
10. Provide an overview of the system: SCORE is a scientific coding system that assigns science coding terms to specific grants, projects, and contracts funded by NIDCR. SCORE draws information about funded grants from the NIH enterprise system on grants (IMPAC II), and then adds NIDCR-specific science coding information. SCORE is used primarily for budget reporting, program evaluation, and other analysis.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The SCORE system does not currently share or disclose IIF information. It is covered by the SOR NIH 09-25-0036 for potential disclosures.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: All IIF in the SCORE system is collected and maintained by the NIH enterprise system IMPAC II. SCORE stores this information but does not collect or disseminate it.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This process occurs through the NIH enterprise system IMPAC II. SCORE does not have separate procedures for this activity because all IIF in the SCORE system is downloaded from IMPAC II.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include role-based assignments and limited access. Technical controls include strong password authentication, firewall protection, and administrative logs. Physical controls include cipher locks, key cards, CCTV, and identification badges for access to database servers.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kajuana Canady/451-3392
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDCR SOFie
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/18/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIDCR Status of Funds Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George J. Coy
10. Provide an overview of the system: SOFie is a Web-based financial reporting/tracking tool that enables NIH ICs to manipulate and report on financial transactions downloaded from the Budget & Finance database in the NIH Data Warehouse. (The NIH DW Budget & Finance database comprises data downloaded from the NIH Business System).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No sharing or disclosures at this time.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Accounting transactions related to payroll, grants, contracts, and procurement of goods and services. IC accounting transactions are downloaded from the Budget & Finance database in the NIH Data Warehouse. The data contains no IIF information and it used to plan, track, and report on IC fiscal budgets.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kajuana Canady/301-451-3392
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK CellManage
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): CellManage
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Frank L. Holloman
10. Provide an overview of the system: CellManage is a database system that allows for efficient wireless communication procurement and management. The system allows a singular procurement purchase to cover the needs across several wireless providers/vendors. CellManage allows increased maintenance and oversight through consolidated reporting features. Database compiles multiple bills in one platform.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIDDK will be collecting the same information that is already listed on each wireless communication bill; i.e. call details such as minutes used. Instead of certifying paper bills, employees will certify bills via the electronic system. No IIF is contained. NIDDK will be collecting the information to gain more oversight on its wireless devices.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) NO IIF is contained in the system therefore there is no policy in place in regards to notifying individuals about changes to the new system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO IIF is contained in the system but administratively, access to the data will be limited to a system administrator who will assign access to individuals to review their own account. The server for the system is located within NIDDK's server room, which follows federal guidelines for technical and physical security.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Frank L. Holloman - 301-496-3670
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Clinical Research Core
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 09-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0099
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIDDK Clinical Research Core
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Bethel Stannard
10. Provide an overview of the system: The Clinical Research Core is an intramural NIDDK system that manages the clinical research patient samples and tracks their location and quantity used by Principal Investigators (PIs) , or sent for testing at other clinical laboratories at NIH or outside NIH. At a future time, the database may be linked to CRIS by the patient's medical record number (MRN). The CRC addresses the needs of the intramural research staff and is tailored to meet the needs of a diverse range of studies.
The driving factors for use of the CRC are:
- Provide a means to handle the specialized requirements of NIDDK study processes and samples;
- Provide a mechanism for tracking the locations of the large volume of clinical samples; and,
- Allow for retrieval of data and samples for research purposes.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes, within NIH for clinical research only. This information, voluntary and consenual by the patient, regards diagnostic problems with scientific value that is only disclosed to appropriate medical researchers in connection with treatment of patients. The primary use of this information is to provide medical treatment at NIH. This information may be disclosed to researchers for research purposes and to HHS personnel to monitor personnel to assure that safety standards are maintained. Submission of this information is voluntary. In addition, the patient is notified that some notification or counseling of current and/or ongoing partners may be carried out through arrangements with, or referral to, local public health agencies. This includes the physician who referred them for treatment, and for certain communicable diseases, including AIDS and symptomatic HIV infection, to appropriate State and Federal government agencies, in accordance with the routine uses cited by SORN 09-26-0099. Recipients are required to maintain Privacy Act safeguards with respect to these records at all times.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information and samples are collected from patients, outside medical entities, and the NIH Clinical Center. This information is voluntary with the consent of the patient for clinical research only within NIH. The collected data is used as an aid for clinical personnel as well as the basis for research in various diverse groups. The data consists of first name, last name, and middle initial; MRN (patient's medical record number); diagnosis and medication (liver group only); protocol number; study number; physician name; type of sample; storage location (room, freezer, shelf, rack, box, position in box); release of samples, including amount, date, to whom sent, and sample return date. Identifiable samples are released to the responsible PIs for research testing and to NIH clinical laboratories for clinical testing. Coding samples may be sent outside NIH for clinical or research testing without disclosure of the patient's identity.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Collections and use: Prior to any treatment and collection of medical data and samples, the patient signs a protocol consent form. Via consent to medical treatment and study, the patient is implicitly acknowledging the collection of medical data. The protocol consent form explicitly addresses the use and distribution of the data and samples with respect to confidentiality and the Federal Privacy Act.

System changes: There is a mechanism to amend the consent based on protocol changes. Patients are required to sign any new approved amendments. This mechanism could be used to cover changes in data policy and/or usage.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical, physical, and administrative controls are in place to ensure the security of the information. The application enforces assigned authorizations for controlling role-based access torecords at the application level using user identification and password. Role-based access is limited to the nurses and doctors conducting patient data and sample collection and research. Restricted access to privileged functions are additionally enforced by limiting such access to only system administrators, programmers, and database administrators supporting the Clinical Research Core application.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK EDie
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): EDie
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gwendolyn Proctor
10. Provide an overview of the system: EDie is an n-tiered, web-based Intranet application consisting of server hardware and operating system software to maintain two databases for interface with the target SQL server.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not share, only download employee information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The Employee Database Internet Edition (EDie) application is a web-based employee management tool for access to NIH human resource data as an enhanced version of VEDS (Visual Employee Database System) that it replaces. It is used by multiple Institutes within NIH to track NIDDK employee information on salary, benefits, education, awards, disabilities, retirement eligibility, and other human resource information. Access to information through EDie is restricted to specific users to perform their assigned functions and access privileges are enforced through authentication through the NIH Active Directory access controls for authorized access.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Collection and use: Information from NIH human resource records used to perform various HR activities to benefit employee. The employee provides data and consent during initial employment process upon hiring for employment with the Federal government.
System changes: Employees are notified of any system protocol changes based on data policy and/or usage with associated updating of employee consent if required.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical, physical and administrative controls are in place to ensure the security of the information as described within the System Security Plan, with regular backup of data and contingency planning to restore information from any disruption and annual security awareness training refresher sessions for personnel. The system is certified and accredited as a minor application within the general support system providing IT services to NIDDK.
The information is secured through multiple levels of security and access controls established to verify the user's identity and authentication to determine user authorization for access and to perform actions requested. The access controls are supplemented with secure network services at both the NIH and NIDDK levels.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Internet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIDDK Internet Web site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Roberta Albert
10. Provide an overview of the system: The NIDDK Internet Web site system includes the development and mainentance environment for all public Web sites hosted by NIDDK. These Web sites serve as communication tools for disseminating information to support the mission of the Institute.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): On http://intramural.niddk.nih.gov IIF from Intramural researchers is displayed to the general public in order to provide contact information and a description of the research conducted. Ref.SOR #: 09-25-0106
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system hosts web based forms that offer one way the public can communicate with NIDDK. These forms are designed to collect a name, mailing address, phone number, comment, or email address; however, the user is never required to provide this information. This information is then forwarded via email to either NIDDK’s webmaster or the Office of Public Liaison. (This information is never captured, stored or maintained on the web system.) The forwarded email communication, when received by the designated office, is addressed and then promptly deleted. The Office of Public Liaison may keep email for several months in order to provide follow up actions.

IIF from Intramural researchers (name, photograph, lab location, email address, lab phone, lab fax, research statement, education info, and publications) is collected and stored through NIDDK’s Intranet system and displayed on the Internet system (public access web pages). For example please see http://intramural.niddk.nih.gov/research/alphafaculty.asp. The submission of information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) All NIDDK Web pages display a link called “Privacy” which directs users to our Institute’s privacy policy. This page can be seen at http://www.niddk.nih.gov/tools/privacy.htm.
This page explains that NIDDK does not capture personally identifiable information unless provided by the user. This page also offers contact information for NIDDK’s Privacy officer, in the event the user has additional questions.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NIH NIDDK Internet Web site system does not store IIF.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Intranet Website
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0216
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIDDK Intranet Web site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Roberta Albert
10. Provide an overview of the system: The NIDDK Intranet Web site system provides and manages information that supports the work of NIDDK employees.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The IIF collected by the Intranet system is only shared/disclosed to NIDDK staff responsible for managing that information. Ref SOR # 09-25-0216
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIDDK Intranet uses a web based form to collect staff registration information for Institute retreats. The type of information collected includes staff name, lab address, phone number, email address, whether they are presenting, special dietary requirements, transportation needs and roommate preference. This information is only used by administrative staff responsible for organizing these retreats. Supplying this personal information through the system is NOT mandatory.

In addition, another form collects Investigator information such as name, lab address, email, education, research statement, publications, research interests, and a photograph. This information is posted on the public facing website located at http://intramural.niddk.nih.gov . Only web staff and owner of the content have direct access to this information within the intranet web system. The submission of this information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Both web forms display language that indicates the intended use of the collected information and provides contact information for the staff handling this collected information. The forms that collect Investigator information (for display on the public website) additionally contain a link titled “Privacy” which leads to a page that posts NIDDK’s privacy policy and provides contact information for NIDDK’s Privacy Officer. Investigators are required to review and update their own information on a yearly basis. All changes to the system are approved by an Intramural Web Advisory Group and then investigators are notified via email.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Intranet web system requires user authentication provided by active directory. Further controls are put in place on individual IIF containers. The IIF for staff retreats are contained within a spreadsheet in a restricted folder. This folder can only be accessed by web and administrative staff responsible for retreat. The IIF for the public facing website can only be accessed by web staff and the owner of the content. All IIF are contained on servers that are located behind firewalls, password protected and are physically locked in a server room.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK NIDDKnet [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 09-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NIDDK NIDDKnet General Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chuck Pham
10. Provide an overview of the system: The NIH NIDDK NIDDKnet is a series of Local Area Networks (LAN) to form a general support system to facilitate management of network services for data processing and communications needs, providing authorized access to information systems and major applications within the NIH infrastructure. NIDDKnet provides a common network environment under a single authority (NIDDK) and security measures to connect servers, workstations, printers, networks, applications, storage devices, and other IT devices, regardless of physical location, to enable users to share resources and communicate directly with each other over a moderately-sized geographic area for connection to the NIHnet.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes, within NIH for clinical research only.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIDDKnet supports data and communication needs to share network devices and and functions within NIDDK and to access resources provided by NIH, including appropriate protocols and related services for retrieval of data for research purposes and administrative functions. Applications and databases processing, storing and transmitting clinical research information that contain PII, are transmitted using network services supported by NIDDKnet. The information that NIDDK collects from patients, outside medical entities, and the NIH Clinical Center are used as an aid for clinical personnel as well as the basis for research in diabetes, digestive, and kidney diseases. The data, dependent on major application collecting and storing the data, consists of basic demographics, laboratory test results, medications, diagnostic images and other medical data. This data is the minimum necessary to present a clinical description of a patient and to allow retrostrective research on clinical outcomes. Data submission is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Collection and use: Prior to any treatment and collection of medical data, the patient signs a protocol consent form. Via consent to medical treatment, the patient is implicitly acknowledging the collection of medical data. The protocol consent form explicitly addresses the use and distribution of that data with respect to confidentiality and the Federal Privacy Act.

System changes: There is a mechanism to amend the consent based on protocol changes. Patients are required to sign any new approved amendments. This mechanism could be used to cover changes in data policy and/or usage.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical, physical and administrative controls selected from NIST SP 800-53 and the NIH Enterprise Information Security Plan (EISP) are in place to ensure the security of the information. The general support system and component applications operating within a defense-in-depth approach for managing the resources of people, technology, and operations provide a mechanism to enforce assigned authorizations for controlling role-based access to records at the application-level using user identification and password consistent with the assigned privilege level for their individual access accountability. Role-based access is limited to the nurses and doctors conducting patient data collection and research. Restricted access to privileged functions additionally uses the enforcement mechanism of two-factor authentication using RSA tokens. Privileged access is limited to the system administrators, programmers, and database administrators supporting specific applications or those assigned to support network devices and operations at the general support system level.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Research Data Storage and Analysis [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-8412-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIDDK Patient Information System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tahir Rameez
10. Provide an overview of the system: Medical data storage and analysis system involving the study of diabetes, obesity and related diseases among American Indian tribes, in particular the Pima of Arizona.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is made available to designated administrative personnel for data collection and maintenance. IIF is made available to designated NIH research scientists for analysis in the context of diabetes and obesity research and treatment. Data is shared with Indian Health Service and the Gila River Indian Community through the Gila River Health Care Corporation, both as research findings and as records affecting patient care.
Also see Privacy Act System of Records (SOR) Number 09-25-0200.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Medical data is collected under IRB approved protocols at periodic examinations in support of various research studies among native Americans principally involving diabetes and obesity. The data contains IIF. Participation in the research as well as submission of the IIF is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Subjects are required to sign a consent form before any information can be collected. The form describes what is to be collected, the reasons therefor, and the destination of that data.

In the event of a major system change subjects still living will be asked to re-consent to such changes. Ongoing demographic data is maintained by the system to facilitate contacting of subjects.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Computerized copies of the data collected are physically maintained on a computer server. Paper records are maintained in a designated records room. Both the server and paper records are protected by key entry doors and further protected 24/7 by security guards in the context of overall campus security. Access to both systems is restricted to personnel determined administratively on a need to know basis. Access to computerized data is password restricted to authorized personnel.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Status of Funds Internet Edition (SoFIE)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0099
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): Status of Funds - Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gwenoldyn Proctor
10. Provide an overview of the system: SOFie is a web-based application supports several offices within NIH for authorized users for financial reporting and analysis functionality, including tracking expenditures within a fiscal year (FY).
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: SOFie provides NIDDK with distributed budgeting and planning tools for detailed spending analysis of data within the NIH financial reporting system as an enhanced version of the Visual Status of Funds (VSOF) that it replaces and is not a source database for other information systems.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) System does not process PII to obtain consent. Data consists of IC financial expeditures.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PII is not used. The SOFie application is used by multiple Institutes within NIH to track NIDDK budget and other financial expediture information. Access to information through SOFie is restricted to specific users to perform their assigned functions and access privileges are enforced through authentication through the NIH Active Directory access controls for authorized access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 12/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Technology Transfer (TTTS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0168
5. OMB Information Collection Approval Number: NO
6. Other Identifying Number(s): 09-25-0168
7. System Name (Align with system Item name): Technology Transfer Tracking System
Health Service by its Employees, Grantees, Fellowship Recipients, and Contractors, HHS/NIH/OD
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Patricia Lake
10. Provide an overview of the system: The Technology Transfer Tracking System (TTTS) is a commercial off-the-shelf (COTS) product developed by Knowledge Sharing Systems that is a customizable database application for managing and tracking data and processes related to protecting and transferring technologies including patenting and agreements negotiations and pre-issuance and post-execution monitoring. The TTTS system enables the Office of Technology Transfer Development to identify legal deadlines, store agreements and technologies, provide information access to technology managers and investigators, track events, and automate processes. The system automatically generates documents, logs events, and logs due dates when certain criteria are met or triggers are hit.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Only employees of NIDDK and contractors working on the NIDDK domain can access the names, work addresses and phone numbers in the system provided for the purpose of contacting or tracking contacts of the persons who provided their information for that person. Reference SOR # :09-25-0168
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system contains PII in the form of cell phone numbers and also contacts information, including name, work address, work e-mail address, work phone numbers and in a few instances, for persons who are involved in collaborations or negotiations for collaborations with NIDDK or for transfer of scientific materials, including NIDDK employees. The information is used to contact persons for communications involving the relevant collaboration or request. No particular information is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No processes are in place to notify individuals whose information is in the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system is accessible only through a username and password. The policy for passwords is that they include at least one number and at least one capital letter. Only the administrative access permits permissions of users to be provided or removed. The system is operated and accessed only on government-owned computer systems, behind a firewall. The user must be accessing the system from a recognized and previously-identified static IP address from within the NIDDK.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIDDK Teleresults
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0727-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0099
5. OMB Information Collection Approval Number: NO
6. Other Identifying Number(s): NIDDK P.O. number 263-MK-015345 for Teleresults
7. System Name (Align with system Item name): Teleresults
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dr. Michael Ring
10. Provide an overview of the system: The Teleresults/Lab Grabber system manages the clinical and research data for patients of the Transplant Lab (Kidney Disease Branch) and the Diabetes Branch. The system was installed specifically for the needs of the solid organ transplant floor, but its use now includes other patients as well.

The driving factors for the installation of the system were:

- Provide a means to handle the specialized requirements of transplant processes
- Provide a location to save the large volume of outside clinical data
- Allow retrieval of data for research purposes.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Walter Reed Army Medical Center for medical evaluation and consults. In addition, please refer to SOR #09-25-0099
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information is collected from patients, outside medical entities, and the NIH Clinical Center. The collected data is used as an aid for clinical personnel as well as the basis for research in organ transplant and immunology. The data consists of basic demographics, laboratory test results, medications, and other medical data. This data is the minimum necessary to present a clinical description of a patient and to allow retrospective research on clinical outcomes. Data submission is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Collection and use: Prior to any treatment and collection of medical data, the patient signs a protocol consent form. Via consent to medical treatment, the patient is implicitly acknowledging the collection of medical data. The protocol consent form explicitly addresses the use and distribution of that data with respect to confidentaility and the Federal Privacy Act.

System changes: There is a mechanism to amend the consent based on protocol changes. Patients are required to sign any new approved amendments. This mechanism could be used to cover changes in data policy and/or usage. Given the nature of the system (clinical/research), we have had no need for such amendments based on data policy nor do we anticipate any.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical, Physical and administrative controls are in place to ensure the security of the information. These include an up to date System Security Plan, Contingency Plan, regular offsite backup of the data, and yearly security awareness training for all personnel. The system is certified and accredited.

The information is secured through multiple levels of security and access controls have been established to authenticate the user and to determine if the user has the authorization to perform actions requested. The access controls are supplemented with a secure network at both NIH and NIDDK.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Cyrus Karimian
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS CRU Clinical Management System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/4/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: NO
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): n/a
7. System Name (Align with system Item name): NIH NIEHS CRU Clinical Management System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Burnett-Hoke
10. Provide an overview of the system: The NIEHS Clinical Management System (eSphere - software name) is an Oracle based database and work flow mapping system that will serve as the main patient record, scheduling, and data management tool for the new CRU. The system will hold patient records and medical history as approved by the NIEHS IRB, physician educational and credentialing/privileging data, calendar scheduling, and some basic statistical analysis tools. The system is needed because the NIEHS CRU is a new out patient based clinical reserach clinic that will open and begin seeing patients in January of 2009.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The purpose is to track, monitor, and evaluate NIH clinical, basic, and population-based research activities and protocols. The system may share or disclose infomration to NIH researchers, agency contractors, consultants, etc. who have been engaged by the agency to perform reserach related activities. Other discolusres may inlcude Congress, the Department of Health and Human Services, the Department of Justice, and the Public Health Service. Disclosures and sharing of information will only be for and will be in compliance of SORN 09-25-0200.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information is used to document, track, monitor, analyze, and evaluate NIH clinical, basic, and population-based reserach activities and protocols. The exact data collected for each protocol and from each individual will differ based on final approval of the NIEHS IRB but could include name, date of birth, SSN, mailing address, phone numbers, previous medical records and medical history (as well as newly generated medical notes from new procedures), email addresses, educational levels, military service and deployment locations, foreign activities, height, weight, gender, lab values, and other yet to be determined data.
Submission of all data is voluntary, but is a required condition to participate in the research protocol/activity. Failure to provide any or all required data may exclude the particpant from reserach activity eligibility.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) All IIF that is being collected is clearly communicated and listed on the consent forms that are required to be read and signed by all reserach protocol/activity participants. These forms clearly let the participant know what is being collected from them, for what purpose, and who al will see it. It also asks permission to re-contact the individuals in the future if changes are needed. If participants elect not o be re-contatced any changes will result in that person's IIF and dat being destroyed. If re-contact is approved on the original consent forms, any changes will result in re-contact at which time new consent forms will be presented and signed outlining any changes. All consent forms (and all research protocol/activity forms and IIF data) must be reviewed, approved, and cleared by the NIEHS IRB prior to any data being collected.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system is password protected according to NIH policy. The system is housed in the NIEHS facility with tightly controlled access. Please refer to the NIEHS General Support System Certification and Accredidation Package for more details.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS DERT Extramural Grantee Data Collection (DEGDC)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 2/28/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: Not obtained yet.
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS DERT Extramural Grantee Data Collection (DEGDC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kristi Pettibone
10. Provide an overview of the system: We are seeking clearance from the Office of Management and Budget to collect data on grantee outcomes and impacts that are not reported in their progress reports. We are also asking to collect information on their satisfaction with the program management process. We will collect the information using a survey that will be available as a paper-based or a web-based survey. The information collected will be stored in an electronic database. This electronic database is the system. We will use a unique identifier for each respondent rather than a name.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) Outcome information to be collected includes measures of agency-funded research resulting in dissemination of findings, investigator career development, grant-funded knowledge and products, commercial products and drugs, laws, regulations and standards, guidelines and recommendations, information on patents and new drug applications and community outreach and public awareness relevant to extramural research funding and emerging areas of research. Satisfaction information to be collected includes measures of satisfaction with the type of funding or program management mechanism used, challenges and benefits with the program support received, and gaps in the research.
(2) Information gained from this primary data collection will be used in conjunction with data from grantee progress reports and presentations at grantee meetings to inform internal programs and new funding initiatives. The information will be used to inform programmatic improvements within the National Institute of Environmental Health Science’s Division of Extramural Research and Training.
(3) The data collected does not include any PII
(4) The data collected does not include any PII so it is neither voluntary nor mandatory. Completion of the survey is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No PII will be collected in this survey.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PII will be collected on the system.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 3/7/2012
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Drugmatrix Database and Analysis Tool (DDAT)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS Drugmatric Database and Analysis Tool (DDAT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott Auerbach
10. Provide an overview of the system: The Drugmatrix database and analysis tool is an NIEHS-owned toxicogenomic resource that allows for analysis of gene expression data from rats. This resource is of interest to those that work in the field of toxicology and environmental disease. The core component of Drugmatrix is a collection of gene expression studies derived from tissues/organs of rats exposed to a variety of drugs and well-documented toxicants. The interface allows users to analyze existing Drugmatrix data or to upload their own data for comparison and analysis using a variety of tools.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The toxicology information collected will be from rats only., (2) NIEHS will use the information for toxicity studies., (3) The information does not contain PII., and (4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/9/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Employee Database Internet Edition
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018, 09-90-0024, 09-25-0216
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NIEHS Employee Database Internet Edition (EDie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lisa Rogers
10. Provide an overview of the system: EDie is an intranet-based application primarily used to manage and track personnel information. Authority for maintenance of the system: 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521 and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is intended for internal administrative use only and will not be shared by other entities. Refer to SORN 09-90-0018, SORN 09-90-0024 and SORN 09-25-0216.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EDie tracks all information pertinent to a personnel file for the purpose of personnel management activities. Information is collected from employees via the Human Resources Database (HRDB) system, Fellowship Payment System (FPS), nVision Data Warehouse and NIH Enterprise Directory (NED). Uses consist of the following: a) tracking a time-limited appointment to ensure renewals are done in a timely manner, thereby avoiding any break in service; b) ensuring that allocated FTE ceilings are maintained; c) ensuring salary equity for various hiring mechanisms; d) providing reports requested by the NIH Director, the IC Director, and other management staff, as requested; and e) maintaining lists of non-FTEs, special volunteers, contractors, and other hiring appointments. The type of information collected constitutes PII and includes, but is not limited to the following data elements: name, home address, home phone number, social security number and date of birth. The PII collected is mandatory for all employees.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) PII in the system is downloaded from the HRDB, FPS, nVision Data Warehouse and NED. Changes to HRDB or changes in the way information is used is relayed to employees via official notices from the NIH Office of Human Resources (OHR). Individuals are notified of the collection and use of the data as part of the hiring process. This is a mandatory requirement of potential job applicants seeking employment at NIH.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PII stored in EDie is accessed by a very limited number of administrative staff with a “need-to-know” status. EDie is password protected and sensitive data is encrypted. The system is located at NIEHS, Bldg. 104, Data Center, Research Triangle Park, NC, behind the NIH firewall.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/9/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS GuLF Worker Study System (GWSS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/27/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: OMB Control Number: 0925-0626; ICR Reference Number: 201012-0925-004
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS GuLF Worker Study System (GWSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: David Johndrow
10. Provide an overview of the system: The GuLF Worker Study System (GWSS) is a minor application whose purpose is to support the GuLF STUDY’s subject recruitment and data collection efforts. This system will collect data pertaining to participant clean-up-related tasks, demographic and socioeconomic factors, occupational and health histories, psychosocial factors, and physical and mental health. A total of approximately 55,000 persons are expected to be enrolled into the cohort. The GWSS is a secure IT system which consists of commercially available research study software from DatStat (http://www.datstat.com), Microsoft SQL Server 2008 databases, and Avaya Dialer telephone software running on Windows 2008 Rel. 2. The DatStat product, Illume, is the tool used to design, build, test, and manage questionnaires (surveys). Illume is also the tool used for importing and exporting data and managing the data. The DatStat product, Discovery, manages the workflow of the trained personnel who administers computer-assisted telephone interviews (CATI) and computer-assisted personal interviews (CAPI).
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Collection of this information is authorized under 5 U.S.C. 552a. The primary use of this information is for use in a research study entitled GuLF STUDY: GuLF Long-Term Follow Up Study, sponsored by the National Institute of Environmental Health Sciences (NIEHS). The mission of NIEHS is to reduce the burden of human illness and disability by understanding how environment influences the development and progression of disease. NIEHS pursues this mission through multidisciplinary biomedical research and through communication of research results to regulatory agencies, clinicians, the scientific community, and the general public. The GWSS enables this research.

PII collected as part of this study includes name, address, phone numbers, date of birth, race/ethnicity, social security number, demographic and socioeconomic factors, and medical information. Information is not disclosed to persons outside of the study team, as protected by a Certificate of Confidentiality. Submission of this information is required if a participant wishes to participate in the research study.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Individuals whose PII is collected undergo an informed consent process with a trained member of the study team. Participants are told that their information is protected through a Certificate of Confidentiality and that it may be placed, in a coded or de-identified format, in a database to be used by other researchers. There are no major system changes planned for this research study database that would require participant notification.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The GWSS adheres to SRA corporate policies, CO-POL-27 Information Security Governance Policy and IT-POL-14 Information Security Policy, which detail the formal policy and guidelines for the Security Assessment and Authorization of SRA systems. These policies are reviewed annually. The GWSS is a standalone system with no interconnections to other information systems outside of the authorization boundary. The System Security Plan (SSP) documents an initial security control assessment and is provided to the authorizing official (AO) as a part of the NIEHS authorization to operate process. The SSP uses the NIST SP 800-53 security baseline for a moderate impact system to evaluate the security controls in the GWSS in order to document the extent to which the controls are implemented. The SSP requires substantial administrative, technical and physical controls for access to all project data. Specifically: all project data that contains PII is restricted to project folders, SurveyNet and the SAVVIS data center for study outcomes. As such, administrative controls in effect include the SSP, corporate access policies that restrict access to cleared project personnel only, backup plans that restrict the inclusion of PII for offsite storage, and the in-process system certification and accreditation. Access to PII is physically controlled through the use of two-factor user authentication, a dedicated Firewall and VPN architecture, database encryption methods and forced password reset/change policies. Physical access to systems that contain PII is controlled via required guards, personnel ID badges, cipher locks, biometrics access-control and is subject to regular monitoring via closed circuit television. Physical access to systems is granted to only project IT support staff and is logged. Sensitive PII adheres to the same controls listed above except that it is restricted to only the SAVVIS datacenter which is the system component that contains by far the most controls in terms of access and go well beyond those that are listed here (mantraps, 24x7 monitoring, etc.)
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/28/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Hazardous Worker Training Data Management System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: 0925-0348
6. Other Identifying Number(s): none
7. System Name (Align with system Item name): NIH NIEHS Hazardous Worker Training Data Management System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph "Chip" Hughes, Jr.
10. Provide an overview of the system: System provides functionality not available via central systems to support the mission of the hazardous worker education and training program.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A, there is no IIF information in the system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information collected includes programmatic data from NIEHS Worker Education and Training grantees such as progress reports and training data. The data management system provides a convenient way for authorized users to input and access their training data including - course curricula, progress report materials, projected and actual training data, student demographic data, and annual reports; while providing quality control for each submission.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There is no IIF information located in the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no IIF information in the system. (Information is stored on a secure Oracle 9i database that is password protected and is behind the NIH and NIEHS firewalls.)
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Health and Safety Production System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-6299-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 9250105
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): none
7. System Name (Align with system Item name): NIH NIEHS Health and Safety Systems
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott Merkle
10. Provide an overview of the system: Systems relating to monitoring and tracking the NIEHS health and safety program in conjunction with the NIH mission.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No individual information is shared by this system. However, procedures in SOR #09250105 apply
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Information collected is needed to assure and monitor employee health and safety in the NIEHS workplace and to comply with safety and health recordkeeping regulations. Information is obtained from other NIH systems or from NIEHS employees in an on-site medical facility or when safety incidents occur. Occupational health evaluations are mandatory for certain laboratory employees. The types of PII maintained in the system include basic demographics (e.g., name, NED employee ID number, date of birth, personal contact information, and employment status) and summary notes on workplace injury incidents and summary results of exposure and occupational health evaluations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is collected only from employees in conjunction with their job responsibilities. Individuals are made aware of the program when they are hired. the Health and Safety Office and their supervisors would inform them of changes in requirements.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information is maintained on a database with access only by authorized users with a valid password. Facility is locked with limited key card entry.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/30/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS NCI Agricultural Health Study (AHS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 9/22/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200, Clinical, Epidemiologic, and Biometric Studies of the National Institutes of Health (NIH), HHS/NIH/OD
5. OMB Information Collection Approval Number: 0925-0406
6. Other Identifying Number(s): AHSW
7. System Name (Align with system Item name): NIH NIEHS NCI Agricultural Health Study (AHS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Novie Beth Ragan
10. Provide an overview of the system: The Agricultural Health Study system of records collects clinical and epidemiological data on health volunteer persons who are part of the Agricultural Health Study cohort, for the purpose of scientific analysis and publication of epidemiological research. AHS is a collaborative effort involving the National Cancer Institue (NCI), the National Institute of Environmental Health Sciences (NIEHS), and the U.S. Environmental Protection Agency (EPA).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Disclosure of AHS PII:
National Death Index (NDI) - Annual match with NDI Plus files.
Internal Revenue Service - to obtain updated address information - now stored at Westat (for NCI); will be stored at coordinating center (TBA) for AHS Phase IV (for NCI ).
Information Management Services - IMS - separately contracted by NCI - performs data analyses for NCI using analytic datasets. Analytic Data (including date of birth, but not including other personal information) are shared among members of the AHS research team at NCI, NIEHS, EPA.
<Names, addresses and phone numbers of research subjects are not stored in analytic databases, records or files hosted at NIH, NIEHS, NCI or EPA. IIF information is not shared on research participants, except date of birth, which is used for scientific research analysis purposes only>
Westat – separately contracted by NCI – currently holds the full AHS participant contact database, including date of birth as well as other personal identifying information for all AHS participants – and handles all direct interactions with Iowa and North Carolina participants for NCI studies within the AHS.
Upon award of the AHS Phase IV Coordinating Center Contract, anticipated by September 30, 2011, the successful offeror will take over the AHS participant contact database.
Westat - separately contracted by NIEHS – performs data analyses for NIEHS. Analytic Data (including date of birth, but not including other personal information) are shared among members of the AHS research team at NIEHS.
<Names, addresses and phone numbers of research subjects are not stored in analytic databases, records or files hosted at NIH, NIEHS, NCI or EPA. IIF information is not shared on research participants, except date of birth, which is used for scientific research analysis purposes only>
Social and Scientific Systems - SSS – separately contracted by NIEHS – handles all direct interactions with AHS participants in NIEHS substudies only: namely AHS Lung Health Study, GAP Study, AHS Autoimmune Study, GENARM Study, SAFE Study and FAME Study.

Names, addresses and phone numbers of AHS NIEHS add-on research subjects are stored in secure and locked databases, records and / or files hosted at Social and Scientific Systems (SSS).

This system is also covered und the Privacy Act System of Records Notice 09-25-0200.

North Carolina Field Station - Battelle CPRHE, Durham, NC - separately contracted by NCI - handles all direct interactions with NC participants.

National Death Index (NDI) - Annual match with NDI Plus files.

Internal Revenue Service - to obtain updated address information which is stored at the field stations.

<Names, addresses and phone numbers of research subjects are not stored in analytic databases, records or files hosted at NIH, NIEHS, NCI or EPA. IIF information is not shared on research participants, except date of birth, which is used for scientific research analysis purposes only>

Information Management Services - IMS - separately contracted by NCI - performs data analyses for NCI using analytic datasets. Analytic Data (including date of birth, but not including other personal information) are shared among members of the AHS research team at NCI, NIEHS, EPA.

Westat - separately contracted by NIEHS – performs data analyses for NIEHS. Analytic Data (including date of birth, but not including other personal information) are shared among members of the AHS research team at NIEHS.

Iowa Field Station - University of Iowa - separately contracted by NCI - handles all direct interactions with Iowa participants.

North Carolina Field Station - Battelle CPRHE, Durham, NC - separately contracted by NCI - handles all direct interactions with NC participants.

National Death Index (NDI) - Annual match with NDI Plus files.

Internal Revenue Service - to obtain updated address information which is stored at the field stations.

<Names, addresses and phone numbers of
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: AHS analytic data do not contain direct identifiers such as name, address, or SSNs.
The NCI shares PII with NDI and the IRS when performing matches to the NDI and IRS files.
Contact information (name, address, phone number) for full cohort is stored at NCI contractor Westat in anticipation of use in future substudies, cohort maintenance purposes (e.g., possible mailings of study update newsletters), and matching with state and national vital statistics and health registries.
Upon award of AHS Phase 4 contract, AHS contact information for full cohort will be stored at the NCI Coordinating Center.
Participation is voluntary; full and open consent is required before information is collected.
The AHS system collects a wide variety of clinical information including pesticide application histories, medical histories, health information, exposure measurements from field instruments, and questionnaire data.
All IIF (except date of birth) on full cohort research subjects is kept at the Westat (NCI contractor) sites and are not available to investigators.
All IIF (except date of birth) on the sub-sets of AHS cohort research subjects who are participants in NIEHS sub-studies ( namely AHS Lung Health Study, GAP Study, AHS Autoimmune Study, GENARM Study, SAFE Study and FAME Study) are kept at SSS (NIEHS
contractor) sites and are not available to investigators.
PII collected and maintained on all AHS participants includes name, date of birth, social security number, mailing address, phone number, and pesticide application certificate types.
PII collected, maintained, and updated for NIEHS sub-studies ( namely AHS Lung Health Study, GAP Study, AHS Autoimmune Study, GENARM Study, SAFE Study and FAME Study) for AHS participants includes name, date of birth, social security number, mailing address, phone number, and pesticide application certificate types.
Monthly updates to AHS addresses, phone numbers and other PII collected by SSS for NIEHS sub-studies ( namely AHS Lung Health Study, GAP Study, AHS Autoimmune Study, GENARM Study, SAFE Study and FAME Study) are sent via encrypted transmissions to Westat (NCI contractor) to update the full AHS cohort data on a monthly basis.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There have been no major changes in the system and none are contemplated. NCI and NIEHS IRBs would review any major changes prior to implementation and provide us with guidance on any needed notification and consent requirements.

As part of the research protocol, all subjects are required to fill out consent documents which describe how their information will be used. If these change, participants will be contacted and informed.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Extensive safeguards are in place to ensure the confidentiality of each subject is protected.
TECHNICAL CONTROLS: Each AHS subject is assigned a six-digit ID number; these AHS IDs are used for any references to subjects on an individual basis. Names and other indentifying information for full AHS cohort are kept in separate databases maintained by Westat, and not comingled with the analytic data. These data files are joined only for performing linkages to the mortality and cancer incidences databases. Several layers of passwords exist to ensure unauthorized access to electronically stored data is not permitted. The system is protected by firewalls, intrusion detection systems, and passwords. There are comprehensive system security and contingency plans in place. An Incident Response capability is maintained.
Similarly, names and other identifying information for NIEHS AHS sub-studies ( namely AHS Lung Health Study, GAP Study, AHS Autoimmune Study, GENARM Study, SAFE Study and FAME Study) are kept in separate databases maintained by SSS, and not comingled with analytic data. Several layers of passwords exist to ensure unauthorized access to electronically stored data. The system is protected by firewalls, intrusion detection systems, and passwords. There are comprehensive system security and continency plans in place and an incident response capability is maintained.
PHYSICAL CONTROLS: For NIEHS sub-studies ( namely AHS Lung Health Study, GAP Study, AHS Autoimmune Study, GENARM Study, SAFE Study and FAME Study), hard copies of questionnaires that contain any personal information are stored in locked rooms at SSS (NIEHS contractor). All personnel involved with the project have signed confidentiality agreements. Badged access is required for all server rooms, with badge lockdown policies in line with existing NIH procedures. Physical racks are key-locked. Data center is behind keycard access with 100% identification badge check by 24/7 security guard.
For the full AHS, PII data are stored at Westat (NCI contractor), where these files are stored in a directory accessible only to the project's lead systems manager and one programmer. They are also encrypted when not in use and the encryption key is known only by the same two staff members. The files are never left in unencrypted form over night so that automatic backups contain only encrypted versions. After the field stations confirm receipt of readable files, the copies at Westat are deleted.
MANAGEMENT CONTROLS: All PIs and investigators are approved by an AHS central board before gaining access to analytical data (including date of birth). Personal contact information for cohort is not available to NIH investigators.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS NIEHS General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/4/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): n/a
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): none
7. System Name (Align with system Item name): NIEHS General Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Grovenstein
10. Provide an overview of the system: This is the certified secure infrastructure that supports NIEHS operations. NIEHS applications and database reside on this system. There is no specific data collection system
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Infrastructure only. Individual systems are addressed separately
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Infrastructure only. Individual systems are addressed separately
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS NIEHS Status of Funds Internet Edition [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/20/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS Status of Funds Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Hart
10. Provide an overview of the system: SOFie is a reporting tool that allows an Institute to manipulate and report on financial transactions and general accounting information downloaded from the NIH Central Accounting System (CAS). It tracks budget allocations, open commitments, obligations, invoicing and payments. Transactions are passed through other systems and then downloaded, or linked into the shared data system called nVision Data Warehouse, where it is then uploaded into SOFie and exported to Excel. Downloads are processed on a daily basis, generally in the evening hours to ensure all allocation entries and adjustments are captured in real time. The daily downloads allow administrative and management staff to accurately report on the budgets established within the IC office, laboratory, section or branch. Financial transaction details are charged to a Common Accounting Number (CAN) which is part of a hierarchical accounting structure termed the Management Account Structure (MAS). The MAS groups CANs into summary levels which include the appropriation source, allotment number, budget activity, allowance name, cost center and CAN. The CAN is tied to a Project Number, categorized by Object Class Code (OC), and summarized and itemized by individual Document Numbers assigned for reference purposes. Additional manipulation is possible to track expenses by month or fiscal year, by data range, and through several stages of the acquisition process.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Fiscal year operational information and general accounting data is downloaded from the NIH Central Accounting System (CAS) into a commercial, off-the-shelf (COTS) software product purchased by the Institute/Center (IC) and exported to Excel. The financial information is specific to the IC and is organized by category (Ex. salary, benefit, award, appropriation, central services, etc.). It can be sorted by organizational code, object class code, date or amount of a commitment, expenditure, or obligation, etc. The system contains no personally identifiable information (PII) on any individual.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS NTP Chemical Tracking System (Chemtrack)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS NTP Chemical Tracking System (Chemtrack)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Beth Bowden
10. Provide an overview of the system: The National Toxicology Program Chemical Tracking Database application supports all aspects of the NTP process at a high level. The application collects all aspects of study administration and study milestones. The application generates various reports for project review.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) Chemtrack contains tracking information for National Toxicology Program (NTP) committees, nominations, studies and test articles. It is used to manage NTP studies, nominations and test articles. It only contains information from Contracts or the Federal government. (2) The NTP uses Chemtrack to manage its research portfolio. (3) The information does not contain PII. (4) Not applicable.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A - no PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS NTP Database Search (NTP DBSearch)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS NTP Database Search (NTP DBSearch)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Beth Bowden
10. Provide an overview of the system: The National Toxicology Program Database Search application allows NTP researchers and public users to search for, view, and download data from NTP studies.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The National Toxicology Program (NTP) Database search makes available to the public detailed scientific data on NTP studies. It only contains information from Contracts or the Federal government. (2) To make NTP scientific data available to the general public. (3) The information contains no PII. (4) Not applicable.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A - no PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS NTP Genetic Toxicology (Genetox)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/8/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS NTP Genetic Toxicology (Genetox)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Beth Bowden
10. Provide an overview of the system: The Genetic Toxicology (Genetox) applcation collects data on Salmonella and Micronucleus assays and generates reports on these assays as well as other Genetic Toxicology assays. The other assays are Drosophilae, Chinese Hamster Ovary, Chromosome Aberration, and Sister Chromatid Exchange.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) Genetox collects detailed information on Micronculeus and Salmonella assays from Contract Laboratories. It reports on these assays as well as CHO, Chromosome Aberations, Sister Chromatid Exchange, and other Genetic Toxicology assays that were once used. It only contains information from Contracts or the Federal Government. (2) To hold and report on detailed data on the genetic toxicity of verious chemicals and test articles. (3) The information does not contain PII. (4) Not applicable.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A - no PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Pegasys
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/4/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: NO
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0216
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): n/a
7. System Name (Align with system Item name): Pegasys
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Grovenstein
10. Provide an overview of the system: System identifies employees and contractors with badges and allows authorized badge holders to access the NIEHS facility. System issues badges to NIH & NIEHS personnel.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system is used to issue badges and is used only by staff involved with issuing badges. SOR# 09-25-0216
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information is used to identify badge holders and issue badges that allow employees and contractors access to NIEHS facilities. Information is copied from the NIH directory (NED) or is provided by the badge holder. The only IIF collected in this system is a photo for the badge. Information can be retrieved by name. The information is mandatory for employees and others who are given NIH badges.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) If changes are made to the badge system, personnel are notified by all-hands e-mail. Information that is not already in the NIH Enterprise Directory is collected from individuals when they request a badge. Only individuals who are in NED are eligible for badges. The information is used by security personnel to issue badges. It is not shared. The photo is required for a badge. Individuals may report any changes in information to security personnel who will change it.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system is password protected according to NIH policy. System access is limited to those who use or manage the system. The system is housed in the NIEHS facility with tightly controlled access including guards, key cards and badges. The NIH/NIEHS network is protected by firewall and intrusion detection systems. Remote access requires VPN ..
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Small Program Support Systems (SPSS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/4/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-6299-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): n/a
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): n/a
7. System Name (Align with system Item name): Small Program Support Systems
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Heather Nicholas
10. Provide an overview of the system: Small applications that support NIEHS program areas including systems for: management and evaluation of programs and research areas; local workflow; tracking scientific activities; project management; library services; information dissemination; and managing application and technical standards for local systems.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Data is collected in conjunction with NIEHS business processes or activity . It is used to track, administer or perform NIEHS activities in conjunction with its programs. Systems that have private information are not included. Examples of data that is collected are ordering information, project status information or information about Institute program activities.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No IIF
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS ToxFX Analysis Tool (ToxFX)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 9/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIEHS ToxFX Analysis Tool (ToxFX)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott Auerbach
10. Provide an overview of the system: The ToxFX analysis tool is an NIEHS-owned toxicogenomic resource that allows for automated analysis of gene expression data. This resource is of interest to those that work in the field of toxicology and environmental disease. The core component of Tox FX is a collection of gene expression studies derived from tissues/organs of rats exposed to a variety of drugs and well-documented toxicants. The data for this resource is derived from the DrugMatrix datbase. The ToxFX interface allows users to upload their own data for automated scoring of toxicity signatures and generates a report (PDF format) that provides a variety of metrics on the uploaded data set including predicted toxicities.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The toxicology information collected will be from rats only., (2) NIEHS will use the information for toxicity studies., (3) The information does not contain PII., and (4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top