Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

National Institutes of Health Privacy Impact Assessments - Page 5

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Toxicogenomics Initiative Database (CEBS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/4/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-6204-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): none
7. System Name (Align with system Item name): CEBS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jennifer Fostel
10. Provide an overview of the system: Development of knowledge base including collection, processing, search and display of data from microarray, proteomics and toxicological assays conducted through a variety of intramural and extramural research partnerships. Goals include creating a public database relating environmental stressors to biological responses, collecting information relating environmental exposures to disease, and developing an improved paradigm for use of computational mathematics for understanding responses to environmental stressors.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): It discloses the name and affiliation of scientists who have contributed data in order to credit their work. SOR 09-25-0200
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Data is from microarray, proteomics and toxicological assays conducted through a variety of intramural and extramural research partnerships. Data is collected in multiple research settings following scientific study protocols. No personal information is collected about experimental subjects. Scientific collaborators may voluntarily register and provide their names and affiliation.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) All registrations are voluntary. Contributors to the database register to be credited with their contribution. Changes to the system are announced on the Web page. The Web site contains a privacy statement. the CEBS adminstrator can be asked at any time to change or remove information.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The name and affiliation of contributors (provided voluntarily be depositors) are stored in a database in NIEHS and posted on the website in order to acknowledge the depositor's contribution. We do not collect any PII about experimental subjects.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Toxicology Data Management System Enterprise and Laboratory Data Acquisition System (TDMSE/LDAS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-6202-00-110-249 ,009-25-01-05-02-6205-00-110-249
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): n/a
5. OMB Information Collection Approval Number: n/a
6. Other Identifying Number(s): none
7. System Name (Align with system Item name): Toxicology Data Management System Enterprise and Laboratory Data Acquisition System (TDMSE/LDAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Beth Bowden
10. Provide an overview of the system: The Laboratory Data Acquisition System (LDAS) collects in-life and pathology data from rodent studies and transmits data to the Toxicology Data Management System Enterprise (TDMSE) database where it is stored and analyzed. Other systems maintain and make available in relational databases suitable for analysis all the information resulting from the conduct of multiple types of NTP studes. Also includes loading completed study data into the NIEHS Oracle database, developing procedures for the testing labs to electronically download study data directly and enhancing the study tracking system.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PII is shared between TDMSE and LDAS using secured file transfer protocol (SFTP).
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Data are collected in multiple research laboratories following scientific study protocols. The data comes from the numerous scientific studies conducted by the National Toxicology Program. The testing program is described at http://ntp.niehs.nih.gov/go/about. Accounts listing user name, facility and unique operator number are created in the TDMSE and LDAS systems as requested in order for personnel at the contract labs to collect and/or view data stored in either system. At the time of initial login to TDMSE, users are requrested to select security questions to allow individuals to reset passwords. Answers to the security questions are stored in TDMSE.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) All accounts are created at the user's request. Users provide their name and facility and are informed of their unique operator number after the account has been set up. Once assigned, operator numbers are not changed. Users are provided with a temporary password which they must reset the first time the system is accessed. The new user defined password is stored in the TDMSE database. Users are given a choice of security questions, some requiring PII and some not. Changes to the user name, facility, security questions or answers take place at the request of the user.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Changes to user accounts can only be made by system administrators with the exception of the security questions or answers. These changes to these parameters are controlled by the user. User profiles are maintained through the Maintain User function within the Administrative section of the TDMSE application. Access to this section of the application is restricted to system administrators. User passwords and security questions/answers are stored in the TDMSE database. The server housing the PII is located at the NIEHS secure data center. The systems housing the PII can only be accessed with password protected accounts which have been set up by the system administrators. Administrators also control the level of access users are granted based on their role at the facility. Passwords are known only to the user and must be renewed every 90 days. Once logged in to the system the application times out after 60 minutes of non-use. Only user names are visible to others based on facility. Only users at the same facility and with the appropriate access can see the names of other users at the facility.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kim Minneman
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS CAGT System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-25-5156-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIGMS Community for Advanced Graduate Training (CAGT) System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorena Geddes
10. Provide an overview of the system: An interactive web-based system to promote collaboration between T34 and T32 PIs and between T32 PIs and T34 undergraduate minority students seeking graduate training in NIGMS pre-doctoral biomedical programs.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed or shared only as described in the SOR. This information is addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: We do not maintain NIH employees' information in this system.
CAGT has 3 types of system users:
1) Current students participating in T34 programs seeking information about T32 pre-doctoral biomedical programs at various institutions.
2) T34 and T32 professors who are conducting training research programs supported via an NIH grant within NIGMS.
3) T32 assistants of T32 PIs.

For the above users, the following IIF is collected: names, mailing addresses, phone numbers, email addresses, institution names and affiliations, and areas of scientific training interests.

All the information collected is not voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There is no standard process to notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system, however, since contact information is updated regularly, contact in this situation could be performed by correspondance, email, or phone.

For statistical purposes, the data is collected and permanently maintained sorted by academic year in the NIGMS database archives. However, the student data is deleted from the system in July of every year. New participant contact information is collected and maintained from August throught May in the system.

The system has a privacy notice that notifies individuals of their rights regarding privacy act data which is displayed on the website.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to certain information with different levels of authorization in CAGT is limited to NIGMS/NIH Program Officials, and Principal Investigators (PIs), T32 assistants and students at institutions who are currently participating in the NIGMS T32 and T34 biomedical programs. NIGMS/NIH Program Officials use their NIH Single Sign-On username and password to access CAGT. They oversee the training programs and have access to the user contact information. PIs and T32 assistants can gain access to CAGT via their active NIH eRA COMMONS account. PIs and T32 assistants have access to their students' data. Students gain access to CAGT by registering on the website and getting approval from their respective PI at their institution on the annual basis.

Technical Controls, currently in place, are: user identification and passwords (as described above), and NIGMS and NIH firewalls - set to protect all the NIGMS and NIH systems.

Administrative Controls are as follows: the implementation of the NIGMS standard security plan, process and procedure for purging files, required user training, and distribution of CAGT system user's guide that are given to PIs to distribute to students in the T32/T34 training programs.

Physical Access Controls include:
1) controlled physical access to the server via a key card access control list indicating administrators allowed to access the LAN Room.
2) The database server is maintained by CIT in an access controlled location.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Alllen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS CMR Meeting Support System (CMSS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-5160-00

 

009-25-01-05-02-5160-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0027
7. System Name (Align with system Item name): CMR Meeting Support System (CMSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorena Geddes
10. Provide an overview of the system: CMSS is a web-based tool in which CMR members can share comments and evaluate the minority/diversity recruitment and retention efforts of training grant (T32) applications submitted each Council round.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: CMSS downloads and stores grant data from the IMPAC 2 database. The data are stored locally for performance reasons, and are refreshed daily to ensure accuracy. Data includes T32 grant applications,committee members and council meetings. The data also includes the assigned program officials email address contact information. The data are used to support local extramural research activities for the NIGMS Committee for Minority Representation; such information is not supported by NIH or HHS enterprise systems.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) None.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Intranet server on which CMSS is hosted is available only for NIGMS Intranet users, and is protected by AD account and password in a secure room with restricted Card Key access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Employee Directory (GMED)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5151-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0216
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0015
7. System Name (Align with system Item name): NIGMS Employee Directory (GMED)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Hong
10. Provide an overview of the system: Provides photographs and contact information for NIGMS staff. Photographs are for internal use only.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): SOR 09-25-0216. This information is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0216, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The only IIF information collected from the employee by this system is the digital image, for use to familiarize other staff with new employees. Other information in the system includes work related (work number, room) data and is accessed from the NED system. Other work related information entered includes start and end date and organization unit. Submission/collection of the image is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) As part of the new staff orientation procedures, staff are given verbal notice for their consent to display the photograph on the NIGMS intranet and verbally advised on the use of the photograph.

Email notification would be used to notify and obtain consent from individuals when major changes, if any, occur to the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The digital image is stored using NTSF file protections. The intranet site that displays the photographs is available only on the NIGMS Intranet, and is protected by AD account and password in a secure room with restricted Card Key access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS External Microsoft Office SharePoint Service (NE-MOSS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-5164-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0028
7. System Name (Align with system Item name): NIGMS External Microsoft Office SharePoint Service (NE-MOSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorena Geddes
10. Provide an overview of the system: NIGMS SharePoint external is a collection of SharePoint sites within external AD component.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): For PGRN only: Members and NIGMS Administrators of PGRN. Purpose to communicate logistical information about PGRN meetings.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIGMS External MS Office SharePoint Services (NE-MOSS) is a tool that provides the Institute and its external-to-NIH users with collaborative web sites. NE-MOSS is smoothly integrated into the MS Office workplace.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) For the PGRN site (a part of the NE-MOSS): anyone in the public sector interested in becoming PGRN members, fills out and submits a form in the PGRN website (outside PICS). PGRN members are informed via the web and written notification that their information will be shared with other members.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: During this FISMA update (2010), there is only one site in NE-MOSS that collects PII data:
Regular access to information is limited to NIGMS PGRN Administrators who collect the contact data. Developers and/or Contractor employees may have access on an as-needed basis for system administration and maintenance. PGRN members are granted access only after verifying employment. Other access is consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.)

The database is protected within a locked facility with card key and controlled access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Extramural Support System (NESS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-5111-00

 

009-25-01-05-02-5111-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0008
7. System Name (Align with system Item name): NIGMS Extramural Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alexander Naneyshvili
10. Provide an overview of the system: Support extramural research activities for NIGMS that are not supported by NIH or HHS enterprise systems. The system uses enterprise (SOR 09-25-0036) IMPAC2 data. The system does not contain IIF data.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system downloads and stores grant data from the IMPAC 2 database. The data are stored locally for performance reasons, and are refreshed daily to ensure accuracy. Data includes application review status (preaward data) and Principal Investigator name, work address and phone number. The data also includes the assigned program official's name and work contact data, and the assigned grants management specialist's name and work contact data. The data are used to support local extramural research activities for NIGMS that are not supported by NIH or HHS enterprise systems. The system uses enterprise (SOR 09-25-0036) IMPAC2 data. The system does not download, collect, maintain, or disseminate any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The data is stored using NTSF file protections. The intranet site on which system is hosted is available only on the NIGMS Intranet, and is protected by AD account and password in a secure room with restricted Card Key access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Grantee Email System (GEMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5153-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0005
7. System Name (Align with system Item name): Grantee Email System (GEMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorena Geddes
10. Provide an overview of the system: The system is used to generate email messages regarding NIGMS Extramural program information to targeted groups of NIGMS grantees.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system allows users to upload Comma Separated Values (CSV) format files containing email addresses, and storing it locally on a temporary basis to improve performance. The system does not collect, manipulate, manage, or disseminate this data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no IIF.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Integrated Software and Equipment Tracking System (ISETS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5146-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0016
7. System Name (Align with system Item name): Integrated Software and Equipment Tracking System (ISETS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorena Geddes
10. Provide an overview of the system: IT support system that allows detailed tracking of reservations and returns of portable accountable equipment such as laptops and PDAs. Phase II of system provides ability to track software purchases and licensing.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The systems collects equipment information and tracks loaned equipment and software for NIGMS. An internal id is used to link the equipment to the name of the requestor, as provided by the NED system. The ISETS system does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Internet
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0007
7. System Name (Align with system Item name): NIGMS Internet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ann Dieffenbach
10. Provide an overview of the system: The NIGMS Internet is a website that provides information about the mission and programs of the NIGMS.
The NIGMS Internet is a web based application hosted by NIH CIT and it serves as main institute tool/source for the public outreach. The contents are manually entered by the NIGMS OCPL and IRMB staff.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The NIGMS Internet is a website that provides information about the mission and programs of the NIGMS. The system does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There is a Disclaimer posted on the Internet of how the data collected with be utilized.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Internet doesn't store or maintain it. It only collects it and passes data through to a secured internal database.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Internet Employee Directory (NIED)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5152-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0216
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0026
7. System Name (Align with system Item name): NIGMS Internet Employee Directory (NIED)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Hong
10. Provide an overview of the system: The Staff Contacts page facilitates the public’s ability to locate and contact members of NIGMS. The system provides the ability to search NIGMS staff contact information based on First Name, Last Name or Division/Branch. Partial searches are supported for any of the possible search terms.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed or shared only as described in the SOR. This information is addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The data disseminated by the system consists of following elements: NIGMS employees first name, last name, position, work phone, work room number and the NIGMS organizational component. The system does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS MDR Supplements System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-04-09-02-5154-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0003
7. System Name (Align with system Item name): Supplements Tracking System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alexander Naneyshvili
10. Provide an overview of the system: Collect and maintain data used to generate a required report on Research Supplements for Underrepresented Minorities and Individuals with Disabilities
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is normally only shared in aggregate form in a report. The data collected is made available to those outside NIH only as specified in the SOR (09-25-0036)
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information collected is required for determining the eligability of the requestor for a financial supplement, it is mandatory information and is provided by the applicant as part of the application process. The system also contains data on educational level, gender, citizenship status, and ethnicity. The data are used only for reporting purposes, and is only provided in aggregate form without identifying information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No information is collected from individuals, so there is no method to notify individuals or obtain consent. There is no process to notify or obtain consent from individuals in the event of a major system change.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Regular access to information is limited to NIGMS staff that are collecting the information or generating the report. Contractor employees may have access on an as-needed basis for system administration and maintenance. Other access is granted only on a case-by-case basis, consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.

Access is controlled by individualized Oracle accounts, providing role based access to the database. NIH AD accounts provide access to the client side application via server ACLs, authenticating and authorizing the appropriate staff to the server housing the client side application.
The Oracle database is protected within a CIT locked lan room facility while the NIGMS server housing the client side application is located within a key card controlled access Lan Room at the NIGMS location.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Meeting Registration System (MREGS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5143-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0017
7. System Name (Align with system Item name): NIH NIGMS Meeting Registration System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anjum Dahya
10. Provide an overview of the system: Provides support for various extramural and scientific meetings, including meeting information dissemination and registration.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed or shared only as described in the SOR. This information is addressed in the NIH Privacy Act Systems of Record Notice 09-25-0106, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The systems collects the registrant's name, title, address and e-mail. The meeting registrant can provide either work or home contact information, but normally the information collected is work related. The purpose is for registering attendees for meetings. All the information collected is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This data is temporary maintained only during the meeting period and shortly thereafter for sending out post meeting materials. Major systems changes do not occur during data collection (registration) period.

The system has a privacy notice that notifies individuals of their rights regarding privacy act data.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to registration data is limited to the meeting sponsor and assistants, and to administrative staff. Meeting registrants may indicate if their information may be displayed on the website for collaboration and networking. Contractor employees may have access on an as-needed basis for system administration and maintenance, and data may be provided to contractors who are facilitating the meeting for developing name tags, determining rooms requirements, etc. Other access is granted only on a case-by-case basis, consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.

Technical Access control include:
- controlled physical access to the server via a key card access control list indicating administrators allowed to access the Lan Room. The database server is maintained by CIT in an access controlled location.
- Meeting sponsors, assistants and developers have role based access to the Oracle backend database via individualized Oracle accounts.
-Meeting sponsors and assistants access administrative meeting functions via a web interface located on the NIGMS Intranet rather than via a public web server. The Intranet requires authentication via NIH AD accounts and NIH Enterprise Single Sign On.
- Server admins control access to the server via ACLs and NIH AD accounts.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS NIGMS Chatroom [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 5/3/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): NIGMS-0007
7. System Name (Align with system Item name): NIH NIGMS Chatroom
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorena Geddes
10. Provide an overview of the system: In celebration of the National Institute of General Medical Sciences (NIGMS)’s 50th anniversary, the Institute is hosting a Cell Day Chatroom discussion. The purpose of the web chat is to answer questions from teachers and their students, and the general public on the importance of the cell and how it relates to current biomedical and behavioral science research.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information does not contain PII. The data being collected are the following: teachers' work email addresses, school names and addresses, grade levels and comments. Additional data being collected will be students grade levels and comments. Chatroom transcripts will be posted on the NIGMS public site at nigms.nih.gov. The data to be posted on this site will be school name, grade level, questions and answers. Submission of information provided by a web chat participant will be voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) A privacy notice will be posted
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information does not contains PII.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name:
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 6/11/2012
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS NIGMS General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009 25 0200 01 3109 00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NIGMS GSS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ivan N. Waldman
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS OCPL Image Gallery (OCPLIG)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5157-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0024
7. System Name (Align with system Item name): OCPL Image Gallery (OCPLIG)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Hong
10. Provide an overview of the system: OCPLIG is a repository of NIGMS still image and video media that can be accessed by the public for media relations and educational resources. The OCPLIG supports storing, locating and retrieving of visual media by the public.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The systems collects NIGMS still images and video information and consists of the following elements: description type, source, date, size and format. The OCPLIG system does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS OCPL Publications Database (OPDB)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5158-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0004
7. System Name (Align with system Item name): OCPL Publications Database (OPDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anjum Dahya
10. Provide an overview of the system: Collect and maintain addresses of people who have requested receipt of NIGMS educational materials and publications. NIGMS and its contractors will use the data to generate mailing labels.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The NIGMS Internet website provides a listing of publications and electronic mailing lists that are available free of charge. Persons wishing to obtain the materials or subscribe to electronic information must provide their email address or mailing information. Data includes name and mailing address(es), phone number, and email address. This contact information may be for work or home, depending on the preference of the person requesting the materials. No other identifiable information is requested, and the use of personal email and address, if used, would classify the information as IIF. These data are used in sending the requested materials to the requestor. The information being requested is voluntary, however, we can not respond to the request for materials without their name and email or location address.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The website contains a privacy act statement notifying individuals about what IIF is being collected from them and how the information will be used.

The website privacy policy describes the process for removing or correcting this information.

There is no process in place to notify individuals when major changes occur to the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Regular access to information is limited to NIGMS staff that are collecting the information or sending materials. Developers and/or Contractor employees may have access on an as-needed basis for system administration and maintenance. Other access is granted only on a case-by-case basis, consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.)

The database is protected within a locked facility with card key and controlled access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Pharmacology Research Associate Tracking System (PRAT)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-5159-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0124
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0006
7. System Name (Align with system Item name): PRAT System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anjum Dahya
10. Provide an overview of the system: The PRAT system is a web-based system that was developed to collect and maintain information on PRAT participants. In particular, this system enables PRAT administrators to track alumni's career progress, and subsequently, use the collected information to report to NIH, the GAO and Congress.NIH, the GAO and Congress.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The data collected is made available to those outside the NIH only described in the SOR (09-25-0124). This information is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0124, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: IIF data includes name and addresses for identification purposes, and is entered into the database while the PRAT fellow is an employee of NIGMS. Other data include contact information such as phone number if work contact information is not available. These data are used in maintaining contact with the former fellows for collecting yearly status on progress after the program. Awards, degrees, and other education and employment information are used in aggregate for determining summary outcomes for congressional justification and reporting.

The PRAT program regularly requests the most recent CV’s from all former fellows. Standard information from these (title, organization, work address etc) is used to update the PRAT database. Submission of these CV’s is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There is no standard process notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system, however, since contact information is updated regularly, contact in this situation could be performed by correspondance, email, or phone.

Initial entry of IIF (name, address, phone numbers) is required by the program and is not voluntary. When former PRAT fellows are contacted and asked to submit their CV's, they are told that submission is voluntary. No IIF that is outside of the public domain is requested after the initial, mandatory entry.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Regular access to information is limited to NIGMS staff who are collecting the information or sending materials. Developers and/or Contractor employees may have access on an as-needed basis for system administration and maintenance. Other access is granted only on a case-by-case basis, consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.

The database is protected within a locked facility with key card controlled access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS SCORE Institution/Investigator Database (SCORE-ID)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-5161-00

 

009-25-01-05-02-5161-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): n/a
7. System Name (Align with system Item name): SCORE Institution/Investigator Database (SCORE-ID)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Hong
10. Provide an overview of the system: SCORE is a developmental program for principal investigators (PIs) at minority serving Institutions. The goal of the program is to have individuals supported by the developmental programs transition out of the program and into regular research grants. The SCORE-ID system will support the SCORE Program Directors with the information-handling needs not currently supported by other enterprise systems, such as automated system for retrieval and presentation of IMPAC II, NSF, and PubMed data on SCORE-participating Institutions, giving program users the ability to track PI and Institutional progress towards the SCORE program goals.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed or shared only as described in the SOR. This information is addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system downloads and stores grant data from the IMPAC II database. The data are stored locally for performance reasons, and are refreshed daily to ensure accuracy. Data includes application review status (preaward data) and Principal Investigator name, work address and phone number. . The data are used to support local extramural research activities for NIGMS that are not supported by NIH or HHS enterprise systems. The system uses NIH enterprise IMPACII data.
(SOR 09-25-0036)
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) For statistical purposes, the data is collected and permanently maintained sorted by academic year in the NIGMS database archives.
The system has a privacy notice that notifies individuals of their rights regarding privacy act data which is displayed on the website.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NIGMS/NIH Program Officials use their NIH Single Sign-On username and password to access SCORE-ID.
Technical Controls, currently in place, are: user identification and passwords (as described above), and NIGMS and NIH firewalls - set to protect all the NIGMS and NIH systems.

Administrative Controls are as follows: the implementation of the NIGMS standard security plan, process and procedure for purging files, required user training, and distribution of SCORE-ID system user's guide that are provided to the program officials.

Physical Access Controls include:
1) controlled physical access to the server via a key card access control list indicating administrators allowed to access the LAN Room.
2) The database server is maintained by CIT in an access controlled location.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS SOFIE
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-3199-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0022
7. System Name (Align with system Item name): Status of Funds Internet Edition (SOFIE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gene Hernandez
10. Provide an overview of the system: The SOFie application is a reporting tool that allows budget offices to track expenditures in appropriated funds in a fiscal year. The application downloads information from the NIH Data Warehouse.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system does not collect Privacy Act Information. The system provides access to accounting data from the NIH Data Warehouse and does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimbrely Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS System for Application Management (SAM)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-5162-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): NIGMS-0017
7. System Name (Align with system Item name): System for Application Management (SAM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anjum Dahya
10. Provide an overview of the system: The System for Application Management (SAM) isupports the first stage of scientific peer review for extramural grant programs. The initial prototype was designed to support the NIH Director’s Pioneer and New Innovator Award programs. SAM incorporates a database of potential reviewers and provides tools for maintaining the reviewer database; compiling, inviting, and managing panels of outside reviewers; importing and analyzing data on submitted applications; and producing conflict-free mappings of applications to reviewers based on program specified rules.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared with the NIGMS NDPA or NIA administrator who inputs and updates data, NIGMS IRMB Contract staff for system maintenance and NIGMS scientific staff working on the NDPA who has read access.
The information is shared with the NIGMS NDPA or NIA administrator who inputs and updates data, NIGMS IRMB Contract staff for system maintenance and NIGMS scientific staff working on the NDPA who has read access.
The information is shared with NIGMS NDPA or NIA adminstrator who inputs and updates data, NIGMS IRMB Contract staff for system maintenance and NIGMS scientific staff working on the NDPA who has read access.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Information collected does contain the IIF data, such as:
The reviewer name, institution information (e.g. instiution name, address, phone and email), gender and minority indicator flag, as well as their field of scientific expertise is collected in order to match an outside expert with an NDPA or NIA application to reivew that is within their scientific area for funding consideration.
The personal information requested is mandatory and could be viewed as a prerequisite to participation in the review process.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The information is shared with the NIGMS NDPA or NIA administrator who inputs and updates data, NIGMS IRMB Contract staff for system maintenance and NIGMS scientific staff working on the NDPA who has read access.
In support of the NIH Director's Pioneer Award (NDPA) and the NIH Director's New Innovator Award (NIA); SAM system contains the contact information and the scientific expertise of scientist that volunteer to review the NDPA grant applications for NIH funding.

These scientists are usually NIH grantees that have an eRA Commons account. This information and all relevant communications and consents are obtained electonically as well.

Disclosure may be made to a private contractor or Federal agency for the purpose of collating, analyzing, aggregating or otherwise refining records in this system.

The contractor or Federal agency will be required to maintain Privacy Act safeguards with respect to these records.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Regular access to information is limited to NIGMS staff who are collecting the information or sending materials. Developers and/or Contractor employees may have access on an as-needed basis for system administration and maintenance. Other access is granted only on a case-by-case basis, consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.

The database is protected within a locked facility with key card controlled access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS System for CBI Training Grant Analysis (SCBI)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-5165-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): System for CBI Training Grant Analysis (SCBI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Hong
10. Provide an overview of the system: SCBI provides a secure Oracle database for storage of data pertaining to CBI training grant (T32) applications and a web-based front end for data entry and reporting. It has capability to synchronize training grant data with IMPAC II, to allow for entry and display of supplemental data for each grant, and provide for a detailed report of all stored data for each grant. The system also include summary views and reports as needed. Core application data obtained from IMPAC II includes applicant name, council, grant number, institution, summary statement, applicant image, and scoring information. Supplementary data is entered by NIGMS employees or its contractors and includes faculty, student and department statistics; program requirements in several areas, program mission descriptions, and Program Director notes. The data is used in aggregate for the production of required reports and the database is maintained and accessed only by NIGMS employees or its contractors.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed or shared only as described in the SOR. This information is addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 
The system downloads and stores grant data from the IMPAC II database.
The data are stored locally for performance reasons, and are refreshed daily to ensure accuracy. Data includes Council, Grant #, PI Name, Institution, Status of Award, PS, SS, FAC, SLOT, SUP...etc. The data are used to support local extramural research activities for NIGMS that are not supported by NIH or HHS enterprise systems.
The system uses NIH enterprise IMPACII data.
(SOR 09-25-0036)
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) For statistical purposes, the data is collected and permanently maintained sorted by academic year in the NIGMS database archives.
The system has a privacy notice that notifies individuals of their rights regarding privacy act data which is displayed on the website.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NIGMS/NIH Program Officials use their NIH Single Sign-On username and password to access SCBI.
Technical Controls, currently in place, are: user identification and passwords (as described above), and NIGMS and NIH firewalls - set to protect all the NIGMS and NIH systems.

Administrative Controls are as follows: the implementation of the NIGMS standard security plan, process and procedure for purging files, required user training, and distribution of SCBI user's guide that are provided to the program officials.

Physical Access Controls include:
1) controlled physical access to the server via a key card access control list indicating administrators allowed to access the LAN Room.
2) The database server is maintained by CIT in an access controlled location.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIGMS Workshop Registration Management System (WRMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/10/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NIGMS Workshop Registration System ( WRMS )
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anjum Dahya
10. Provide an overview of the system: WRMS is a web based system for all internal/external applicants who may like to attend the upcoming workshop hosted by NIGMS. It also provides support for various scientific workshop, including workshop information dissemination and registration.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information will be disclosed to NIGMS program managers responsible for coordinating the workshop. IIF is disclosed or shared only as described in the SOR. This information is addressed in the NIH Privacy Act.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The systems collects the applicant's name, address, phone, education background, email and PostDocs advisor information ( name, email, title, address, instituation). The contact information will be used to invite applicants to attend the workshop and to process their expense reimbursement. The information will be disclosed to NIGMS program managers responsible for coordinating the workshop. All the information collected is voluntary
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This data is temporary maintained only during the workshop period and shortly thereafter for sending out post workshop materials. Major systems changes do not occur during data collection (application submission) period.

The system has a privacy notice that notifies individuals of their rights regarding privacy act data.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to applicants data is limited to the workshop sponsor and assistants, and to administrative staff. Contractor employees may have access on an as-needed basis for system administration and maintenance, and data may be provided to contractors who are facilitating the workshop for developing name tags, determining rooms requirements, etc. Other access is granted only on a case-by-case basis, consistent with the restrictions required by the Privacy Act (e.g., when disclosure is required by the Freedom of Information Act), as authorized by the system manager.

Technical Access control include:
- controlled physical access to the server via a key card access control list indicating administrators allowed to access the Lan Room. The database server is maintained by CIT in an access controlled location.
- Workshop project manager, assistants and developers have role based access to the Oracle backend database via individualized Oracle accounts.
-Workshop sponsors and assistants access administrative workshop functions via a web interface located on the NIGMS Intranet rather than via a public web server. The Intranet requires authentication via NIH AD accounts and NIH Enterprise Single Sign On.
- Server admins control access to the server via ACLs and NIH AD accounts.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Kimberly Allen
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Administrative System (NAS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-9219-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0217
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIMH Administrative System (NAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William Hermach, NIMH ISSO
10. Provide an overview of the system: The NIMH Administrative System facilitates all the administrative support services necessary to support the NIMH mission. The system is part of the NIMHnet GSS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system store employee data such as name and phone numbers for NIMH Administrative Officer (AO) use. Reference SOR#: 09-25-0217
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system collects employee IIF data such as name and phone numbers for NIMH internal use in maintaining IT accounts and emergency contact information. Submission personal information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The system follows the NIMH Emergency Contact Procedure and Account Procedures for maintaining individual IIF information. Individuals are notified via email by their respective AO when any major changes to the system or data use occurs. NIMH staff consent to have their IIF stored in the system at the time of employment.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF will be secured on the system using NIMH Administrative Policies, technical access controls that enforce least privilage access, and encryption of sensitive data as well as limited physical access to the system via card key.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Clinical Brain Disorders Branch Database (CBDB)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Does not map to a UPI, part of the IRPnet C&A (GSS)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Clinical Brain Disorders Branch Clinical Database (CBDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael F. Egan, MD
10. Provide an overview of the system: This database includes clinical data on research subjects studied at the NIH in the Clinical Brain Disorders Branch. The authorizing authority is NIH Public Health Service Act, Section 301. The Website includes registration and information on CBDB lecture series.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF. Reference SOR#: 09-25-0200
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: We collect IIF information (name, phone, email, address and other research info) when subjects apply to volunteer for research protocols approved by our Institutional Review Board. We use the information to study brain function and the biology of mental illness. Personal information collected from subjects who apply for entry into the research studies includes a limited amount of demographics, psychiatric and medical history and related clinical information. Personal information collected from subjects accepted into the research studies includes additional demographics, psychiatric and medical history and related clinical information, as well as developmental history, and a variety of measures of brain function. Submission of IIF is voluntary to participate in research studies. Minimal PII (name, address, and phone number) is collected for CBDB lecture registration.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is obtained from subjects who contact our recruitment department and from subjects who participate in our research protocols. Subjects are requested to provide us with this information for the purposes of evaluating their suitability for research and for the actual research itself. Subjects who are accepted into the protocol sign an IRB approved consent form, which describes what information is to be collected. Participants are told that information they provide is confidential and will only be shared with members our research team. Notification is provided to individuals upon application to participate in a research protocol. Notification is provided via email or Web publication when major changes occur to the system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information is stored in a password protected computer database, physically located in a locked research ward. The IIF will be secured on the system using NIMH Administrative Policies, technical and encryption access controls and limited personnel physical access to the system via card key.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Employee Database, Internet Edition (EDie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-3196-00-403-131
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): EDIE (Employee Database, Internet Edition) formally Visual Employment Database System (VEDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Quang Tran
10. Provide an overview of the system: EDIE/VEDS is a windows and Web based application primarily used to manage and track personnel information. Authority for maintenance of the system is 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521, and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF. Reference SOR#: 09-90-0018. This information is further addressed in the HHS Privacy Act Systems of Record Notice 09-90-0018, published in the Federal Register, Volume 59, November 9, 1994.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EDIE/VEDS tracks all information pertinent to a personnel file for the purpose of personnel management activities. Information is collected from employees via the NED system. Uses consist of the following: a) tracking a time-limited appointment to ensure renewals are done in a timely manner, thereby avoiding any break in service, b) ensuring that allocated FTE ceilings are maintained, c) ensuring salary equality for various hiring mechanisms, d) providing reports requested by the NIH Director, IC Director and other management staff, as requested), and e) maintaining lists of non FTEs, special volunteers, contractors, and other hiring appointments. The information collected constitutes IIF, and is mandatory for all employees.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) IIF in the system is gathered from the NED system. Changes to the system or changes in the way the information is used is relayed to employees via official notices from the NIMH AO. Individuals are notified of the collection and use of data as part of the hiring process and is mandatory if the potential job applicant wishes to seek employment at NIH.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Authorized users have been trained in the Privacy Act and systems security requirements. To insure security of the data, each individual user’s access level is managed by the Administrator to ensure minimum and necessary access. The server is located in a locked room and is accessible only to specified system support personnel and is also protected by a limited access log-on procedure.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Extensive Neuro-imaging Archiving Toolkit (XNAT)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Does not map to a UPI, part of the NIMH IRPnet C&A (GSS)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Extensive Neuro-imaging Archiving Toolkit at NIH (XNAT@NIH)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Thalene T. Mallus
10. Provide an overview of the system: The XNAT application supports neuro-imaging research by archiving and processing information about subjects and neuro-imaging scans in which they have participated. The database maintains information on approximately 1800 subjects and approximately 10,200 scans over the past 6 years.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system will store personal (IIF) and medical information about subjects and neuro-imaging scans for the purpose of mental health research. The submission of IIF is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Subjects of the system will be contacted electronically and/or in person regarding any major system changes.

A protocol consent notice for each subject that has laboratory contact and data use information as well as patient rights and concerns will be used prior to collection of IIF.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The database system is behind the perimeters of the NIH firewalls. Least privilege password access to the database is utilized to restrict role based access.
Administrative and technical
- Multifactor authentication:
+ originating IP address
+ x.509 client certificates
+ password authentication
- Encrypted file system for fields containing IIF
- Ongoing host and network security processing, including
regular software and OS patching
- Appropriate logging for audits
Physical controls
- Restricted access to host computer
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Grants Management System (GMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-04-00-02-9203-00-205-080
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIMH Grants Management System (GMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William Hermach
10. Provide an overview of the system: The Grants Management System overall purpose is to support the management and administration of NIMH’s grants. The system is part of the NIMHnet GSS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system shares and discloses IIF with the NIMH support and Program staff to send information and correspond with the contacts. Reference SOR number: 09-25-0036
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The NIMH collects and maintains researcher names, mailing addresses, phone numbers, professional qualifications and areas of expertise for NIMH grants management purposes. The information is voluntarily submitted.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIMH grants management procedures involve notification and consent to submit IIF to the system during the grant application process. Individuals whose IIF is in the system are notified when major changes occur by email. Individuals are notified and consent to provide IIF collected by the system in order to provide contact information when appling for NIMH grants.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF will be secured on the system using NIMH Administrative Policies, technical and encryption access controls and limited personnel physical access to the system via card key.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Human Subject Research Database (MAP)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Does not map to a UPI, part of the NIMH IRPnet C&A (GSS)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): MAP Human Subject Research Database
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dr. Daniel Pine, 15K North Dr. Bethesda, MD 20892
10. Provide an overview of the system: The MAP system collects and centralizes research data for human subjects enrolled in studies conducted by MAP. IIF is stored in order to adequately distinguish subjects, and contact subjects, if necessary. Demographic data and results from psychological testing are stored and used for research purposes. Scientific data which is large in size (such as MRI scans, EEG scans, some genetics results) is not likely to be stored, although fields describing their location are sometimes used. The system is part of the IRPnet GSS.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: IIF is collected with the main purpose of recording human subject, classification data for medical research. Certain IIF such as date of birth may be used for scientific purposes (e.g., correlating an observation with age), but never in a manner that could breach confidentiality. The submission of IIF is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Subjects of the system will be contacted electronically and/or in person regarding any major system changes.

A protocol consent notice for each subject that has laboratory contact and data use information as well as patient rights and concerns will be used prior to collection of IIF.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The database system is behind the perimeters of the NIH firewalls. Least privilege password access to the database is utilized to restrict role based access.
Administrative and technical
- Multifactor authentication:
+ originating IP address
+ x.509 client certificates
+ password authentication
- Encrypted file system for fields containing IIF
- Ongoing host and network security processing, including
regular software and OS patching
- Appropriate logging for audits
Physical controls
- Restricted access to host computer
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH InfoCenter
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-03-02-9218-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106; 09-25-0156
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIMH Information Center
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Christine Kaucher
10. Provide an overview of the system: The NIMH Information Center provides services needed to handle information inquiries with appropriate responses and information dissemination regarding Mental Health research and related NIMH data. The NIMH Information Center provides the necessary services, systems, and qualified personnel to develop and implement such a program, including the information technology systems necessary to screen, track, monitor, and respond appropriately to inquiries received by the NIMH. The NIMH Infocenter ensures that vitally needed and appropriate information on the diagnosis, prevention, treatment, and underlying causes of mental disorders is disseminated in a cost-effective manner, to members of the public, mental health and health care professionals. The system is part of the NIMHnet GSS.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is shared with another NIMH contractor, DCARC, that warehouses and ships printed information. The requested information and shipping information are used to distribute the data. The requested medical research information and shipping information fall under two different SOR numbers.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The NIMH Information Center collects the first name, last name, degree, title, organization, address, phone number, fax number, and email of persons requesting NIMH publicly available information. The purpose is to provide complete inquiries response and information dissemination of NIMH, Mental Health research publications and other NIMH materials and Mental Health related information used to respond to public and professional inquiries. Congress mandates the NIMH to provide Mental Health information dissemination to reduce the burden of mental illness and behavioral disorders through research on mind, brain, and behavior. IIF submission is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Consent from individuals is obtained via continue, submit and confirm actions required to enter the IIF. The IIF is not and will not be used or shared other than to disseminate the requested NIMH information to the individual or as required by law. Major changes to the system are inconsequential to the collected IIF since the turn-around time to distribute the requested information is immediate or within a couple of days.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information is housed on a Windows Sequel Server in a physically secured data center with monitored, key-card access. The database system is behind the perimeters of the NIH firewalls. Least-privilege and role-based access to the database is utilized to restrict unnecessary IIF access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Internet and Intranet Web Sites
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-27-02-9218-00-305-108
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIMH Websites
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William Hermach
10. Provide an overview of the system: To disseminate Institute information to the public in accordance with Public Law 102-321. The system is part of the NIMHnet GSS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system shares and discloses IIF with the NIMH staff and research partners in support of the NIMH mission. Reference SOR #: 09-25-0036
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: NIMH Websites maintain and disseminate information about mental health disorders, news, research and funding opportunities as well as institue information. In addition NIMH Websites provide a portal to access NIMH Web based applications for grants management, research and administrative functions. The NIMH collects and maintains researcher names, mailing addresses, phone numbers, professional qualifications and areas of expertise for NIMH grants management purposes. The information is submitted voluntarily.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIMH procedures involve notification and consent to submit IIF to the system during the grant application and administrative processes. Potential grantees must consent to provide IIF to the system in order to apply for NIMH grants. NIMH consent to have IIF stored in the system as a condition of employment during the hiring process. NIMH Web communications staff notify individuals when major system changes or data use changes occur.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF will be secured on the system using NIMH Administrative Policies, technical and encryption access controls and limited personnel physical access to the system via card key.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Laboratory of Brain and Cognition Database (LBC)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Does not map to a UPI, part of the NIMH IRPnet C&A (GSS)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Laboratory of Brain and Cognition Database (LBC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Thalene T. Mallus
10. Provide an overview of the system: A central repository of subjects and associated contact, demographic, and medical information necessary for LBC Researchers, Post-Docs and Research Assistants to determine study availability, eligibility, and obtain MIS requests for LBC cognitive/imaging research protocols. The system is part of the IRPnet GSS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF. Reference SOR#: 09-25-0200
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The database collects names, contact information, demographics, medical, psychiatric, language, eligibility, and availability information for subjects tested under LBC research protocols. This voluntary information is used as a source pool of available testing subjects and the personally identifiable information collected is used for scheduling and eligibility requirements for LBC cognitive/imaging.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The information is obtained from telephone conversations with potential research participants. Subjects are told verbally that the information is being collected into a central repository and will be treated as confidential and used for research purposes only. Subjects may discontinue participation at any time. After an initial screening, subjects are scheduled for a history and physical to determine further eligibility. Consent to participate in the research effort is obtained at the time of the scanning appointment.

Users of the system are contacted electronically and/or in person regarding any major system changes. Signed protocol consent form for each subject has laboratory contact information for study and/or patient rights concerns.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information is housed on a Filemaker Pro Macintosh Server in a locked office space. The database system is behind the perimeters of the NIH firewalls. Least privilege password access to the database is utilized to restrict unnecessary access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH NIMH Headquarters Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-27-02-9218-00-305-108
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIMHnet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Harris
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system shares and discloses PII with NIMH staff and research partners in support of the NIMH mission. Reference SOR #: 09-25-0036
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIMH procedures involve notification and consent to submit PII to the system during the grant application and administrative processes. Potential grantees must consent to provide PII to the system in order to apply for NIMH grants. NIMH staff consent to have PII stored in the system as a condition of employment during the hiring process. NIMH Web communications staff notifies individuals when major system changes or data use changes occur.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The PII will be secured on the system using DHHS, NIH and NIMH administrative policies, NIHnet and NIMHnet technical controls, and encryption of sensitive data. The NIMHnet incorporates role based access controls with the principle of least privilege access and limited personnel physical access to the data center systems via card key.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH NIMH Intramural Research Program Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-9219-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): IRPnet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Quang Tran
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information. Information is stored on applications supported by the GSS and listed in the specific application PIA.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose PII. Reference SOR#: 09-25-0200
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The PII will be secured on the system using DHHS, NIH and NIMH administrative policies, NIHnet and IRPnet technical controls, and encryption of sensitive data. The IRPnet incorporates role based access controls with the principle of least privilege access and limited personnel physical access to the data center systems.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Status of Funds Internet Edition (SOFie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-01-02-3198-00-402-125
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 009-25-01-01-01-3104-00
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Status of Funds Internet Edition (SOFie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Quang Tran
10. Provide an overview of the system: Status of Funds Internet Edition (SOFie) facilitates viewing and managing an organization’s accounts. The database stores the organization’s financial transactions and allows the user to view and summarize as needed for different reporting mechanisms. The system is part of the IRPnet GSS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: SOFie stores the IC’s financial transactions, which are downloaded daily from the NIH Data Warehouse. The IC’s use the information to monitor spending trends, monitor balances in the accounts, also for specialized reporting, such as, travel reports and salary trends. No personal identifying information is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIMH specific financial information is downloaded from the NIH data warehouse system. Suppliers of information and staff are aware the data is collected through authorized acquisition transactions and provide consent through the authorized acquisition process and government employment regulations. The information allows budget offices to track expenditures in appropriate funds in a fiscal year. The application contains a tracking mechanism to track prior year funds as well. The notice of consent is handled electronically through the applicable acquisistion process.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Authorized users have been trained in the Privacy Act and systems security requirements. To insure security of the data, each individual user’s access level is managed by the Administrator to ensure minimum and necessary access. The server is located in a locked room and is accessible only to specified system support personnel and is also protected by a limited access log-on procedure.

PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NIMH Unit on Integrative Neuroimaging Database (UINDB)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/15/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Does not map to a UPI, part of the NIMH IRPnet C&A (GSS)
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Unit on Integrative Neuroimaging Database (UINDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jonathan Shane Kippenhan
10. Provide an overview of the system: This system collects and maintains information about subjects and neuroimaging scans they have participated in. NIH Public Health Services Act, Sec. 301. The system is part of the IRPnet GSS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF. Reference SOR#: 09-25-0200
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system collects information on demographics, medical history, medications and neuroimaging scans, all of which is used to facilitate neuroimaging research. Submission is voluntary. Information is collected from subjects, who are told that the information will be kept confidential and used only for purposes of our research projects.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Users of the system are contacted electronically and/or in person regarding any major system changes. Signed protocol consent form for each subject has laboratory contact information for study and/or patient rights concerns.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Data access is restricted to users with passwords known only to the user (passwords are not stored). System security is maintained via a combination of physical security, passwords, and firewalls.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: William Hermach
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Alchemy
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Alchemy
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The primary purpose of the Alchemy system is to support the NINDS ASP by managing the large volumes of Utah test result data and other ASP files.
Alchemy also provides a way for authorized users to search for legacy Utah test result data through functions for indexing, archival, query, retrieval, and viewing. The ability to perform searches via Alchemy reduces the need to store microfilm and paper copies on NINDS premises. This, in turn, reduces the requirement for ever-increasing storage space.
The Alchemy system supports the mission ASP, which is to encourage and facilitate the discovery and development of therapeutics for treatment of seizure disorders. The success of these efforts translates directly into new drugs to treat patients with these disorders.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Researchers receive the letters. Data includes contact information for individual researchers IAW SOR# 09-25-0200.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Correspondence Letter which includes name and business address.
Publically available journal articles which possibly contain name and email address. Submission of the information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The letters either come from the person or are sent to the person as a part of the process in entering test results. Consent and notification are assumed when the individual sends or receives the letter containing the information. No other notification is done.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Single sign-on using user name and password, system resides behind a firewall and is in a server room with no external access. All personal not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Antieileptic Drug Discovery System II (ADDS II)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: NO
6. Other Identifying Number(s): NO
7. System Name (Align with system Item name): Anti-Epileptic Drug Discovery System II (ADDS II)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The purpose of the ADDS II system is to facilitate the establishment of worldwide collaborative relationships among the government, academia, and industry to search for a cure of epilepsies and to provide the necessary incentives for discovery, characterization, and development of novel antiseizure/anticonvulsant agents.

These efforts are undertaken through multi-level testing directed toward the development of safer and more effective therapies for treating the various seizure disorders. To aid in the process, the Anti-Epileptic Drug Discovery System II (ADDS II) application was developed. ADDS II provides a fully integrated system to support the preclinical drug discovery business area. Users can access chemical compound data, order and manage tests, enter test results, and manage inventory using predefined forms and reports.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data is not shared. The data is used by NIH personnel only to contact researchers who submitted the data. SOR# 09-25-0200
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Collect name, business telephone number, business email address, business address, institution/company/agency name, public web site URL. Information is collected from researchers who submit compounds for testing. It is used to communicate test results back to the researcher. Information is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Institutions submit compounds and test results voluntarily. Consent to collect this information is assumed upon submission. There are no other processes in place associated with the ADDS II system to notify or obtain consent.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Role base security, using user name and password for network and Oracle, system resides behind a firewall and is in a server room with no external access. All personal not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Bioinformatics Research Information
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): EvoPrinter
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Buckland
10. Provide an overview of the system: EvoPrinter supports researchers comparing DNA sequences to a library of known sequences. Research sequences can be submitted and EvoPrinter determines the similarities and differences, especially with regard to evolutionary closeness.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EvoPrinter only processes anonymous DNA sequences. It stores no data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) None
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process. The system is also protected by the Institute's firewall and intrusion detection systems. The system also has several physical controls in place to secure any data. The system is protected by guards, ID badge requirements, and key card access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Clinical Information Management System (CIMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-200
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Clinical Information Management System (CIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Buckland
10. Provide an overview of the system: CIMS supports the Clinical Research program of NINDS. It consists of two subsystems, the Clinical Study Information System (CSIS) and the Protocol Tracking and Management System (PTMS), that store information relevant to the Clinical Research studies of NINDS and patients involved in those research studies.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: CIMS supports the Clinical Research program of NINDS. It consists of two subsystems, the Clinical Study Information System (CSIS) and the Protocol Tracking and Management System (PTMS), that store information relevant to the Clinical Research studies of NINDS and patients involved in those research studies. Some PII information may be maintained by the CSIS subsystem, but not by PTMS. Submission of a minimal amount of personal information is required for patients who have volunteered to participate in the clinical studies.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Participants in clinical studies volunteer to participate in the studies and give their written consent to provide PII and medical information. They are notified of such study requirements when they volunteer for the studies, and they are given information on how the study information may be used. It is not feasible to obtain further consent for any later changes in the CIMS system.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Role based security, using authorized user name and password for network access to CIMS. System resides behind a firewall and is in a server room with no external access. All personal not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Coding
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Coding
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The NINDS Coding system is a web-based application enabling NINDS institute personnel, both Intramural and Extramural, to assign codes to grants and contracts. These code values denote the relationship between the Institute's expenditure and an area of science, disease, or disorder. The system also enables Program, Scientific, and Budget Analysts to analyze expenditures by fiscal year and generate reports. Using this system, analysts generate budgetary and scientific year-end reports that are used to respond to internal and external requests for information.
the database is driven by a frozen table of awarded grants and contracts for both Extramural and Intramural research by fiscal year. The data for the frozen table comes from the IRMB database as well as from local NINDS-specific data sources.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information:
- Principal Investigator Name.
- System User Name.
- Program Director Name.
- Principal Investigator Institution Name.
- System User Email Address.
As a part of the NIH grant application process, Principal Investigators are required to provide their name and institution name. The NINDS Coding system downloads this information that the IMPACII database has already collected.
Grants are assigned to Program Directors (PDs), and the PD names are stored to record these assignments. This data is a mandatory part of the grant submission process. The data is used to track PD assignments in association with grant applications and awards.
All data contained in this system is from awarded grants and is public record. None of the data is considered PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) PII is not contained in this system
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the certification and accreditation process. Finally, the system maintains several user roles, and each system user is given the least privilege needed to perform his or her business function. The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can log onto the system. The system is also protected by guards, ID badge requirements, key card access, cipher locks, and closed circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Daily Refresh Workload FY XXXX NS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Daily Refresh Workload FY XXXX NS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Daily Refresh Workload FY XXXX NS is a system that refreshes a Grant Specialist workload report on a daily basis. This report is stored on a common drive and is viewed by Grants Management Officials and their deputies.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system generates a report that only authorized personnel can access. The report displays the workload for each Grant Specialist.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information.
* Grant Specialist name and his/her General Schedule (GS) level.
* Grant number.
* Cluster name.
The system creates a report detailing the Grant Specialists workload and compares it with his/her GS level. The use of the GS name along with his/her GS Level could be considered PII. The Information contained in this system is required when the individual accepts a position as a Grant Specialist.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected by the IMPAC II system and NINDS relies on the IMPAC II system to obtain permission via the grant application process and to notify individuals when major changes are made affecting the use of the data, how the data will be used and why it is being collected. The IMPAC II system uses the data to process grant applications and maintain grants. NINDS uses this automailer as a portion of the grant application process to inform the applicant of the status of their application.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process.
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can access the system. The Institute's firewall and intrusion detection systems also protect the system.
The system also has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Employee Database Internet Edition
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NINDS Employee Database Internet Edition
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The EDie application supports the efforts of NINDS by tracking employee information. The application downloads this information from the Human Resources Database (HRDB) weekly. Information entered into the EDie database is not uploaded into the HRDB. Due to the sensitivity of the personnel data in this system, access to the EDie database is limited to specific users within NINDS. Users are assigned roles that restrict what data they may view and what functions they can perform. Access privileges are enforced through authentication within the database.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The information collected is all information pertinent to a personnel file. There are many uses for this information: (a) tracking a time-limited appointment to ensure renewals are done in a timely manner thereby avoiding any break in service; (b) ensuring that allocated FTE ceilings are maintained; (c) ensuring salary equality for various hiring mechanisms; (d) the ability to provide reports requested by the NIH Director; (e) maintaining lists of non FTEs, special volunteers, contractors, etc. Information is
mandatory at time of hire.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is collected from documents provided by employees (CV, resumes, etc) at the time of appointment. It is provided in personnel packages submitted through channels in order to affect a hire. This information is put into the Enterprise Human resources and Payroll System (EHRP) and subsequently downloaded into the NIH NINDS Employee Database Internet Edition. Individuals are notifed of the collection and use of data as a part of the hiring process. Changes to the system or use of the information is relayed to employees via official notices from HR and the system owner.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This information is provided to key staff by the administrator. The system is authorized only with a person who has a proper access rights with user name and password. The system is secured in an office with locks and the building is secured by the security guard.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS eNotification Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106 and 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): eNotification Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The eNotification Automailer is a Microsoft Access database system that queries IMPAC II, generates a report, and sends email notifications to grant applicants. The system searches for grant applications that recently have been given a score or percentile. Based on business rules established by the business users, the system will email notifications that indicate the likelihood that the applicant will receive funding. All reports are stored on a secure network drive and a copy of the email is stored in the Microsoft Outlook Public Folders.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system sends email notifications to grant applicants on the likelihood that their grant application will be funded.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores Principal Investigator Name, Work Address, Email, Administrative Office Email, and Institution Name. The information is collected by IMPAC II as a required part of the grant application and is used to process the grant application and, if funded, to maintain the grant. eNotification Automailer uses this information to inform the applicant about the status of his/her grant application.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected by the IMPAC II system and NINDS relies on the IMPAC II system to obtain permission via the grant application process and to notify individuals when major changes are made affecting the use of the data, how the data will be used and why it is being collected. The IMPAC II system uses the data to process grant applications and maintain grants. NINDS uses this automailer as a portion of the grant application process to inform the applicant of the status of their application.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process. The system has several technical controls to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he/she can log onto the system. The Institute's firewall and intrusion detection systems also protect the system. The system also has several physical controls in place to secure the data. The system is protected by guards, ID Badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Extramural Financial Management Branch
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8601-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NINDS FinEx
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The FINeX application is a centralized, Internet-based relational database environment that stores data and business rules (procedures) required to maintain the Extramural grant budget. The FINeX application includes the tools necessary to estimate, award, obligate, forecast and report on grant budgets in the Extramural program.

In its in-production state, FINeX resides on the NINDSAPPS3 server as a .Net, web-deployed application. Its interdependencies on other resources (or dynamically-linked libraries (DLLs)) are fully compiled into the installed version of FINeX on NINDSAPPS3. NINDSAPPS3 serves as the web application server for NINDS, where FINeX is exclusively used. The databases on which FINeX is dependant reside on NINDS resources, SQLCLUSTER (SQL Server 2000 database server) and IRIS (Oracle 10 database server). FINeX utilizes, but is not dependent on NIH CIT resources for supplemental data (e.g., IRDB—an Oracle database warehouse server and DataWarehouse—an IBM mainframe finance data warehouse).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is obtained from the eRA system in the administration of research grants IAW SOR#09-25-0036.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Financial Grant information. The FINeX application is a centralized, Internet-based relational database environment that stores data and business rules (procedures) required to maintain the Extramural grant budget. The FINeX application includes the tools necessary to estimate, award, obligate, forecast and report on grant budgets in the Extramural program. IIF contained in NINDS FinEx is obtained from the eRA system and is a requrired part of the Grant submission process.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) IIF is submitted as a part of the grant application process. Information used by the NINDS FinEx is taken from the ERA grant application. Notification and consent from the individual is assumed when the grant application is submitted. All notification and consent is taken care of via the Grant application submission process and eRA systems.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Role base security, single sign-on using user name and password, system resides behind a firewall and is in a server room with no external access. All personal not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Fellowship Mailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: no
6. Other Identifying Number(s): no
7. System Name (Align with system Item name): Fellowship Mailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Fellowship mailer sends reminder notifications to fellowship recipients. The system sends activation reminders to recipients who have not yet activated their fellowships. The system sends non-activated reminders to recipients who did not activate their fellowships by the due date. The system also sends termination reminders to recipients about the reports they need to send to NINDS at the end of their fellowships.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system sends an email to the Principle Investigator (PI) and the PI's Administrator about the activation status of a fellowship.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information:
- Grants Specialist Name
- Grants Specialist phone number
- Grants Specialist email
- Grants Management Official name
- Grants Management Official email
- Grant Number
- Principle Investigator name
- Principle Investigator email
- Principle Investigator's Administrator email
The system sends an email to the Principle Investigator (PI) and the PI's Administrator about the activation status of a fellowship. Disclosure may be made to a grantee or contract institution in connection with performance or administration under the conditions of the particular award or contract.
Principle Investigator information is required when an individual applies for a grant.
Grants Specialist information is required when an individual accepts a position as a Grants Specialist.
The information collected for the Principle Investigator contains PII/IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIH collects the PII/IIF from the Grant Application, and NINDS relies upon the NIH policy for notifying and obtaining consent from the Grant Applicants and Principle Investigator. See SOR# 09-25-0036
In this system the information is used to send an email to the Principle Investigator (PI) and the PI's Administrator about the activation status of a fellowship.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process.
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can access the system. The Institute's firewall and intrusion detection systems also protect the system.
The system also has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS GM Close Out
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): GM Close Out
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The GM Close Out system runs a report on a quarterly basis and provides the close out status of grants for all Institutes and Centers (ICs).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not contain IIF/PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores Grant Number and Grant Close Out Status for generating the quarterly Grant Close Out report and for historical purposes.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) System does not contain IIF/PII
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System does not contain IIF/PII
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS GMB Workload Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): GMB Workload Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The GMB Workload Automailer is a Microsoft Access database system that queries IMPAC II, generates workload reports, and sends links to those reports via email to the GMO. These workload reports – a total of five in all – provide a weighted workload score for each Grant Specialist based on business rules established by the GMO. All reports are stored on a secure network drive.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not contain IIF
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not contain IIF
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS GMO Unsigned Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): GMO Unsigned Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The GMO Unsigned Automailer is a Microsoft Access database system that queries IMPAC II, generates a report, and sends a link to that report via email to the GMO. The report displays all grant applications that Program Staff have completed and that are ready for the GMO’s signature. All reports are stored on a secure network drive.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not contain IIF
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not contain IIF
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS GMS Unsigned
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): GMS Unsigned
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The GMS Unsigned system generates a report of all grant applications that have been signed by the Program Official but not signed by the Grants Specialist. All personnel listed on the report are sent a link to the report.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system generates a report of all grant applications that have been signed by the Program Official but not signed by the Grants Specialist.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information:
- Grant Specialist Name.
- Program Official name.
- Grant application number.
This information contains PII when tied to the Grant Application Number. The GS and PO names are required when accepting these positions.
The system emails a report detailing the grant applications that are awaiting the signature of the Grant Specialist.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected by the IMPAC II system and NINDS relies on the IMPAC II system to obtain permission via the grant application process and to notify individuals when major changes are made affecting the use of the data, how the data will be used and why it is being collected. The IMPAC II system uses the data to process grant applications and maintain grants. NINDS uses this automailer as a portion of the grant application process to inform the applicant of the status of their application.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process.
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can access the system. The Institute's firewall and intrusion detection systems also protect the system.
The system also has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS GS Reassignment Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): GS Reassignment Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The GS Reassignment Automailer is a Microsoft Access database system that queries IMPAC II, generates a report, and sends email notifications to Grant Specialists via email. These email notifications indicate the Grant Specialist assigned to a grant application has been changed, and the system sends notifications to both the new and former Grant Specialists. The email notification also provides a link to the report detailing all reassignments. All reports are stored on a secure network drive.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not contain IIF
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not contain IIF
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Initiatives and Workshops in Neuroscience
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8601-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): iWIN
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The NINDS is responsible for supporting all aspects of biomedical research on disorders of the brain and nervous system. Although NINDS relies heavily on investigator –initiated research, it undertakes specific initiatives to focus efforts on particular problems or opportunities when its leadership is warranted. NINDS plans and implements research through the Initiatives and Workshops in Neuroscience (iWIN) process. The iWIN application is a centralized, Internet-based relational database environment that stores data and business rules (procedures) required to maintain initiative and workshop information for reporting and tracking. In its in-production state, iWIN resides on the NINDSAPPS3 server as a .Net, web-deployed application. Its interdependencies on other resources (or dynamically-linked libraries (DLLs)) are fully compiled into the installed version of iWIN on NINDSAPPS3. NINDSAPPS3 serves as the web application server for NINDS, where iWIN is exclusively used. The databases on which iWIN is dependant reside on a NINDS resource named SQLCLUSTER (SQL Server 2000 database server).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not store PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Initiative and Workshop information. The iWIN application is a centralized, Internet-based relational
database environment that stores data and business rules (procedures) required to maintain initiative
and workshop information for reporting and tracking. This system does not collect or store PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not collect or store PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain PII
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Intent to Pay (ITP) Web
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Intent 2 Pay (I2P)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: Intent to Pay application aids in the administration of grants by providing a single definitive list of grant application to pay during a council round.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): I2P passes information to other internal systems (FINEX, iWin, Council Web Site)
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Grant Number, PI Name, Financial information are collected, maintained, disseminated. This system is used to review grant applications and indicate which will be paid. IIF information is mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) IIF is submitted as a part of the grant application process. Information used by the NINDS FinEx is taken from the ERA grant application. Notification and consent from the individual is assumed when the grant application is submitted. All notification and consent is taken care of via the Grant application submission process and eRA systems.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Role base security, single sign-on using user name and password, system resides behind a firewall and is in a server room with no external access. All personal not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Intranet
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-8606-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0106
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NINDS Intranet
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The NINDSINTRANET server supports the “NINDS Intranet Employee Website” located at http://intranet.ninds.nih.gov/. The server provides advanced symmetric multiprocessing (SMP) support, clustering, and load-balancing technologies to meet the requirements of NINDS Intranet users.

The server resides on the NINDS private network (Intranet) and, thus, the services it supports are not accessible to the general public.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system discloses IIF to authorized NIH Staff with logon access through links to other NIH systems such as NED IAW SOR 09-25-0106
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Information is now directly submitted through the NINDS Intranet. All information displayed on the NINDS Intranet is collected and stored by other systems within the NIH. As far as NINDS Intranet is concerned this IIF is voluntary although it may be required by other NIH systems.
· NINDS directory, including employee contact information
· NINDS calendar
· News and alerts
· NINDS policies
· NINDS forms
· Human resources information
· Jobs and training information
· Information about funding opportunities
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The Intranet only accesses and displays data from other systems. Consent is assumed to have been given when the information was collected by those systems. Notification of major changes to the system are disiminated via email to all NINDS personnel. Consent from individuals concerning IIF that may be displayed on the Intranet is the responsibility of the system actually collecting that information. IIF is only displayed to those Staff who have login access to the systems containing the IIF.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Network sign-on using user name and password, system resides behind a firewall and is in a server room with no external access. All personnel not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Large Grant Mailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Large Grant Mailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Large Grant Mailer system runs twice a year and sends emails to all NINDS grantees about the procedures for submitting a grant application in excess of $500,000.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system sends and email to the Principle Investigator (PI) with information about submitting grant applications over $500,000. Disclosure may be made to a grantee or contract institution in connection with performance or administration under the conditions of the particular award or contract.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information:

* Principle Investigator name.
* Principal Investigator email.
PII in the form of PI name and email is contained in the email.
This information is required when the PI submits a grant application.
The system sends an email to the Principle Investigator (PI) with information about submitting grant applications over $500,000.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected by the IMPAC II system and NINDS relies on the IMPAC II system to obtain permission via the grant application process and to notify individuals when major changes are made affecting the use of the data, how the data will be used and why it is being collected. The IMPAC II system uses the data to process grant applications and maintain grants. NINDS uses this automailer as a portion of the grant application process to inform the applicant of the status of their application.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process for the General Support System (GSS).
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he/she can access the system. The Institute's firewall and intrusion detection systems also protect the system.
The system also has several physical controls in place to protect the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed -circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS MS Access Nightly Download System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): MS Access Nightly Download System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The MS Access Nightly Download System loads the SRPD_Data.mdb database with data from the IRIS Oracle Database. This process runs on a nightly basis.
The SPRD_Data.mdb serves as a repository of grant information for several NINDS systems.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No PII is shared.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system collects the following information:
- Grants Specialist (GS) and Grants Management Official (GMO) name.
- Program Official (PO) and Health Science Administrator (HSA) name.
- Grant number.
- Principal Investigator (PI) name.
- Organization name.
The MS Access Nightly Download System loads the SRPD_Data.mdb database with data from the IRIS Oracle Database. The SPRD_Data.mdb serves as a repository of grant information for several NINDS systems used to process and maintain grants.
When used together some of this information may be considered PII.
This information is mandatory for processing and maintaining grants.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIH collects the information, and NINDS relies upon the NIH policy for notifying and obtaining consent from individuals. Information regarding individual notification procedures is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal register, volume 67, No. 187, September 26, 2002.
This information is collected by the eRA system when grants are applied for and updated as a grant is awarded and maintained. Notification that this data is being collected, what is being collected and what it is used for is explained in detail in the grant application process. As individuals apply for positions as a GS/GMO/PO/HSA/PI this information is collected and the purpose for collecting it is explained and consent obtained at that time either verbally or in writing. This information is mandatory if a person accepts these positions.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process for the General Support system (GSS).
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can access the system. The Institute's firewall and intrusion detection systems protect the system.
The system also has several physical controls in place to secure the data. The system is protected by guards. ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Nightly Download Status Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Nightly Download Status Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Nightly Download Status Automailer is a system that queries IMPAC II, IRIS, SQLCLUSTER,and NINDS_LOCAL_APPLS to check the status of the nightly download and prepares a text file record-count report. The report displays the number of records downloaded from IMPAC II and displays the number of records downloaded into each IRMB database following the nightly download. The report is sent to interested IRMB staff.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not contain IIF
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not contain IIF
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS NINDS DIR General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): DIR General Support System (GSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Buckland
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS NINDS OD DER General Support System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): OD/DER General Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing on the GSS collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Notify Deputy GMO of NEW PCC in IMPACII
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Notify Deputy GMO of New PCC in IMPACII
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Notify Deputy GMO of New PCC in IMPACII system sends an email to the deputy GMO when a new Program Class Code (PCC) is created in IMPACII.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores Program Class Codes (PCC)
The system emails a report if a new PCC is created in IMPACII.
No PII is collected or included in this system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Patchlink
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Patchlink
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: Patchlink (Lumension Security) is our vulnerability remediation tool. Agents on the client machines provide information such as services, applications, and hardware to the Patchlink server. Patchlink uses this information to see if there are any vulneribilities with this information and then supplies the patches needed to remedy the vulnerability.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain, share, or disclose IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Information is collected from client machines for the sole purpose of determining which patches to apply to remediate vulnerabilities. Lumension’s Patch Management and Remediation Solution enables us to automate the collection, analysis, and delivery of software patches and rapidly create and deploy remediation packages that address a wide range of configuration related issues (i.e. closing down vulnerable ports, shutting down dangerous services, etc.) throughout the heterogeneous enterprise.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) None.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is collected by this system.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS People/Organization Module (POM)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-09-02-8601-00-402-125
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0216
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): People/Organization Module (POM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The POM provides a centralized repository of all NINDS employees and tracks the following information:
- IRMB applications used by NINDS employees.
- Employment Status.
- User Roles.
- Cluster Assignments.
- Organization Role.
- Program Class code (PCC)
This information is used by other NINDS systems for their user authentication and authorization.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information:
- Name
- Email Address
- NT Login name
- IMPACII Person_ID
- Employment Status
- Cluster Assignment
- Organizational Role
- Program Class Codes (PCC)
This information is used by other systems for their user authentication and authorization. This information is mandatory and is collected as a part of the Grants Management process.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NIH collects the PII, and NINDS relies upon the NIH policy for notifying and obtaining consent from individuals. Information regarding individual notification procedures is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0216, published in the Federal register, volume 67, No. 187, September 26, 2002.
This information is collected as a part of their employment in a position involving the managing of grants. They are advised of the need to collect this information and how it will be used either verbally or in writing at the time they accept the position.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are part of the Certification and Accreditation process. Finally, the system maintains several user roles, and each system user is given the least priviledge needed to perform his or her business function.
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can log onto the system. The Institute's firewall and intrusion detection systems also protect the system.
The system has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Approval: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS PO Reassignment Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): PO Reassignment Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The PO Reassignment Automailer is a Microsoft Access database system that queries IMPAC II, generates a report, and sends email notifications to Program Officials (POs) via email. These email notifications indicate the PO assigned to a grant application has changed and notifies both the new and former POs. The email notifications also provide a link to the report that details all the reassignments. All reports are stored on a secure network drive.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not contain IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not contain IIF.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS PO Unsigned Report
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): PO Unsigned Report
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The PO Unsigned Report system creates a report of grant applications with a To Be Paid status that have not been signed by the Program Official. The email contains a link to the report, which is stored on a common drive.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The System stores the following information:
* Grant Specialist (GS) name.
* Program Official (PO) name.
* Principle Investigator (PI) name.
* Grant number.
The system emails a report detailing the grant applications that are awaiting the signature of the Program Official. This information is mandatory as a part of accepting the position of GS,PO, or PI.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected by the IMPAC II system and NINDS relies on the IMPAC II system to obtain permission via the grant application process and to notify individuals when major changes are made affecting the use of the data, how the data will be used and why it is being collected. The IMPAC II system uses the data to process grant applications and maintain grants. NINDS uses this automailer as a portion of the grant application process to inform the applicant of the status of their application.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process for the General Support system (GSS).
The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can access the system. The Institute's firewall and intrusion detection systems also protect the system.
The system also has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Public Access Data Load
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Public Access Data Load
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The National Institutes of Health (NIH) Requires that the general public have access to publications that result from NIH-funded research. To satisfy this responsibility, scientists must submit their peer-reviewed publication to PubMed Central. The National Institute of Neurological Disorders and Stroke (NINDS) developed the NINDS Public Access Compliance System to help staff track compliance with the requirement. The Public Access Data Load system runs twice a day and queries IMPACII for new Type 5 Progress Reports. These Type 5 Progress Reports are used by the NINDS Public Access Compliance System to help track compliance. More information about the Public Access Policy is available at http://publicaccess.nih.gov/.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system collects Type 5 Progress Reports containing public accessable data which are then used by the NINDS Public Access Compliance System to help ensure compliance with the NIH Public Access Policy implements Division G, Title II, Section 218 of PL 110-161 (Consolidated Appropriations Act, 2008). . No PII is contained in these reports. Information contained in this system is not available to the public via this system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Purchasing Online Tracking System Shared Service Platform [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-8602-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): none
7. System Name (Align with system Item name): Purchasing Online Tracking System (POTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Buckland
10. Provide an overview of the system: Consolidates workflow relating to acquisition—purchase request, approval, ordering, and receiving—into a paperless, auditable system, and provides a central repository for all purchase-related forms. POTS allows requesters, approvers and purchasing agents to use one Web-based system to perform the tasks needed to submit, review and approve purchase requests.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Purchase-related data (requester, purchaser, vendor, purchase item descriptions). POTS allows requesters, approvers and purchasing agents to use one Web-based system to perform the tasks needed to submit, review and approve purchase requests. No PII data is requested or stored.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) None
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process. Finally, the system maintains several user roles, and each system user is given the least privilege needed to perform his or her business function. The system has several technical controls in place to secure the data. A user must first provide a valid username and password to access the NIH network. A user must also be an authorized system user, with a record in the user table. The system is also protected by the Institute's firewall and intrusion detection systems. The system also has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, and key card access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Receipt and Referral System (RRS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NINDS Receipt & Referral System (RRS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The RRS is an electronic reading room that allows NINDS DER Program Directors (PDs) and Program Analysts (PAs) to perform the following tasks:
Pre-sort Type 1 grant applications into clusters.
Indicate an interest in being either the primary Program Director assigned to the grant or the secondary Program Director.

The system allows an administrator, normally the Referral Liaison (RL), to approve the grant application assignments and send this information, i.e., the assigned Program Director’s program class code (PCC), to the eRA system. The administrator also has the capability to perform certain system utilities.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): See SOR# 09-25-0036. This information is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: IIF information in the form of PI Name and grant application number are obtained from eRA for use in processing grant applications. The information is mandatory for processing a grant application and is submitted with the grant application to the eRA system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) IIF is submitted as a part of the grant application process. Information used by RRS is taken from the ERA grant application. Notification and consent from the individual is assumed when the grant application is submitted. All notification and consent is taken care of via the Grant application submission process and eRA systems.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Role base security, user name and password, system resides behind a firewall and is in a server room with no external access. All personal not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Remedy
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0216
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Remedy
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: NINDS Remedy is a change management solution where system change requests can be tracked, validated, and reported against. These change requests are requests to add/modify features in the various NINDS software systems and servers. NINDSREMEDY1 serves as the server for NINDS, where Remedy is exclusively used. The database on which Remedy is dependent resides on a NINDS resource named SQLCLUSTER (SQL Server 2000 database server).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data is kept in house and used to track, validate and report change requests.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Information identifying the individual submitting a change request is submitted as a part of the change management process. The information is used to contact the individual for additional information/justification for the change. This system stores name and contact information for the individual submitting the change request. The information is mandatory to ensure the request can be processed in a timely manner.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Notification and consent to collect and store IIF is assumed when the change request is submitted. Individuals are informed of this policy and the use of the information when they are trained in the use of the Remedy system. IIF stored in the system includes name and contact information of the person submitting the change request. Personnel are informed of changes to the system via email.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Role-based security, single sign-on using username and password. The system resides behind a firewall and is in a server room with no external access. All personnel not having card key access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS SharePoint Document Library
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018, 09-25-0216
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): SharePoint Document Library
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The SharePoint Document Library is an electronic library maintained in Microsoft Office SharePoint Server. It contains documents pertaining to all NINDS hardware and software systems, Disaster Recovery and Contingency Planning, training, workflows, and other NINDS/OD/IRMB administrative documents.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Home phone numbers are provided in an emergency call list for use by disaster recovery personnel in the event of a disaster.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Employee name, home phone number, cell phone number, and business number are collected for use in an emergency recall list used in disaster recovery/contingency planning and execution.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) For the Emergency Call/Recall List(s), personnel are contacted in person when information is collected or updated. They are informed at that time the purpose for collecting this information. Consent is given verbally at that time. Also see SORNs 09-90-0018 and 09-25-0216.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Network sign-on using user name and password. SharePoint software also provides the capability to restrict areas based on rules/roles assigned by the data owners. System resides behind a firewall and in a locked server room with no external access. All personnel not haveing key card access are escorted.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Special Programs in Neuroscience (SPIN)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Special Project in Neuroscience (SPIN)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: SPIN allows staff to track PI's, fellow's, trainees' and supporters who have minority supplements. SPIN allows information on people not stored in IMPAC II to be associated with a particular grant application. PHS Act Section 301.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): See SOR# 09-25-0036. This information is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Collected information includes, grantee's name, race, ethnicity, education level, and gender. The information is collected for grant application reporting purposes used only within the institute. The collected information is the minimum amount of information that is associated with the application. The information is used to monitor research programs, research capacity, building and training, and health disparities among underrepresented groups (e.g. racial/ethnic, gender, etc.). This information is voluntary within the SPIN application.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected from the grant applications that an individual submits for consideration in obtaining a grant. Consent is assumed when an individual submits his/her grant application. Notification of major changes to the SPIN system is not made to individuals whose IIF was obtained from their grant application submission. Notification of changes to the use of IIF and consent to collect IIF is handled through eRA and the grant application submission process.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: See SOR# 09-25-0036. This information is further addressed in the NIH Privacy Act Systems of Record Notice 09-25-0036, published in the Federal Register, Volume 67, No. 187, September 26, 2002.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Peter Soltys/Sue Titman (301) 496-9244
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Status of Funds Internet Edition (SOFie)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): Status of Funds Internet Edition (SoFIE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Buckland
10. Provide an overview of the system: Provides real-time budgeting database information for the NINDS/DIR. It Interfaces with and gets data from the NIH financial management system. Replaced the earlier Visual Status of Funds (VSOF) system.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Internal NINDS day-to-day budget information. Does not collect or maintain PII data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) None
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process. The system is also protected by the Institute's firewall and intrusion detection systems. The system also has several physical controls in place to secure any data. The system is protected by guards, ID badge requirements, and key card access.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Type 5 Received Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Type 5 Received Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Type 5 Received Automailer is a Microsoft Access database system that queries IMPAC II, searches for specific grant applications and sends the search results via email to the system user. A copy of the email is stored in the Microsoft Outlook Public folders
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not contain IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: This system does not contain IIF
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) This system does not contain IIF
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not contain IIF
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/26/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINDS Workload FY XXXX NS Automailer
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/7/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-06-02-8610-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Workload FY XXXX NS Automailer
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna Stephenson
10. Provide an overview of the system: The Workload FY XXXX NS automailer is a system that emails the Daily Refresh Workload FY XXXX NS report to the Grants Management Branch Chief on a weekly basis.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system emails a copy of the Daily Refresh Workload FYXXXX NS report to the Grants Management Branch (GMB) Chief. The GMB Chief reviews the workload for each Grants Specialist.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system stores the following information:
- The Grant Specialist name and his or her General Schedule (GS) level.
- Grant application number.
- Cluster name.
The email may contain PII. Submission of the information is required when an individual accepts a position as a Grants specialist.
The system emails a report detailing the Grant Specialist's workload and compares it with his or her GS level to the GMB Chief for review. The GMB Chief reviews the GS's workload to spot potential issues which need to be addressed.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The data is collected by the IMPAC II system and NINDS relies on the IMPAC II system to obtain permission via the grant application process and to notify individuals when major changes are made affecting the use of the data, how the data will be used and why it is being collected. The IMPAC II system uses the data to process grant applications and maintain grants. NINDS uses this automailer as a portion of the grant application process to inform the applicant of the status of their application.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system has several administrative controls in place to secure the data. The NIH requires security training for all system users on an annual basis. Also, the security controls and disaster recovery plan are documented as part of the Certification and Accreditation process for the General Support System (GSS).
The system has several Technical controls in place to secure the data. A user must first provide a valid username and password to access the NINDS network. The user must also be a system user before he or she can access the system. The Institute's firewall and intrusion detection systems also protect the system.
The system also has several physical controls in place to secure the data. The system is protected by guards, ID badge requirements, key card access, cipher locks, and closed-circuit television.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Approval: Joellen Harper Austin, Executive Officer, NINDS 301-496-4697
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR Developing Nurse Scientists Online Course
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/25/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0014
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Developing Nurse Scientists On-line Course
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dr. Natalie A. Rasmussen
10. Provide an overview of the system: The NINR web based Developing Nurse Scientist course provides the general profile of NINR and its guidelines for grant submission. The course also discusses the practical skills necessary for developing a successful research program and as well as the key issues in research including research ethics, IRB, disseminating findings, and recruiting research participants.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): First name, Last Name and email addresses of course registrants are collected for credentialing and provided to the Maryland State Nurse Association . These fields are mandatory.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Names and email addresses of course registrants are collected for credentialing. The information is mandatory for credentialing.
This system collects IIF from users. The required fields are First name, Last name and email address. (email address is then used as username along with a newly created password. The following fields are required for the password challenge questions used to reset or recover password: pets names, favorite city and year graduated college.) Optional fields include City, State, Zip, Affiliation, Discipline, Educational Level, Educational Level other, Research Experience, Research other, and Years in Research. Users first and last name will be passed on to the State of Maryland in order to receive Continuing Education Units (CEU). Users will be given advance notice of this in the sites Privacy Statement. This information will passed using secure email.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) A Privacy notification statement is displayed in the course as well as a Disclaimer. System users can be notified via email of any changes dealing with PII.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NCI has in place controls to safeguard and restore data in the case of data loss or catastrophe, to protect the data from unauthorized access or use electronically with passwords, and to prevent physical access to the data with a badging system.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Brian Albertini 301.594.6869
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR EOL PC Evaluation Survey System (EOL PC)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 3/31/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: Being obtained
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NINR End-of-Life and Palliative Care (EOL PC) Evaluation Survey System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Amanda Greene
10. Provide an overview of the system: This survey system will collect information about end-of-life and palliative care (EOL PC) research grant funders (i.e., federal agencies such as National Institutes of Health (NIH), Agency for Healthcare Research and Quality (AHRQ), Veterans Administration (VA), and philanthropic organizations such as Robert Wood Johnson Foundation) and EOL PC research topics that have been funded. This survey system includes three surveys, i.e., the Funding Source Questionnaire, the Survey of Federal Agencies, and the Survey of Non-Governmental Foundations and Organizations. The purpose of the Funding Source Questionnaire is to identify what government or non-government organization, if any, funded EOL PC research that (i) was published between 1997 and 2010 and (ii) did not list a funding source in the publication. This survey is sent to authors of EOL PC research publications who did not list the funding source for their study in their publication. The purpose of the Survey of Federal Agencies, which is sent to staff at federal agencies that fund EOL PC research, is to gather information on funded research topics and trends, knowledge gaps, reasons for change in funding EOL PC research, funding sustainability, and EOL PC research partnerships. The purpose of the Survey of Non-Governmental Foundations and Organizations, which is sent to staff of organizations with a history of funding EOL PC research, is to gather information about the motivators, facilitators, and barriers to EOL PC research and funding. All three surveys in this system will collect information about EOL PC research including the funder (i.e., agency or organization who awarded the grant) of published EOL PC research, research topics funded, length of grant funding, amount of grant funding, reasons for change in funding over time, issues related to funding sustainability, needs and interests of stakeholder, current or future earmarked funding, trends in research theme interests and programmatic scope, and future opportunities for collaborative partnerships. EOL PC research grants that have been funded by federal and non-profit organizations include studies such as research on providing care in terminal conditions that alleviates or decreases symptoms and improves quality of life, advanced care planning, bereavement/grief care, care models (e.g., hospice), ethics, cost, caregivers, alternative and complementary medicine, and training professionals.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The EOL PC Evaluation Survey System will collect information using three online surveys (description follows). Responses to all online surveys are voluntary.

(a) The FUNDING SOURCE QUESTIONNAIRE is a 7-item survey that asks what federal agency or non-federal organization, if any, funded a published EOL PC research study. The survey questions do not collect any personally identifiable information. This survey will only be sent to authors of EOL PC published studies who did not list a funding source. Potential survey respondents (i.e., authors) are identified from publicly available databases such as PubMed. Published literature databases such as PubMed include the author's name, organizational affiliation, and address or email address. Once the survey data is collected the publicly available PII information used to identify potential respondents will be destroyed.

(b) The SURVEY OF FEDERAL AGENCIES will have less than 30 questions that ask about the agency's grant funding of EOL PC research. The survey questions do not collect any personally identifiable information. All collected information is about EOL PC research funded by the Federal Agency. Federal staff invited to complete this survey will be identified through (I) the NIH Information for Management, Planning, Analysis, and Coordination (IMPAC II) database using publicly available applications like the NIH Research Portfolio Online Reporting Tools (RePORT), (ii) participation in federal work groups, panels or committees focused on EOL PC research, and (iii) a nonprobability sampling method using the snowball technique. The name, email, office telephone number (if available), and Federal Agency name will only be collected in order to invite identified staff to complete the survey.

(c) The SURVEY OF NON-GOVERNMENT FOUNDATIONS AND NON-PROFIT ORGANIZATIONS will have less than 30 questions that ask about the agency's grant funding of EOL PC research. The survey questions do not collect any personally identifiable information. All collected information is about EOL PC research funded by the Foundation/non-profit organization. Foundation/organization staff invited to complete this survey will be identified (i) by querying publicly-available databases (i.e., The Foundation Center and GuideStar), (ii) listed as the funding source for published EOL PC research, (iii) identified by Federal staff involved in EOL PC research collaborations and partnerships, (iv) participation in national or international work groups, panels or committees focused on EOL PC research, and (v) a nonprobability sampling method using the snowball technique. The name, business email, business telephone number (if available), and foundation/organization name will only be collected in order to invite identified staff to complete the survey.

(2) NINR/NIH will use this information to identify research topics and funding trends in EOL PC research so that future research needs can be identified and planned for.

(3) The EOL PC Evaluation Survey System will collect the following information which is federal/business information only: name, affiliation, business email address (or business mailing address if no email listed), and office telephone number (if available). This information is only to identify potential survey participants so that an invitation to complete a survey can be sent.

(4) Information collected to invite potential survey participants is publicly available information. Response to the surveys is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Brian Albertini Privacy Coordinator, NINR
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 5/6/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR Internet Website (Public)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-02-00-01-3109-00-109-026
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NINR Internet Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Melissa Barrett
10. Provide an overview of the system: It is the public face of NINR on the web to provide information about NINR and the research that it supports.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is none to secure.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Brian Albertini 301-594-6869
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR NINR LAN GSS [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 8/11/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NINR LAN GSS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Murray
10. Provide an overview of the system: The NINR LAN GSS includes a number of supportive “core services” that are provided through the NCI CBIIT GSS to the NINR user community that provide or enhance network and information security, data storage, backup services, help desk support, and shared application environments (e.g., enterprise database, web, application, and storage platforms). The system is a General Support System (GSS) and does not directly collect or store information. The system is a General Support System (GSS) and does not directly collect or store information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system is a General Support System (GSS) and does not directly collect or store information. The applications/systems residing under the GSS may collect and store information. Therefore, individual PIAs have been prepared and submitted for the applications/systems residing on this GSS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not Applicable.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not applicable.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Brian Albertini
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR Pediatric Palliative Care Focus Group Screener [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 4/20/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0156
5. OMB Information Collection Approval Number: Being obtained
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NINR Pediatric Palliative Care Focus Group Screener
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Adrienne Burroughs
10. Provide an overview of the system: This system will screen potential individuals to ensure that they fit the eligibility criteria for participation in an online focus group discussion. The focus group discussions will inform NINR's new pediatric palliative care (PC) communications campaign by gathering feedback on campaign branding and materials. The purpose of the campaign is to increase the use of palliative care for children living with serious illness or life-limiting conditions.

The screener will be administered to health care providers (HCP), including physicians, nurses, and social workers. Proprietary survey software that is white-labeled for vendors will be used to conduct the screening.

The characteristics collected by the screener include gender, years practicing medicine, training/certification in pediatric palliative care, years in the nursing and social work fields, and the state in which the respondent works. However, none of this information will be collected during the actual focus groups. All focus group answers will be viewed in aggregate, not assigned to any one respondent, therefore the information collected during the screening will not be stored.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The National Institute for Nursing Research (NINR) will conduct two online focus groups, essentially online discussions, to gather opinions on communications messages and materials. The screener will be used to determine eligibility to participate in the focus group. Demographic questions will be asked in the screener. In terms of contact information, the focus group screener only requests an email address.

(2) NINR/NIH will use the information in the screener to determine if the respondent is eligible to participate in the focus group discussion.

(3) The Pediatric PC focus group screener will collect the following information: email address, gender, years of health care experience, and state where the respondent works. Potential focus group participants have been identified through publically available information. No PII will be shared or disclosed.

(4) Response to the screener is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) (1) PII data will never be shared or disclosed. If major changes occur to the Pediatric PC focus group screener, individuals with PII information in the system will be notified and consent will be obtained.

(2) CONSENT: Prior to beginning the focus group, participants must accept an online consent that states that personal identity will be protected. This consent form also states that all answers will be viewed in aggregate. Data files will be stored securely so that (i) only NIH-authorized researchers can see them and (ii) un-authorized persons in government or non-government positions cannot see them. After the focus group is completed, contact information will be destroyed. Focus group answers will be collated with the responses of other participants and analyzed. No one will be identified in project reports. Participation is voluntary.
An invitation to participate in the focus group screening will be emailed to participants. This invitation will include an URL link to the focus group screener. If the respondent fits the screening criteria, he or she will be prompted to read and acknowledge a series of statements and consent to participate in the focus group before the screening process is complete. This consent must be accepted before the participant can advance to the focus group. After reading the consent, potential participants can "accept" and proceed to answer additional screening questions or decline (i.e., "I do not accept").

(3) USE of INFORMATION: Those who fit the screening criteria will be sent a link to the online focus group. After the focus group is completed, contact information will be destroyed. No one will be identified in project reports.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Computer systems, including Web servers configured for screener administration, and policies and procedures (physical security, personnel rules of behavior, contingency plans, disaster recovery plans) are in compliance with DHHS and NIH requirements.
As far as physical access, identification badges, key cards, cipher locks, and closed circuit TV are in place to secure information. The technical controls that are used to minimize the possibility of unauthorized access include: user identification, firewalls, passwords, encryption and IDS. The web-based (online) site will be secure and require HTTPS, so that all data are encrypted during transmission.
In terms of administrative controls, all servers are backed up, only authorized users have access to the screener, the backup files are stored offsite, there are multiple servers, and there is a system security plan in place.
PII data will be destroyed after the focus group screener is completed as described in NIH’s Manual Chapter 1743 - Keeping and Destroying Records (http://oma.od.nih.gov/manualchapters/management/1743/).
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Brian Albertini Privacy Coordinator, NINR
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Pla
Sign-off Date: 6/7/2012
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR SGI Evaluation Survey System (SGI)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 5/14/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0156
5. OMB Information Collection Approval Number: Being obtained
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NINR SGI Evaluation Survey System (SGI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Amanda Greene
10. Provide an overview of the system: This survey system will collect information about the NINR’s Summer Genetics Institute alumni’s career activities since attending the Summer Genetics Institute. The purpose of this survey is to examine the extent to which the Summer Genetics Institute, a summer genetics training program, is achieving its long-term goals in research and clinical practice by increasing genetics research capability, so that changes to the program can be made if indicated. The characteristics (i.e., information to be collected by this survey) include alumni’s career activities including research grants, publications, patents, copyrighted material, professional awards, education, current position type, and demographics including sex, race/ethnicity, age range, and educational degree.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Disclosure may be made to HHS contractors for the purpose of (a) conducting Summer Genetics Institute evaluation studies, and (b) collecting, aggregating, processing, and analyzing records used in Summer Genetics Institute evaluation studies. All HHS contractors are required to protect the confidentiality of such records.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) The National Institute for Nursing Research (NINR) which owns the SGI Evaluation Survey System is authorized under Public Law 103-43. The SGI Evaluation Survey System will collect information using an online survey (description follows). Responses to the online survey are voluntary. Although the information contained in the SGI Evaluation Survey System only represents federal contact data, there is the potential for personal data to be collected through the respondent's curriculum vitae. The SGI Survey is a 36-item survey that asks SGI alumni about research grants, publications, patents, copyrighted material, professional awards, education, type of current employment position, and type of principal employer since attending the SGI training program and alumni’s opinion about program usefulness.

(2) NINR/NIH will use this information to determine the extent to which the SGI, a summer genetics training program, is achieving its long-term goals in research and clinical practice by increasing genetics research capability, so that changes to the program can be made if indicated. This information will help identify if program improvements are needed for the SGI.

(3) The SGI Evaluation Survey System will collect the following information: age, sex, race/ethnicity, education. Potential survey participants have been identified through the SGI alumni database. Survey participants will have the option of sending a modified version of their curriculum vitae (CV). Survey instructions specify that any submitted CV should not include any of the following: personal contact information (i.e., home address, telephone number), social security number, date of birth, license number (e.g., RN license), or other licensing or certification numbers. All information will analyzed and reported in aggregate form. Other than required by law, no PII information will be shared or disclosed.

(4) Response to the survey is voluntary. Submission of a modified CV is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) (1) Information about the survey and data disclosure is provided to survey participants in written form along with the survey instrument. Each survey participant is informed that the survey is voluntary and that survey data is only provided in a de-identified aggregate manner. No changes in PII disclosure will be permitted without explicit consent from each survey participant. If major changes occur to the SGI Evaluation Survey System, individuals with PII information in the system will be directly notified and new consent will be obtained.

(2) CONSENT: Prior to beginning the online survey, invited survey participants must accept an online consent form that states that personal identity will be protected. This consent form also states that all answers will be assigned a confidential ID number so that name and any other personal information will not be directly linked. Data files will be stored securely so that (i) only NIH-authorized researchers can see them and (ii) un-authorized persons in government or non-government positions cannot see them. After the survey is completed, name and contact information will be destroyed. Survey answers will be collated with the responses of other participants and analyzed. No one will be identified in project reports or publications which may be published or presented publicly. Participation is voluntary.

An email invitation to participate in the survey will be emailed to participants. This invitation will include an URL link to the survey. When the potential survey participant opens the survey URL, the first page is an online (electronic) consent form. This consent form must be accepted before the participant can advance to the survey questions. After reading the consent form, potential participants can "accept" and proceed to answer question or decline (i.e., "I do not accept").

(3) USE of INFORMATION: After the survey is completed, name and PII information will be destroyed. Survey answers will be collated with the responses of other participants and analyzed. No one will be identified in project reports or publications which may be published or presented publicly. As part of the consent form, participants are informed of the purpose of the survey.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Computer systems, including Web servers configured for survey administration, and policies and procedures (physical security, personnel rules of behavior, contingency plans, disaster recovery plans) are in compliance with DHHS, NIH, and NIST 800-53 requirements and have been approved under NIH C&A procedures for research Web survey administration, and storage and protection of individual research records. The web-based (online) survey site will be secure and require HTTPS, so that all data are encrypted during transmission.

All servers are backed up. All equipment used for this survey system is United States Government Configuration Baseline (USGCB) compliant.

Only authorized users have access to the survey. The external NIH accounts are created for each user and they have access to only their survey data.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name:
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 6/11/2012
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NINR Status of Funds Internet Edition
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 7/22/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Status of Funds - Internet Edition
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kevin Wilson
10. Provide an overview of the system: SOFie is a financial reporting/tracking system which is accessed via the web.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: All accounting transactions are available for viewing in SOFie. The information is used to track and plan fiscal budgets. It is necessary to have access to this data in order to comply with appropriations laws and regulations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There is none.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information is secured using username/passwords, least privilege, separation of duties, an intrusion detection system, firewalls, locks, badge access, background investigations. A comprehensive IRT capability is also maintained.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Brian Albertini 301-594-6869
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM Clinical Text De-Identification
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH NLM Clinical Text De-identification System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mehmet Kayaalp, MD, PhD
10. Provide an overview of the system: Clinical text documents contain a rich set of clinical knowledge that is invaluable for clinical research. Unfortunately, they largely remain an untapped resource since disseminating such data as-is would jeopardize the privacy of patients and reveal protected health information.

Computational de-identification is a means to overcome this problem. It involves processing clinical text documents using natural language processing (NLP) tools and techniques, recognizing personally identifiable information (e.g., names, addresses, telephone and social security numbers) in the text, and redacting only those identifiers. In this way, patient privacy is protected and clinical knowledge is preserved.

Without computational tools, de-identification places a heavy burden on clinicians’ shoulders, but it is a necessary step for protecting patient privacy as mandated by both the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) and the Privacy Act of 1974.

The National Library of Medicine (NLM) began testing some existing applications designed for this purpose and finally decided on developing a new software tool that is capable of de-identifying all types of clinical text documents with higher accuracy than other available tools on the market. This way NLM will be able to adjust the software parameters as the nature of electronically available clinical text changes over time.

The application software design involves a number of both deterministic and probabilistic pattern recognition algorithms using various computational linguistic methods. It also uses a number of large datasets for names, addresses, and organizations.

The design accepts text documents in plain text or in HL7 format. If documents are provided in an HL7 format, the application makes use of patient related information embedded in various HL7 segments and fields in order to attain near perfect accuracy.

The application software includes an editor for visualization and markup called the Visual Tagging Tool (VTT). Although its original design was for tagging identifiers that contain personally identifiable protected health information, VTT has been made publicly available to the greater NLP community for general purpose lexical tagging and text annotation.

The preliminary results of this study suggest that computational de-identification methods may attain an accuracy at (or higher than) the level of 99% sensitivity and 99% specificity across a large spectrum of identifiers containing personally identifiable information.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) No new information will be collected. Existing clinical text documents provided by the Clinical Center at NIH are used to test and ensure that the developed system works as intended. The information in the text is not used. Clinical text documents will not be disseminated.
(2) Clinical text documents are needed to test the quality of the system that is under development. The system will de-identify clinical text records.
(3) Clinical text documents contain PII.
(4) N/A (the data exists)
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) (1–2) N/A. The project is about the quality assurance (QA) of the de-identification system under development. No research is conducted on patient information. In other words, it is an internal NIH QA activity and considered by Office of Human Subject Research (OHSR) “Not Human Subject Research” based on how OHRP reviews quality improvement under the current OHRP guidance.
(3) The data is needed to test the quality of the software application that is under development. The software application will de-identify clinical text records.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All data is stored on one server and backed up by another server. The servers and the VLAN router are located in NLM’s computer room where access is strictly controlled via various physical measures including biometric security checks. The application has been developed on workstations, which are connected to the server to access the data. The workstations reside in locked private offices in Building 38A in NIH campus. The suits where offices are located are accessed via access card keys during off hours.

The data are stored in flat text files on encrypted disks using FIPS 140-2 compliant encryption methods in workstations and servers, which are connected via a private virtual local area network (VLAN) with no Internet connection. The access to the VLAN is allowed to workstations and servers with specific MAC addresses connected to specific physical ports. In other words, if two such workstations are swapped their physical locations (i.e., their ports), they would not be able to access the VLAN. The workstations are accessed via SecurID. The systems are behind several layers of firewalls. An intrusion detection system is run every month.

Accesses to the system and data are audited continuously. Every user of the system is required to complete all security, ethics, and privacy awareness training before receiving access to the system.

The data in its original text format as received from the clinical center is stored for back up purposes on encrypted USB thumb drives, which are FIPS 140-2 compliant devices. These devices are stored in a safe that is located in a locked private office.

The contractors working in this project adhere to the requirements of the privacy act and their agreements are stated in their contracts with FAR clauses 52.204-2 and 52.239-1.

The security measures are checked and approved by the NLM ISSO.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM dbGaP (Database of Genotype and Phenotype)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: New Project
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): dbGaP - Database of Genotype and Phenotype
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dar-Ning Kung
10. Provide an overview of the system: dbGaP, the database of Genotype and Phenotype, is a database designed to archive and distribute data from genome wide association (GWA) studies. GWA studies explore the association between specific genes (genotype information) and observable traits, such as blood pressure and weight, or the presence or absence of a disease or condition (phenotype information). Connecting phenotype and genotype data provides information about the genes that may be involved in a disease process or condition, which can be critical for better understanding the disease and for developing new diagnostic methods and treatments.

The database does not contain names, social security numbers, fingerprints, photographs or anything enabling facial recognition. The data is strictly de-identified patient data and does not fall under the category of IIF.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Data collected includes the researchers name and institutional information, a research abstract (reason for requesting the data) and co-investigator information. This is collected for further contact with the PI and to provide controlled access to the data requested and to provide public access to the research uses of the data.

The information collected from co-investigators is the same as that from Principal Investigators: name, business address, and email address. The submission of personal information is voluntary.

The dbGaP database contains phenotype and genotype data from researchers and from centers who are conducting genome-wide association studies. NLM/NCBI summarizes, reformats, and redistributes these data acting as a central repository for these types of studies.

The information collected is from studies sponsored by an NIH Institute and is sent from the principal investigator or the center conducting the study. All data received is certified as de-identified data. After NIH review of a request from an investigator and his/her sponsoring organization, the genotype and phenotype data is made available for that investigator to access.

Data are categorized by an accession number assigned by NLM/NCBI (not the investigator) to the dataset. Information is retrieved by the name of the study. The capability exists to search the public data for the name of the study, the protocols used, and the dataset summaries but the retrieval is by accession number.

No information in dbGaP is collected directly from patients. Data has not been collected from other NIH databases. If data were to be provided from other NIH databases, e.g., an intramural study, it would be provided under the same conditions as external data, i.e., all data would be de-identified.

There are no names or personal identifiers linked to the phenotype/genotype records. All data are de-identified prior to the time it is delivered to NLM/NCBI.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM Genome Assembly and Annotation (GenBank)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0733-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NLM Genome Assembly and Annotation (GenBank)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jim Ostell, NCBI; Dennis Benson, NCBI
10. Provide an overview of the system: GenBank is a database of publicly available DNA sequence information. GenBank is an annotated collection of nucleotide sequences from over 200,000 different organisms obtained primarily from individual laboratories as well through batch submissions from large-scale sequencing centers. The data is exchanged with similar databases in the UK and in Japan. The database is accessible via the web and by File Transfer Protocol.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: Data collected include nucleotide sequences and the name of the researcher or laboratory contributing the data, his institution, and a publicly available email address, as associated with the journal article. Submission of data is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM Lost Person Finder
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0200
5. OMB Information Collection Approval Number: 0925-0612
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH/National Library of Medicine (NLM) Lost Person Finder System (LPF)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Gill
10. Provide an overview of the system: The National Library of Medicine (NLM) Lost Person Finder (LPF) project includes Web-based components that collect data to facilitate reunification efforts during or after a disaster event. This data is collected as part of NLM’s mission to develop and coordinate communication technologies to improve delivery of health services. NLM is a member of the Bethesda Hospitals’ Emergency Preparedness Partnership (BHEPP), which was established in 2004 to improve community disaster preparedness and response among hospitals in Bethesda, Maryland that would likely be called upon to absorb mass causalities in a major disaster in the National Capital Region or other areas. The BHEPP hospitals include the National Naval Medical Center (NNMC), the National Institutes of Health Clinic Center (NIH CC), and Suburban Hospital/Johns Hopkins Medicine. With its expertise in communications, information management, and medical informatics, NLM joined BHEPP to coordinate the R&D program, one of which is development of a person locator tool to assist in family reunification after a disaster.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes. Information is shared with, disclosed or transferred to: (1) BHEPP participating hospitals’ personnel; (2) the general public via an interactive Web-based system that allows individuals to search for missing family members that may have been recovered (or found) post-disaster; (3) other people locator systems endorsed by U.S. government agencies to ensure that comprehensive data is available to users of such systems and to ensure that use of the NLM system in no way interrupts or distracts from the operation or use of other people locator systems.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The primary uses of the Lost Person Finder project components are to facilitate reunification efforts during or after a disaster. Subsequently, the NLM will use the data to evaluate the functioning and utility of the LPF components and similar technologies and guide future enhancements to the system. Collection of this information is authorized pursuant to sections 301, 307, 465, and 478A of the Public Health Service Act [42 U.S.C. 241, 242l, 286, and 286d] which authorizes the HHS Secretary to conduct and support research. The information collected, maintained and disseminated includes personally identifiable information (or PII) and is collected on a voluntary basis. Biographical information physical identifying characteristics will be collected, maintained, and disseminated.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) (1) There is no process for obtaining consent from individuals whose PII is maintained in the system when major system changes occur. (2) Information is collected on a voluntary basis. (3) Information is posted on the LPF Web site notifying users about how their information will be shared.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PII is secured by NLM’s controlled access computer room (Technical/Physical), Access to system must be requested in writing from NLM program staff (Administrative).
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM Medical Literature Analysis Retrieval System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0705-00-110-219
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NLM Medical Literature Analysis and Retrieval System (MEDLARS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dar-Ning Kung
10. Provide an overview of the system: The Medical Literature Analysis and Retrieval System (MEDLARS) is a multi-purpose application system developed, maintained and operated by the National Library of Medicine (NLM) at the National Institutes of Health (NIH) and consists of various application modules to assist the National Library of Medicine in collecting, organizing, managing, and disseminating health related information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM NLM Data Center [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 7/20/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NLM Data Center [System]
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Simpson, OCCS
10. Provide an overview of the system: The National Library of Medicine Data Center (NLMDC) is a secure and resilient information system facility located at Bldg. 38A/Rm. B1W17, 8600 Rockville Pike, Bethesda, MD 20894. The NLMDC houses information systems that carry out the NLM mission of enabling biomedical research, supporting health care and public health, and promoting healthy behavior. The Data Center is operated 24/7/365 providing secure physical and virtual access to authorized personnel. The NLMDC is configured with redundant power, cooling and network connectivity. The NLMDC systems and personnel play key roles in System Back-up, Incident Response, Critical Infrastructure Monitoring, System Equipment Monitoring, Service Desk Support, DR/COOP processes, and Physical and Environmental Security.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: (1) NLM Data Center is a general support system that does not collect, maintain, or disseminated information.
(2) N/A
(3) No data will be collected and there is no PII.
(4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 8/16/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM NLM Employee Database Internet Edition [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 1/20/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: None
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIH NLM Employee Database Internet Edition (EDie)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gene Hurr
10. Provide an overview of the system: EDie is an intranet based application primarily used to manage and track personnel information. The application downloads this information from the Human Resources Database (HRDB) weekly. Information entered into the EDie database is not uploaded into the HRDB. Due to the sensitivity of the personnel data in this system, access to the EDie database is limited to specific users within the IC. Users are assigned roles that restrict what data they may view and what functions they can perform. Access privileges are enforced through authentication within the database.
Authority for maintenance of the system: 5 U.S.C. 1302, 2951, 4118,4308,4506,7501,7511,7521 and Executive Order 10561
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is intended for internal senior administrative use only and will not be shared with other entities. Please refer to SOR # 09-90-
0018, Personnel Records in Operating Offices, HHS/OS/ASPER
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: EDie tracks all information pertinent to a personnel file for the purpose of personnel management activities. Information is collected from employees via the Human Resources Database (HRDB) system, Fellowship Payment System (FPS), nVision Data Warehouse and NIH Enterprise Directory (NED). Uses consist of the following: a) tracking a time-limited appointment to ensure renewals are done in a timely manner, thereby avoiding any break in service; b) ensuring that allocated FTE ceilings are maintained; c) ensuring salary equity for various hiring mechanisms; d) providing reports requested by the NIH Director, the IC Director, and other management staff, as requested; and e) maintaining lists of non-FTEs, special volunteers, contractors, and other hiring appointments. The type of information collected constitutes PII and includes the following: name, address, phone number, social security number and date of birth, and is mandatory for all employees.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) IIF in the system is downloaded periodically from the HRDB. Changes to the HRDB or changes in the way information is used are relayed to employees via official notice from the NIH Office of Human Resources (OHR). Individuals are notified of the collection and use of the data as part of the hiring process. This is a mandatory requirement of potential job applicants seeking employment at NIH.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IIF data is maintained in a secure database. Routine access is restricted to authorized employees and contractors only according to the principle of least privilege by the use of user name and password access controls. Additional technical and administrative controls are also employed, including badge access, intrusion detections systems, firewalls, virtual private networks, encryption, etc.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 4/22/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM Open Source Independent Review and Interpretation System (OSIRIS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): Open Source Independent Review and Interpretation System (OSIRIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Stephen Sherry / Dennis Benson
10. Provide an overview of the system: The Open Source Independent Review and Interpretation System (OSIRIS) is a software tool for checking and validating DNA profile data for accuracy and quality. It is a data validation tool for use by local forensic laboratories to measure the conformance of raw data to quality control standards. NLM receives a limited number of DNA samples for the purpose of developing and improving the statistical methods used to validate the results; however, they are de-identified samples from state laboratories. NLM does not maintain any public or production database of the de-identified samples nor does NLM have any way of associating the DNA forensic data with a person or with any other identifying information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The OSIRIS software tool is a data validation tool developed by NCBI/NLM for use by local forensic laboratories to determine how their data samples conform to quality control standards. The tool is distributed to local forensic laboratories for their own internal use. The tool itself does not collect, maintain, or disseminate data. In the process of developing the OSIRIS program, NCBI/NLM received a limited number of DNA samples to test the statistical methods used to validate the results. These samples were obtained solely for the purpose of developing the software algorithms and were de-identified samples, containing no individually identifiable information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH NLM Toxicology Data Network [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/9/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-05-02-0703-00-110-219
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name (Align with system Item name): NIH NLM Toxicology Data Network (TOXNET)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dar-Ning Kung
10. Provide an overview of the system: TOXNET (Toxicology Data Network) is the National Library of Medicine’s extensive collection of online bibliographic information. It is a cluster of databases covering toxicology, hazardous chemicals, and environmental health and related areas.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Dar-Ning Kung
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD Administrative Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-01-01-3104-00-402-129
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH Administrative Database System (ADB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol A. Perrone
10. Provide an overview of the system: The Administrative Data Base (ADB) is a legacy system project that is over twenty years old. The new NIH Business System (NBS) was designed to replace the ADB by FY06. The system provides support for a broad range of NIH business (financial and administrative) functions including the purchase, receipt, and payment of goods and services (internal and external); the tracking and supplying of inventories; services and supply fund activities; and property management. Development of the ADB began in 1978 to automate the processes related to the procurement of goods and services and to translate the procurement actions into accounting transactons that are processed by the Central Accounting System (CAS). Since then the CAS has been modified to interface with the ADB. Several other systems have been added and modifications/enhancements continue to be made to the ADB to reflect changing policies, requirements and the need for increased functionality. NIH heavily relies on this system for much of its business transactions and management information. The legislation authorizing this activity is found in the Privacy Act System of Record (SOR) Notice #09-90-0018. It is 5 U.S.C. 1302, 2951, 4118, 4308, 4506, 7501, 7511, 7521 and Executive Order 10561.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared with the IRS and the Department of the Treasury. SOR 09-90-0018.
The agency collects data pertaining to the procurement of goods and services for the NIH as well as data pertaining to stipend payment to NIH Fellows. Some of the data collected such as the EIN or SSN and ACH Banking information is required in order to effect payments and prepare 1099s and 1042s. Submission of this data is mandatory.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The agency collects data pertaining to the procurement of goods and services for the NIH as well as data pertaining to stipend payment to NIH Fellows. Some of the data collected is IIF such as the EIN or SSN and ACH Banking information and is required in order to effect payments and prepare 1099s and 1042s. Submission of this data is mandatory. The data is maintained on a Vendor file in the Administrative Database (ADB) System.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Notification or consent is not done via the Operations and Maintenance Support group; the system is merely collecting and storing data entered by the users. Any notification will have to be done by the Business Owners and ICs.

Changes to the ADB system software does not affect the data collected and maintained in the ADB Vendor file. However, if changes in uses occur, notification to the individuals are done by the Institute or Center (IC) where the original request was initiated or by the Office of Financial Management (OFM) and follows the processes in place for those organizations.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system is run under a secure server and access is restricted through RACF as well as security within the system.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Michele Mulholland France NIH/CIT/PECO
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/14/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD Administrative Information System (AIS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 7/29/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): Administrative Information System (AIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Darlene Blocker
10. Provide an overview of the system: The mission of the Administrative and /Information Technology Office is to support the Office of AIDS Research. The Administrative Office is responsible for directing, coordinating, and conducting the OAR administrative management activities in the areas of: personnel/human resources; space planning; equipments and supplies; procurement; travel; budget; and information technology, as well as supporting the OD competencies and the program evaluation and analysis systems. In addition to developing administrative management policies. The Administrative Office serves as the OAR's focal point for the OAR Intranet and the development of a wide range of administrative management reports and documents. The Administrative/Information Technology Office is designed to completely meet the needs of the OAR.

The Administrative Officer (AO) has developed AIS to support a broad range of administrative and information technology processes and functions to assist staff in performing efficiently in their daily assignments.

AIS allows users to access administrative resources by the intranet. Depending on the designated role, a user will be able to:

 

Establish Performance Plans;
Prepare purchase requests;
Submit requests for building facility, OAR conference rooms, and telecommunication repairs;
Request compensatory time for travel;
Submit online supply requests;
Verify telework days per pay period;
Review policy and procedures on the intranet;
Complete online assessments based on their occupational series; and
Submit online vehicle requests;

AIS is comprised of 18 unique Modules.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The AIS database will collect and maintain Purchase Requests, Building and Facility Requests, Telecommunication Requests, and Vehicle Requests. The Performance Module will contain IIF such as Name, Office Mailing Address, Office Phone Number, Grade, and Performance Rating. In addition to the information above, the Purchase Request Module collects the Vendor's Name and Address.

The purpose of AIS system is to collect and store information to process several administrative activites and to develop and close out Performance Plans. The OD Competencies system provides users with a web-based tool that allows them to complete a self-assessment based on their occupational series. This module allows employees and their supervisors to identify strengths his/her weaknesses in each employee.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) A plan is being developed to notify staff on how their names and grades will be used to develop Performance Plans and Ratings. This information will be not be shared outside of the OAR. AIS is an internal system available to OAR users only. In addition, a plan is being developed to notify staff on how their names and grades will be used to track self-assessment. This information will be shared with the OD Executive Office and NIH Trainng Center.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: AIS is accessible through the NIH Intranet and web browser. The application will rely on Windows Operating System to secure PII and to authenticate users, therefore the users' passwords do not need to be stored in the SQL Server database. The server is located in a secure facility and one needs a NIH ID to access the building and a card key to access the server. The server is housed in Office of Information Technology suites, which is located at 6011 Executive Blvd.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Antoine D. Jones
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/27/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD AIDS Budget System
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 6/28/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): Not Applicable
5. OMB Information Collection Approval Number: Not Applicable
6. Other Identifying Number(s): Not Applicable
7. System Name (Align with system Item name): NIH OD AIDS Budget System (ABS) PIA
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donna D. Adderly
10. Provide an overview of the system: The OAR develops the trans-NIH AIDS research budget, which is explicitly tied to the objectives of the annual strategic Plan. Each year, the strategic Plan is distributed to all the ICs. The ICs must submit their AIDS-related research budget requests to OAR, presenting their proposals for all new or expanded program initiatives for each scientific area, coded to specific Plan objective(s). OAR reviews the IC initiatives in relation to the Plan, its priorities, and to other IC submissions to eliminate redundancy and/or to assure cross-Institute collaboration. The NIH Director and the OAR Director together determine the total amount to be allocated for AIDS-related research within the overall NIH budget. Within that total, OAR then develops each IC’s allocation for AIDS-related research starting from the Commitment Base, and based on the scientific priority of each proposed initiative. This process continues at each step of the budget development process up to the time of the final congressional appropriation.

To effectively present the NIH AIDS Research Budget the Office of AIDS Research Budget Office developed a system to replace a paper-based, manually intensive process used to collect, consolidate, analyze, and report on the National Institutes of Health AIDS Research Budget. The former process consisted of e-mails, faxes, and spreadsheets, was inefficient and no longer effective in responding to the demands for timely information when developing and managing the AIDS budget. This system streamlined the overall budget collection process, and provided more time for analysis and decision-making.

The ABS is web-based and requires the NIH user name and password for access. The Institutes and Centers provide general budget information on projects that will be funded in the future. The system has checks to make certain that all the budget information is consistent throughout the submission.

This project information contained in the system is used for internal decision making purposes only and is not shared outside of the NIH. There are no grant numbers or any NIH financial system data contained in this system.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Not Applicable
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The system will contain general budget information obtained from the ICs on potential AIDS projects to be funded for a given fiscal year. The system will be used to collect, consolidate and analyze NIH AIDS budget information from the ICs. The Office of AIDS Research (OAR) is legally mandated to develop an annual comprehensive plan and budget for all NIH AIDS research. The ICs within NIH provide requests for funding for future projects via the system to the central AIDS budget office. The system does not contain any PII and use of the system is mandatory for all ICs that required NIH HIV/AIDS funding in a given fiscal year.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Not Applicable
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Not Applicable
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Antoine D. Jones
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 8/5/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD Application, Registration, Tracking, and Evaluation Database System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 3/25/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: Not Applicable
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0158
5. OMB Information Collection Approval Number: 09-25-0299
6. Other Identifying Number(s): Contract: HHSN263200700050C; Solicitation: 263-2007-P(GG)-0199; Requisition: 189146
7. System Name (Align with system Item name): ARTiE: Application, Registration, Tracking and Evaluation
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Patricia Wagner, PhD
10. Provide an overview of the system: The system is designed to identify prospective students for dissertation research (application), register investigators looking for trainees (registration), monitor the progress toward degree of current students (tracking), and evaluate applicants for admission consideration.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Application - NIH personnel involved in the admission process for Institutional and Individual Partnerships will have access to the applications for review and selection of students for interviews (Intramural Evaluators). University personnel for the partnerships will have access to partnership specific applications for evaluation (Extramural Evaluators).
Current Students - NIH personnel will review records to monitor progress toward degree of trainees, ensuring completion of key elements for degree requirements (select Intramural Evaluators).
Registration of Investigators - NIH investigators wishing to be listed within a searchable database for prospective trainees must register with the OITE. Registration information contains no PII.
Evaluation of Applicants - Both NIH investigators (Intramural Evaluators) and University professors (Extramural Evaluators) have access to applications for specific partnership affiliations.
----------
Symplicity personnel will have access to data to ensure integrity and security of the data contained on the servers. They will not participate in the admission process.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The Application, Registration, Tracking, and Evaluation Database System (ARTiE) is used by the National Institutes of Health (NIH) Graduate Partnerships Program (GPP) and can be divided into several interfaces:

Application - NIH personnel involved in the admission process for Institutional and Individual Partnerships will have access to the applications for review and selection of students for interviews (Intramural Evaluators). University personnel for the partnerships will have access to this information (Extramural Evaluators). University personnel for the partnerships will have access to this information (Extramural Evaluators). Application contains PII and submission is voluntary though required for admission consideration. PII includes: name, contact information, educational history, and letters of recommendation.

Registration of Investigators - NIH investigators wishing to be listed within a searchable database for prospective trainees must register with the OITE (Registration information contains no PII; voluntary participation).

Tracking - NIH personnel will review records to monitor progress toward degree of trainees, ensuring completion of key elements for degree requirements. PII includes: name, contact information, educational history, and progress towards degree fields.

Evaluation - NIH investigators participating in an admission committee will review submitted applications into the institutional and individual partnership; contains PII on the applicants but not on the admission committee members. NIH investigators participating in an admission committee is voluntary. See above for PII contained in application/registration of prospective students.

-------------

Symplicity personnel will have access to data to ensure integrity and security of the servers. They will not participate in the admission process.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Any major changes in the proposed usage of information will be presented in an email message and/or hardcopy letter to the affected population. The following sections of ARTIE contain PII: Applications, Evaluation, and Trackign interfaces.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The data collected and stored in the ARTIE software are hosted on servers located in Equinix, see http://www.equinix.com/home/ for specific details on the hosting environment and security elements.

Administrative access to various elements of ARTIE are governed by position, role, and calendar activities as determined by the GPP staff.

Technical access to the data contained in ARTIE requires a login / password combination which are activated / terminated by NIH/GPP staff members. Session accesses are automatically terminated after a specified period of inactivity.

Physical access to the hosting environment in Equinix requires visit letters, photo badge, biometric screening and pre-authorized. Equinix is certified SAS Type 1 and 2 data center with 24x7x265 security staff, access controls, biometric controls, physically separated data spaces and camera inside/outside the facility.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Patricia Wagner (wagnerpa@od.nih.gov or 240-476-3619)
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 4/1/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD Central Accounting System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/2/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: 009-25-01-01-01-3101-00-402-124
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-90-0024
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name (Align with system Item name): NIH Central Accounting System (CAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol A. Perrone
10. Provide an overview of the system: The NIH CIT Central Accounting System is a legacy system that processes all accounting and financial transactions for the NIH from systems: ADB, Central Payroll, PMS and IMPAC II.
The CAS will be replaced by the new NIH Business System (NBS). Please refer to project # 009-25-01-4601. The CAS project resides in the Division of Enterprise and Custom Applications, Center for Information Technology, NIH. The CAS is a legacy system project that is over twenty years old, and processes accounting and financial transactions for the NIH. It processes data from several sources including: the Administrative Data Base (ADB); Central Payroll; Payment Management System (PMS); and Information for Management, Planning, Analysis and Coordination (IMPAC). The CAS provides data exchange to the ADB, PMS and IMPAC. Data is extracted from the CAS nightly and made available to the NIH through the NIH Data Warehouse. The CAS produces a wide range of reports that detail spending within the Agency. Financial reports are generated for the Department of Health and Human Services, the Treasury Department, the Office of Management and Budget, and the Public Health Service. The legal authority for SOR #09-90-0024 is found in the Budget and Accounting Act of 1950 (P.L. 81-784) and Debt Collection Act of 1982 (P.L. 97-365).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Department of Treasury for payments and IRS for 1099 reporting. SOR 09-90-0024
Financial reports are generated for the Department of Health and Human Services, the Treasury Department, the Office of Management and Budget, and the Public Health Service.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The agency collects data pertaining to the procurement of goods and services for the NIH as well as data pertaining to stipend payment to NIH Fellows. Some of the data collected is IIF such as the EIN or SSN and ACH Banking information and is required in order to effect payments and prepare 1099s and 1042s. Submission of this data is mandatory. The data is maintained on a Vendor file in the Administrative Database (ADB) System and is only passed through the CAS.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) No processes are in place other than those specified through the ADB, Central Payroll, IMPAC and PMS systems.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The CAS is a mainframe legacy system that operates in a batch environment. The CAS is not accessible to users other than the individuals who maintain it. Those individuals must have proper RACF security in order to access the system.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Michele Mulholland France NIH/CIT/PECO
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/14/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD Commercial Rate Agreement Distribution Services (C-RADS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation 
1. Date of this Submission: 8/12/2011
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): N/A
5. OMB Information Collection Approval Number: None
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): Commercial Rate Agreement Distribution Services (C-RADS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anita Kimberling
10. Provide an overview of the system: Secured Web based distribution of Indirect Cost Rate Agreements for commercial organizations
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: C-RADS is a secured web-based system used to disseminate indirect cost rate information from negotiated rate agreements between NIH and commercial companies that receive the preponderance of their Federal awards from HHS. Access to the system is limited to HHS employees with a bona fide need of the rate information for use in funding and administering HHS contracts and grants. The system does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) N/A
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No 
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: None
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Anita Kimberling
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/30/2011
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / NIH OD Commercialization Assistance Program (CAP) Program Management System (PMS)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011? Yes
If this is an existing PIA, please provide a reason for revision: 
1. Date of this Submission: 3/9/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): 09-25-0036
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): none available
7. System Name (Align with system Item name): NIH OD Commercialization Assistance Program (CAP) program management system (PMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lenka Fedorkova, Ph.D.
10. Provide an overview of the system: The Small Business Innovation Research and Small Business Technology Transfer Program (SBIR/STTR) Office, under the Office of Extramural Programs (OEP), Office of Extramural Research (OER), NIH provides Commercialization Assistance Program (CAP) to selected NIH PHase II SBIR awardees, all of whom are early-stage US small businesses. CAP is a training and mentoring program and as part of the 10-month program we have a program management system tool which stores information such as the SBIR award, project period, contact information, company name and address, and details of technology that are also available in the NIH Query View Report System (QVR). Additional information is collected from the application which asks general questions about the technology stage of development, market readiness, and business needs in order to determine appropriateness and fit for the program. Other information stored in the protal includes notes from advisors that work with the selected companies and documents developed as part of the program deliverables.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): Yes 
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: 1) the system collects standard applicant information including name and the web url so that we know which SBIR technology is receiving the assistance in the CAP program, meaning all this PII can be located in the NIH QVR system. Nothing in this management system is disseminated to anyone; 2) The PMS is strictly used as a tool to help keep track of and have effective communication with selected companies and oversee their progress and deliverables.; 3) I believe by definition this is PII.; 4) The information is not mandatory but encouraged as it is generally needed to identify the applicant. Information about the technology details are voluntary and we discourage disclosure of any business confidential and proprietary information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) 1) & 2) The contractor and administrator notify participants of any system changes that would affect safety of the PII collected about them. We explain to participants how the system works, create log-in incredentials for them and disclose who has access to the portal. We advise all companies to sign confidentiality non-disclosure agreements (CDAs) and also tell them that all contractors and special advisors also have to sign CDAs. 3) no information collected within the portal is shared or disseminated to outside parties. That information is strictly for NIH SBIR program use.
32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?: 
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: We have password protected access in place that is set up for the administrator, the contracted staff that run the database (Larta Institute of 606 Olive Street, Suite 650, Los Angeles, CA), the selected companies which can only access their own files, and special advisors that mentor the company who also can access technology related information abut the company they were assigned to.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name: Karen Pla
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 3/20/2012
Approved for Web Publishing: Yes
Date Published: 9/10/2012
_____________________________________________________________________________

Back to top