Font Size Print Download Reader HHS Home|HHS News|About HHS

Substance Abuse & Mental Health Services Administration Privacy Impact Assessments

06.3 HHS PIA Summary for Posting (Form) / SAMHSA CSAP Health Information Network (SHIN)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

1. Date of this Submission: Nov 12, 2008

2. OPDIV Name: SAMHSA

3. Unique Project Identifier (UPI) Number: 009-30-01-03-02-1027-02

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): None

5. OMB Information Collection Approval Number: 09390-0197

6. Other Identifying Number(s): 277-98-6008

7. System Name (Align with system Item name): SAMHSA CSAP Health Information Network (SHIN)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nelia C. Nadal

10. Provide an overview of the system: The National Clearinghouse for Alcohol and Drug Information (NCADI) established in conformance with the Public Health Service Act, as amended by the Anti-Drug Abuse Act of 1986, the Omnibus Anti-Drug Abuse Act of 1988, and the ADAMHA Reorganization Act of 1992, supports and promotes the goals of demand reduction for the substance abuse field. NCADI is the hub of the Federal Government's effort to gather and communicate information about effective prevention, intervention, and treatment policies, programs, and practices as well as an important link to scientific research on substance abuse and mental health issues. As such, NCADI provides a single point of entry to comprehensive, customer-oriented information services for SAMHSA's current constituents as well as new audiences.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?): Yes

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A The system does not share or disclose IIF information.

All personnel Information is purely Voluntary

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is provided voluntarily by customers who contact the NCADI contract via the phone, web, FAX, in-person and via mail.

Yes, there is a process in place to notify and or obtain consent from the public when major changes occur.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: Yes

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Any IIF information stored on the system will be physically secured and password protected.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: William Lewis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Samuel S.Ackley

Sign-off Date: Nov 12, 2008

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / SAMHSA CSAP Prevention Service Accountability Monitoring System (CSAMS)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

1. Date of this Submission: Dec 3, 2003

2. OPDIV Name: SAMHSA

3. Unique Project Identifier (UPI) Number: 009-30-01-29-01-1006-00-110-028

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No

5. OMB Information Collection Approval Number: 09390-0197

6. Other Identifying Number(s): N/A

7. System Name (Align with system Item name): CSAP/SAMHSA's Prevention Technology Platform (PrevTech)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Augusto Diana

10. Provide an overview of the system: PrevTech was established in conformance with the Public Health Service Act, as amended by the Anti-Drug Abuse Act of 1986, the Omnibus Anti-Drug Abuse Act of 1988, and the ADAMHA Reorganization Act of 1992, supports and promotes the goals of demand reduction for the substance abuse field. PrevTech supports the Federal Government's effort to gather and communicate information about effective prevention, intervention, and treatment policies, programs, and practices as well as an important link to scientific research on substance abuse and mental health issues

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Registered PrevTech users support their evidence-based prevention programs and collect information related to those projects using PrevTech's interactive tools. Their data is maintained in password-protected accounts and is not shared with the agency or others.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Information is provided voluntarily by registered PrevTech users and is not shared with others or with the agency.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Physically secured and password protected

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Secure One HHS Migration

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Samuel S. Ackley

Sign-off Date: Jun 1, 2006

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / SAMHSA OAS National Survey on Drug Use and Health (NSDUH)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? No

If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

1. Date of this Submission: Dec 4, 2003

2. OPDIV Name: SAMHSA

3. Unique Project Identifier (UPI) Number: 009-30-01-03-01-1003-02

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): No

7. System Name (Align with system Item name): National Survey on Drug Use and Health (NSDUH)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sam Ackley

10. Provide an overview of the system: To provide information on the incidence and prevalence of substance use as required by Section 505 of the Public Health Service Act (42 USC 290aa4). The National Survey on Drug Use and Health (NSDUH) provides information on the incidence and prevalence of substance use required by Section 505 of the Public Health Service Act (42 USC 290aa4). The NSDUH has been conducted on a periodic basis from 1971-1988, and annually since 1990. Section 505 of the Public Health Service Act also requires that these data must be collected annually.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The National Institute on Drug Abuse (NIDA), the Centers for Disease Control and Prevention (CDC), the Office of National Drug Control Policy (ONDCP), and other Federal components interested in the prevalence of substance use including the White House, Congress. This information is also shared with various state and local government agencies, researchers, and the general public. Published reports are available on the web at http://www.DrugAbuseStatistics.SAMHSA.gov

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory: The NSDUH provides current data on substance use prevalence for the U.S. population aged 12 or older as well as each state. The survey sample supports annual direct estimates of prevalence for: the nation, the eight (8) largest states, and model-based estimates for the remaining 42 States and the District of Columbia. These data are used by SAMHSA, the National Institute on Drug Abuse (NIDA), the Centers for Disease Control and Prevention (CDC), the Office of National Drug Control Policy (ONDCP), and other Federal agencies interested in the prevalence of substance use, in order to: (1) design prevention programs, (2) respond to inquiries on the extent of substance use, (3) estimate treatment need, (4) study the socioeconomic impact of substance abuse, (5) identify correlates of substance use, and (6) evaluate the overall impact that Federal and State programs have on drug demand. NSDUH data provide a useful indicator of individual States¿ overall success at reducing youth substance abuse. In conjunction with other data sources, the survey will provide a means for assessing and improving outcomes of prevention and treatment services. The survey will help SAMHSA identify areas where serious substance abuse problems exist and provide assistance to States to help them develop and adopt targeted responses for those problems. In addition, many special requests for survey information emanate from the White House, Congress, and various state and local government agencies. The survey questionnaire asks for the minimum information necessary to meet the needs of Federal policy makers and the substance abuse research, prevention, and treatment communities. Section 505 of the Public Health Service Act (42 U.S.C. 290aa-4) requires SAMHSA to collect this information. The NSDUH is the nation¿s only source of reliable national substance use data for the general population; it¿s continuation will ensure that SAMHSA will comply with statutory requirements and Federal, State, and local agencies will have timely data available for release on an annual basis. The ability to respond effectively and efficiently to the continually changing dynamics of the drug culture is critical to sound prevention and treatment strategies.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) The NSDUH is a survey of the civilian non-institutionalized population of the United States aged 12 or older. Households are sampled using a stratified, multi-stage area probability design. Data collection is facilitated through the use of personal, in-home interviews using computer-assisted interviewing (CAI) technology. The household screening and respondent selection procedures will be administered using a hand-held computer. The interview will be administered using a laptop computer. Each interview consists of both interviewer-administered and self-administered questions (the latter method is used to increase confidentiality of information). The interview incorporates several procedures to ensure that respondents rights will be protected. The interviewer introduces himself/herself and the session with a consent statement. This statement will be read out loud to each interview respondent. As part of the process for obtaining informed consent, respondents are given a document, which includes information on Section 501(n) of the Public Health Service Act and the protection that it affords. Specifically, Section 501(n) states that respondents answers will only be used for research and analysis and cannot be used for any other purpose (see Childrens Health Act of 2000, PL 106-310, page 70 of 146, paragraph titled: (n) Limitation on the Use of Certain Information). Beginning with the 2004 survey, the Confidential Information Protection and Statistical Efficiency Act of 2002, "CIPSEA," included as Title V in the E-Government Act of 2002 (PL 107-347), will provide a uniform set of confidentiality protections to all individually identifiable data collected for statistical purposes under a pledge of confidentiality. Under CIPSEA, penalties are imposed for willfully disclosing information to a person or agency not entitled to receive it; unlawful disclosure could be considered a class E felony with up to 5 years imprisonment or fines not to exceed $250,000.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: Yes

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The general model for securing collected data involves three increasingly restrictive layers of data security. The first layer of security is that provided by the Contractor and the gateways required to access their Public Network. The next layer is the significantly more restrictive procedures required to enter the Contractor's Private Network. Next is the restrictions placed on data files to limit access to those who are working on the project and who have signed confidentiality agreements. The data are collected via computer Contractor field staff. As the data are collected they will be transmitted back to the Contractor electronically to their Public network. Access to the Public Network is restricted by the use of assigned usernames and passwords. These data are restricted to thoses Contractor staff approved to work on the project and who have signed NSDUH confidentiality agreements. A complete backup of all files on every disk is written to tape weekly. Every business day, an incremental backup is performed of all files created or modified since the last complete backup. In the event of a harware or software failure, files can be restored ot their status as of the time of the last incremental backup, usually the evening of the previous business day.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Secure One HHS Migration (Art Hughes SAMHSA)

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Samuel S. Ackley

Sign-off Date: Jun 1, 2006

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / SAMHSA OPS Physical Access Control System (PACS)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: May 25, 2006

2. OPDIV Name: SAMHSA

3. Unique Project Identifier (UPI) Number: None

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): no

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name (Align with system Item name): SAMHSA Physical Access Control System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathleen Milenkowic

10. Provide an overview of the system: The SAMHSA PACS uses management software for access control and security operations. Its primary function is to provide physical access control predominately for SAMHSA staff and personnel accessing its facilities.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system is a stand a lone system and does not share disclose information with external agencies or people outside the agency.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) Consent is obtained from employees at time of Badge request. When employee returns badge request he/she are notified via formal notice of the IIF being collected, the reason for the IIF information and how the information will be used or shared.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: SAMHSA PACS system ensures the privacy of employees IIF through the use of passwords, secured storage room, and system lock-out with incorrect entry attempts.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: William Lewis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Samuel S. Ackley

Sign-off Date: Jul 27, 2006

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / SAMHSA OPS Web sites

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: Mar 14, 2007

2. OPDIV Name: SAMHSA

3. Unique Project Identifier (UPI) Number: SAMHSA Agency Website System Owner - Division of Management and Technology

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name (Align with system Item name): SAMHSA Website

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dawn Colbert

10. Provide an overview of the system: SAMHSA Agency website is used by internal and external user groups and provides a delivery system for information about SAMHSA to the public.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The SAMHSA Agency Website discloses website urls to the general public to aid with providing more information about programs being offered by SAMHSA.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) As changes are made to a content owners website nothing is published to the public until approval from the individuals has been recieved by the Webmaster.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: Yes

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Agency Website does not collect IIF. In the event the Agency Website does collect IIF, the IIF will be secured through the use of password protection, user identification codes, physical guards and access identification badges and the IT Security Policy.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: William Lewis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Samuel S. Ackley

Sign-off Date: Jun 1, 2006

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________

06.3 HHS PIA Summary for Posting (Form) / Services Accountability Improvement System (SAIS)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA? Yes

If this is an existing PIA, please provide a reason for revision: -

1. Date of this Submission: Nov 10, 2006

2. OPDIV Name: SAMHSA

3. Unique Project Identifier (UPI) Number: None

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4): None

5. OMB Information Collection Approval Number: 0930-0208

6. Other Identifying Number(s): None

7. System Name (Align with system Item name): Services Accountability Improvement System (SAIS)GPRA Outcome measures

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Raithel

10. Provide an overview of the system: The SAIS is a Web-based application utilized by CSAT/SAIS to monitor the performance of grants given to grantees. The information processed by the SAIS Web application is used to respond to SAMHSA's Government Performance and Results Act (GPRA) reporting requirements which tracks the effects and accomplishments of its descretionary grant programs.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A The system does not collect, share or disclose IIF information.

(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.]) There are no established processess in place for notifying and obtain consent from individuals to collect IIF because the SAIS system does not collect IIF. If the SAIS system evolves to collect IIF information a procedure will be developed.

32. Does the system host a website? (Note: If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII): Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no IIF information stored on the SAIS system.

PIA Approval

PIA Reviewer Approval: -

PIA Reviewer Name: William Lewis

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Sam Ackley

Sign-off Date: Jun 1, 2006

Approved for Web Publishing: Yes

Date Published: September 1, 2009

_____________________________________________________________________________