Privacy Impact Assessment

Appendix C (TAR Privacy Impact Assessment).doc

Tremolite Asbestos Registry

Privacy Impact Assessment

OMB: 0923-0039

Document [doc]
Download: doc | pdf

Appendix C

Tremolite Asbestos Registry

HHS IT Privacy Impact Assessment (PIA) Analysis Worksheet



The PIA determines what kind of information in identifiable form (IIF), if any, is contained within a system, what is done with that information, and how that information is protected. Systems with IIF are subject to an extensive list of requirements based on privacy laws, regulations, and guidance. The HHS Privacy Advocate, for issues related to the Privacy Advocate and citizen complaints, and the HHS Privacy Act Officer, for issues related to the Freedom of Information Act of 1966 (FOIA) and the Privacy Act, and respective OPDIV Privacy Contacts, for issues related to the Privacy Act, can all be used as a resource for questions related to the technicalities of privacy law. The Office of Information Resources Management (OIRM) can answer questions related to the administrative, technical, and physical controls of the system.




Identifying Numbers (Use N/A for items that are Not Applicable)

Unique Project Identifier Number (UPI):

(If the system does not have a UPI, please explain why it does not.)



0923-0006

Privacy Act System of Records (SOR) Number:



SOR # 09-19-0001

OMB Information Collection Approval Number and Expiration Date:



In final stage of OMB clearance.

Other Identifying Number(s):



N/A

System Name:

Tremolite Asbestos Registry

System Location (OPDIV or contractor office building, room, city, and state):

OPDIV/Contractor:

Division of Health Studies, Agency for Toxic Substances and Disease Registry

Street Address: 2400 Century Parkway, Floor 3

City Atlanta ST GA ZIP 30345

System Point of Contact (POC):



Theodore Larson

Name, Title, Organization/Department:







Activity/Purpose of System:

Theodore Larson, Epidemiologist

Division of Health Studies, Agency for Toxic Substances and Disease Registry


Phone Number: (770) 488-3695 E-Mail: [email protected]



The Tremolite Asbestos Registry (TAR) is a database of persons exposed to amphibole-contaminated vermiculite in Libby, Montana. The purpose of the TAR is to improve communication with people at risk for developing asbestos-related disease resulting from asbestos exposure in Libby, track changes in their health, and to support research activities related to TAR registrants. The Agency for Toxic Substances and Disease Registry is authorized to create exposure and disease registries under the Comprehensive Environmental Response, Compensation, and Liability Act of 1980. This mandate was reiterated in the Superfund Amendments and Reauthorization Act of 1986.




For clarification and definition of terms, please refer to September 26, 2003, Memorandum on OMB Guidance for Implementing the Privacy Provisions of the
E-Government Act of 2002.


No.

Privacy Question Sets

User Response

Comments

Yes

No

N/A

System Characterization and Data Categorization

1

Does/Will HHS own the system?


Note: If no, identify the system owner in the Comments column.

X

Owner: ATSDR

2

Does/Will HHS operate the system?


Note: If no, identify the system operator in the Comments column.

X

Operator: Division of Health Studies

3

Identify in the Comments column the life-cycle phase of this system.




Initiation

Development/Acquisition

Implementation

X Operations/Maintenance

Disposal

4

Has/Have any of the major changes listed in the Comments column occurred to the system since the conduct of the last PIA?


If yes, please check which change(s)
have occurred.


X


Conversions

Anonymous to Non-Anonymous

Significant System Management Changes

Significant Merging

New Public Access

Commercial Sources

Internal Flow or Collection

New Interagency Use

Alteration in Character of Data

XInitial PIA

5

Is the system (or will the system be)
a stand-alone system or a
networked system?

Note: If yes, identify the system type in the Comments column.


X

Stand-alone

X Networked

Other (Please explain)

6

Is the system (or will the system be) a sensitive system?


Note: If yes, identify the system type in the Comments column.

X

X General Support System (GSS)

Major Application (MA)

Sensitive System (Please explain)

7

Is the system (or will the system be) a General Support System (GSS) or a Major Application (MA)?


Note: If yes, identify the system type in the Comments column.

X

X General Support System (GSS)

Major Application (MA)

Other (Please explain)

8

Does/Will the system require an A-11 Capital Planning Exhibit submission
to OMB?


Note: If no, please explain why the system will not be part of an exhibit 300 and/or exhibit 53 submission in the Comments column.


X

Exhibit 53

Exhibit 300



This program uses IT resources already owned by CDC/ATSDR (SAS, Microsoft Access, Novasoft and the CDC LAN).


System Characterization and Data Categorization

9

Does/Will the system contain information in identifiable form (IIF) within any database(s), record(s), file(s) or Web site(s) hosted by this system?


Note:

If yes, check all that apply in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.


Please note: This question seeks to identify all personal information contained within the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation.


If no, mark the remaining questions of the PIA Analysis Worksheet “No” and proceed to the PIA Summary.





X

Personal Information:

X Name

X Date of birth

X Social Security Number (or other number originated by a government that specifically identifies an individual)

Photographic identifiers (e.g., photograph image, x-rays, and video)

Driver’s license

Biometric identifiers (e.g., fingerprint and voiceprint)

Mother’s maiden name

Vehicle identifiers (e.g., license plates)

X Mailing address

X Phone numbers (e.g., phone, fax, and cell)

Medical records numbers

Medical notes

Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN])

X Certificates (e.g., birth, death, and marriage)

Legal documents or notes (e.g., divorce decree, criminal records, or other)

Device identifiers (e.g., pacemaker, hearing aid, or other)

Web Uniform Resource Locators (URL)

E-mail address

Education records

Military status and/or records

Employment status and/or records

Foreign activities and/or interests

Other:________________________

Other:________________________

Other:________________________

Other:________________________

Other:________________________


10

Indicate the categories of individuals about whom IIF is or will be collected.

X

Employees

X Public citizens

Patients

Business partners/contacts (federal, state, local agencies)

Vendors/Suppliers/Contractors

System Characterization and Data Categorization

11


Are records on the system (or will records on the system be) retrieved by one or more data elements?


Note: If yes, specify in the Comments column what method is or will be used in retrieving the records (i.e., using a record number, name, social security number, or other data element or record locator methodology). If the category of personal information is not listed, please check “Other” and identify the category.


X

Personal Information:

X Name

Date of birth

Social Security Number (or other number originated by a government that specifically identifies an individual)

Photographic identifiers (e.g., photograph image, x-rays, and video)

Driver’s license

Biometric identifiers (e.g., fingerprint and voiceprint)

Mother’s maiden name

Vehicle identifiers (e.g., license plates)

Mailing address

Phone numbers (e.g., phone, fax, and cell)

Medical records numbers

Medical notes

Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN])

Certificates (e.g., birth, death, and marriage)

Legal documents or notes (e.g., divorce decree, criminal records, or other)

Device identifiers (e.g., pacemaker, hearing aid, or other)

Web Uniform Resource Locators (URL)

E-mail address

Education records

Military status and/or records

Employment status and/or records

Foreign activities and/or interests

Other:________________________

Other:________________________

Other:________________________

Other:________________________

Other:________________________


12

Are/Will 10 or more records containing IIF [be] maintained, stored or transmitted/passed through this system?

X


13

Is the system (or will it be) subject to the Privacy Act?


Note: If the answer to questions 9, 11, and 12 were yes, the system will likely be subject to the Privacy Act. System owners should contact their OPDIV’s Privacy Contact for assistance with this question if they are uncertain of the applicability of the Privacy Act.



X


14

Has a Privacy Act System of Record (SOR) Notice been published (or will one be published) in the Federal Register?


If no, explain why not in the
Comments column.

X

No IIF is contained in the system.

IIF is in the system, but records are not retrieved by IIF.

Should have published an SOR, but was unaware of the requirement.

System is required to have an SOR but is not yet procured or operational.

Other:________________________

15

If an SOR Notice has been published, have major changes to the system as defined by M-03-22 occurred since publication of the SOR?

X


16

Does/Will the SOR Notice address all required categories of information?


Note: Check all that apply in the
Comments column.




X

X System name

X Security classification

X System location

X Categories of individuals covered by
the system

X Categories of records in the system

X Authority of maintenance of the system

X Purpose

X Routine uses of records maintained in
the system

Disclosure to consumer reporting agencies

X Policies and practices for storing, retrieving, accessing, retaining and disposing of records

X System manager(s) and address

X Notification procedure

X Record access procedure

X Contesting record procedure

X Record source categories

X System exempt from certain provisions of the Privacy Act.

Information Sharing Practices

17

Is the IIF in the system voluntarily submitted (or will it be)?

X


18

Does/Will the system collect IIF from individuals?


Note: If yes, identify in the Comments column the IIF the system collects or will collect directly from individuals. If the category of personal information is not listed, please check “Other” and identify
the category.




X

Personal Information:

X Name

X Date of birth

X Social Security Number (or other number originated by a government that specifically identifies an individual)

Photographic identifiers (e.g., photograph image, x-rays, and video)

Driver’s license

Biometric identifiers (e.g., fingerprint and voiceprint)

Mother’s maiden name

Vehicle identifiers (e.g., license plates)

X Mailing address

X Phone numbers (e.g., phone, fax, and cell)

Medical records numbers

Medical notes

Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN])

Certificates (e.g., birth, death, and marriage)

Legal documents or notes (e.g., divorce decree, criminal records, or other)

Device identifiers (e.g., pacemaker, hearing aid, or other)

Web Uniform Resource Locators (URL)

E-mail address

Education records

Military status and/or records

Employment status and/or records

Foreign activities and/or interests

Other:________________________

Other:________________________

Other:________________________

Other:________________________

Other:________________________


19

Does/Will the system collect IIF from other resources (i.e., databases, Web sites, etc.)?


Note: If yes, specify the resource(s) and IIF in the Comments column.




X

Resource: ____________________

Resource: ____________________

Resource: ____________________

Resource: ____________________

Resource: ____________________

20

Does/Will the system populate data for other resources (i.e., do databases, Web sites, or other resources rely on this system’s data)?


Note: If yes, specify resource(s) and purpose for each instance in the Comments column.

X

Resource: ____________________

Resource: ____________________

Resource: ____________________

Resource: ____________________

Resource: ____________________

21

Does/Will the system share or disclose IIF with other agencies within HHS, agencies external to HHS, or other people or organizations outside HHS?


Note: If yes, specify with whom and for what purposes, and identify which data elements in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.




X

With whom and for what purposes:

X Data will be shared with Montana Department of Public Health and Human Services, which manages a continuing community screening program being funded by ATSDR, in order to insure that all eligible persons are able to participate in the screening program and to reduce redundancy in both programs.

______________________________

______________________________

______________________________

______________________________


IIF shared:

Personal Information:

X Name

X Date of birth

X Social Security Number (or other number originated by a government that specifically identifies an individual)

Photographic identifiers (e.g., photograph image, x-rays, and video)

Driver’s license

Biometric identifiers (e.g., fingerprint and voiceprint)

Mother’s maiden name

Vehicle identifiers (e.g., license plates)

X Mailing address

X Phone numbers (e.g., phone, fax, and cell)

Medical records numbers

Medical notes

Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN])

Certificates (e.g., birth, death, and marriage)

Legal documents or notes (e.g., divorce decree, criminal records, or other)

Device identifiers (e.g., pacemaker, hearing aid, or other)

Web Uniform Resource Locators (URL)

E-mail address

Education records

Military status and/or records

Employment status and/or records

Foreign activities and/or interests

Other:________________________

Other:________________________

Other:________________________

Other:________________________

Other:________________________



22

If the IIF in the system is or will be matched against IIF in one or more other computer systems, are (or will there be) computer data matching agreement(s)
in place?


X


23

If data matching activities will occur, will the IIF be de-identified, aggregated, or otherwise made anonymous?


Note: If yes, please describe this use in the Comments column.

X

De-identified

Aggregated

Other

24

Is there a process, either planned or in place, to notify organizations or systems that are dependent upon the IIF contained in this system when changes occur (i.e., revisions to IIF, when the system encounters a major change, or is replaced)?

X


25

Is there a process, either planned or in place, to notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection)?

X


26

Is there/Will there be a process in place for individuals to choose how their IIF data is used?


If yes, please describe the process for allowing individuals choice in the
Comments column.


X


Process: Participants can opt to not participate in any health study using their registry IIF data during the consent process for that study. Participants can also opt out of the registry at any time.

27

Is there/Will there be a complaint process in place for individuals who believe their IIF has been inappropriately obtained, used, or disclosed, or that the IIF is inaccurate?


Note: If yes, please describe briefly
the notification process in the
Comments column.

X


Process: If a registrant believes his/her registry IIF has been inappropriately obtained, used, or disclosed, or is inaccurate, the registrant contacts the registry point of contact. The POC then either begins an investigation, or in the case if inaccurate data, corrects the data.

28

Are there or will there be processes in place for periodic reviews of IIF
contained in the system to ensure the data’s integrity, availability, accuracy,
and relevancy?


Note: If yes, please describe briefly the review process in the Comments column.

X


Process: TAR data will be reviewed every time it is used (for a new data collection or for a health study) for its integrity, availability, accuracy and relevancy. The data are analyzed for missing data elements and data entry errors.

29

Are there/Will there be rules of conduct in place for access to IIF on the system?


Note: If yes, identify in the Comments column all users with access to IIF on the system and for what purposes they use
the IIF.



X


X Users

Administrators

Developers

Contractors


For what purposes:

X Theodore Larson, principal investigator; analyzes, processes and collates registry data.

X Timothy Copeland, computer specialist; processes and collates registry data.

______________________________

______________________________

______________________________



Web site Host – Question Sets

30

Does/Will the system host a Web site?


Note:

If yes, identify what type of site the system hosts in the Comments column.


If no, check “No” for all remaining questions in the “Web Site Host Question Sets” section and answer questions starting with the “Administrative Controls” section beginning with question 41.

X

Type of site:

Internet_________________________

Intranet ________________________

Both__________________________


31

Is the Web site (or will it be) accessible by the public or other entities (i.e., federal, state, and local agencies, contractors, third-party administrators, etc.)?



X


32

Is a Web site privacy policy statement (consistent with OMB Section 208 Guidance) posted (or will it be posted) on the Web site?




X


33

Is the Web site’s privacy policy in machine-readable format, such as Platform for Privacy Preferences (P3P)?


Note: If no, please describe in the Comments column your timeline to implement P3P requirements for this system.

X


Implementation Plan:______________________

______________________________________________________________________________

34

Does the Web site employ (or will it employ) persistent tracking technologies?


Note: If yes, identify types of cookies in the Comments column. If persistent tracking technologies are in place, please indicate the official who authorized the use of the persistent tracking technology.

X

Session Cookies

Persistent Cookies

Web bugs

Web beacons

Other (Describe): ________________


Authorizing Official: ____________________


Authorizing Date: ______________________

35

Does/Will the Web site have any information or pages directed at children under the age of 13?


X


36

If there is a Web site directed at children, is information (including session cookies) collected (voluntarily or via tracking technologies)?


Note: If yes, identify in the Comments column any information collected, whether there is a unique privacy policy for the site, and the process for obtaining parental consent if any information is collected.

X


Process:_____________________________________________________________________________________________________________________________________________________

37

Does/Will the Web site collect IIF from individuals?


Note: If yes, identify what IIF the system collects in the Comments column. If the category of personal information is not
listed, please check “Other” and identify
the category.



X

Personal Information:


Name

Date of birth

Social Security Number (or other number originated by a government that specifically identifies an individual)

Photographic identifiers (e.g., photograph image, x-rays, and video)

Driver’s license

Biometric identifiers (e.g., fingerprint and voiceprint)

Mother’s maiden name

Vehicle identifiers (e.g., license plates)

Mailing address

Phone numbers (e.g., phone, fax, and cell)

Medical records numbers

Medical notes

Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN])

Certificates (e.g., birth, death, and marriage)

Legal documents or notes (e.g., divorce decree, criminal records, or other)

Device identifiers (e.g., pacemaker, hearing aid, or other)

Web Uniform Resource Locators (URL)

E-mail address

Education records

Military status and/or records

Employment status and/or records

Foreign activities and/or interests

Other:________________________

Other:________________________

Other:________________________

Other:________________________

Other:________________________


38

Does/Will the Web site share IIF with other agencies within HHS, agencies external to HHS, or other people or organizations outside HHS?


Note: If yes, specify with whom and for what purposes, and identify the data elements in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.



X

With whom and for what purposes:

______________________________

______________________________

______________________________

______________________________

______________________________


IIF shared:

Personal Information:


Name

Date of birth

Social Security Number (or other number originated by a government that specifically identifies an individual)

Photographic identifiers (e.g., photograph image, x-rays, and video)

Driver’s license

Biometric identifiers (e.g., fingerprint and voiceprint)

Mother’s maiden name

Vehicle identifiers (e.g., license plates)

Mailing address

Phone numbers (e.g., phone, fax, and cell)

Medical records numbers

Medical notes

Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN])

Certificates (e.g., birth, death, and marriage)

Legal documents or notes (e.g., divorce decree, criminal records, or other)

Device identifiers (e.g., pacemaker, hearing aid, or other)

Web Uniform Resource Locators (URL)

E-mail address

Education records

Military status and/or records

Employment status and/or records

Foreign activities and/or interests

Other:________________________

Other:________________________

Other:________________________

Other:________________________

Other:________________________


39

Are rules of conduct in place (or will they be in place) for access to IIF on the
Web site?


Note: If yes, identify in the Comments column all categories of users with access to IIF on the system, and for what purposes the IIF is used.




X


Users

Administrators

Developers

Contractors


For what purposes:

______________________________

______________________________

______________________________

______________________________

______________________________

40

Does (or will) the Web site contain links to sites external to the OPDIV that owns and/or operates the system?


Note: If yes, note in the Comments column whether the system provides a disclaimer notice for users that follow external links to Web sites not owned or operated by
the OPDIV.

X

Disclaimer notice for all external links




























No.

Privacy Question Sets

User Response

Comments

Yes

No

N/A

Administrative Controls

Note: This PIA guide uses the terms “administrative,” “technical,” and “physical” to refer to security control questions—terms that are used in several federal privacy laws when referencing security requirements. HHS recognizes the slight difference in terminology used in this guide from those that are used in other documents such as the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems.

41

Has the system been authorized (or will it be authorized) to process information?


Note: If yes, please identify when the authorization was provided. If an interim authorization to operate has been given, please indicate this in the Comments column.


X


42

Have there been major changes to the system since it was last certified and accredited?


Note: If the system has not been certified and accredited at the time of this PIA, please describe in the Comments column the plan and timeline for conducting a certification and accreditation (C&A) for this system.

X

According to FIPS 199 information typing, the moderate impact level is the likely rating for TAR. For C&A efforts, TAR will utilize future CDC master enterprise system security plans and FIPS 200 common security controls for this impact level.

43

Are security controls routinely reviewed (or will they be)?



X


44

Is there a system security plan for this system (or will there be)?



X


45

Is there (or will there be) a contingency (or backup) plan for the system?



X


46


Are files backed up regularly (or will
they be)?



X


47


Are the backup files stored off-site (or will they be)?



X


48

Are there user manuals for the system (or will there be)?



X


49

Have personnel (system owners, managers, operators, contractors and/or program managers) using the system been trained and made aware of their responsibilities for protecting the IIF being collected and maintained (or will they be)?



X


50


Who will have/has access to the IIF on
the system?


Note: Check all that apply in the
Comments column.




X Users

X Administrators

Developers

Contractors

Other

51

If contractors operate or use the system, do the contracts include clauses ensuring adherence to privacy provisions and practices?

X


52

Are methods in place to ensure least privilege (i.e., “need to know” and accountability) (or will there be)?


Note: If yes, please specify method(s) in the Comments column.

X


53

Are there policies or guidelines in place for the retention and destruction of IIF (or will there be)?


Note: If yes, please provide some detail about these policies/practices in the Comments column.

X


Technical Controls

54

Are technical controls in place to minimize the possibility of unauthorized access, use, or dissemination of the data in the system (or will there be)?


Note: If yes, check all that apply in the Comments column.






X

X User ID

X Passwords

Firewall

Virtual Private Network (VPN)

Encryption

Intrusion Detection System (IDS)

Common Access Cards (CAC)

Smart Cards

Biometrics

Public Key Infrastructure (PKI)

Other _________________________

Other _________________________

Other _________________________

55

Are any of the password controls listed in the Comments column in place (or will they be)?

Note: Check all that apply in the
Comments column.








X

X Passwords expire after a set period of time.

X Accounts are locked after a set period of inactivity.

X Minimum length of passwords is eight characters.

X Passwords must be a combination of uppercase, lowercase, and special characters.

X Accounts are locked after a set number of incorrect attempts.

56

Is a process in place to monitor and respond to privacy and/or security incidents (or will they be)?



X


Physical Controls

57

Are physical access controls in place (or will there be)?


Note: If yes, check all that apply in the Comments column.



X

X Guards

X Identification Badges

X Key Cards

Cipher Locks

Biometrics

X Closed Circuit TV (CCTV)

Other _________________________

Other _________________________

Other _________________________

- END -


PIA Analysis Worksheet

Contact Information




______________________________________ 4/5/2006

Signature of Assessor Date

(e.g., System Owner, Operator, Developer, or Other)


Theodore Larson Epidemiologist

Print Name Title/Position


ATSDR

OPDIV and Office/Department


2400 Century Center PKWY NE FL 3

Street Address


______________________________________

Street Address


Atlanta, GA 30345

City, State and Zip Code


(404) 498-0593 (404) 498-0077

Phone Number Fax Number





***Please go to the next page and complete the PIA Summary. This Summary will be made publicly available at http://www.hhs.gov/pia.***


Privacy Impact Assessment (PIA) Summary


Date of this Submission (MM/DD/YYYY): 4/5/2006

HHS OPDIV: ATSDR

Title of system or information collection: Tremolite Asbestos Registry

Is this system or information collection new or is an existing one being modified? New

Does this system collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes

Identifying Numbers (Use N/A, where appropriate)

Unique Project Identifier Number: N/A

System of Records Number: 09-19-0001

OMB Information Collection Approval Number and Expiration Date: 0923-0006 (in final stage of OMB review)

Other Identifying Number(s): N/A


Description


  1. Provide an overview of the system or collection and indicate the legislation authorizing this activity.


The Tremolite Asbestos Registry (TAR) is a database of persons exposed to amphibole-contaminated vermiculite in Libby, Montana. The purpose of the TAR is to improve communication with people at risk for developing asbestos-related disease resulting from asbestos exposure in Libby, track changes in their health, and to support research activities related to TAR registrants. The Agency for Toxic Substances and Disease Registry is authorized to create exposure and disease registries under the Comprehensive Environmental Response, Compensation, and Liability Act of 1980. This mandate was reiterated in the Superfund Amendments and Reauthorization Act of 1986.


  1. Describe the information the agency will collect, maintain, or disseminate and how the agency will use the information. In this description, indicate whether the information contains IIF and whether submission is voluntary
    or mandatory.


In addition to registrant identifying and contact information, others types of data included in the registry include exposure and health outcome. These data are collected using a standardized survey. Exposure data include occupational and environmental asbestos exposure pathways. Health outcome data include self-reports of the presence of disease (e.g. cancer and asbestosis) and symptoms (e.g. excess coughing or shortness of breath).

Participants can refuse to answer any question in the survey, including those in which IIF is collected (e.g. social security number or data of birth).


  1. Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort.


Because the registry tracks participants' health through time, it is necessary to have full names, addresses and phone number so that ATSDR can conduct follow-up interviews. Social security numbers are also needed to trace registrants in case they have moved without leaving additional contact information, and for matching data within the registry when other identifiers are incomplete. Date of birth is needed because it is used to calculate age for a variety of purposes within the registry.


  1. Explain why the IIF is being collected, maintained, or disseminated.

Collecting IIF allows ATSDR to locate and re-contact TAR registrants to see if their health has changed. ATSDR maintains this data to allow this type of follow-up of registrants.


  1. Identify with whom the agency will share the IIF.

The Montana Department of Public Health and Human Services (MDPHHS) offers free screening in Libby. Because the majority of screening participants are also enrolled in the TAR and because the TAR participants that have not been screened are encouraged to participate in the Montana screening program, ATSDR shares TAR data with MDPHHS.


  1. Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.


The CDC Institutional Review Board requires that each TAR candidate consent to participate. As part of the consent process for the TAR, each participant is told that the information given to ATSDR while being interviewed will be added to the TAR. If interviewed by telephone, the consent statement is read to the participant and once the participant provides verbal consent to proceed, the interview begins. If interviewed face-to-face, the participant reads and signs a printed consent form before proceeding with the interview.


  1. State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children’s Online Privacy Protection Act of 1998)


No personal information will be collected for the TAR from children under age 13 on the Internet.


  1. Describe how the IIF will be secured.

All electronic data will be stored in a firewall and password-protected network and hard copy data will be stored in a locked cabinet in a locked storage room. Access to project data will be limited to the personnel assigned to manage and analyze it. Personal identifiers (including but not limited to names, addresses, dates of birth, social security numbers, and job titles) will be removed from internal-use analysis data files where possible.


  1. Describe plans for retention and destruction of IIF.


Once the TAR is inactivated, the records containing IIF will be transferred to ATSDR’s records room. After two years, the records will be transferred to the Federal Records Center, where they will be destroyed after 10 years.



  1. Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained.


SOR # 09-19-0001


Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it: Theodore Larson, ATSDR.


Endorse Endorse Approve


_________________________ __________________________ ______________________

[Name] [Name] [Name]

[Privacy Contact/Title] [OPDIV Chief Information Officer] [OPDIV Head Title]


Date ____________ Date: ____________ Date: ____________



File Typeapplication/msword
File TitleHHS IT Privacy Impact Assessment (PIA) Analysis Worksheet
AuthorTed
Last Modified ByDHS187496
File Modified2009-08-11
File Created2009-03-25

© 2024 OMB.report | Privacy Policy