Privacy Statement

Epi-X Privacy Policy

Page 1 of 1

Centers for Disease Control and
Prevention
Privacy Policy Notice
Thank you for using the Epi-X system and for reviewing Epi-X's Privacy Policy.
The Epidemic Information Exchange (Epi-X) is a secure, electronic communication system designed to enable local, state, and federal
health officials to share information about recent outbreaks and other health events rapidly. CDC manages and supports Epi-X in
collaboration with sponsoring public health organizations and under the general direction of an editorial board.
Users of the Epi-X system have been granted access to Epi-X on the basis of a signed Epi-X User Agreement. As an Epi-X user, they will
have access to sensitive provisional information including:





information about disease outbreaks and other health events contributed by local, state, and federal health agencies,
discussion about the possible causes of these outbreaks and health events,
requests for assistance to respond to these outbreaks and health events, and
access to the directories of Epi-X users and other public health personnel.

This information is shared with Epi-X users to help anticipate, identify, and respond to health problems in communities and to alert other
Epi-X users of outbreaks or other health events that might affect their areas. High Risk and magnitude of harm would result form the
misuse or unauthorized access to the system.
While using Epi-X, certain information will be gathered and stored. Epi-X collects and stores only the following PII (personally identifiable
information):







Name
Address
Telephone number
Recent location
Suspected or confirmed illness
Treatment

Information Security and Confidentiality
Freedom of Information Act
Current and archived material on Epi-X and Epi-X Forum is subject to release through the Freedom of Information Act (FOIA). Some EpiX and Epi-X Forum information can be withheld from release if it meets statutory exemptions. Statutory exemptions allow federal
agencies to withhold records if they are





an unwarranted invasion of personal privacy,
confidential or proprietary business information,
law enforcement or criminal investigation records, or
part of a decision-making or deliberative process and the release of information prematurely might cause foreseeable harm.

Use of Cookies
CDC webpages use two types of “cookies” session-based and persistent. The majority of cookies used are session-based. These bits of
information are stored temporarily in your computer’s random access memory (RAM) as a line of text. When you close your browser, the
cookie is destroyed and no trace of it remains on your hard drive. These session cookies are used solely as a method to improve the
user experience for those visiting the site. In very few cases, the CDC web site uses persistent cookies to store information for a longer
period. In those cases, the webpage is clearly noted and the user can choose not to use that webpage feature. As noted above, in no
case does CDC disclose, give, sell, or transfer any personal information about CDC web site visitors unless required for law enforcement
or otherwise required by law.”

Date last reviewed: 12/02/2009

https://epix.cdc.gov/EpixPrivacyPolicy.htm

9/14/2010