Contractor’s Pledge of 308(d) Confidentiality
Safeguards for Individuals and Establishments
Against Invasions of Privacy
In accordance with Section 308(d) of the Public Health Service Act (42 U.S.C. 242m), the contractor and employees of the contractor are required to assure confidentiality and to undertake safeguards for individuals and establishments to assure that confidentiality is maintained.
To provide these safeguards in performance of the contract, the contractor and the contractor’s employees shall:
Be bound by the following confidentiality assurance:
Assurance of Confidentiality
In accordance with Section 308(d) of the Public Health Service Act (42 U.S.C. 242m), the Director, CDC assures all respondents that the confidentiality of their responses to the request for NHM&E information will be maintained by the contractor and CDC and that no information obtained in the course of this activity will be disclosed in a manner in which the individual or establishment supplying the information is identifiable, unless such individual or establishment has consented to such disclosure. The contractor will release no information from the data obtained or used under this contract to any persons except authorized staff of CDC.
Maintain the following safeguards to assure that confidentiality is protected by the contractor and the contractor’s employees and to provide for the physical security of the records:
a. After having read the above assurance of confidentiality, each employee of the contractor participating in this project is to sign the following statement of understanding: I have carefully read and understand the CDC assurance which pertains to the confidential nature of all records to be handled in regard to this data collection. As an employee of the contractor I understand that I am prohibited by law from disclosing any such confidential information which has been obtained under the terms of this contract to anyone other than authorized staff of CDC.
b. To preclude observation of confidential information by persons not employed on the project, the contractor shall maintain all confidential records that identify individuals or establishments or from which individuals or establishments could be identified under lock and key. Specifically at each site where these items are processed or maintained
All confidential records that could permit identification of individuals or establishments are to be kept in locked containers when not in use by the contractor’s employees. The keys or means of access to these containers are to be held by a limited number of the contractor’s staff at each site. When confidential records are being used in a room, admittance to the room is to be restricted to employees pledged to confidentiality and employed on this project. If at any time the contractor’s employees are absent from the room, it is to be locked.
If records are maintained in electronic form, the medium on which the files are stored (floppy disk, CD-ROMS, and removable hard drives) must also be kept in locked containers or, if maintained on a computer, access secured by all available means (including keyboard locks, passwords, encryption, etc., and office locks).
Personal computers, desktop or laptop, containing confidential records should never be maintained in an open, unsecured space. Only a limited number of authorized staff may have keys or other means of access to such cabinets or rooms.
When confidential records are in use, whether by themselves or viewed on computer monitors, these must be kept out of the sight of persons not authorized to work with the records.
Except as needed for operational purposes, copies of confidential records (paper documents, electronic files, or records of other kinds) are not to be made. Any duplicate copies made of confidential records are to be destroyed as soon as operational requirements permit. Approved means of destruction include shredding, burning, and macerating.
Should reuse of electronic media (hard drives and rewritable compact disks) containing confidential records be contemplated, extreme care should be taken not to dispose of information in such a way that it can be recovered by unauthorized users of the electronic medium involved.
c. The contractor and his professional staff will take steps to ensure that the intent of the pledge of confidentiality is enforced at all times through appropriate qualifications and standards for all personnel working on this project and through adequate training and periodic follow up procedures.
Release no information from the data obtained or used under this contract to any person except authorized staff of CDC.
By a specified date, which may be no later than the date of completion of the contract, return all project data to CDC or destroy all such data, as specified by the contract.
_____________________________________________ _______________________
My signature below indicates that I have read, understood, and agreed to comply with the above statements.
_____________________________________ ____________________________________
Type or Print Name Date
_____________________________________ ______________________________________
Signature Center/Institute/Office (type or print)
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | ldp1 |
File Modified | 0000-00-00 |
File Created | 2021-01-31 |