Attach_7_PIA

Attach_7_PIA.doc

Prostate, Lung, Colorectal and Ovarian Cancer Screening Trial (PLCO) (NCI)

Attach_7_PIA

OMB: 0925-0407

Document [doc]
Download: doc | pdf

Attachment 7: Privacy Impact Assessment (PIA)


06.3 HHS PIA Summary for Posting (Form) / NIH NCI PLCO Research

Database (PLCO)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2011? No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: 7/30/2010

2. OPDIV Name: NIH

3. Unique Project Identifier (UPI) Number: Not Applicable

4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN

number is required for Q.4): No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): NCI-59

7. System Name (Align with system Item name): NIH NCI PLCO Research Database (PLCO)

9. System Point of Contact (POC). The System POC is the person to whom questions about

the system and the responses to this PIA may be addressed: Dorothy Sullivan

10. Provide an overview of the system: The system is used for monitoring, quality control, and

analysis of the PLCO trial.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII

within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This

question seeks to identify any, and all, personal information associated with the system.

This includes any PII, whether or not it is subject to the Privacy Act, whether the

individuals are employees, the public, research subjects, or business partners, and whether

provided voluntarily or collected by mandate. Later questions will try to understand the

character of the data and its applicability to the requirements under the Privacy Act or

other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass

through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):

No

21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21

must be Yes and a SORN number is required for Q.4): No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

No IIF in the system

30. Please describe in detail: (1) the information the agency will collect, maintain, or

disseminate; (2) why and for what purpose the agency will use the information; (3) in this

description, explicitly indicate whether the information contains PII; and (4) whether

submission of personal information is voluntary or mandatory: This sytem is used to store

and monitor data from the participants in the PLCO and NLST prevention trials. Such data

consists of results of screening tests such as chest x-rays, serum PSA and CA-125,

sigmoisoscopy, etc. Medical history and other questionaire information is also stored. To protect

confidentially, the data in this system is referenced by a randomly assigned participant ID code

only. The actual identity of the participant is known only to the screening center at which these

tests were conducted. Since these participants are treated as clinical patients at these centers,

their true identity is considered confidential, as with any patient, and is protected in accordance

with HIPPA regulations to which all of these screening centers must adhere.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from

the individuals whose PII is in the system when major changes occur to the system (e.g.,

disclosure and/or data uses have changed since the notice at the time of the original

collection); (2) notify and obtain consent from individuals regarding what PII is being

collected from them; and (3) how the information will be used or shared.

(Note: Please describe in what format individuals will be given notice of consent [e.g.,

written notice, electronic notice, etc.]) No IIF.

32. Does the system host a website? (Note: If the system hosts a website, the Website

Hosting Practices section is required to be completed regardless of the presence of PII): No

37. Does the website have any information or pages directed at children under the age of

thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of

PII? (Refer to the C&A package and/or the Records Retention and Destruction section in

SORN): No

54. Briefly describe in detail how the IIF will be secured on the system using

administrative, technical, and physical controls.: Information is secured using

username/passwords, least privilege, separation of duties, an intrusion detection system,

firewalls, locks, badge access, background investigations. A comprehensive IRT capability is

also maintained.

PIA Approval

PIA Reviewer Approval: Promote

PIA Reviewer Name: Suzy Milliard

Sr. Official for Privacy Approval: Promote

Sr. Official for Privacy Name: Karen Plá

Sign-off Date: 9/28/2010

Approved for Web Publishing: Yes

Date Published: February 22, 2011

File Typeapplication/msword
AuthorVivian Horovitch-Kelley
Last Modified ByKristen Keating
File Modified2012-09-25
File Created2012-09-25

© 2024 OMB.report | Privacy Policy