Assurance of Confidentiality

Population Assessment of Tobacco and Health (PATH) Study (NIDA)

Attachment 13
PATH Study
Assurance of Confidentiality

Population Assessment of Tobacco and Health (PATH) Study (NIDA)

EMPLOYEE OR CONTRACTOR’S ASSURANCE
OF CONFIDENTIALITY
Statement of Policy
Westat is firmly committed to the principle that information, especially sensitive or personal
information, must be protected. This principle holds whether or not any specific security or
confidentiality guarantee was given or whether or not there are specific contractual
obligations to the client. When guarantees have been given or contractual obligations
regarding information security have been entered into, they may impose additional
requirements which are to be adhered to strictly.
Procedures for Maintaining Confidentiality
All Westat employees and contractors shall sign this assurance of confidentiality. This assurance may
be superseded by another assurance for a particular project. Everyone shall keep completely
confidential any information in identifiable form or personally identifying information, all
information or opinions collected in the course of their work, and any such information learned
incidentally. Everyone must exercise reasonable caution to prevent access by others to sensitive
information in their possession.
Unless specifically instructed otherwise for a particular project, an employee or contractor, upon
encountering a respondent or information pertaining to a respondent that s/he knows
personally, shall immediately terminate the activity and contact her/his supervisor for instructions.
Information containing personal identifiers in Westat offices shall be kept in a locked container or a
locked room when not being used each working day in routine activities. Reasonable caution shall be
exercised in limiting access to such information to only those persons who have a need to know and
who meet the applicable access requirements for that project. Where information has been
determined to be particularly sensitive, that information shall be kept in locked containers or in a
locked room except when actually being used by an individual who has signed this pledge.
Ordinarily, serial numbers shall be assigned to respondents prior to creating a machine-processible
record and identifiers such as name, address, and Social Security number shall not ordinarily, be a
part of the machine record. When identifiers are part of the machine data record, Westat’s Manager
of Data Processing shall be responsible for determining adequate confidentiality measures in
consultation with the project director. When a separate file is set up containing identifiers or linkage
information which could be used to identify data records, this separate file shall be kept locked up
when not actually being used each day in routine survey activities.
When sensitive information is to be given into the keeping of another party, the other party shall be
informed of these procedures and shall sign an Assurance of Confidentiality form.
Each project director shall be responsible for ensuring that all personnel and contractors involved in
handling information on a project are instructed in these procedures throughout the period of
performance. When there are specific contractual obligations to the client regarding confidentiality,
the project director shall develop additional procedures to comply with these obligations and shall

1

Population Assessment of Tobacco and Health (PATH) Study (NIDA)

instruct Westat staff, contractors, consultants, and any other persons who work on the project in
these additional procedures. At the end of the period of performance, the project director shall
arrange for proper storage or disposition of information including any particular contractual
requirements for storage or disposition. When required to turn over survey data to our clients,
projects must provide proper safeguards to ensure confidentiality up to the time of delivery.
Project directors shall ensure that information management practices adhere to the provisions of the
U.S. Privacy Act of 1974, the Federal Information Security Management Act (FISMA), the Health
Insurance Portability and Accountability Act, and other applicable laws, regulations, and policies
when information is gathered, processed, or stored for the Federal Government. Project directors
must ensure that procedures are established that comply with contractual requirements. Project staff,
contractors, consultants, and other persons who work on the project are required to follow the
established procedures, Westat policies, and applicable contractual and legal requirements. Failure to
follow these procedures, policies, and requirements may result in sanctions up to and including
dismissal or legal action. Unauthorized use or disclosure of information may result in civil or
criminal penalties.
Pledge
I hereby certify that I have carefully read and will cooperate fully with the above procedures. I will
keep completely confidential all sensitive information to which I gain access. I will not discuss,
disclose, disseminate, or provide access to any information except as authorized by Westat. In
addition, I will comply with any additional procedures established by Westat for a particular
contract. I will devote my best efforts to ensure that there is compliance with the required
procedures by personnel whom I supervise. I understand that violation of this pledge is sufficient
grounds for disciplinary action, including dismissal. I also understand that violation of the privacy
rights of individuals through such unauthorized discussion, disclosure, dissemination, or access may
make me subject to civil or criminal penalties. I give my personal pledge that I shall abide by this
assurance of confidentiality.

Signature

Print Name

Date

2