Memo

Request for Approval under the “Generic Clearance for the Collection of Routine Customer Feedback” (OMB Control Number: 0990-0459)

TITLE OF INFORMATION COLLECTION: HC3 Customer Feedback Form

PURPOSE:

In 2015, Congress took action to enhance cybersecurity information sharing between the government and the private sector by passing the Cybersecurity Information Sharing Act (CISA). This law, combined with Presidential Policy Directive-21, designated the Department of Health and Human Services (HHS) as the sector specific agency (SSA) for protecting Health and Public Health sector critical infrastructure. Further, they empowered HHS to oversee the improvement in the cybersecurity posture of the sector. Recognizing the need to improve cybersecurity information sharing between HHS, its federal partners, and the HPH sector, HHS created the Health Sector Cybersecurity Coordination Center (HC3) within the Office of Information Security (OIS). HC3 expands upon existing successful projects with federal health partners and coordinates with the DHS National Cybersecurity and Communications Integration Center (NCCIC), the Assistant Secretary for Preparedness and Response (ASPR), and private-sector cybersecurity organizations. HC3 ensures that the HPH sector has the latest threat information, engages in routine and coordinated risk information sharing, protects against advanced persistent threats, and develops proactive risk management strategies. The HC3 Customer feedback form will allow the HC3 determine if products develop meet the needs of the HPH sector.

DESCRIPTION OF RESPONDENTS:

The respondents in this effort will consist of various medical professionals, including doctors, nurses, practice administrators, etc. In addition, feedback will also be gathered from InfoSec professionals, including CISOs (Chief Information Security Officers), CIOs (Chief Information Officers), CMIOs (Chief Medical Information Officers), etc.

TYPE OF COLLECTION: (Check one)

[ x] Customer Comment Card/Complaint Form [ ] Customer Satisfaction Survey

[ ] Usability Testing (e.g., Website or Software [ ] Small Discussion Group

[] Focus Group [ ] Other: ______________________

CERTIFICATION:

I certify the following to be true:

1. The collection is voluntary.

2. The collection is low-burden for respondents and low-cost for the Federal Government.

3. The collection is non-controversial and does not raise issues of concern to other federal agencies.

4. The results are not intended to be disseminated to the public.

5. Information gathered will not be used for the purpose of substantially informing influential policy decisions.

6. The collection is targeted to the solicitation of opinions from respondents who have experience with the program or may have experience with the program in the future.

Name:___Rahul Gaitonde

To assist review, please provide answers to the following question:

Personally Identifiable Information:

1. Is personally identifiable information (PII) collected? [ ] Yes [ X ] No

2. If Yes, is the information that will be collected included in records that are subject to the Privacy Act of 1974? [ ] Yes [ ] No

3. If Applicable, has a System or Records Notice been published? [ ] Yes [ ] No

Gifts or Payments:

Is an incentive (e.g., money or reimbursement of expenses, token of appreciation) provided to participants? [ ] Yes [ X ] No

BURDEN HOURS

FEDERAL COST: The estimated annual cost to the Federal government is ___$28,116___

If you are conducting a focus group, survey, or plan to employ statistical methods, please provide answers to the following questions:

The selection of your targeted respondents

1. Do you have a customer list or something similar that defines the universe of potential respondents and do you have a sampling plan for selecting from this universe? [ ] Yes [x] No

If the answer is yes, please provide a description of both below (or attach the sampling plan)? If the answer is no, please provide a description of how you plan to identify your potential group of respondents and how you will select them?

Administration of the Instrument

1. How will you collect the information? (Check all that apply)

[ X ] Web-based or other forms of Social Media

[ ] Telephone

[ ] In-person

[ ] Mail

[ ] Other, Explain

2. Will interviewers or facilitators be used? [ ] Yes [ x] No