Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.21
Status
Form Number
Form Date
Question
Answer
1
OPDIV:
CDC
2
PIA Unique Identifier:
0920-17ADR
2a Name:
02/13/18
The Study to Explore Early Development, Teen Follow-Up Study
General Support System (GSS)
Major Application
3
Minor Application (stand-alone)
The subject of this PIA is which of the following?
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Planning
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
8b Planned Date of Security Authorization
No
Yes
No
Agency
Contractor
POC Title
IT ProjectManager
POC Name
Andrew Autry
POC Organization NCBDDD
POC Email
[email protected]
POC Phone
404-498-3876
New
Existing
Yes
No
TBD
Not Applicable
Page 1 of 10
Save
8c
Briefly explain why security authorization is not
required
10
Describe in further detail any changes to the system
that have occurred since the last PIA.
N/A
The purpose of SEED Teen is to collect data on enrolled
children’s health and development when they are teenagers.
Children ages 13-17 years will be identified from four of the six
SEED 1 sites in Georgia, Maryland, North Carolina, and
Pennsylvania. Data will be collected from three groups of
children: children with Autism Spectrum Disorders (ASD),
children with other (non-ASD) developmental conditions
(developmental disability [DD] comparison group), and
children from the general population who were initially
sampled from birth records.
11 Describe the purpose of the system.
The data collected in SEED Teen will be combined with data
collected during the original SEED case-control study. Thus,
SEED Teen provides a unique and rich opportunity to examine
the long-term health and developmental trajectory of children
in each of the three study groups and how this trajectory might
be related to various demographic, maternal pregnancy, and
early childhood health and behavioral factors that were
collected in the SEED case-control study, 7-13 years earlier.
The information collected in SEED Teen will be used to conduct
epidemiological analyses to assess 1) the developmental
trajectory of children identified at young ages of having ASD in
comparison to children with other non-ASD developmental
disabilities (DDs) and children in the general population; 2) the
health and functioning of adolescents with ASD and other DDs
in comparison to adolescents in the general population; 3) the
healthcare utilization and needs of adolescents with ASD and
other DDs in comparison to adolescents in the general
population; 4) the education attainment and needs of
adolescents with ASD and other DDs in comparison to
adolescents in the general population; and 5) family impacts
associated with having a child with ASD or other DD with the
goal of identifying strategies to help meet the unique needs of
these families.
SEED Teen will use contact information collected during SEED
1 to contact participants for SEED Teen to include: Name,
Mother's maiden name, phone number, address and email
address.
Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)
SEED Teen questions will include questions on sensitive topics
including children’s specific health conditions, details about
children’s current functioning and diagnosed disabilities,
children’s need for special services, adverse events in children’s
lives such as bullying, stressful life events experienced by the
child and family, parental expectations for the child’s future,
parent’s health conditions including diagnosed mental health
disorders, parent’s relationship with the child, family use of
social services such as food stamps, and household income.
Page 2 of 10
Save
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
SEED Teen will assess the health and functioning in a cohort of
teens previously diagnosed with autism spectrum disorder
(ASD) and other developmental disabilities (DDs) when they
were young. The study will also assess family impacts
associated with ASD and other DDs, and service needs and use
associated with having and ASD and other DDs during the
early teen years. Data from SEED Teen will include contact
information as well as other PII and will enable investigators to
increase scientific understanding of the developmental
trajectory and health consequences of ASD among
adolescents, enable federal. state, and local governments and
organizations to better understand the needs of adolescents
with ASD.
Yes
14 Does the system collect, maintain, use or share PII?
Indicate the type of PII that the system will collect or
15
maintain.
No
Social Security Number
Date of Birth
Name
Photographic Identifiers
Driver's License Number
Biometric Identifiers
Mother's Maiden Name
Vehicle Identifiers
E-Mail Address
Mailing Address
Phone Numbers
Medical Records Number
Medical Notes
Financial Account Info
Certificates
Legal Documents
Education Records
Device Identifiers
Military Status
Employment Status
Foreign Activities
Passport Number
Taxpayer ID
Employees
Public Citizens
16
Indicate the categories of individuals about whom PII
is collected, maintained or shared.
Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other
17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?
500-4,999
The study will use PII from SEED 1 participants who consented
to being contacted for future studies to recontact them for
potential participation in SEED Teen. The PII data collected in
SEED Teen such as demographics and employment status will
be combined with data collected during the original SEED 1
case-control study for epidemiological analyses such as to
better understand the family’s use of social services.
Page 3 of 10
Save
19
Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)
Genetic data obtained from biosamples collected in the core
SEED 1 case-control protocol will be shared with two genetic
research consortia established and maintained by the National
Institutes of Health for additional research. The PII collected
will be used to maintain contact with the participants
throughout the course of the study and (if the participant
consents), this information may be retained for future contact
for a follow-up study.
20 Describe the function of the SSN.
SSN is not collected or used.
20a Cite the legal authority to use the SSN.
N/A
21
Identify legal authorities governing information use
N/A
and disclosure specific to the system and program.
22
Are records on the system retrieved by one or more
PII data elements?
Yes
No
Published:
Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.
09-20-0136, "Epidemiologic Studies and Surveilla
Published:
Published:
In Progress
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other
Identify the sources of PII in the system.
Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a
Identify the OMB information collection approval
number and expiration date.
OMB No. 0920-17ADR
Page 4 of 10
Save
Yes
24 Is the PII shared with other organizations?
No
maximize the use of the SEED
ubiorepository data.
Other Federal
Purpose maximize the use of the
Agency/Agencies SEED biorepository data.
State or Local
Agency/Agencies
Within HHS
24a
Identify with whom the PII is shared or disclosed and
for what purpose.
Private Sector
With participants permission, SEED will share mother and
child’s health, genetic and behavior information (collected
during our study in 2007-2011) with NDAR and dbGaP. Before
sharing any data, all identifying information such as name,
Describe any agreements in place that authorizes the address, and phone number, will be replace with a code
information sharing or disclosure (e.g. Computer
number. Both NDAR and dbGAP are restricted. Researchers
24b Matching Agreement, Memorandum of
who want to use these data must apply in writing to NIH for
Understanding (MOU), or Information Sharing
permission. Once they are approved, researchers must follow
Agreement (ISA)).
NIH policies to access and use the data in a secure way.
The dbGaP is an NIH database that has genetic data from
studies of a number of conditions. For more information, go to
http://www.ncbi.nlm.nih.gov/gap.
24c
Describe the procedures for accounting for
disclosures
Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
26
Is the submission of PII by individuals voluntary or
mandatory?
The CDC data sharing administrator must be notified of any
authorized or unauthorized disclosures as soon as possible.
The CDC data sharing administrator will track all disclosures in
a document stored in a CDC network folder. An accounting of
all disclosures that have been made of an individual's record(s)
may be requested by the subject individual, in writing to the
data sharing administrator.
Participants are notified of what data will be collected from
them and how this data will be used over the phone with study
staff. Parents/caregivers who provide verbal consent to enroll
in SEED Teen will receive a data collection packet mailing that
includes two questionnaires and consent. Telephone support
will also be available to those participants to answer questions
about consent and to assist completing any or all portions of
the questionnaires.
Voluntary
Mandatory
Describe the method for individuals to opt-out of the
Participants may opt out by not joining the study or by
collection or use of their PII. If there is no option to
27
contacting the SEED Teen study staff and indicate they wish to
object to the information collection, provide a
withdraw from the study.
reason.
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.
SEED Teen sites will be responsible for notifying study
participants of major changes to the use of participant data, if
changes are made. Sites may use differing methods to
communicate this information to study participants. No
change of this type is anticipated to take place throughout the
course of the study.
Page 5 of 10
Save
Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.
All sites will follow procedures outlined in the SEED Teen
protocol. Potential and participating individuals who have
concerns about the use/misuse/inaccuracy of their PII can
contact the study site, study PI, the governing IRB for the SEED
Teen site, as well as request for the information to be corrected
or withdrawn. Participants at any point in the study and after
can request to be removed from the study.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.
SEED Teen sites initially conduct a quality assurance step
comparing contact and demographic information gathered
from SEED 1 to the information gathered from participants in
SEED Teen. Inaccurate or irrelevant information is removed
from the system. Ongoing review of data entry accuracy occurs
during double data entry.
31
Identify who will have access to the PII in the system
and the reason why they require access.
Users
To identify the persons who the
questionnaire data belong to.
Administrators
For system administration only.
Developers
For system development and
maintenance.
Contractors
For review and quality assurance prior
to sharing with CDC
Others
User roles are implemented to limit information displayed to
Describe the procedures in place to determine which individual users, both for functional as well as security
32 system users (administrators, developers,
purposes. Information displayed to a particular role is limited
contractors, etc.) may access PII.
to necessary “need to know” information based on a specific
role’s required tasks throughout the study.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.
User roles are implemented to limit information displayed to
individual users, both for functional as well as security
purposes. Information displayed to a particular role is limited
to necessary “need to know” information based on a specific
role’s required tasks throughout the study.
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
Training and awareness is provided to personnel to make them
aware of their responsibilities for protecting the information
collected and maintained by SEED personnel. This training
includes IRB training which is supplemented by study specific
training on study specific confidentiality requirements. Once
confidentiality training is complete, personnel must sign a
confidentiality agreement that indicates that the signee has
carefully read and understands the agreement and the
confidentiality of all records handled in regard to the SEED
study. IRB and confidentiality training must be received before
an individual is allowed access to study data. Confidentiality
training is renewed every 365 days, and protection of human
subjects (IRB) training is renewed every 2 years.
Page 6 of 10
Save
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.
SEED study users receive study specific confidentiality training
in addition to IRB training. This training covers the procedures
and practices each SEED site intends to use to protect the
confidentiality of the data collected or distributed as part of
the SEED study. Study personnel (site staff, contractors, staff,
guest researchers, fellows, research assistants and anyone who
has approved access to study data) are required at all times to
maintain and protect the study data and confidential records
that may come into their presence and under their control.
This training covers, but is not limited to, the following areas of
concern: restrictions on use of information, enhanced
protection of computerized files as part of study
implementation, dissemination of research results, data
sharing with other study partners, analytic data access policies
and procedures, instructions concerning confidentiality
procedures, procedures for traveling with confidential study
materials, loss of study materials containing confidential data.
Once confidentiality training is complete, personnel must sign
a confidentiality agreement that indicates that signee has
carefully read and understands the agreement and the
confidentiality of all records handled in regard to the SEED
study. In addition, personnel in specific roles receive training
and awareness related to those roles as needed, e.g., computer
system administrators and other IT personnel receive training
on computer system security.
Yes
No
Records are retained and disposed in accordance with the
Scientific and Research Project Records Control Schedule.
At the end of SEED Teen, the PII will be retained, as per the
consent agreement, to enable future contact with the
participants. At the conclusion of the overall SEED program, all
PII will be retained by CDC for one year as per the CDC
Scientific and Research Project Records Control Schedule. After
one year, all identifiable information must be destroyed in
accordance with the Certificate of Confidentiality approved
application. The study periods for SEED and SEED Teen are
defined to include data analysis and publication. The end of
the study period will be considered to be 1 year after the final
manuscript from a SEED data analysis is submitted for
publication. No identifiable information will be retained or
transferred to the National Archives.
Identifying information will be collected during the data
collection period and will be kept private in a separate file from
the other data collection elements. Only the research staff will
have access to a list linking a participant’s study ID to his/her
study data. Each SEED Teen site‘s data will be stored separately
from all others and no site will have the means to access the
personally identifiable data stored by another site unless
granted permission to do so for specific study purposes.
Page 7 of 10
Save
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.
Administrative Controls:
Access to PII follows a least privilege model. Access to PII
follows a least privilege model. SEED staff receive study
specific confidentiality training in addition to IRB training. This
training covers the procedures and practices each SEED site
intends to use to protect the confidentiality of the data
collected or distributed as part of the SEED study. Study
personnel (site staff, contractors, staff, guest researchers,
fellows, research assistants and anyone who has approved
access to study data) are required at all times to maintain and
protect the study data and confidential records that may come
into their presence and under their control. This training
covers, but is not limited to, the following areas of concern:
restrictions on use of information, enhanced protection of
computerized files as part of study implementation,
dissemination of research results, data sharing with other study
partners, analytic data access policies and procedures,
instructions concerning confidentiality procedures, procedures
for traveling with confidential study materials, loss of study
materials containing confidential data. Once confidentiality
training is complete, personnel must sign a confidentiality
agreement that indicates that signee has carefully read and
understands the agreement and the confidentiality of all
records handled in regard to the SEED study.
Technical Controls:
Access to PII follows a least privilege model. The PII will be
secured in the CADDRE system. The CADDRE System Security
Plan describes the user privileges and the IRB documents
outline who should have access to what PII maintained in the
system.
Secure logins will be used to prevent unauthorized access from
the application. CADDRE enforces a limited number of invalid
access attempts by a user before lockout. Roles will be utilized
to prevent unnecessary viewing of PII. Storage will utilize FIPScompliant encryption. Server room remains locked at all times
through the use of RFID key cards and personal security
passcodes assigned to individual authorized IT staff with
proper security privileges.
Physical Controls:
Physical measures, policies, and procedures are in place at each
SEED site to protect information, buildings, and equipment
from unauthorized intrusions, environmental hazards, and
natural hazards.
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Page 8 of 10
Save
Reviewer Questions
Answer
Reviewer
Notes
2
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
Page 9 of 10
Save
Reviewer Questions
12
Answer
Were any changes made to the system because of the completion of this PIA?
Yes
No
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
Beverly E.
Walker -S
Digitally signed by
Beverly E. Walker -S
Date: 2018.02.16
10:26:28 -05'00'
HHS Senior
Agency Official
for Privacy
Page 10 of 10
File Type | application/pdf |
File Modified | 2018-02-16 |
File Created | 2013-03-29 |