Privacy Impact Assessment

Save

Privacy Impact Assessment Form
v 1.47.4
Status Draft

Form Number

F-51337

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

P-2367956-084553

2a Name:

5/2/2017 9:32:11 AM

Traumatic Brain Injury Surveillance System (TBISS)
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Implementation
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8b Planned Date of Security Authorization

No
Yes
No
Agency
Contractor
POC Title

Epidemiologist

POC Name

Bethany West

POC Organization ONDIEH/NCIPC/DUIP
POC Email

[email protected]

POC Phone

770.488.0602
New
Existing
Yes
No
May 30, 2017
Not Applicable

Page 1 of 7

Save

11 Describe the purpose of the system.

The Traumatic Brain Injury Surveillance System (TBISS) is being
implemented as a means to accurately determine how many
children and adults experience a traumatic brain injury (TBI)
each year in the United States, to collect information about the
circumstances of the TBI, and to identify groups most at risk for
TBI. By administering the surveillance system over time, the
surveillance system can monitor trends and allow for an
understanding of whether TBIs are increasing or decreasing,
and whether prevention efforts are effective.

Describe the type of information the system will
The data collected will include first names, phone numbers
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask and email addresses, as well as information from the
respondents regarding their experiences with TBI.
about the specific data elements.)

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

14 Does the system collect, maintain, use or share PII?

The TBI surveillance system is a computer-assisted and web
interviewing platform for data analysis and sample processing.
The system will be used to accurately determine how many
children and adults experience a TBI each year in the United
States, to collect information about the circumstances of the
injury, and to identify groups most at risk for TBI. By
administering this survey, the system will be able to monitor
trends and show if TBIs are increasing, decreasing, and
whether prevention efforts are effective.
The data collected will include first names, phone numbers,
and email addresses, as well as information from the
respondents regarding their experiences with TBI. The data
will be collected by Computer-Assisted Telephone Interview
(CATI) and Web Interview (CAWI). The raw data will not be
exported outside the system. Summary analyses of trends and
statistics, which do not contain PII, will be sent to the CDC. The
TBI surveillance system will collect and or store, but not share,
phone numbers, names, and email addresses.
Yes
No

Page 2 of 7

Save

15

Indicate the type of PII that the system will collect or
maintain.

Social Security Number

Date of Birth

Name

Photographic Identifiers

Driver's License Number

Biometric Identifiers

Mother's Maiden Name

Vehicle Identifiers

E-Mail Address

Mailing Address

Phone Numbers

Medical Records Number

Medical Notes

Financial Account Info

Certificates

Legal Documents

Education Records

Device Identifiers

Military Status

Employment Status

Foreign Activities

Passport Number

Taxpayer ID

Employees
Public Citizens
16

Business Partners/Contacts (Federal, state, local agencies)

Indicate the categories of individuals about whom PII
is collected, maintained or shared.

Vendors/Suppliers/Contractors
Patients
Other

17 How many individuals' PII is in the system?

18 For what primary purpose is the PII used?

19

Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)

5,000-9,999
The first names, alternate phone numbers and email addresses
will be used in order to contact the respondents for the
interviews.
No secondary uses.

20 Describe the function of the SSN.

N/A

20a Cite the legal authority to use the SSN.

N/A

21

Identify legal authorities governing information use
Public Health Service Act, Section 301, "Research and
and disclosure specific to the system and program.
Investigation" (42 U.S.C. 241)

22

Are records on the system retrieved by one or more
PII data elements?

Yes
No

Page 3 of 7

Save
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23

Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other

Identify the sources of PII in the system.

Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a

Identify the OMB information collection approval
number and expiration date.

24 Is the PII shared with other organizations?

Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.

26

Is the submission of PII by individuals voluntary or
mandatory?

Submitted but still pending.
Yes
No
A disclosure notification will be part of the script read to adult
respondents. The preference is for the adolescent respondent
to complete their own survey at the time of the initial survey
with their parent. If the adolescent is not available, the script
will ask the parent/guardian on the phone for a cell phone
number and email address for the 13-17 year old. Only after
obtaining permission from the parent, will interviewers record
the contact information for the adolescent in the household.
Voluntary
Mandatory

Respondents can refuse to answer any question that they do
not want to answer. Additionally, we will collect recontact
Describe the method for individuals to opt-out of the information for adolescents only after a parent/guardian gives
consent for their child to participate in the survey. Only after
collection or use of their PII. If there is no option to
27
obtaining permission from the parent, will interviewers record
object to the information collection, provide a
the contact information for the adolescent in the household.
reason.
Further, even if the parent consents, the child can still refuse to
provide assent, and can likewise decline to answer any
question he or she does not want to answer.

Page 4 of 7

Save
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.
Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.

The parents will be notified if there are any major changes to
the system or the PII maintained within the system.

Any issues experienced by survey participants would be
initiated by the adolescent's parent or guardian and resolved
through the local Institutional Review Board (IRB).
The database/web administrator periodically reviews and
compares the PII contained in the system against the
spreadsheets/database to ensure the data's integrity,
availability, accuracy and relevancy.
Users

The users will have access only to their
own information when submitting
responses to the survey.

Administrators

Server Administrators and Domain
Administrators have full local admin
access to all servers, as required to
support the systems and administer
other server and domain user
privileges, as well as support database
application and backup process.

Developers
31

Identify who will have access to the PII in the system
and the reason why they require access.

Contractors

Others

Data Analysts require access to process
and analyze the data and to upload list
data to the dialer. Telephone
Interviewers will need to enter the data
into the collection system, but will
have access only to one respondent's
replies at a time, and only while on the
phone with the respondent.
Supervisors over the telephone
interviewers are able to listen to
interviews for quality control (QC)
purposes.

Describe the procedures in place to determine which
Role Based Access Control (RBAC) is used to determine who
32 system users (administrators, developers,
has access to PII.
contractors, etc.) may access PII.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.

The Least Privilege model is utilized allow those with
access to PII to only access the minimum amount of
information necessary to perform their job.

Page 5 of 7

Save
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?

All project staff are required to take annual training in
cybersecurity, security awareness, privacy training, and Ethics
training. This training has been reviewed and is compatible
with CDC requirements and in accordance with contractual
agreement.
All project staff receive system specific training on system use.
This training has been reviewed and is compatible with CDC
requirements.

Yes
No

Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.

Records are retained and disposed of in accordance with the
CDC Records Control Schedule and in accordance with
contractual agreement. Record copy of study reports are
maintained in agency from two to three years in accordance
with retention schedules. Source documents for computer are
disposed of when no longer needed by program officials.
Personal identifiers may be deleted from records when no
longer needed in the study as determined by the system
manager, and as provided in the signed consent form, as
appropriate. Disposal methods include erasing computer
tapes, burning or shredding paper materials or transferring
records to the Federal Records Center when no longer needed
for evaluation and analysis. Records are retained for 20 years;
for longer periods if further study is needed. (Record Schedule
N1-442-09-1)

Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.

Administrative controls include a system security plan,
contingency plan, regular back up of files and storage of
backups off site, role-based security awareness training, least
privilege access enforced through Active Directory groups,
separate user and privileged accounts for administrators,
policies and procedures in place for retention and destruction
of PII, and a corporate incident response team and incident
response plans. Technical controls include identification and
authentication using unique user IDs, passwords, and smart
cards, use of firewalls and intrusion detection/prevention
systems, virus scanning software on all computers, and a SIEM
solution. Physical controls include guards, identification
badges, key cards, and closed circuit TV.

39 Identify the publicly-available URL:

https://www.headinjurysurvey.com

40 Does the website have a posted privacy notice?

Yes
No

40a

Is the privacy policy available in a machine-readable
format?

Yes

41

Does the website use web measurement and
customization technology?

Yes

No
No

Page 6 of 7

Save
42

Does the website have any information or pages
directed at children under the age of thirteen?

Yes

43

Does the website contain links to non- federal
government websites external to HHS?

Yes

No

No

General Comments

OPDIV Senior Official
for Privacy Signature

Beverly E.
Walker -S

Digitally signed by Beverly E. Walker -S
DN: c=US, o=U.S. Government,
ou=HHS, ou=CDC, ou=People,
0.9.2342.19200300.100.1.1=10014403
43, cn=Beverly E. Walker -S
Date: 2017.07.20 16:46:33 -04'00'

Page 7 of 7