Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.21
Status
Form Number
Form Date
Question
Answer
1
OPDIV:
ATSDR
2
PIA Unique Identifier:
0923-13RT
2a Name:
11/13/18
ATSDR Exposure Investigation - Extension
General Support System (GSS)
Major Application
3
The subject of this PIA is which of the following?
Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Implementation
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
No
Yes
No
Agency
Contractor
POC Title
Environmental Health Scientist
POC Name
Peter Kowalski
POC Organization ATSDR/DCHI/SSB
POC Email
[email protected]
POC Phone
770-488-0776
New
Existing
Yes
No
8b Planned Date of Security Authorization
Not Applicable
Page 1 of 12
�Save
Briefly explain why security authorization is not
8c
required
9
Indicate the following reason(s) for updating this PIA.
Choose from the following options.
This data collection does not have a dedicated IT system. It
uses various authorized Centers for Disease Control and
Prevention (CDC) systems for the collection, processing,
analysis, and storage of data .
PIA Validation (PIA
Refresh/Annual Review)
Anonymous to NonAnonymous
New Public Access
Internal Flow or Collection
Significant System
Management Change
Alteration in Character of
Data
New Interagency Uses
Conversion
Commercial Sources
OMB Generic Information Collection Request (ICR) extension
10
Describe in further detail any changes to the system
that have occurred since the last PIA.
None. This assessment represents an extension information
collection request.
Page 2 of 12
�Save
The Agency for Toxic Substances and Disease Registry (ATSDR)
Division of Community Health and Investigation (DCHI)
conducts public health assessments (PHAs) at sites when
requested by the U.S. Environmental Protection Agency (EPA),
states, organizations, or individual petitioners following the
Public Health Assessment Guidance Manual.
The purpose of the agency’s PHA process is to ascertain
whether a community has experienced environmental
exposures of concerns or is now being exposed to hazardous
substances, and if so whether conditions warrant additional
sampling and to decide if intervention is needed to minimize
or eliminate exposure. The process also serves as a mechanism
through which the agency responds to specific community
health concerns related to hazardous waste sites.
ATSDR scientists review environmental data to see how much
contamination is at a site, where it is, and how community
residents might come into contact with it. Generally, ATSDR
does not collect its own environmental sampling data but
when adequate environmental or exposure information to
assess human exposures and possible related health effects do
not exist, ATSDR will perform an Exposure Investigation (EI).
11 Describe the purpose of the system.
The EI team conducts point of human-contact sampling
focused on geographic areas where exposures are expected to
be high. EIs may include environmental (e.g, soil, drinking
water, sediment, food sources, etc.), biological sampling (e.g.,
blood, urine, etc.), or both. An EI, using purposive convenience
sampling, aims to identify the most highly exposed individuals
and measure their exposure. The results of the investigation
are site-specific and apply only to the participants from the
site. An EI is not considered a health study or research, and any
data gathered will thus not be disseminated as such.
Furthermore, the EI is not designed to provide individual
diagnoses, nor are participants' results intended to be
generalized to other populations and other communities. No
participants from external comparison groups are included in
the data collection.
As a public service and incentive to participate, EIs provide
individual exposure information back to the participants.
The Science Support Branch (SSB) also coordinates and lends
technical assistance to states, tribal, and territorial health
departments that conduct their own EIs as well as to states
included in ATSDR’s Partnership to Promote Localized Efforts
to Reduce Environmental Exposure (APPLETREE) Program
which sponsors state-led non-research EIs.
Page 3 of 12
�Save
Two primary types of information are collected during the EI
process: collection of environmental and/or biological data
and questionnaire data that will be used to better interpret the
sampling results obtained during the EI. The results of the
questionnaire will be recorded electronically in the field and
the data will be transferred to a secure server. The
questionnaire will include direct identifiers including name,
mailing address, phone numbers, medical notes, date of birth,
and E-Mail address; demographic information including
gender, age, ethnicity, and race; household information
including age of home and time of residency; and occupational
Describe the type of information the system will
information including occupations that may be related to a
collect, maintain (store), or share. (Subsequent
particular contaminant. Consent forms will be signed by
12
questions will identify if this information is PII and ask participants and the hard copy forms will be secured in a
about the specific data elements.)
locked cabinet at ATSDR. Appropriate information will be
shared with federal and state partners, as appropriate.
Participants may be asked to consent to their information
being shared with federal and state partners.
Users are authenticated to systems used in this information
collection via CDC's Active Directory and security card
credentials. PII collected from users and/or system
administrators to access the system consists of user credentials
like username, password, Personal Identity Verification (PIV)
card, and user ID. Users and system administrators include CDC
employees and badged contractors.
Page 4 of 12
�Save
Under this information collection, the EI will be completed
using an approved protocol. All collections are voluntary for
respondents. The information collected may include
environmental and/or biological samples and questionnaire
results, which will be used to interpret the sampling results.
PII information will be collected, including respondent's name,
address, phone number and email address to allow ATSDR to
provide respondents with their individual sampling results. PII
information will be stored on a secure server and access will be
limited to ATSDR personnel on the EI team.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
The information collected for the EI using the questionnaire
may include information regarding demographic and
residential history, household water use, occupational history,
and age and activity patterns. Basic health status information
(i.e., pregnancy status) may be obtained that will allow the
sampling results to be assessed for each participant. The
information collected will be used to better interpret the
sampling results obtained during the EI.
The questionnaire will be administered in person to
participants by ATSDR personnel. Questionnaire results will be
recorded in the field on a secure computer and transferred to a
secured server. Access to the server will be limited to ATSDR
personnel on the EI team. Appropriate information will be
shared with federal and state partners.
Participants will be asked to sign an adult consent form or a
parental permission and/or assent form for children younger
than 18 years old. The consent/parental permission/assent
forms will include permission for ATSDR to share information
with federal and state partners. Consent forms are hard copy
and will be secured in a locked cabinet.
14 Does the system collect, maintain, use or share PII?
Yes
No
Page 5 of 12
�Save
15
Indicate the type of PII that the system will collect or
maintain.
Social Security Number
Date of Birth
Name
Photographic Identifiers
Driver's License Number
Biometric Identifiers
Mother's Maiden Name
Vehicle Identifiers
E-Mail Address
Mailing Address
Phone Numbers
Medical Records Number
Medical Notes
Financial Account Info
Certificates
Legal Documents
Education Records
Device Identifiers
Military Status
Employment Status
Foreign Activities
Passport Number
Participant biological testing
results
Taxpayer ID
Participant environmental
sampling results
Household and
Demographic Information
Occupational Information
Other...
Employees
Public Citizens
16
Indicate the categories of individuals about whom PII
is collected, maintained or shared.
Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other
17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?
19
Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)
100-499
The primary purpose for collecting the PII for EIs is to provide
participants their individual sampling results.
Not applicable.
20 Describe the function of the SSN.
Not applicable.
20a Cite the legal authority to use the SSN.
Not applicable.
ATSDR is authorized under the ‘Comprehensive Environmental
Response, Compensation, and Liability Act of 1980’’ as
Identify legal authorities governing information use amended by ‘‘Superfund Amendments and Reauthorization
21
and disclosure specific to the system and program.
Act of 1986’’ (42 U.S.C. 9601, 9604).
22
Are records on the system retrieved by one or more
PII data elements?
Yes
No
Page 6 of 12
�Save
Published:
Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.
09-19-001 Records of Persons Exposed or Potent
Published:
Published:
In Progress
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other
Identify the sources of PII in the system.
Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a
Identify the OMB information collection approval
number and expiration date.
OMB package in process; OMB Control No. 0923-0048
(Expiration Date: 03/31/2019)
Yes
24 Is the PII shared with other organizations?
No
Within HHS
Identify with whom the PII is shared or disclosed and
24a
for what purpose.
Other Federal
Federal Agencies may assist with EIs.
Agency/Agencies The agencies may use PII if followState or Local
State Agencies may assist with EIs.
Agency/Agencies
Private Sector
Describe any agreements in place that authorizes the
information sharing or disclosure (e.g. Computer
A Memorandum of Understanding (MOU) providing a data use
24b Matching Agreement, Memorandum of
agreement for state and federal partners will be implemented,
Understanding (MOU), or Information Sharing
as needed.
Agreement (ISA)).
Page 7 of 12
�Save
24c
Describe the procedures for accounting for
disclosures
Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
26
Is the submission of PII by individuals voluntary or
mandatory?
As appropriate, PII will be shared with federal and state
partners. For instance, state agencies may obtain blood lead
results at a reportable level or EPA may obtain results to assist
with their remedial efforts at a site. All disclosures will be
recorded on an excel spreadsheet and will include the dataset,
who the dataset was disclosed to, and for what purpose.
Participants will sign consent forms or parental permission
forms/assent forms if participant is younger than 18 years old.
The forms have a provision that will request permission from
the participant to allow ATSDR to share their PII with federal
and state partners, as appropriate.
Voluntary
Mandatory
Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.
In the consent forms and parental permission/assent forms,
there is a provision for individuals to opt-out of the sharing of
their PII with partners. However, collection of PII will be
required to participate in the study so ATSDR can share results
of the testing with participants. They may also opt out of the EI
entirely by not responding, consenting, or by stated refusal.
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.
Participants will be notified by phone, email and/or mail using
information participants provided during the consent process.
Participants will be asked to consent to the change in writing
and the forms will be secured at ATSDR.
Individuals should contact the system manager, identify the
record and specify the information being contested, the
corrective action sought, and the reasons for requesting the
Describe the process in place to resolve an
individual's concerns when they believe their PII has correction, along with supporting information to show how
29 been inappropriately obtained, used, or disclosed, or the record is inaccurate, incomplete, untimely, or irrelevant. If
that the PII is inaccurate. If no process exists, explain an incident has occurred, the system manager will report the
potential incident to the CDC Security Incident Response Team
why not.
and Privacy Officer. The data manager in consultation with the
principal investigator will serve as the point of contact to
resolve concerns.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.
ATSDR personnel will determine whether the PII collected via
consent/parental permission/assent forms and questionnaires
are accurate. Participants will be provided ATSDR contact
information to allow them to inform ATSDR if their contact
information changes. ATSDR will use obtained contact
information to provide participants with biological testing
results.
Page 8 of 12
�Save
Users
Administrators
31
Identify who will have access to the PII in the system
and the reason why they require access.
ATSDR personnel will have access to PII
to provide participants with their test
ATSDR administrators will be
responsible for setting parameters
Developers
Contractors
ATSDR may use contractors for some
EIs and contractors will have access to
Others
Describe the procedures in place to determine which PII access will be limited to that needed to notify participants
of their testing results. ATSDR administrators will have access
32 system users (administrators, developers,
to PII as they set up and maintain permissions and access to
contractors, etc.) may access PII.
the server that will house the PII data for the EI.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.
ATSDR personnel will access PII data when they are recruiting
participants and providing sampling results to participants.
System managers will implement role based access controls on
share drives such that only designated staff may access PII. All
other staff may have access to de-identified data only.
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
All users will be required to complete CDC's annual security
and privacy training. All users with access to the study data will
be required to only access PII for the purpose of recruitment or
reporting testing results to participants. System managers
continuously monitor system activities to ensure compliance
with security requirements. A rules of behavior document for
EIs will be signed by the EI team and then implemented at each
site.
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
All EA personnel handling PII will complete appropriate privacy
training and obtain a Scientific Ethics Verification (SEV)
number.
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.
Yes
No
Records are retained and disposed of in accordance with the
ATSDR Comprehensive Records Control Schedule (B-371). Final
EI reports are permanent records. Site files generated in
support of the final report will be maintained in the Records
and Information Management Branch and transferred to a
Federal Records Center 5 years after the final report is
published. Site records will be destroyed 30 years after the
report is published. Disposal methods include the paper
recycling process, burning or shredding hard copy records, and
erasing computer files. Registry records will be actively
maintained as long as funding is provided for by legislation.
Page 9 of 12
�Save
Administrative Controls
ATSDR who maintain records are instructed in specific
procedures to protect the security of records, and are to check
with the system manager prior to making disclosure of data.
When individually identified data are being used in a room,
admittance is restricted to specifically authorized personnel.
Appropriate Privacy Act provisions will be adhered to for the EI.
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.
Technical Controls
Protection for computerized records includes programmed
verification of valid user identification code and password prior
to logging on to the system, mandatory password changes,
limited log-ins, virus protection, user rights/file attribute
restrictions and use of encrypted files. Password protection
imposes user name and password log-in requirements to
prevent unauthorized access. Each user name is assigned
limited access rights to files and directories at varying levels to
control file sharing. There are routine daily backup procedures
and secure off-site storage is available for backup files.
Knowledge of passwords is required to access systems which
are limited to users obtaining prior supervisory approval. When
possible, a backup copy of data is stored at an offsite location
and a log kept of all changes to each file and all persons
reviewing the file. Selected safeguards will be applicable to
specific elements of the system, as appropriate. Additional
safeguards may also be built into the program by the system
analyst as warranted by the sensitivity of the specific data set.
Study data files with PII will use file level encryption and
databases will employ column level encryption for PII.
Physical Controls
Questionnaires, log books, and other source data are
maintained in locked cabinets in locked rooms, and security
guard service in buildings provide personnel screening of
visitors. Access to facilities is controlled by a card key system.
Access to computer rooms is controlled by a card key and
security code system. Computer rooms are protected by an
automatic sprinkler system, numerous automatic sensors are
installed, and a proper mix of portable fire extinguishers is
located throughout the computer room. The system is backed
up on a nightly basis with copies of the files stored off site in a
secure fireproof safe. Computer workstations, lockable
personal computers, and automated records are located in
secured areas.
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
Page 10 of 12
�Save
Reviewer Questions
2
Answer
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Page 11 of 12
�Save
Reviewer Questions
Answer
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
Jarell
Oshodi -S
Digitally signed by Jarell
HHS Senior
Oshodi -S
Agency Official
Date: 2018.12.18
for Privacy
13:49:15 -05'00'
Page 12 of 12
�
| File Type | application/pdf |
| File Modified | 2018-12-18 |
| File Created | 2013-03-29 |