2018 NAMCS FAQs

Attachment R: 2018 NAMCS FAQs
NAMCSFAOs
WHO WILL SEE MY ANSWERS?
We take your privacy very seriously. All information that relates to or describes identifiable
characteristics ofindividuals, a practice, or an establishment will be used only for statistical
purposes. NCHS staff, contractors, and agents will not disclose or release responses in identifiable form
without the consent ofthe individual or establishment in accordance with section 308(d) ofthe Public
Health Service Act (42 U.S.C. 242m(d)) and the Confidential Information Protection and Statistical
Efficiency Act of2002 (CIPSEA, Title 5 ofPublic Law 107-347). In accordance with CIPSEA, every
NCHS employee, contractor, and agent has taken an oath and is subject to a jail term ofup to five years,
a fine ofup to $250,000, or both ifhe or she willfully discloses ANY identifiable information about
you. In addition, NCHS complies with the Federal Cybersecurity Enhancement Act of2015 (6 U.S.C.
§ § 151 & 151 note). This law requires the federal government to protect federal computer networks by
using computer security programs to identify cybersecurity risks like hacking, internet attacks, and other
security weaknesses. Ifinformation sent through government networks triggers a cyber threat indicator,
the information may be intercepted and reviewed for cyber threats by computer network experts working
for, or on behalfof, the government.
WHAT DO MY ANSWERS HAVE TO DO WITH CYBERSECURITY?
The Federal Cybersecurity Enhancement Act of2015 allows software programs to scan information that
is sent, stored on, or processed by government networks in order to protect the networks from hacking,
denial ofservice attacks, and other security threats. Ifany information is suspicious, it may be reviewed
for specific threats by computer network experts working for the government (or contractors or agents
who have governmental authority to do so). Only information directly related to government network
security is monitored. The Act further specifies that such information may only be used for the purpose
ofprotecting information and information systems from cybersecurity risks.
WHAT DOES "MONITOR" MEAN IN THE ADVANCE LETTER?
"Monitor" means "to acquire, identify, or scan, or to possess, information that is stored on, processed by,
-- or transiting an info1mation system"; "infonnation system" means "a discrete set ofinformation
resources organized for the collection, processing, maintenance, use, sharing, dissemination or
disposition ofinformation"; "cyber threat indicator" means "information that is necessary to describe or
identify security vulnerabilities ofan information system, enable the exploitation ofa security
vulnerability, or unauthorized remote access or use ofan information system."