Att 3. PIA Raising Health Boys (RHB)

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

N/A

Form Date

Question

Answer

1

OPDIV:

CDC/DDNID/NCIPC/DVP

2

PIA Unique Identifier:

TBD

2a Name:

01/08/20

Raising Healthy Boys (RHB)
General Support System (GSS)
Major Application

3

The subject of this PIA is which of the following?

Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Development
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

No
Yes
No
Agency
Contractor
POC Title

Project Officer

POC Name

Dasheema

POC Organization CDC/DDNID/NCIPC/DVP
POC Email

[email protected]

POC Phone

404.718.6686
New
Existing
Yes
No

8b Planned Date of Security Authorization
Not Applicable

Page 1 of 4

Save
8c

Briefly explain why security authorization is not
required

This is a new electronic data collection.

10

Describe in further detail any changes to the system
that have occurred since the last PIA.

N/A
The Raising Healthy Boy's (RHB) data collection is used for
recruitment and screening to determine if participants meet
study criteria. The contractor and data owner will collect the
de-identified data, consisting of questions and answers
pertaining to what it takes for parents to raise health boys in a
household. This data is collected in a focus group conducted
by the contractor.

11 Describe the purpose of the system.

All data collected during the focus group will be de-identified
and will not contain PII. It will contain focus group questions
based off of a study on the duties, responsibilities, events, and
Describe the type of information the system will
situations families experience while raising healthy males in a
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask household. The data has already been collected by the
contractor, we will just be analyzing that data.
about the specific data elements.)
The data will not be kept; it will be disposed of after the
analysis is done. The data is already de-identified when we
receive it.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

The data collection (RHB) will be collecting de-identified data
consisting of focus group questions pertaining to what it takes
to raise healthy boy in a household. All data has been
collected and stored on the contractor's servers. The
contractor will store it in a database on a secure server with
password protection, and can only be accessed by employees.
The contractor will destroy all data after focus groups are
finished and the study is over, and will not contact participants
following the focus group. There is no PII being collected in
this data collection.

14 Does the system collect, maintain, use or share PII?

Yes
No

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes
2

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Page 2 of 4

Save
Reviewer Questions

Answer

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Reviewer
Notes

General Comments

Page 3 of 4

Save
OPDIV Senior Official
for Privacy Signature

Beverly E.
Walker -S

Digitally signed by
Beverly E. Walker -S
Date: 2020.02.11
13:05:32 -05'00'

HHS Senior
Agency Official
for Privacy

Page 4 of 4