Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.47.4
Status Redraft
Form Number
F-14407
Form Date
Question
Answer
1
OPDIV:
NIH
2
PIA Unique Identifier:
P-1118564-913650
2a Name:
2/12/2019 1:09:29 PM
NIH Research and Training Opportunities
General Support System (GSS)
Major Application
3
Minor Application (stand-alone)
The subject of this PIA is which of the following?
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Operations and Maintenance
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
8a Date of Security Authorization
No
Yes
No
Agency
Contractor
POC Title
Program Specialist
POC Name
Steve Alves
POC Organization NIH/OD/OIR/OITE
POC Email
[email protected]
POC Phone
301-402-1294
New
Existing
Yes
No
10/1/2017 12:00:00 AM
Page 1 of 13
�Save
11 Describe the purpose of the system.
The Office of Intramural Training & Education (OITE)
administers programs and initiatives to recruit and develop
individuals who participate in research training activities on
the NIH's main campus in Bethesda, Maryland, as well as other
NIH facilities around the country. To facilitate its recruitment
function, the OITE maintains the NIH Research and Training
Opportunities (RTO) system, https://www2.training.nih.gov,
which includes applications and related forms for intramural
research training programs, including the Summer Internship
Program (SIP), the Postbaccalaureate Training Program (PBT),
the Graduate Partnerships Program (GPP), and the
Undergraduate Scholarship Program (UGSP). The application
system includes a back-end database that functions as a
centralized repository of information regarding program
applicants.
The RTO system also includes the Fellows Award for Research
Excellence (FARE) application, which is unique in that it is
aimed, not at prospective trainees, but at current NIH trainees
who wish to participate in the annual FARE travel award
competition. FARE is designed to foster and reward scientific
excellence in the NIH Intramural Research Program (IRP).
The Research Training Opportunities (RTO) system collects
information, including Personally Identifiable Information (PII),
necessary (1) to evaluate the qualifications of individuals who
seek intramural research training opportunities at the NIH, and
(2) to contact these individuals to discuss possible training
opportunities.
The RTO application system collects the following types of
information: Applicant's name, email address, permanent and
current address, telephone numbers, citizenship status,
relative at NIH (Y/N), relative's name and Institute-Center,
academic information (institutional affiliations, coursework
and grades, enrollment status, grade point average, academic
major, degrees earned, dates of attendance), publications,
Describe the type of information the system will
resume/curriculum vitae, cover letter/personal statement,
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask scientific research interests, contact information for up to 3
references, letters of recommendation and evaluation ratings
about the specific data elements.)
(submitted online by the references), eligibility information,
admission preferences, standardized examination scores,
reference information, mentor contact information,
dissertation research description, and password.
The Fellows Award for Research Excellence (FARE) application
collects contact information for the applicant and his/her
mentor, fellowship information, an abstract of the applicant's
current NIH research, and optional gender information.
Abstracts sometimes contain sensitive information, including
unpublished data, or novel experimental approaches.
Applicants gain access to their own record by using their email
address and a password combination.
Page 2 of 13
�Save
Research Training Opportunities (RTO) includes the online
applications for the Summer Internship Program (SIP), the
Postbaccalaureate IRTA program, the Graduate Partnerships
Program (GPP), and the Undergraduate Scholarship Program
(UGSP). RTO is central to the ability of the Office of Intramural
Training & Education (OITE) to complete its mission of
recruiting outstanding young scientists to the NIH. The system
also includes the Fellows Award for Research Excellence (FARE)
application.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
The primary purpose of the system is to assure that
prospective trainees to the NIH Intramural Research Program
(IRP) meet basic eligibility requirements; to assess their
potential as future scientists; to determine where mutual
research interests exist; and to make decisions regarding which
applicants will be proposed and approved for traineeship
awards. In each case, completing the application/registration
is voluntary, but in order to receive due consideration, the
prospective trainee must complete all required fields.
Access to RTO data is restricted to authorized NIH
investigators, staff, and administrators. There is one exception
to this, however—the Graduate Partnerships Program (GPP).
The GPP includes a number of NIH-University Partnerships (ten
such partnerships, currently), and applicants to these programs
must be accepted by both the NIH and the partner institution.
In some cases, to facilitate the review and selection process,
GPP administrators share program applications with university
partners, e.g., by sending them via NIH's Secure Email and File
Transfer Service (SEFT). Each of these programs has at least
one NIH Partnership Director and at least one University
Partnership Director. Some NIH-University Partnerships are
managed on NIH's end by OITE staff, while others are managed
by individuals at other ICs. Every NIH Partnership Director is an
authorized RTO account-holder.
Access to RTO by investigators, staff, and administrators is
based on IMS (Active Directory) and individualized permissions
based training program affiliation.
14 Does the system collect, maintain, use or share PII?
Yes
No
Page 3 of 13
�Save
15
Indicate the type of PII that the system will collect or
maintain.
Social Security Number
Date of Birth
Name
Photographic Identifiers
Driver's License Number
Biometric Identifiers
Mother's Maiden Name
Vehicle Identifiers
E-Mail Address
Mailing Address
Phone Numbers
Medical Records Number
Medical Notes
Financial Account Info
Certificates
Legal Documents
Education Records
Device Identifiers
Military Status
Employment Status
Foreign Activities
Passport Number
Taxpayer ID
y/n - age 18 by June 15 of the current year
y/n - age 17 by June 15 of current year
optional gender information (FARE)
Password
Per Q12, “Applicants gain access to their own record by using
Question 15 Comments their email address and a password combination.” Please
include “password” in the free text.
Employees
Public Citizens
16
Indicate the categories of individuals about whom PII
is collected, maintained or shared.
Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other NIH trainees; NIH fellows
17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?
100,000-999,999
The primary use of this information is to evaluate applicants'
qualifications for research training at the NIH, including
periodic updates to their record status.
OITE sometimes uses the email addresses provided by
applicants to send them notices regarding training
opportunities of potential interest to them.
Describe the secondary uses for which the PII will be
19
used (e.g. testing, training or research)
Other secondary uses for system PII include:
(a) Preparing appointment paperwork;
(b) Investigating possible cases of inappropriate use of the
system (e.g., violations of the NIH nepotism policy);
(c) Verifying the identity of users who contact us offline (e.g.,
by telephone) to report technical problems involving the
system;
(d) Administering the annual FARE competition.
Page 4 of 13
�Save
20 Describe the function of the SSN.
n/a
20a Cite the legal authority to use the SSN.
n/a
The legal authority granted to NIH to train future biomedical
scientists comes from several sources. Title 42 of the U.S. Code,
Sections 241 and 282(b)(13) authorize the Director, NIH, to
conduct and support research training for which fellowship
Identify legal authorities governing information use support is not provided under Part 487 of the Public Health
21
Service (PHS) Act (i.e., National Research Service Awards), and
and disclosure specific to the system and program.
that is not residency training of physicians or other health
professionals. Sections 405(b)(1)(C) of the PHS Act and 42
U.S.C. Sections 284(b)(1)(C) and 285-287 grant this same
authority to the Director of each of the Institutes/Centers at
NIH.
22
Yes
Are records on the system retrieved by one or more
PII data elements?
Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.
No
Published:
OPM/GOVT-1 - General Personnel Records
OPM/GOVT-5 - Recruiting, Examining, and
Placement Records
Published:
09-25-0014 - Clinical Research: Student Records
09-25-0108 - Personnel: Guest Researchers,
Special Volunteers, and Scientists Emeriti
Published:
09-25-0158 - Administration Records of
Applicants and Awardees of the Intramural
Research Training Awards Program
In Progress
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other
Identify the sources of PII in the system.
Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
Page 5 of 13
�Save
23a
Identify the OMB information collection approval
number and expiration date.
0925-0299, expiration 6/30/2019
Yes
24 Is the PII shared with other organizations?
No
Within HHS
PII may be shared with NIH Investigators and administrators
for admissions and appointment paperwork. Records may
also be disclosed to student volunteers, individuals working
under a personal services contract, and other individuals
performing functions for HHS who do not technically have
the status of agency employees, if they need the records in
the performance of their agency functions.
Other Federal
Agency/Agencies
24a
Identify with whom the PII is shared or disclosed and
for what purpose.
Disclosure may be made to the Department of Justice or to a
court or other tribunal when (a) HHS, or any component
thereof; or (b) any HHS employee in his or her official
capacity; or (c) any HHS employee in his or her individual
capacity where the Department of Justice (or HHS, where it is
authorized to do so) has agreed to represent the employee;
or (d) the United States or any agency thereof where HHS
determines that the litigation is likely to affect HHS or any of
its components, is a party to litigation or has an interest in
such litigation, and HHS determines that the use of such
records by the Department of Justice, court or other tribunal
is relevant and necessary to the litigation and would help in
the effective representation of the governmental party,
provided, however, that in each case HHS determines that
such disclosure is compatible with the purpose for which the
records were collected.
State or Local
Agency/Agencies
Disclosure may be made to a Federal, State or local agency
maintaining civil, criminal or other pertinent records, such as
current licenses, if necessary to obtain a record relevant to
an agency decision concerning the selection or retention of
a fellow.
Private Sector
Disclosure may be made to institutions providing financial
support.
Describe any agreements in place that authorizes the
information sharing or disclosure (e.g. Computer
24b Matching Agreement, Memorandum of
Understanding (MOU), or Information Sharing
Agreement (ISA)).
Each GPP institutional and Individual Partnership has its own
Memorandum of Understanding (MOU) between the NIH and
the university partner. The MOUs vary in content, training
duration, and financial support arrangements. MOUs are
finalized by the NIH OITE and managed by key NIH personnel.
Page 6 of 13
�Save
The OITE confers with the key NIH administrators when
information about a trainee/fellow needs to be shared outside
the agency.
Describe the procedures for accounting for
24c
disclosures
Disclosures from RTO are unlikely to be made; however, if
Privacy Act records are disclosed, the disclosing office will
maintain an accounting, and the disclosures will be made in
accordance with the applicable SORN.
The procedures by which GPP administrators share
information with university partners and account for these
disclosures vary from program to program.
Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
Each collection form used by the OITE has a Privacy Act
statement directly posted or a link to either or both of the URL
addresses:
~ https://www2.training.nih.gov/apps/messages/programs/
formsV2/privacy.aspx
~ https://www.training.nih.gov/privacy
Inclusion of the text and/or links ensures those completing the
form are well informed prior to entering data voluntarily.
26
Is the submission of PII by individuals voluntary or
mandatory?
Voluntary
Mandatory
Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.
There is no way for prospective applicants to opt out of the
collection or use of their PII. The applications and other forms
collect information (including PII) that is needed to evaluate
the qualifications of the individual seeking intramural research
training opportunities at the NIH.
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.
The OITE will confer with NIH administrators and general
counsel prior to making changes in how PII is used. If there is
a modification from the original intent, then a mail-merge
message to each affected individual will be sent from the
OITE's email address.
Page 7 of 13
�Save
The RTO system relies extensively on system-generated email
messages, and applicants and references can contact OITE by
replying to these messages. Also, there is a link to OITE's
"Contact Us" page, https://www.training.nih.gov/contact, in
the page footer of every RTO form. Individuals who have
concerns about their PII can use the information on this page
to notify us.
The OITE will confer with key offices, including but not limited
to NIH administrators, legal counsel, and ethics office, to
ensure the concerns of the individual are addressed in a timely
manner.
Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.
The RTO system also includes a transaction auditing module to
track record changes and system activity. This module can be
used by RTO administrators to investigate/confirm
inappropriate or suspicious activity.
RTO system administrators have tools enabling them to modify
system data (e.g., login credentials) when a breach is suspected
and to disable/lock individual RTO users' accounts in cases
where it is determined that the user has accessed, used, or
disclosed applicant data inappropriately. In such cases, OITE
disables and locks the account immediately and notifies the
user, as well as his/her Information Systems Security Officer
(ISS) or Scientific Director (SD), who determines the
appropriate next steps.
All system users have access to tools to manage their
passwords if they suspect that someone has accessed their
data through this system.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.
RTO data are managed in accordance with the Federal record
retention and disposal guidelines. Typically, an application
remains in the system for one year, after which time it is
archived. Archiving procedures vary from program to
program; for some, archiving occurs once monthly, while for
others, archiving is handled manually by system
administrators. Archived applications cannot be accessed by
internal RTO users, except for system developers and
authorized OITE staff. Archived applications are generally
retained for two years after being archived (i.e., for three years
total).
System developers monitor the database and online
application processes as a routine matter to ensure the data's
integrity and availability.
Page 8 of 13
�Save
Users
Administrators
31
Identify who will have access to the PII in the system
and the reason why they require access.
Developers
Contractors
NIH investigators, administrators, and
other NIH personnel who are involved
in the recruitment and selection of NIH
trainees. These individuals require
OITE personnel that have view/edit
access to RTO accounts, applications,
reports, and administrative tools.
These users can grant limited view/edit
System developers monitor the
database and online application
processes as a routine matter to ensure
the data's integrity and availability.
Direct contractors and NIH IT staff who
are responsible for managing/
maintaining all aspects of the
application system: web and database
Others
The RTO system uses a role-based approach to control access
to the PII contained within the program databases.
There are four RTO internal user types, or roles:
• Investigator: NIH investigators, administrators, and other NIH
personnel who are involved in the recruitment and selection of
NIH trainees and require vie-only access.
• Program Coordinator: IC administrators who have been
designated by their IC leadership to create and manage RTO
accounts for individuals within their own ICs and electronically
accept applicants on behalf of investigators and others within
their ICs.
Describe the procedures in place to determine which • Admin: OITE staff who have limited involvement in the
32 system users (administrators, developers,
administration of one or more programs.
contractors, etc.) may access PII.
• SuperAdmin: RTO developers and OITE staff who are involved
in the administration of multiple programs and require access
to the full suite of system tools, including those for managing
system user accounts.
SuperAdmins can further extend or restrict an authorized
user's access by granting or removing various permissions on a
program-by-program basis.
GPP administrators within OITE manage communication with
university partners, including the sharing of applications,
outside of the RTO system. University Partnership Directors are
responsible for designating university personnel who may
access shared applicant data.
Page 9 of 13
�Save
The only RTO users who can create new RTO accounts are
Program Coordinators and SuperAdmins. Decisions regarding
who at an IC may have access to RTO are (within limits
established by OITE) left up to the Program Coordinator(s) at
that IC. Occasionally OITE will create the account after
verifying from someone appropriately placed at the IC that the
individual requesting access has a legitimate business need to
access system data.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.
Program Coordinators can create view-only "Investigator"
accounts; SuperAdmins can create any kind of account. As a
rule, OITE will give a user elevated access within the system
only when the user needs that access to do his/her job.
By default, an Investigator account gives one read-only access
to the SIP and Postbac IRTA application pools. In cases where
it is known that a user does not require access to both
subsystems, a SuperAdmin can remove the user's access to
one, or even both, subsystems. A SuperAdmin might remove a
user's access to both subsystems if the user has agreed to serve
as a mentor to an incoming summer intern and does not
require access to the entire SIP applicant database. Authorized
users can share individual applications with another
authorized user. In these cases, the user's access to the shared
applications expires after 60 days.
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
The NIH Security Awareness Training course is used to satisfy
this requirement. According to NIH policy, all personnel who
use NIH applications must attend security awareness training
every year. There are four categories of mandatory IT training
(Information Security, Counterintelligence, Privacy Awareness,
and Records Management). Training is completed on the
http://irtsectraining.nih.gov site with valid NIH credentials.
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
Each RTO user has access to a role-specific RTO User's Guide.
While the guides are primarily focused on how to use the
system tools, some touch on such RTO policies as who may
access the system, etc.
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Yes
No
Records are maintained within RTO for a time of no less than
two years archived based on the NIH Manual Chapter 1743
Appendix-1 – NIH General Records Schedule items:
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.
~ 2.1.051 – Job Vacancy Case Files – Destroy 2 years after
termination of register – DAA-GRS-2014-0002-0007
~ 2.1.090 – Interview Records – Destroy 2 years after case is
closed by hire or non-selection, expiration of right to appeal a
non-selection, or final settlement of any associated litigation,
whichever is later. – DAA-GRS-2014-0002-0008
Page 10 of 13
�Save
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.
Administrative Controls: RTO applies role-based security to
ensure access is restricted to the appropriate user groups. All
system users are required to accept the RTO Terms of Use
every time they sign in. The Terms of Use page notes that the
system contains information that is subject to the Privacy Act;
describes the user's responsibilities regarding the safeguarding
of system data; and states that unauthorized access or use of
this system may subject violators to criminal, civil, and/or
administrative action. At any time, Program Coordinators can
disable accounts of individuals at their respective ICs who
leave the NIH or transfer to another IC. In addition, RTO
administrators conduct a comprehensive review of all system
accounts once annually, disabling/locking those belonging to
individuals who are no longer at the NIH and purging all
dormant accounts. Also, RTO administrators conduct periodic
and ongoing monitoring of system audits and system email
traffic to identify cases of inappropriate access to or use of the
system.
Technical Controls: Access to the system is controlled by NIH
Login, which authenticates the user prior to granting access.
Access level and permissions are controlled by the system and
based on user, role, and organizational unit.
Physical Controls: The servers reside in the Office of
Information Technology (OIT) hosting facility, where policies
and procedures are in place to restrict access to the machines.
This includes guards at the front door and entrance to the
machine room.
Summer Internship Program (series of subprograms) https://www2.training.nih.gov/transfer/SIPApp
Undergraduate Scholarship Program https://www2.training.nih.gov/transfer/UGSPApp
39 Identify the publicly-available URL:
Postbaccalaureate IRTA Training Program https://www2.training.nih.gov/transfer/PBTApp
Graduate Partnerships Program https://www2.training.nih.gov/transfer/GPPApp
Fellows Award for Research Excellence (FARE) https://www2.training.nih.gov/transfer/fareapp
40 Does the website have a posted privacy notice?
Yes
No
40a
Is the privacy policy available in a machine-readable
format?
Yes
41
Does the website use web measurement and
customization technology?
Yes
No
No
Page 11 of 13
�Save
Technologies
Yes
Web beacons
No
Yes
Web bugs
Select the type of website measurement and
41a customization technologies is in use and if it is used
to collect PII. (Select all that apply)
Collects PII?
No
Session Cookies
Persistent Cookies
Yes
No
Yes
No
Yes
Other...
No
42
Does the website have any information or pages
directed at children under the age of thirteen?
Yes
43
Does the website contain links to non- federal
government websites external to HHS?
Yes
Is a disclaimer notice provided to users that follow
43a external links to websites not owned or operated by
HHS?
Yes
No
No
No
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
2
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
Page 12 of 13
�Save
Reviewer Questions
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Answer
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
The RTO is a child component that resides under another boundary, ODGSS, inherits its UUID.
This component is under the Office of the Director General Support System (OD GSS), whose Universal
Unique Identifier (UUID) is: 2092B382-A4F2-4FD5-A93E-1857E18B771E.
Ralph D.
French -S
Digitally signed by Ralph
HHS Senior
D. French -S
Agency Official
Date: 2019.02.12
for Privacy
15:37:42 -05'00'
Page 13 of 13
�
| File Type | application/pdf |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |