PIA-DOSE data templates

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

Form Date

Question

Answer

1

OPDIV:

CDC/ONDIEH/NCIPC/DUIP

2

PIA Unique Identifier:

2928

2a Name:

03/20/19

Drug Overdose Surveillance and Epidemiology (DOSE)
General Support System (GSS)
Major Application

3

The subject of this PIA is which of the following?

Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Implementation
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

No
Yes
No
Agency
Contractor
POC Title

Business Steward

POC Name

Matthew Gladden

POC Organization ONDIEH/NCIPC/DUIP
POC Email

[email protected]

POC Phone

770-488-0602
New
Existing
Yes
No

8b Planned Date of Security Authorization
Not Applicable

Page 1 of 5

Save
8c

9

Briefly explain why security authorization is not
required

Indicate the following reason(s) for updating this PIA.
Choose from the following options.

This is a new electronic data collection.
PIA Validation (PIA
Refresh/Annual Review)
Anonymous to NonAnonymous
New Public Access
Internal Flow or Collection

Significant System
Management Change
Alteration in Character of
Data
New Interagency Uses
Conversion

Commercial Sources
Other...

10

Describe in further detail any changes to the system
that have occurred since the last PIA.

11 Describe the purpose of the system.

We are now planning to transition the data collection from
Excel/CDC SAMS to the NCIPC partners portal. The name of the
system has changed from “Emergency Department Overdose
Data Collection Tool (EDODCT)” to “Drug Overdose
Surveillance and Epidemiology (DOSE)”.
The purpose of the system is to rapidly identify large changes
in drug overdoses trends including outbreaks of illnesses and
to estimate the healthcare burden of treating drug overdoses
in hospitals.

This tool is used to collect aggregate preliminary counts of all
emergency department (ED) visits involving suspected drug
overdoses collected by state and territorial health departments
from their local data systems. This data will be shared with CDC
using a standardized data template within two weeks, one
month, or three months of occurrence depending on state
capacity. Finalized counts of emergency department visits and
Describe the type of information the system will
hospitalizations involving drug overdose will be shared with
collect, maintain (store), or share. (Subsequent
CDC using a standardized CDC data template about two years
12
questions will identify if this information is PII and ask after they occurred. In addition to collecting data on the
about the specific data elements.)
number of emergency department visits and hospitalizations
due to suspected drug overdoses occurring across the full
jurisdiction, the tool will group data by 10 age levels (0-10,
11-14, 15-24, 25-34, 35-44, 45-54, 55-64, 65-74, 75-84, and 85
and older), sex (male, female, unknown), county, and four
substance categories (any drug, any opioids, any heroin, and
any stimulants. No personally identifying information (PII) is
collected.

Page 2 of 5

Save
The Partner's Portal System (PPS) is an EMSSP Moderate
External web application that provides data collection,
management, analysis, visualization, reporting, and sharing in
support of National Center for Injury Prevention and Control’s
(NCIPC) mission to prevent violence and injuries through
science and action.
PPS will allow transmission of various datasets to be uploaded,
validated, and routed to a file share for storage and forms that
capture various types of Grantee metadata to be stored on a
SQL database enabling reporting across NCIPC programs. The
data is owned by state grantees, healthcare facilities, and CDC
Partners who are willing to share the data with CDC for analysis
and reporting purposes.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

The type of information the Partner Portal will collect, maintain
and store are grantees strategies, sub-strategies, activities, and
progress reports made on an annual basis. There is no PII
being used for CDC State Partners. ) Data elements that are
captured across the grantee strategies, sub-strategies and
activities are the overview of each strategy, Intermediate
Indicators identifying how successful the implementation of
each sub-strategy, Previous and Mid-Year Progress are
descriptions of the progress made towards defined activities,
grantee meta provides information such as state (grantee)
name, Notice of Funding Opportunity Name, and submission
date. The progress report is a formatted PDF of all the
information entered by a state that is used for final submission
to the Office of Financial Resources.
The data will be used to support NCIPC research agenda and
translating from science to practice lead by the Injury
programs. Once the data reside in the CDC environment, it will
be exported in various file formats to be used in other
information, analysis and visualization systems throughout the
Injury center. CDC State Partners uses SAMS as the
authentication mechanism for access to Partner Portal System
(PPS) Web Application hosted in the CSAMS Environment.
Access is extended via invitation only. Passwords are not
required to login to the application. However, users are
authenticated through the Secure Access Management
Services before routed to the Partners Portal System.

14 Does the system collect, maintain, use or share PII?

Yes
No

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes

Page 3 of 5

Save
Reviewer Questions
2

Answer

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Page 4 of 5

Save
Reviewer Questions

Answer

Reviewer
Notes

General Comments

OPDIV Senior Official
for Privacy Signature

Jarell
Oshodi -S

Digitally signed by Jarell
HHS Senior
Oshodi -S
Agency Official
Date: 2019.05.09
for Privacy
15:24:32 -04'00'

Page 5 of 5