Pia

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

Form Date

Question

Answer

1

OPDIV:

CDC/NCHHSTP

2

PIA Unique Identifier:

0920-1178

2a Name:

Comprehensive HIV Prevention and Care for MSM of Color
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Initiation
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

No
Yes
No
Agency
Contractor

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8a Date of Security Authorization

POC Title

Health Scientist

POC Name

Kashif Iqbal

POC Organization DHAP/NCCHSTP/CDC
POC Email

[email protected]

POC Phone

404-718-8556
New
Existing
Yes
No

NA

Page 1 of 4

Save

9

Indicate the following reason(s) for updating this PIA.
Choose from the following options.

PIA Validation (PIA
Refresh/Annual Review)
Anonymous to NonAnonymous
New Public Access
Internal Flow or Collection

Significant System
Management Change
Alteration in Character of
Data
New Interagency Uses
Conversion

Commercial Sources
Other...
10

Describe in further detail any changes to the system
that have occurred since the last PIA.

No changes
To support state and local health departments to develop and
implement demonstration projects for provision of
comprehensive human immunodeficiency virus (HIV)
prevention and care services for men who have sex with men
(MSM) of color by creating a collaborative with community
based organizations (CBOs), clinics and other health care
providers, and behavioral health and social services providers
in their jurisdiction.

11 Describe the purpose of the system.

Client-level programmatic evaluation data which consists of
Semi-Annual Service Reports: for both persons at risk for
acquiring HIV and HIV-positive persons when possible.
Information will include data elements describing number of
Describe the type of information the system will
HIV tests, STD tests, Nonoccupational PostExposure
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask Prophylaxis (nPEP) health care services, and Pre-Exposure
Prophylaxis (PrEP) health care services that were reimbursed by
about the specific data elements.)
a third party payer; number of trainings, staff hired, and
contracts and partnerships executed for each health
department and its collaborative workforce to provide
culturally competent services.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

Local health jurisdictions collect name and address information
as identifiers on clients who receive HIV prevention and
continuum services, including HIV testing as part of clinical
care and follow up, this private identifiable information, (PII) is
collected as the normal course of their business. However, the
CDC is neither receiving, sharing, nor storing any of this data in
a federal of system of records. De-identified data only is
submitted via CDC secure File Transfer Protocol.

14 Does the system collect, maintain, use or share PII?

Yes
No

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes

Page 2 of 4

Save
Reviewer Questions
2

Answer

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Page 3 of 4

Save
Reviewer Questions

Answer

Reviewer
Notes

General Comments

OPDIV Senior Official
for Privacy Signature

Jarell
Oshodi -S

Digitally signed by Jarell
HHS Senior
Oshodi -S
Agency Official
Date: 2019.10.24
for Privacy
14:02:43 -04'00'

Page 4 of 4