Reabstraction Study - Traditional and CHC Providers

Attachment J: 2018 Reabstraction Burden

Form Approved: OMB No. 0920-0234 Exp. Date xx/xx/20xx

NOTICE – Public reporting burden of this collection of information is estimated to average 1 minute per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to CDC/ATSDR Information Collection Review Office, 1600 Clifton Road, MS D-74, Atlanta, GA 30333, ATTN: PRA (0920-0234).

Assurance of confidentiality-We take your privacy very seriously. All information that relates to or describes identifiable characteristics of individuals, a practice, or an establishment will be used only for statistical purposes. NCHS staff, contractors, and agents will not disclose or release responses in identifiable form without the consent of the individual or establishment in accordance with section 308(d) of the Public Health Service Act (42USC 242m) and the Confidential Information Protection and Statistical Efficiency Act of 2001 (CIPSEA, Title 5 of Public Law 107-347). In accordance with CIPSEA, every NCHS employee, contractor, and agent has taken an oath and is subject to a jail term of up to five years, a fine of up to $250,000, or both if he or she willfully discloses ANY identifiable information about you. In addition, NCHS complies with the Federal Cybersecurity Enhancement Act of 2015. This law requires the federal government to protect federal computer networks by using computer security programs to identify cybersecurity risks like hacking, internet attacks, and other security weaknesses. If information sent through government networks triggers a cyber threat indicator, the information may be intercepted and reviewed for cyber threats by computer network experts working for, or on behalf, of the government.

The Cybersecurity Act of 2015 permits monitoring information systems for the purpose of protecting a network form hacking, denial of service attacks and other security vulnerabilities.¹ The software used for monitoring may scan information that is transiting, stored on, or processed by the system. If the information triggers a cyber threat indicator, the information may be intercepted and reviewed for cyber threats. The Cybersecurity Act specifies that the cyber threat indicator or defensive measure taken to remove the threat may be shared with others only after any information not directly related to a cybersecurity threat has been removed, including removal of personal information of a specific individual or information that identifies a specific individual. Monitoring under the Cybersecurity Act may be done by a system owner or another entity the system owner allows to monitor its network and operate defensive measures on its behalf.

¹ “Monitor” means “to acquire, identify, or scan, or to possess, information that is stored on, processed by, or transiting an information system”; “information system” means “a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information”; “cyber threat indicator” means “information that is necessary to describe or identify security vulnerabilities of an information system, enable the exploitation of a security vulnerability, or unauthorized remote access or use of an information system.”