Assurance Of Confidentiality

Attachment 7. Assurance of Confidentiality

ASSURANCE OF CONFIDENTIALITY

THE NATIONAL FIREFIGHTER REGISTRY (NFR) DATA

FIELD RESEARCH BRANCH (FRB)

DIVISION OF FIELD STUDIES AND ENGINEERING (DFSE)

NATIONAL INSTITUTE FOR OCCUPATIONAL SAFETY AND HEALTH (NIOSH)

CENTERS FOR DISEASE CONTROL AND PREVENTION (CDC)

2020

(UNDER REVIEW BY THE CDC PRIVACY AND CONFIDENTIALITY UNIT)

*The Assurance of Confidentiality was cleared by DFSE on 7/27/2020

The Secretary of Health and Human Services (HHS) delegated authority to the National Institute for Occupational Safety and Health (NIOSH) of the Centers for Disease Control and Prevention (CDC) to collect health and occupational information for the purpose of monitoring and evaluating the cancer incidence among firefighters in the United States and its territories as outlined in the Firefighter Cancer Registry Act of 2018. National Firefighter Registry (NFR) data will be used by scientists within CDC/NIOSH to monitor cancer incidence among firefighters and evaluate the relationship between occupational factors and other risk factors and cancer incidence. The data can also be analyzed for other purposes provided those purposes are related to public health surveillance or firefighter health and safety research.

We have requested authorization under Section 308(d) of the Public Health Service Act, (42 U.S.C. 242 m (d)) to assure the confidentiality of NFR data obtained from individual firefighters by protecting directly and indirectly identifiable information. Identifiable information on firefighter participants provided by other institutions (e.g., fire departments, population-based cancer registries) will also be protected, and in instances where participating firefighters may be indirectly identified through the name of an institution (e.g., a fire department with less than 10 participants in the NFR), the names of the institutions may be protected as well. Identifiable information collected will be kept confidential and, aside from CDC/NIOSH or other Federal employees assigned to the project, government contractors, visiting scientists, guest researchers, and fellows and trainees, no one will be allowed to see or have access to the information. All individuals who handle the information will be required to adhere to a security and confidentiality protocol, participate in annual security training, and sign a 308(d) Nondisclosure Agreement and 308(d) Confidentiality Pledge.

Data in the NFR will be used only for the purposes stated in this assurance of confidentiality and will not be disclosed or released without the consent of the parties who were given this assurance. No directly identifiable information will be disclosed to any party that does not have a professional relationship with CDC/NIOSH, even after death of the individuals in this surveillance system. Identifiable information will not be disclosed to consumer advocacy groups; insurance companies; any party involved in civil, criminal, or administrative litigation; or any other member of the public.

If CDC/NIOSH receives a Freedom of Information Act (FOIA) request for the NFR data, we will work to disclose only the NFR data that is not protected under this assurance of confidentiality, protecting all information that is either directly or indirectly identifiable. NFR data will only be accessible to external researchers through a Research Data Center (RDC).  All requests for NFR data files must be made through a proposal to the RDC. The proposal will be reviewed by the RDC, CDC/NIOSH, and any applicable population-based cancer registries (when cancer status information is requested) outlined in the proposal. If approved by all parties, the appropriate data files will be provided to the RDC for analysis. All direct identifiers will be removed but indirect identifiers at the individual level may be provided to allow for the requested analysis, unless release of that data is restricted by another party (e.g., population-based cancer registry). However, some data (e.g., cells with n<10) may be redacted to minimize the possibility of identifying participants through indirect identifiers. Only summary data tables may be removed from the RDC and will be reviewed by RDC staff to ensure that participants cannot be indirectly identified.