Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.47.4
Status Redraft
Form Number
F-79373
Form Date
Question
Answer
1
OPDIV:
CDC
2
PIA Unique Identifier:
P-4839986-293434
2a Name:
11/27/2020 9:48:04 AM
Modernization Platform (MPN)
General Support System (GSS)
Major Application
3
Minor Application (stand-alone)
The subject of this PIA is which of the following?
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Operations and Maintenance
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
8b Planned Date of Security Authorization
No
Yes
No
Agency
Contractor
POC Title
Associate Director for IT
POC Name
Mike Loudermilk
POC Organization CDC/NIOSH/OD
POC Email
[email protected]
POC Phone
404.498.1988
New
Existing
Yes
No
11/27/2020 12:00:00 AM
Not Applicable
Page 1 of 13
Save
11 Describe the purpose of the system.
Modernization Platform (MPN) is a strategic effort to align
existing National Institute for Occupational Safety and Health
(NIOSH) investments to open standards and modern data
services. This platform provides a framework to effectively
manage and provide oversight of NIOSH Information
Technology (IT) systems while encouraging the adoption of
the NIOSH Analytical Data Warehouse (ADW) and CDC Cloud
Strategy.
The platform supports the replacement and limited
redevelopment of NIOSH applications using agile
methodologies. The platform will be Federal IT Acquisition
Reform Act (FITARA) compliant in planning, programming, and
budgeting and is FISMA (Federal Information Security
Management Act) Moderate.
MPN maintains Social Security Numbers (SSN), names, email
addresses, mailing/physical addresses, phone numbers,
medical notes, certificates, date of birth (DOB), photographic
identifiers, biometric identifiers, demographics (ethnicity and
gender), medical record numbers, military and employment
status.
Other related data include the types of injuries/fatalities
involved in incident, general time and physical location
information related to incident, general exposures, work
behaviors, cancer diagnoses, and other relevant risk factors
Describe the type of information the system will
with the intent to monitor cancer incidence and other health
collect, maintain (store), or share. (Subsequent
related risk factors. Also, desensitized narratives from surveys
12
questions will identify if this information is PII and ask and injury context are collected.
about the specific data elements.)
All full time employees and contractors that utilize MPN use
CDC user credentials/PIV card to access the system in
conjunction with Active Directory (AD) Services within the
CDC/Agency for Toxic Substances and Disease Registry
(ATSDR) Enterprise. AD has its own system and PIA. Authorized
System users have AD accounts with role-based access to the
information system. Some contractors use CDC credentials to
work on behalf of the agency.
External partners authenticate via Secure Access Management
Services (SAMS), which has it's own PIA.
Page 2 of 13
Save
MPN helps to store and share information amongst the NIOSH
divisions which are located in various states. The information
collected is accessed by authorized NIOSH employees, giving
them the ability to enter, search, and view collected data.
MPN collects and maintains identifying information about the
workers involved in the safety incident such as participant
names to ensure collected data is associated with the correct
person. DOB is collected to understand relationship between
age and safety. Medical information (medical notes, medical
records number, biometric identifiers, medical/health history)
is collected to understand the safety and health risks of certain
tasks and/or environments.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
Demographic information like ethnicity or gender is collected
to understand the role of ethnicity and gender in safety.
Contact information is to ensure that program participants can
be contacted. Employment status and work history is collected
to understand how a worker's role and industry employment
relates to safety.
Other data collected includes the types of injuries/fatalities
involved in incident for safety incident type classifications,
general time and physical location information related to
incident to understand environmental context. Also,
desensitized narratives, from surveys, that may help clarify
what the root causes and contributing factors were for the
incident. Injury context is collected in order to organize each
safety incident into quantifiable data that can be analyzed.
MPN collects external users’ business contact information
(email and phone number) for account set up and user
support.
All full time employees and contractors that utilize MPN use
CDC user credentials/PIV card to access the system in
conjunction with Active Directory Services within the CDC/
ATSDR Enterprise. AD has its own system and PIA. External
partners authentication via Secure Access Management
Services (SAMS), which has it's own PIA.
14 Does the system collect, maintain, use or share PII?
Yes
No
Page 3 of 13
Save
15
Indicate the type of PII that the system will collect or
maintain.
Social Security Number
Date of Birth
Name
Photographic Identifiers
Driver's License Number
Biometric Identifiers
Mother's Maiden Name
Vehicle Identifiers
E-Mail Address
Mailing Address
Phone Numbers
Medical Records Number
Medical Notes
Financial Account Info
Certificates
Legal Documents
Education Records
Device Identifiers
Military Status
Employment Status
Foreign Activities
Passport Number
Taxpayer ID
Demographic info
Medical/Health history
Ethnicity
Gender
Per Q12, states "military and employment status" is collected
by the system. Please select "Military Status" in your answer as
Question 15 Comments well.
Additionally, please also list "ethnicity and gender."
Employees
Public Citizens
Indicate the categories of individuals about whom PII
16
is collected, maintained or shared.
Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other
17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?
Publication Authors, Respirator Manufacturers seeking
approval.
1,000,000 or more
MPN collects external users’ business contact information
(email and phone number) for account set up and user
support. MPN collects and maintains identifying information
about the workers involved in the safety incident such as
participants' names to ensure collected data is associated with
the correct person. DOB is collected to understand any
relationship between age and safety. Medical information
(medical notes, medical records number, biometric identifiers)
is collected to understand the safety and health risks of certain
tasks and/or environments.
Page 4 of 13
Save
19
Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)
Secondary uses for collecting PII include informing workers of
study findings, analyzing data, administering surveys,
contacting participants, verifying the miner's identity, to keep
records of procedures performed within the system, and for
user account setup and user support.
MPN uses miner's SSN to search for data, verify identity, and
group radiographs taken during a miner's lifetime.
20 Describe the function of the SSN.
20a Cite the legal authority to use the SSN.
SSN is also used in determining whether a match is for a
particular worker. The set of information which MPN and the
data source have in common typically consists of SSN, name,
date of birth, and gender. These fields are used to ascertain
whether a linked record for a worker is a true match, a false
match, or whether it remains unclear. Without the SSN, many
of these determinations would be impossible.
Federal Mine Safety and Health Act, Sections 203 and
Occupational Safety and Health Act, Section 20
Occupational Safety and Health Act, Section 20, "Research and
Identify legal authorities governing information use Related Activities" (29 U.S.C. 669); Federal Mine Safety and
21
Health Act of l977, Sections 203, "Medical Examinations" and
and disclosure specific to the system and program.
50l, "Research" (30 U.S.C. 843, 95l); Public Health Service Act,
Section 301, "Research and Investigation" (42 U.S.C. 241).
22
Yes
Are records on the system retrieved by one or more
PII data elements?
No
Published:
Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.
09-20-0149 | Morbidity Studies in Coal Mining,
Metal and Non-metal Mining and General
Industry.
Published:
Published:
In Progress
Page 5 of 13
Save
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other
Identify the sources of PII in the system.
Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a
Identify the OMB information collection approval
number and expiration date.
24 Is the PII shared with other organizations?
OMB 0920-0953 Expires 08/31/2021
OMB 0920-0260, Expiration: 10/31/2020
Yes
No
Page 6 of 13
Save
Within HHS
Other Federal
Agency/Agencies
PII is provided to allow users to contact the publication
author with questions/comments.
The Mine Safety and Health Administration (MSHA) may be
provided PII when needed, as NIOSH runs the Coal Workers'
Health Surveillance Program (CWHSP) on their behalf.
PII is provided to IRS for matching with their database in
order to identify addresses for workers. PII is also provided
to Department of Energy in order to obtain additional
exposure data and study data.
24a
Identify with whom the PII is shared or disclosed and
for what purpose.
State or Local
Agency/Agencies
PII is provided to allow users to contact the publication
author with questions/comments. PII is also provided to the
State statistic offices and state cancer registries.
Private Sector
PII is provided to allow users to contact the publication
author with questions/comments.
Analysis files not containing direct identifiers may be shared
with collaborators or researchers interested in replicating the
study, either through a data use agreement or at a research
data center.
Lab testing with Clinical Laboratory Improvement
Amendments (CLIA) certified lab
Page 7 of 13
Save
Agreements are in place for data sharing as follows:
1) Data exchanged with National Death Index (NDI) is
governed by the NDI process which includes an application
process with protocol review of new studies.
2) Data exchanged with the Internal Revenue Service (IRS) is
governed Under Title 26 – Internal Revenue Code 6103(m)(3),
(https://www.irs.gov/irm/part11/irm_11-003-029) as amended
(Appendix A) and Public Law 96-128, title V, Sec. 502, as
amended, (http://thomas.loc.gov/cgi-bin/bdquery/z?
d096:HR02282:@@@D&summ2=m&). NIOSH has been granted
Describe any agreements in place that authorizes the authority for this type of search and has been vetted by IRS to
gain access and the use of their secure FTP site.
information sharing or disclosure (e.g. Computer
24b Matching Agreement, Memorandum of
3) Data exchanged with Department of Energy (DOE) InterUnderstanding (MOU), or Information Sharing
agency Agreement to collect study records from the various
Agreement (ISA)).
sites.
4) Data exchanged with state Vital Records departments are
governed by an approval process with each state at the time
requested.
5) Data exchanged with state cancer registries are governed by
an approval process with each state at the time requested.
7) Study analysis files not containing direct identifiers are
governed by Data Use Agreements or by restricted access
through National Center for Health Statistics (NCHS's) Research
Data Center.
Health Management Systems (HMS) Federal has established
the International Organization for Standardization (ISO) 9001
procedures for accounting for disclosures under this system.
24c
Describe the procedures for accounting for
disclosures
This is maintained by the system owner. Within this disclosure
ledger includes the date, the name (the address if known) of
the entity of the receiving person or agency, a brief description
of the information disclosed, and a brief purpose of the
disclosure (or a copy of the disclosure request).
This ledger is captured in a spreadsheet.
The National Firefighter Registry Consent Form explains how
the firefighter information will be kept private and requires
them to sign granting NIOSH permission to collect and use the
data when requesting access to participate in the NFR.
Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
26
Is the submission of PII by individuals voluntary or
mandatory?
When voluntarily signing up for an account, individuals
provide business contact information. The website form
describes the information collection and the use of PII.
Users requesting access to the system for a specific role will be
notified during the request either verbally or by email that
their user Id will be stored. New employees are notified via
email or verbally that their information will be stored.
Voluntary
Mandatory
Page 8 of 13
Save
Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.
Participation is voluntary and initiated by the users. Users
opting to participate are required to provide business contact
information as needed for account setup and user support.
Once established, users can opt out by contacting
[email protected] and their account will be disabled.
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
Users are notified of system updates via the email
28 and/or data uses have changed since the notice at
address they provide. Major changes in the use of PII are not
the time of original collection). Alternatively, describe anticipated and have not occurred.
why they cannot be notified or have their consent
obtained.
If PII has been inappropriately obtained, used, or disclosed, or if
the PII is inaccurate, an individual can contact the systems
program manager at [email protected].
Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or Concerns about PII can be directed to NIOSH MPN
that the PII is inaccurate. If no process exists, explain administrators at [email protected]. The administrators will
direct the concern to the system security steward who will
why not.
reach out to the individual and division management, NIOSH's
Information System Security Officer, and CDC's Privacy Office
for an appropriate resolution.
PII contained in the system is reviewed by MPN administrators
weekly and any incorrect information is remedied.
Additionally, users or authors may request their information be
updated by sending an email to the system administrators.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.
Integrity checks include: the data entry staff verify that PII
matches the form when entering the data, entered data are
compared to appropriate valid ranges of values, databases are
designed to eliminate redundancies, and database constraints
require values for critical fields and disallow invalid values.
Workers' addresses are updated prior to notifications.
Users may update their email address and phone number by
sending updates to [email protected]. Reviews are
conducted by NIOSH's Project Manager.
Users
Administrators
Identify who will have access to the PII in the system
31
and the reason why they require access.
Program researchers will have access
to their program's PII data in order to
conduct analysis.
Users are able to respond to inquiries
For creating user accounts and
communicating system status and
providing user support.
Developers
Contractors
Direct contractors serving as users
administrators.
Others
Page 9 of 13
Save
MPN utilizes Role Based Access Control (RBAC) that enforces
the most restrictive permissions for authorized users based on
their role. The Business Stewards determine which users can
Describe the procedures in place to determine which access PII based on their job role. Authorized administrators
and users are the only ones who can access the PII and they are
32 system users (administrators, developers,
authenticated against a list of users via Active Directory. The
contractors, etc.) may access PII.
Business steward ensures users complete tasks with only the
privilege necessary to perform their separate job functions.
Administrators access PII in order to run reports and update
the documentation criteria.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.
MPN personnel are identified at the project level by role, and
only appropriate personnel with the requisite skills and
knowledge are assigned to the project in the required role.
System users and administrators are given access based on the
principles of least privilege. Least Privilege model is applied,
ensuring privilege levels no higher than necessary to
accomplish required functions.
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
All users complete Security and Privacy Awareness Training at
least annually.
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.
The Division of Field Studies and Engineering (DFSE) annually
provides 308(d) training that includes Confidentiality as well as
Privacy Act and security training.
System administrators complete HHS Role Based Training at
least annually.
Yes
No
NIOSH handles and retains information system output and
retention in accordance with the CDC Records Management
Policy. CDC Records Control Schedule and other applicable
record scheduling procedures prescribed by the General
Records Schedule (GRS) and National Archives and Records
Administration (NARA). System stewards consult with the CDC
Records Manager to identify applicable records scheduling
requirements and otherwise manage electronic records.
Records Schedule 16, Item 14
Records Schedule N1-442-09-1, item 3 (4-57)
Records Schedule is N1-442-09-1, item 2
Records Schedule N1-GRS-98-2 item 23
Records Schedule CDC N1-442-2009-01, item 3 and 4
Records Schedule N1-442-09-1
GRS 20.2D
Page 10 of 13
Save
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.
Administrative: only authorized employees can access using
PIV card and system authentication.
The business steward authorizes new users for the system.
Data is secured by Active Directory and access is only granted
to users authorized by the business steward. Data is stored on
an encrypted database server. The servers and hard-copy
records reside in secured facilities which require PIV card
access. Comprehensive security plans are formalized through
the Security Assessment and Authorization (SA&A) process to
validate compliance with Federal Information Security
Management Act (FISMA) requirements.
Technical: both database layer and application layer access is
controlled by PIV card (network user credentials) to prevent
unauthorized access. PII is secured on the CDC network using
network shares and Server databases that limit access to the
appropriate staff. The network is protected with firewalls, and
intrusion detection systems. All users complete Security and
Privacy Awareness Training at least annually.
Physical: Hosted and stored on the consolidated web server
and database server which is located in a locked secure CDC
facility, secured with guards, ID badges, key cards and closed
circuit television (CCTV) with access only by authorized badged
staff or escorted visitors.
MPN is a platform framework that involves multiple URLs.
39 Identify the publicly-available URL:
40 Does the website have a posted privacy notice?
https://wwwn.cdc.gov/niosh-statedocs/Default.aspx
https://www.cdc.gov/niosh/topics/NOMS/
https://wwwn.cdc.gov/Niosh-whc/
https://wwwn.cdc.gov/NIOSH-CEL/
https://wwwn.cdc.gov/eworld
https://wwwn.cdc.gov/niosh-mining/
https://wwwn.cdc.gov/niosh-npg
https://wwwn.cdc.gov/niosh-oeb
https://wwwn.cdc.gov/niosh-ohsn
https://wwwn.cdc.gov/niosh-rhd
https://wwwn.cdc.gov/PPEINFO/Search
https://wwwn.cdc.gov/wisards/
https://wwwn.cdc.gov/wpvhc
Yes
No
40a
Is the privacy policy available in a machine-readable
format?
Yes
41
Does the website use web measurement and
customization technology?
Yes
No
No
Page 11 of 13
Save
Technologies
Yes
Web beacons
No
Yes
Web bugs
Select the type of website measurement and
41a customization technologies is in use and if it is used
to collect PII. (Select all that apply)
Collects PII?
No
Session Cookies
Persistent Cookies
Omniture:
Other... Session Storage
via browser
42
Does the website have any information or pages
directed at children under the age of thirteen?
Yes
43
Does the website contain links to non- federal
government websites external to HHS?
Yes
Yes
No
Yes
No
Yes
No
No
No
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
2
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
Page 12 of 13
Save
Reviewer Questions
6
Answer
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
Q10: The National Firefighter Registry (NFR) is being added as a sub-system of MPN and therefore, NFR
data will reside in MPN. NFR will be used to track and analyze on-the-job exposure to toxicants, cancer
trends and risk factors among the U.S. fire service to help the public safety community, researchers,
scientists and medical professionals find better ways to protect those who protect our communities and
environment. Collected data will be stored by unique participant ID and will be stored in a secure
database with multiple layers of encryption.
Beverly E.
Walker -S
Digitally signed by
Beverly E. Walker -S
Date: 2020.11.27
13:24:37 -05'00'
HHS Senior
Agency Official
for Privacy
Page 13 of 13
File Type | application/pdf |
File Modified | 2020-11-27 |
File Created | 2016-03-30 |