Privacy Impact Assessment

Att 15_PIA.pdf

Identification of Behavioral and Clinical Predictors of Early HIV Infection (Project DETECT)

Privacy Impact Assessment

OMB: 0920-1100

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 0920-1100 can be found here:
2021-12-07 - Extension without change of a currently approved collection
Document [pdf]
Download: pdf | pdf
Save

Privacy Impact Assessment Form
v 1.45
Status Draft

Form Number

F-31707

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

P-6091709-944628

2a Name:

Diagnostic Evaluation To Expand Critical Testing Technologies (
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Implementation
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8b Planned Date of Security Authorization

No
Yes
No
Agency
Contractor
POC Title

IT Specialist

POC Name

Pamela Phillips

POC Organization NCHHSTP/OD
POC Email

[email protected]

POC Phone

404.639.8581
New
Existing
Yes
No
June 26, 2015
Not Applicable

Page 1 of 3

Save
The purpose of the system is to securely transmit de-identified
datasets to CDC at regular intervals from the University of
Washington’s (Contractor’s) clinical site. CDC owns the
datasets developed as part of this project.

11 Describe the purpose of the system.

Describe the type of information the system will
Types of data include a unique study ID number, HIV risk
collect, maintain (store), or share. (Subsequent
behavior, point-of-care HIV test results, symptoms of acute HIV
12
questions will identify if this information is PII and ask infection, and laboratory test results.
about the specific data elements.)
The purpose of the system is to securely transmit de-identified
datasets to CDC. The data types involved will consist of a
unique study ID number, HIV risk behavior, point-of-care HIV
test results, symptoms of acute HIV infection, and laboratory
test results.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

This de-identified data will be used by CDC to evaluate the
performance of the newest HIV tests using fresh whole blood
and oral fluid specimens. CDC is particularly interested in
sensitivity early in infection, when the antibody response is
developing, and the demographic and behavioral
characteristics of persons with early infection.
Datasets will be transmitted to CDC using an encrypted FTP
site provided by CDC.

14 Does the system collect, maintain, use or share PII?

Yes
No

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes
2

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes

Page 2 of 3

Save
Reviewer Questions
5

Answer
Yes

Is this a candidate for PII minimization?

No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Reviewer
Notes

General Comments

OPDIV Senior Official
for Privacy Signature

Beverly E.
Walker -S

Digitally signed by Beverly E. Walker -S
DN: c=US, o=U.S. Government,
ou=HHS, ou=CDC, ou=People,
0.9.2342.19200300.100.1.1=100144034
3, cn=Beverly E. Walker -S
Date: 2015.06.24 15:00:05 -04'00'

HHS Senior
Agency Official
for Privacy

Page 3 of 3
File Type	application/pdf
File Modified	2015-06-24
File Created	2015-03-26