SSN Approval Form

Att5b ACE SSN Approval Form CPO signed 20210205.docx

Assessment of Chemical Exposures (ACE) Investigations

SSN Approval Form

OMB: 0923-0051

Document [docx]
Download: docx | pdf

Shape2

OCISO Standard for Limiting the Use of Social Security Numbers in CDC Information Systems v3.2



Attachment A. SSN Elimination or Usage Approval Request for Assessment of Chemical Exposures Toolkit



Date Submitted:11/5/2020

Submitted By: Maureen Orr

Office/Branch: ATSDR/OIA/RSS

Telephone: 404-567-3256



Select Recommended Path forward:



X B. Request the CDC Senior Official for Privacy (SOP), approve collecting, processing, or storing SSNs in Assessment of Chemical Exposures toolkit, Epi CASE form, within the parameters stipulated in the OCISO Standard for Limiting the Use of Social Security Numbers in CDC Information Systems.



If Option A is selected, only Section 4 of this form must be completed. If Option B is selected, please complete all remaining sections of this form:



  1. JUSTIFICATION.

ATSDR needs to collect SSN (full or partial) on behalf of the states for disasters involving chemical exposures. The Assessment of Chemical Exposures (ACE) collection has OMB approval for the current toolkit forms. ATSDR would like to expand the use of the former ACE short form, to collect more identifying data like SSN.

The ACE short form has not been a part of the toolkit that has been used in any past incidents, but with the national level exercises for radiological incidents, Gotham Shield, it has been identified by the CDC/ATSDR as a potential tool to identify those persons exposed. It may also be used during other types of large environmental disasters similar to the World Trade Center attacks or Hurricane Katrina. During these large environmental incidents you are only able to collect brief information about the affected person immediately, but may need more information or need to provide them services later. In these large environmental incidents, there are two main problems: (1) people scatter, because they are displaced and therefore are difficult to relocate to do follow-up studies or registries or to offer them information and services. Having crucial identifying information helps to locate them and also make sure you have the correct person and (2) as evidenced by the ATSDR National ALS registry, if you have a large cohort, there are many people with the same names and dates of birth. Having the social security number, or some digits of it, helps to prevent duplication or mismatching of participants.



  1. Background:


The Assessment of Chemical Exposures (ACE) Toolkit was developed by ATSDR to assist state and local health departments in public health investigations after a large-scale environmental incident. The toolkit consists of several surveys that may be easily modified for the requesting agency’s purpose including a general survey, a shorter Epi CASE survey, a household survey, a hospital provider survey and medical records abstraction form. There is an Epi info database for these forms and training manuals for the surveys, Epi CASE and Epi Info. Because it is a toolkit, health agencies may choose to implement it themselves or they may choose to request ATSDR/NCEH assistance in which case an Epi-Aid is generally the mechanism by which ATSDR/NCEH will deploy and assist the state. The state is always considered to be the lead and they decide what variables on the form are collected or not collected, including the complete or partial SSN. The data are entered into CDC encrypted laptops using Epi info. The data are transferred to the state via CDC’s Secure Access Management System (SAMS) at the end of data collection, before leaving the field, and all copies erased from the CDC laptops If ATSDR is involved in the data collection, a technical assistance agreement will be signed by the state and ATSDR. The agreement will state any data collected by ATSDR on behalf of the state is the property of the state, ATSDR will delete the collected data after it is sent to the states, and that ATSDR will not use the identifiers from the collection. ATSDR staff will also sign a non-disclosure agreement. The state may later execute a data use agreement (DUA) with ATSDR if they require assistance with data analysis. The DUA will state that the state will only provide deidentified data to ATSDR. The data will only be linked to the state held identifiers by a random participant ID.



    1. ALTERNATIVES. Provide an explanation of alternatives considered to collecting, using or storing SSNs and why the alternatives will not meet CDC mission and/or business needs.

There are other identifiers that may be collected like driver’s license number. However, a driver’s license number is not as universal as the SSN and is not always a unique identifier. Name and date of birth are also not always unique. Also, the state ultimately decides what data elements are collected and ATSDR must abide by that decision when assisting the state.



    1. E-AUTHENTICATION. Provide an explanation of how any externally-facing system will/does achieve E-Authentication Level 3 (as described in the Certification & Accreditation package or the Change Request).

SAMS is an approved E-Authentication Level 3 system that will be used to transfer SSN and other data to the states.



    1. DATA AT REST ENCRYPTION. Provide an explanation of how and when the system will employ technologies to use FIPS 140-2 validated encryption of key personally identifiable information (PII) data elements at rest, to include SSNs.

Data collected by ATSDR staff are stored on CDC managed laptops with FIPS 140-2 whole disk encryption enabled. These laptops require two factor authentication to access, are only used for a specific investigation, will be in possession of the ATSDR staff collecting data at all times, and will only be accessible to the individual assigned to each laptop. Data is downloaded daily via CDC’s virtual privacy network (VPN) to a share on the CDC network which is FIPS 140-2 encrypted at the file level and aggregated by the investigation lead. Only those users who need to analyze data will be given access to this share and only to the data on which they need to work (as determined by the investigation lead). Laptops are reimaged once the data collection phase of the investigation is concluded and when the ATSDR staff return from the field.

Procedures to accomplish above are described in the study’s manual of procedures.



    1. OTHER FACTS OR ASSUMPTIONS.

States will need CDC assistance in a large-scale environmental disaster, and they will want the ability to track people using SSN.



  1. IMPACT OF SUCCESS OR FAILURE.

Providing this capability will enable states to properly assess the impact of the disaster and track people to provide needed services or to gain additional information to determine the effects of the incident. If SSN is not collected, datasets may have duplicates and states may not be able to provide services to those affected by disasters.



4. APPROVAL. Business Steward Sign and Date only-

NAME

DATE



Business Steward

Signature

Maureen F Orr

11/4/2020



Business Steward

Printed Name











For SOP Only --Decision and Signature:



Approved: ____x____ Disapproved: ________







Shape1


Shape3 Shape4

Office of the Chief Information Security Officer (OCISO)






Sensitive But Unclassified (when filled in) A3


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleOCISO Standard for Limiting the Use of Social Security Numbers in CDC Information Systems v3.2
Authorfnb0
File Modified0000-00-00
File Created2021-05-27
© 2024 OMB.report | Privacy Policy