Save
Privacy Impact Assessment Form v 1.47.4
Status Form Number Form Date |
|||||
Question Answer |
|||||
1 |
OPDIV: |
|
|
||
2 |
PIA Unique Identifier: |
|
|
||
2a |
Name: |
NIAID ClinRegs Country Experts Interest |
|
||
3 |
The subject of this PIA is which of the following? |
General Support System (GSS) Major Application Minor Application (stand-alone) Minor Application (child) Electronic Information Collection Unknown |
|
||
3a |
Identify the Enterprise Performance Lifecycle Phase of the system. |
Implementation |
|
||
3b |
Is this a FISMA-Reportable system? |
|
Yes No |
|
|
4 |
Does the system include a Website or online application available to and for the use of the general public? |
Yes No |
Accept Reject |
||
5 |
Identify the operator. |
Agency Contractor |
|
||
6 |
Point of Contact (POC): |
POC Title Assistant Director for Special Projects
POC Name Jonathan Kagan, Ph.D. POC Organization NIAID POC Email [email protected] POC Phone 240-669-5221 |
Accept Reject |
||
7 |
Is this a new or existing system? |
New Existing |
|
||
8 |
Does the system have Security Authorization (SA)? |
Yes No |
Accept Reject |
||
8a |
Date of Security Authorization |
Dec 31, 2018 |
|
NIAID ClinRegs (clinregs.niaid.nih.gov) is a web-based resource providing country-specific clinical research regulatory information for the purpose of enhancing efficiency and 11 Describe the purpose of the system. quality in global clinical trials. To assure that ClinRegs is meeting its objectives, it is necessary to solicit feedback via the ClinRegs Country Experts Interest Form from users about the accuracy of content on the site and as to whether additional information should be included. |
Accept Reject |
Describe the type of information the system will The type of information NIAID ClinRegs will collect is email 12 collect, maintain (store), or share. (Subsequent address, countries of expertise, and primary organization questions will identify if this information is PII and ask affiliation. about the specific data elements.) |
Accept Reject |
Provide an overview of the system and describe the NIAID ClinRegs (clinregs.niaid.nih.gov) is a web-based resource 13 information it will collect, maintain (store), or share, providing country-specific clinical research regulatory either permanently or temporarily. information for the purpose of enhancing efficiency and |
Accept Reject |
Yes 14 Does the system collect, maintain, use or share PII? No |
Accept Reject |
39 Identify the publicly-available URL: clinregs.niaid.nih.gov |
Accept Reject |
Yes 40 Does the website have a posted privacy notice? No |
Accept Reject |
Is the privacy policy available in a machine-readable Yes 40a format? No |
|
Does the website use web measurement and Yes 41 customization technology? No |
Accept Reject |
Does the website have any information or pages Yes 42 directed at children under the age of thirteen? No |
Accept Reject |
Does the website contain links to non- federal Yes 43 government websites external to HHS? No |
Accept Reject |
Is a disclaimer notice provided to users that follow Yes 43a external links to websites not owned or operated by HHS? No |
|
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy. |
|
Reviewer Questions Answer |
|
Yes 1 Are the questions on the PIA answered correctly, accurately, and completely? No |
Accept Reject |
Reviewer Notes |
|
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose Yes 2 justified by appropriate legal authorities? No |
Accept Reject |
Reviewer Notes |
|
Reviewer Questions |
Answer |
|
3 |
Do system owners demonstrate appropriate understanding of the impact of the PII in the system and provide sufficient oversight to employees and contractors? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
4 |
Does the PIA appropriately describe the PII quality and integrity of the data? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
5 |
Is this a candidate for PII minimization? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
6 |
Does the PIA accurately identify data retention procedures and records retention schedules? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
7 |
Are the individuals whose PII is in the system provided appropriate participation? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
8 |
Does the PIA raise any concerns about the security of the PII? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
9 |
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need to be? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
10 |
Is the PII appropriately limited for use internally and with third parties? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
11 |
Does the PIA demonstrate compliance with all Web privacy requirements? |
Yes No |
Accept Reject |
Reviewer Notes |
|||
12 |
Were any changes made to the system because of the completion of this PIA? |
Yes No |
Accept Reject |
Reviewer Notes |
General Comments |
The NIAID ClinRegs Country Experts Interest is an electronic information collection form whose OMB Control number is 0925-0668 , with a expiration date of 04/2022. |
|||||||
OPDIV Senior Official for Privacy Signature |
HHS Senior Agency Official for Privacy |
|||||||
|
||||||||
Third-Party Website Assessment PIA Form v 1.47.4 |
||||||||
Status |
Form Number Read Only |
Form Date |
Read Only |
|
||||
Question |
Answer |
|
|
|||||
1 OPDIV: |
Read Only - OPDIV Read Only - TPWA UID Read Only - TPWA Name |
|
||||||
2 TPWA Unique Identifier (UID): |
|
|||||||
3 TPWA Name: |
|
|||||||
4 Is this a new TPWA? |
Yes No |
|
||||||
4a Please provide the reason for revision |
||||||||
Will the use of a third-party Website or application 5 create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act? |
Yes No |
|
Accept Reject |
|||||
Indicate the SORN number (or identify plans to put SORN Number: 5a one in place.) If not published: |
||||||||
Will the use of a third-party Website or application 6 create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)? |
Yes No |
|
Accept Reject |
|||||
Indicate the OMB approval number and approval 6a number expiration date (or describe the plans to obtain OMB clearance.) |
OMB Approval Number Expiration Date Explanation |
|
|
|
|
|||
7 Does the third-party Website or application contain Federal Records? |
Yes No |
|
Accept Reject |
|
POC Title |
|
|
|
POC Name |
|
|
8 Point of Contact (POC): |
POC Organization |
Accept Reject |
|
|
POC Email |
|
|
|
POC Phone |
|
|
9 Describe the specific purpose for the OPDIV use of the third-party Website or application: |
|
|
Accept Reject |
Have the third-party privacy policies been reviewed 10 to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use? |
|
Yes No |
Accept Reject |
Describe alternative means by which the public can 11 obtain comparable information or services if they choose not to use the third-party Website or application: |
|
|
Accept Reject |
Does the third-party Website or application have 12 appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors? |
|
Yes No |
Accept Reject |
13 How does the public navigate to the third party Website or application from the OPIDIV? |
|
|
Accept Reject |
13a Please describe how the public navigate to the third- party website or application: |
|||
If the public navigate to the third-party website or 13b application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website? |
|
Yes No |
|
Has the OPDIV Privacy Policy been updated to 14 describe the use of a third-party Website or application? |
|
Yes No |
Accept Reject |
14a Provide a hyperlink to the OPDIV Privacy Policy: |
|||
15 Is an OPDIV Privacy Notice posted on the third-party Website or application? |
|
Yes No |
Accept Reject |
Confirm that the Privacy Notice contains all of the following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII 15a that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy |
|
Yes No |
|
Is the OPDIV's Privacy Notice prominently displayed 15b at all locations on the third-party Website or application where the public might make PII available? |
|
Yes No |
|
16 Is PII collected by the OPDIV from the third-party Website or application? |
Yes No |
|
Accept Reject |
17 Will the third-party Website or application make PII available to the OPDIV? |
Yes No |
|
Accept Reject |
Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or 18 the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII: |
|
|
Accept Reject |
Describe the type of PII from the third-party Website 19 or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing: |
|
|
Accept Reject |
19a If PII is shared, how are the risks of sharing PII mitigated? |
|||
20 Will the PII from the third-party Website or application be maintained by the OPDIV? |
Yes No |
|
Accept Reject |
20a If PII will be maintained, indicate how long the PII will be maintained: |
|||
21 Describe how PII that is used or maintained will be secured: |
|
|
Accept Reject |
22 What other privacy risks exist and how will they be mitigated? |
|
|
Accept Reject |
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy. |
|||
Reviewer Questions |
|
Answer |
|
1 Are the responses accurate and complete? |
|
Yes No |
Accept Reject |
Reviewer Notes |
|||
Is the TPWA compliant with all M-10-23 requirements, including appropriate branding and Yes Accept 2 alerts? No Reject |
|||
Reviewer Notes |
|||
Has the OPDIV posted an updated privacy notice on the TPWA and does it contain the five Yes Accept 3 required elements? No Reject |
|||
Reviewer Notes |
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy. |
||||
4 |
Does the PIA clearly identify PII made available and/or collected by the TPWA? |
Yes No |
Accept Reject |
|
Reviewer Notes |
||||
5 |
Is the handling of PII appropriate? |
Yes No |
Accept Reject |
|
Reviewer Notes |
||||
General Comments |
|
|
||
OPDIV Senior Official for Privacy Signature |
HHS Senior Agency Official for Privacy |
Page
File Type | application/zip |
File Modified | 0000-00-00 |
File Created | 2021-10-04 |