Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.21
Status
Form Number
Form Date
Question
Answer
1
OPDIV:
ATSDR
2
PIA Unique Identifier:
CDC ID No. 0923-18AUZ
2a Name:
11/14/18
Human health effects of drinking water exposures to per- and p
General Support System (GSS)
Major Application
3
Minor Application (stand-alone)
The subject of this PIA is which of the following?
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Test
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
No
Yes
No
Agency
Contractor
POC Title
Principal Investigator
POC Name
Marian Pavuk
POC Organization ATSDR Division of Toxicology and
POC Email
[email protected]
POC Phone
770-488-3671
New
Existing
Yes
No
8b Planned Date of Security Authorization
Not Applicable
Page 1 of 8
�Save
8c
Briefly explain why security authorization is not
required
Not applicable.
10
Describe in further detail any changes to the system
that have occurred since the last PIA.
Not applicable.
11 Describe the purpose of the system.
Per- and polyfluoroalkyl substances (PFAS) are a family of
environmentally and biologically persistent chemicals used in
industrial applications such as aqueous film-forming foam
(AFFF), used to extinguish flammable liquid fires. Since the
1970s, military bases in the U.S. have used AFFF with PFAS
constituents for firefighting training as well as to extinguish
fires. At some military bases, AFFF use has resulted in the
migration of PFAS chemicals through soils to ground water
and/or surface water sources of drinking water for bases and/
or surrounding communities. In 2016, the U.S. Environmental
Protection Agency (USEPA) issued a lifetime health advisory
level of 0.07 total micrograms of perfluorooctanoate (PFOA)
and perfluorooctane sulfonate (PFOS) combined per liter of
drinking water (µg/L). In response to growing awareness of the
extent of PFAS contamination across the U.S., the Consolidated
Appropriations Act of 2018 authorized the Agency for Toxic
Substances and Disease Registry (ATSDR) to conduct a study
on the human health effects of PFAS contamination in drinking
water.
The Pease Study will serve as a proof-of-concept model for a
national multi-site study of PFAS health effects. The existence
of a large body of state and local environmental monitoring
and population blood testing data makes the Pease
community in Portsmouth, NH, particularly suitable as ATSDR’s
initial PFAS research study site. The main goals of the research
study are to: 1) evaluate the study procedures and methods to
identify any issues that need to be addressed before
embarking on a national multi-site study; and 2) examine
associations between health outcomes and measured and
historically reconstructed serum levels of PFAS.
ATSDR will collect and maintain participant information
including social security number, name, E-Mail address, phone
numbers, medical notes, education records, military status,
date of birth, mailing address, race, sex, and employment
Describe the type of information the system will
status; survey information and responses including consent
collect, maintain (store), or share. (Subsequent
forms, exposure routes, water consumption/source, medical
12
questions will identify if this information is PII and ask history, education, and occupation; lab test results including
about the specific data elements.)
PFAS concentration values in blood and urine, lipids, liver
function test, kidney function test, thyroid hormones, sex
hormones, immune function, and antibody response; special
educational records; and medical records from study
participants.
Page 2 of 8
�Save
The Pease Study will be cross-sectional in design, drawing from
a convenience sample of people with and without exposure to
PFAS-contaminated drinking water from Pease.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
ATSDR will collect information in several modes: (1) hard copy
and then entered into databases (e.g., informed consent,
update contact information, several forms to collect study data
during the appointment, neurobehavioral test battery results,
etc.); and (2) through electronic means using an approved
survey/data-collection tool (e.g., eligibility screening scripts,
appointment reminder telephone calls, adult and child
questionnaires, etc.).
Children's schools will complete a form about diagnosed
learning disabilities and behavioral problems.
Medical providers will complete a form about conditions the
participants have been diagnosed with.
Yes
14 Does the system collect, maintain, use or share PII?
Indicate the type of PII that the system will collect or
15
maintain.
No
Social Security Number
Date of Birth
Name
Photographic Identifiers
Driver's License Number
Biometric Identifiers
Mother's Maiden Name
Vehicle Identifiers
E-Mail Address
Mailing Address
Phone Numbers
Medical Records Number
Medical Notes
Financial Account Info
Certificates
Legal Documents
Education Records
Device Identifiers
Military Status
Employment Status
Foreign Activities
Passport Number
Taxpayer ID
Lab Test Results
Other...
Other...
Other...
Employees
Public Citizens
16
Indicate the categories of individuals about whom PII
is collected, maintained or shared.
Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other
17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?
500-4,999
ATSDR needs up-to-date PII for the informed consent process
and to send participants' their lab testing results.
Page 3 of 8
�Save
19
Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)
ATSDR will keep participant PII for future studies, to include
longitudinal data collections, to link participant study identity
and results from Study A to Study B, B to A and/or C, etc.
20 Describe the function of the SSN.
SSN will be collected for linkage to medical records and school
records. Once linkage has occurred, SSNs will be kept with
other PII in a separate access-restricted and encrypted secure
share site. ATSDR will use SSN for tracking and tracing Pease
Study participants for enrollment in future longitudinal studies.
20a Cite the legal authority to use the SSN.
Executive Order 9397
Consolidated Appropriation Act of 2018; Comprehensive
Identify legal authorities governing information use Environmental Response, Compensation and Liability Act of
21
and disclosure specific to the system and program.
1980 (CERCLA) and Superfund Amendments and
Reauthorization Act of 1986 (SARA); Public Health Service Act
22
Yes
Are records on the system retrieved by one or more
PII data elements?
No
Published:
Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.
09-19-0001 ATSDR “Records of Persons Exposed
Published:
Published:
In Progress
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other
Identify the sources of PII in the system.
Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a
Identify the OMB information collection approval
number and expiration date.
CDC ID No. is 0923-18AUZ; OMB Control No. 0923-NEW
Page 4 of 8
�Save
Yes
24 Is the PII shared with other organizations?
No
Within HHS
24a
Identify with whom the PII is shared or disclosed and
for what purpose.
Other Federal
Agency/Agencies
State or Local
ATSDR will obtain consent to retrieve
Agency/Agencies
Private Sector
ATSDR will obtain consent to
retrieve medical records information
As part of the required Data Management Plan, ATSDR will
share data sets with external entities via data use agreements
(DUAs) with each data recipient. DUAs will be prepared,
detailing the condition of use of the data and proposed
analyses for each outside project.
Describe any agreements in place that authorizes the
One of the Pease study investigators must be a co-investigator
information sharing or disclosure (e.g. Computer
on any outside research project to guarantee adherence to the
24b Matching Agreement, Memorandum of
agreed conditions of use.
Understanding (MOU), or Information Sharing
Agreement (ISA)).
After the approved project with the researchers outside of the
Pease study group is completed, secondary and/or other levels
of analyses of electronic datasets can only be undertaken with
additional approval(s) from ATSDR. Written confirmation of
understanding the conditions of use will be required from the
lead scientists and institutions.
Describe the procedures for accounting for
24c
disclosures
Procedures for accounting for disclosures are detailed in the
study's manual of procedures. Typically, this will be a manual
process where the program keeps track of disclosures in a
spreadsheet.
Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
ATSDR has a Privacy Act Statement (PAS) that will be part of
the informed consent package. The PAS specifies the purpose
for collecting PII. The informed consent information will be
mailed in advance to willing participants as part of an
Appointment Packet for them to read and keep for their
records. In addition, ATSDR will use these forms and materials
at enrollment during actual informed consent to obtain
signatures.
26
Is the submission of PII by individuals voluntary or
mandatory?
Voluntary
Mandatory
Describe the method for individuals to opt-out of the
Individuals who wish to opt out may decline participating in
collection or use of their PII. If there is no option to
27
the study. Additionally, participants may opt out of potential
object to the information collection, provide a
recontact for future studies.
reason.
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
ATSDR will contact individuals via email, telephone, and/or
28 and/or data uses have changed since the notice at
mail when major changes to the study occur to obtain consent
the time of original collection). Alternatively, describe from study participants.
why they cannot be notified or have their consent
obtained.
Page 5 of 8
�Save
Individuals should contact the study investigator (PI) and data
manager using contact information in the study’s SORN or
consent form. They may be directed to contact the PI or data
manager to identify the record and specify the information
Describe the process in place to resolve an
individual's concerns when they believe their PII has being contested, the corrective action sought, and the reasons
29 been inappropriately obtained, used, or disclosed, or for requesting the correction, along with supporting
that the PII is inaccurate. If no process exists, explain information to show how the record is inaccurate, incomplete,
untimely, or irrelevant. If an incident has occurred, the PI or
why not.
data manager will report the potential incident to the Centers
for Disease Control and Prevention (CDC) Security Incident
Response Team and Privacy Officer. The data manager will
serve as the point of contact to resolve concerns.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.
There is no process in place for periodic reviews of the PII; once
laboratory results are reported to the study participants, data
will be de-identified and used for analysis.
Users
Administrators
31
Identify who will have access to the PII in the system
and the reason why they require access.
Users include study PIs and trained
study staff to obtain informed consent
Study PIs will be responsible for
setting parameters allowing access to
Developers
Contractors
Others
Per the Pease Study Rules of Behavior, the data manager, in
Describe the procedures in place to determine which consultation with the study PI, will determine which users will
32 system users (administrators, developers,
be able to access data-access need based on their role and
contractors, etc.) may access PII.
research goals/priorities. Procedures for PII access are
documented in detail in the study Manual of Procedures.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.
The data access request will be approved by the PI on a need
to know basis. When access is no longer needed, the data
manager will be responsible for removing or terminating user
access. Least privilege access will be employed, and users will
only be given access to the minimum data required for their
particular analysis. The study data manager will make this
determination.
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
Personnel are required to complete CDC security awareness
training.
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
ATSDR will require all study staff and contractors to receive
training on their roles and responsibilities, as outlined in the
Pease Study Manual of Procedures. All research staff must have
ethics training and possess certification of such training. All
research staff must sign an agreement acknowledging their
responsibilities to protect participants' privacy and
confidentiality. The Pease Study Rules of Behavior will be
signed and reviewed by all research staff.
Page 6 of 8
�Save
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.
Yes
No
Records are retained and disposed of in accordance with the
CDC Records Control Schedule (B-321) and the ATSDR
Comprehensive Records Control Schedule (B-371).
Administrative controls are specified in Rules of Behavior,
Manual of Procedures, Non-Disclosure Agreements (NDAs),
and DUAs.
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.
Technical controls include file level, column, and whole disk
encryption; e-Auth Level 3 external file share with encryption;
access control lists in multiple authorized CDC systems; and
routine daily backup of study data.
Physical controls include physical access checkpoints, guards,
key card access, locked rooms, and locked cabinets for hard
copy of documents with PII.
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
2
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
Page 7 of 8
�Save
Reviewer Questions
7
Are the individuals whose PII is in the system provided appropriate participation?
Answer
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
12/1/18: PIA is approved; however the authority for collection of SSNs is awaiting approval.
Jarell
Oshodi -S
Digitally signed by Jarell
HHS Senior
Oshodi -S
Agency Official
Date: 2018.12.10
for Privacy
17:21:55 -05'00'
Page 8 of 8
�
| File Type | application/pdf |
| File Modified | 2018-12-10 |
| File Created | 2013-03-29 |