Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.21
Status
Form Number
Form Date
Question
Answer
1
OPDIV:
ATSDR
2
PIA Unique Identifier:
0923-13RT
2a Name:
01/26/22
ATSDR Exposure Investigation - Extension
General Support System (GSS)
Major Application
3
The subject of this PIA is which of the following?
Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Implementation
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
No
Yes
No
Agency
Contractor
POC Title
Environmental Health Scientist
POC Name
Peter Kowalski
POC Organization ATSDR/OCHHA/EI
POC Email
[email protected]
POC Phone
770-488-0776
New
Existing
Yes
No
8b Planned Date of Security Authorization
Not Applicable
Page 1 of 12
�Save
8c
9
Briefly explain why security authorization is not
required
Indicate the following reason(s) for updating this PIA.
Choose from the following options.
This PIA is to assess the privacy risks associated with the
subject data collection. The data collection does not have a
dedicated IT system, however, it uses various authorized CDC
IT systems for the processing, analysis, and storage of the data.
Those systems have their own authorizations.
PIA Validation (PIA
Refresh/Annual Review)
Anonymous to NonAnonymous
New Public Access
Internal Flow or Collection
Significant System
Management Change
Alteration in Character of
Data
New Interagency Uses
Conversion
Commercial Sources
OMB Generic Information Collection Request (ICR) extension
10
Describe in further detail any changes to the system
that have occurred since the last PIA.
No changes - Extension ICR
Page 2 of 12
�Save
The ATSDR Office of Community Health and Hazard
Assessment (OCHHA) conducts public health assessments
(PHAs) at sites when requested by the U.S. EPA, states,
organizations, or individual petitioners following the Public
Health Assessment Guidance Manual.
The purpose of the agency’s PHA process is to find out whether
a community has experienced environmental exposures of
concern or is now being exposed to hazardous substances and,
if so whether conditions warrant additional sampling and to
decide if intervention is needed to minimize or eliminate
exposure. The process also serves as a mechanism through
which the agency responds to specific community health
concerns related to hazardous waste sites.
ATSDR scientists review environmental data to see how much
contamination is at a site, where it is, and how community
residents might come into contact with it. Generally, ATSDR
does not collect its own environmental sampling data but
when adequate environmental or exposure information to
assess human exposures and possible related health effects do
not exist, ATSDR will perform an Exposure Investigation (EI).
11 Describe the purpose of the system.
The EI team conducts point of human-contact sampling
focused on geographic areas where exposures are expected to
be high. EIs may include environmental (e.g, soil, drinking
water, sediment, food sources) or biological sampling (e.g.,
blood or urine), or both. An EI, using purposive convenience
sampling, aims to identify the most highly exposed individuals
and measure their exposure. The results of the investigation
are site-specific and apply only to the participants from the
site. An EI is not considered a health study or research, and any
data gathered will thus not be disseminated as such.
Furthermore, the EI is not designed to provide individual
diagnoses, nor are participants’ results intended to be
generalized to other populations and other communities. No
participants from external comparison groups are included in
the data collection.
As a public service and incentive to participate, EIs provide
individual exposure information back to the participants.
The Science Support Branch (SSB) also coordinates and lends
technical assistance to states, tribal, and territorial health
departments that conduct their own EIs and to states included
in the APPLETREE (ATSDR’s Partnership to Promote Localized
Efforts to Reduce Environmental Exposure ) Program which
sponsors state-led non-research EIs.
Page 3 of 12
�Save
Two primary types of information are collected during the EI
process: collection of environmental and/or biological data
and questionnaire data that will be used to better interpret the
sampling results obtained during the EI.
The results of the questionnaire will be recorded electronically
in the field and the data will be transferred to a secure ATSDR
server. The questionnaire will include direct identifiers (e.g.,
name, address, phone), demographic information (e.g., gender,
age, ethnicity, race), household information (e.g., age of home,
Describe the type of information the system will
time of residency) and occupational information (e.g.,
collect, maintain (store), or share. (Subsequent
occupations that may be related to a particular contaminant).
12
questions will identify if this information is PII and ask Consent forms will be signed by participants and the hard copy
about the specific data elements.)
forms will be secured in a locked cabinet at ATSDR.
Appropriate information will be shared with federal and state
partners, as appropriate. Participants may be asked to consent
to their information being shared with federal and state
partners.
Users are authenticated to systems used in this information
collection via CDC's Active Directory (AD) and PIV credentials.
Users/system administrators include CDC employees and
direct contractors (using HHS user credentials only).
Page 4 of 12
�Save
Under this information collection, the EI will be completed
using an approved protocol. All collections are voluntary for
respondents. The information collected may include
environmental and/or biological samples and questionnaire
results, which will be used to interpret the sampling results.
PII information will be collected, including respondent's name,
address, phone number and email address to allow ATSDR to
provide respondents with their individual sampling results. PII
information will be stored on a secure ATSDR server and access
will be limited to ATSDR personnel on the EI team.
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
The information collected for the EI using the questionnaire
may include information regarding demographic and
residential history , household water use, occupational history,
and age and activity patterns. Basic health status information
(e.g., pregnancy status) may be obtained that will allow the
sampling results to be assessed for each participant. The
information collected will be used to better interpret the
sampling results obtained during the EI.
The questionnaire will be administered in person to
participants by ATSDR personnel. Questionnaire results will be
recorded in the field on a secure ATSDR computer and
transferred to a secured ATSDR server. Access to the server will
be limited to ATSDR personnel on the EI team. Appropriate
information will be shared with federal and state partners.
Participants will be asked to sign an adult consent form or a
parental permission and/or assent form for children younger
than 18 years old. The consent/parental permission/assent
forms will include permission for ATSDR to share information
with federal and state partners. Consent forms are hard copy
and will be secured in a locked cabinet at ATSDR.
14 Does the system collect, maintain, use or share PII?
Yes
No
Page 5 of 12
�Save
15
Indicate the type of PII that the system will collect or
maintain.
Social Security Number
Date of Birth
Name
Photographic Identifiers
Driver's License Number
Biometric Identifiers
Mother's Maiden Name
Vehicle Identifiers
E-Mail Address
Mailing Address
Phone Numbers
Medical Records Number
Medical Notes
Financial Account Info
Certificates
Legal Documents
Education Records
Device Identifiers
Military Status
Employment Status
Foreign Activities
Passport Number
Participant biological testing
results
Taxpayer ID
Participant environmental
sampling results
Household and
Demographic Information
Occupational Information
Other...
Employees
Public Citizens
16
Indicate the categories of individuals about whom PII
is collected, maintained or shared.
Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other
17 How many individuals' PII is in the system?
18 For what primary purpose is the PII used?
19
Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)
100-499
The primary purpose for collecting the PII for EIs is to provide
participants their individual sampling results.
There is no secondary use for the PII collected during the EI.
20 Describe the function of the SSN.
SSN will not be requested from participants
20a Cite the legal authority to use the SSN.
Not applicable
ATSDR is authorized under the ‘Comprehensive Environmental
Response, Compensation, and Liability Act of 1980’’ as
Identify legal authorities governing information use amended by ‘‘Superfund Amendments and Reauthorization
21
and disclosure specific to the system and program.
Act of 1986’’ (42 U.S.C. 9601, 9604).
22
Are records on the system retrieved by one or more
PII data elements?
Yes
No
Page 6 of 12
�Save
Published:
Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.
09-19-0001 Records of Persons Exposed or Poten
Published:
Published:
In Progress
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other
Identify the sources of PII in the system.
Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a
Identify the OMB information collection approval
number and expiration date.
OMB package in process; OMB Control No. 0923-0048
(Expiration Date: 03/31/2019)
Yes
24 Is the PII shared with other organizations?
No
Within HHS
Identify with whom the PII is shared or disclosed and
24a
for what purpose.
Other Federal
Federal Agencies may assist with
Agency/Agencies the Exposure Investigations. The
State or Local
State Agencies may assist with the Ex
Agency/Agencies
Private Sector
Describe any agreements in place that authorizes the
information sharing or disclosure (e.g. Computer
A Memorandum of Understanding (MOU) providing a data use
24b Matching Agreement, Memorandum of
agreement for state and federal partners will be implemented,
Understanding (MOU), or Information Sharing
as needed.
Agreement (ISA)).
Page 7 of 12
�Save
24c
Describe the procedures for accounting for
disclosures
Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
26
As appropriate, PII will be shared with federal and state
partners. For instance, state agencies may obtain blood lead
results at a reportable level or EPA may obtain results to assist
with their remedial efforts at a site. All disclosures will be
recorded on an excel spreadsheet and will include the dataset,
who the dataset was disclosed to, and for what purpose.
Participants will sign consent forms or parental permission
forms/assent forms if participant is younger than 18 years old.
The forms have a provision that will request permission from
the participant to allow ATSDR to share their PII with federal
and state partners, as appropriate.
Voluntary
Is the submission of PII by individuals voluntary or
mandatory?
Mandatory
Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.
In the consent forms and parental permission/assent forms,
there is a provision for individuals to opt-out of the sharing of
their PII with partners. However, collection of PII will be
required to participate in the study so ATSDR can share results
of the testing with participants. They may also opt out of the EI
entirely by not responding, consenting, or by stated refusal.
Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.
If a major change to the information collection occurs (e.g.,
additional partners identified during the EI process that may
need access to PII, change in use of the collected data),
participants will be notified by phone, email and/or mail using
information participants provided during the consent process.
Participants will be asked to consent to the change in writing
and the forms will be secured at ATSDR.
Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.
The principal investigator will serve as the POC to resolve the
individual's concerns. The individual should contact the
principal investigator (contact information provided to the
individual on the copy of the consent form given to them
during the data collection).
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.
For the EI, ATSDR personnel will determine whether the PII
collected via consent/parental permission/assent forms and
questionnaires are accurate. Participants will be provided
ATSDR contact information to allow them to inform ATSDR if
their contact information changes (e.g., if they move their
residence or update a phone number). ATSDR will use the
contact information to provide participants with biological
testing results.
Users
Administrators
31
Identify who will have access to the PII in the system
and the reason why they require access.
ATSDR personnel will have access to PII
to provide participants with their test
ATSDR administrators will be
responsible for setting parameters
Developers
Contractors
ATSDR may use contractors for some
EIs and contractors will have access to
Others
Page 8 of 12
�Save
The types of PII that can be accessed by EI team members will
be limited to that needed to notify participants of their testing
results. ATSDR administrators, primarily the NCEH/ATSDR Chief
Data Scientist, will have access to PII as they set up and
maintain permissions and access to the ATSDR server that will
Describe the procedures in place to determine which house the PII data for the EI. For each EI conducted within
32 system users (administrators, developers,
OCHHA, the principal investigator will comply with privacy
contractors, etc.) may access PII.
requirements outlined in each EI, based on questions in the
consent form that may allow ATSDR to share results with other
public health agencies, etc. NCEH/ATSDR’s Chief Data Scientist
will monitor all PII requests and will advise on how to share
data, based on the request for data sharing made in the
consent forms.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.
Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.
Describe training system users receive (above and
35 beyond general security and privacy awareness
training).
Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.
ATSDR personnel will access PII data when they are recruiting
participants and providing sampling results to participants.
System managers will implement role based access controls on
share drives such that only designated staff may access PII. All
other staff may have access to de-identified data only.
All EA personnel handling PII will have completed appropriate
privacy training and obtained a Scientific Ethics Verification
(SEV) number.
A Rules of Behavior document for EIs will be signed by the EI
team and will be implemented at each site.
Yes
No
Records are retained and disposed of in accordance with the
ATSDR Comprehensive Records Control Schedule (B-371). Final
EI reports are permanent records. Site files generated in
support of the final report will be maintained in the Records
and Information Management Branch and transferred to a
Federal Records Center 5 years after the final report is
published. Site records will be destroyed 30 years after the
report is published. Disposal methods include the paper
recycling process, burning or shredding hard copy records, and
erasing computer files. Registry records will be actively
maintained as long as funding is provided for by legislation.
Page 9 of 12
�Save
Administrative Controls: ATSDR who maintain records are
instructed in specific procedures to protect the security of
records, and are to check with the system manager prior to
making disclosure of data. When individually identified data
are being used in a room, admittance is restricted to
specifically authorized personnel. Appropriate Privacy Act
provisions will be adhered to for the EI.
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.
Technical Controls: Protection for computerized records on the
ATSDR Network includes programmed verification of valid user
identification code and password prior to logging on to the
system, mandatory password changes, limited log-ins, virus
protection, user rights/file attribute restrictions and use of
encrypted files. Password protection imposes user name and
password log-in requirements to prevent unauthorized access.
Each user name is assigned limited access rights to files and
directories at varying levels to control file sharing. There are
routine daily backup procedures and secure off-site storage is
available for backup files. Knowledge of passwords is required
to access systems which are limited to users obtaining prior
supervisory approval. When possible, a backup copy of data is
stored at an offsite location and a log kept of all changes to
each file and all persons reviewing the file. Selected safeguards
will be applicable to specific elements of the system, as
appropriate. Additional safeguards may also be built into the
program by the system analyst as warranted by the sensitivity
of the specific data set.
Physical Controls: Questionnaires, log books, and other source
data are maintained in locked cabinets in locked rooms, and
security guard service in buildings provide personnel screening
of visitors. Access to facilities is controlled by a cardkey system.
Access to computer rooms is controlled by a cardkey and
security code (numeric keypad) system. Computer rooms are
protected by an automatic sprinkler system, numerous
automatic sensors (e.g., water, heat, smoke, etc.) are installed,
and a proper mix of portable fire extinguishers is located
throughout the computer room. The system is backed up on a
nightly basis with copies of the files stored off site in a secure
fireproof safe. Computer workstations, lockable personal
computers, and automated records are located in secured
areas.
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
Page 10 of 12
�Save
Reviewer Questions
2
Answer
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Page 11 of 12
�Save
Reviewer Questions
Answer
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
Beverly E.
Walker -S
Digitally signed by
Beverly E. Walker -S
Date: 2022.02.09
14:51:32 -05'00'
HHS Senior
Agency Official
for Privacy
Page 12 of 12
�
| File Type | application/pdf |
| File Modified | 2022-02-09 |
| File Created | 2013-03-29 |