0920-1011 - EEI GenIC Terms of Use

Each GenIC conducted under the EEI Generic ICR must adhere to the following terms of use.

Respondent Privacy and Human Subjects Protection:

1. All efforts are taken to ensure that the proposed research complies with all human subjects requirements, and the Privacy Act checklist is completed.

2. During data collection, procedures are in place to protect respondent privacy thereby minimizing direct impact to respondent privacy in the collection of these data.

3. Data are treated in a private manner, unless otherwise compelled by law. Inadvertent release of this information may constitute an invasion of the subject’s privacy. CDC maintains privacy by using unique, study identification numbers on all data collection forms. Personal identifiers and the linkage to the study identification number are maintained separately in locked file cabinets or in encrypted computer files.

4. Respondents are informed that response is not mandatory; it is collected on a voluntary basis and consent is obtained in a manner consistent with Human Subjects Protection regulations as specified in the IRB protocol, if applicable.

5. Respondents may not receive payment or gifts for participation.

6. If applicable, respondents are informed that biospecimen samples are collected to provide information during an outbreak or event that could lead to prevention and control measures and that they will not be used for the primary purpose of conducting research to contribute to the generalizable knowledge. If biospecimen samples collected during the EEI are stored, respondents will be informed and consent will be obtained.

Data Collection Instruments and Questions:

1. Each data collection instrument(s) must include the following OMB information on either the front page or on a cover page:

• Form Approved; OMB No. 0920-1011; Exp Date: 01/31/2023. This information must appear in the upper right corner of the page.

• Burden (PRA) statement. This information must be included on the bottom of the page. The text for this statement must read:
  “Public reporting burden of this collection of information is estimated to average XX [INSERT BURDEN ESTIMATE FOR THIS DATA COLLETION INSTRUMENT HERE] minutes per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid OMB control number. Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to CDC/ATSDR Reports Clearance Officer; 1600 Clifton Road NE, MS E-11 Atlanta, Georgia 30333; ATTN: PRA (0920-1011).”

2. Data collections must adhere to OMB standards for questions about race and ethnicity. Information about these standards are available here:
   http://www.whitehouse.gov/omb/fedreg_1997standards/
   http://www.whitehouse.gov/sites/default/files/omb/assets/information_and_regulatory_affairs/re_app-a-update.pdf
   These standards shall be used at a minimum for all federally sponsored statistical data collections that include data on race and/or ethnicity, except when the collection involves a sample of such size that the data on the smaller categories would be unreliable, or when the collection effort focuses on a specific racial or ethnic group. Any other variation will have to be specifically authorized by the Office of Management and Budget (OMB) through the information collection clearance process.

3. Data that might be considered sensitive (e.g., regarding risk behaviors, attitudes, or medical condition diagnoses) are included only when necessary for the public health response.

Information in Identifiable Form (IFF):

1. IIF may be collected from or about members of the public only when essential to the objective of the EEI.

2. Social security numbers may not be collected.

3. All personal identifiers are stripped from the data prior to establishing a final data analysis file. Results are published in aggregate form only. IIF are not included in any report from the EEI.

4. Personal identifiers are not transmitted to CDC unless this is necessary for public health purposes. If IIF are transmitted to CDC, the information is sent using a password-protected electronic file. The password to unlock the file is provided via telephone and not in written form. Other safeguards may be implemented to minimize the possibility of unauthorized access, use, or dissemination of the information being collected, following consultation with the CDC CIO Privacy Impact Assessment contact.

Data Use and Storage:

1. Local health authority policies and procedures for data storage and security are followed during each field investigation. Information collection is conducted according to a security plan developed in consultation with the relevant local health authorities. Only staff with approval from the study lead has access to the data. Approvals are granted based on roles or a “need to know basis.”

2. Data owned by CDC are permanent federal records and are maintained in accordance with CDC’s records control schedule (http://isp-v-maso-apps/RecSched/ViewSchedule.aspx?RID=29). The process for handling security incidents is defined in the system’s Security Plan. Event monitoring and incident response is a shared responsibility between the system’s team and the Office of the Chief Information Security Officer (OCISO). Reports of suspicious security or adverse privacy related events are directed to the component’s Information Systems Security Officer, CDC helpdesk, or to the CDC Incident Response Team. The CDC OCISO reports to the HHS Secure One Communications Center, which reports incidents to US-CERT as appropriate.

3. CDC will record the existence of each dataset in its enterprise inventory, per OMB M-13-13, and where permitted by law, make de-identified datasets available to the public. The Agency disseminates the findings when appropriate, strictly following the Agency's "Guidelines for Ensuring the Quality of Information Disseminated to the Public." Requests to release the information that is not available on CDC’s web site (e.g., congressional inquiry, Freedom of Information Act requests) will be addressed on a case by case basis.

I have read and understand these Terms of Use.

Please sign, scan, and email this form to the Information Collection Request Liaison (ICRL): Danice Eaton, [email protected].