Privacy Impact Assessment

Save

Privacy Impact Assessment Form
v 1.47.4
Status Draft

Form Number

F-57998

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

P-6013959-574725

2a Name:

12/28/2017 9:37:35 AM

Vessel Sanitation Program (VSP)
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Operations and Maintenance
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8a Date of Security Authorization

No
Yes
No
Agency
Contractor
POC Title

Branch Chief

POC Name

Aimee Treffiletti

POC Organization CDC/ONDIEH/NCEH/DEEHS/VSB
POC Email

[email protected]

POC Phone

770-488-3139
New
Existing
Yes
No

Apr 20, 2015

Page 1 of 4

Save

11 Describe the purpose of the system.

The Vessel Sanitation Program (VSP) is a consolidated
surveillance platform that assists the cruise ship industry in
preventing and controlling the introduction, transmission, and
spread of gastrointestinal (GI) illnesses on cruise ships. VSP
provides a consolidated platform for the electronic reporting
of cruise ship inspections and any GI illnesses and outbreaks
on these cruise ships. The system facilitates greater efficiency
in data collection, reporting and tracking within the cruise ship
industry; it enables the capacity to study trends regarding
disease outbreaks on cruise ships.

The system collects cruise ship contact information and
inspection data. This is inclusive of: cruise line and ship names;
official cruise ship contact information; inspection scores and
violations; inspector recommendations for corrections;
inspection schedules and inspector assignments; invoice
amounts and dates; cruise dates; numbers of passengers and
crew on each voyage; numbers of ill passengers and crew on
each voyage; and dates of illness onset for each GI case in an
outbreak, anonymized.
Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)

Data regarding the cruise lines and ships is provided by and
collected only from cruise ships.
Inspection data is collected via direct data entry from ship
inspectors.
Voyage information, including passenger/crew numbers and
numbers of passenger/crew illnesses, is collected by phone,
fax, email, and web site entry directly by the cruise ship
medical personnel.
Internal system users are identified and authenticated by PIV
cards and Active Directory. Cruise lines and ships are assigned
a unique organizational/entity ID and password following
receipt of a paper application and phone verification. These
ID’s and passwords that are assigned to the vessels (not
individuals) are distributed via phone only, and are not entered
on the registration form.

Page 2 of 4

Save
The Vessel Sanitation Program (VSP) at the Centers for Disease
Control and Prevention (CDC) assists the cruise ship industry to
prevent and control the introduction, transmission, and spread
of gastrointestinal (GI) illnesses on cruise ships. VSP operates
under the authority of the Public Health Service Act (42 U.S.C.
Section 264, Quarantine and Inspection Regulations to Control
Communicable Diseases).
VSP is the system used to record cruise ship inspection
information - scores, violations, and recommendations for
correction of violations. The purpose of an inspection is to
ensure comprehensive cruise vessel sanitation in order to
minimize the risk of gastrointestinal diseases. Criteria for a
vessel inspection are any vessel that has a foreign itinerary and
carries 13 or more passengers and calls on a U.S. port.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

The system records the cruise line name, ship name, and
official cruise ship contact information relative to the scores
and violations. Ships report total number of GI cases per
voyage to the system, and the system calculates a percentage
of cases, which is based on the number of passenger and crew
that are also stored for each voyage. Cruise dates are stored for
each voyage to aid in data analysis when outbreaks occur.
Ships report anonymous information regarding GI outbreaks.
All of this data is permanently stored in the database.
Inspection scores and violations are available on the public
web site.
Facilitating the inspection process, the system stores
inspection schedules and inspector inspection assignments.
The system also records invoice amounts and dates for each
inspection. VSP tracks gastrointestinal illnesses among
passengers and crew during a cruise.
Data is used to monitor historical trends in ship inspection
scores individually, per cruise line, and across the industry as a
whole. It is also used to track ship’s progress in resolving issues
from prior inspections, and to make the public aware of
inspection scores and specific violation information.
The data is further used to:
1- Create invoices for inspections;
2- Analyze outbreaks and identify trends; and
3- Facilitate the determination of likely pathogens in the case
of an outbreak.
No data from VSP is exported to any other system within or
outside CDC. No PII is collected or maintained by the system,
neither temporarily nor permanently.

14 Does the system collect, maintain, use or share PII?
39 Identify the publicly-available URL:
40 Does the website have a posted privacy notice?

Yes
No
https://www.cdc.gov/nceh/vsp
Yes
No

Page 3 of 4

Save
40a

Is the privacy policy available in a machine-readable
format?

Yes

41

Does the website use web measurement and
customization technology?

Yes

No
No
Technologies

Yes

Web beacons

No
Yes

Web bugs
Select the type of website measurement and
41a customization technologies is in use and if it is used
to collect PII. (Select all that apply)

Collects PII?

No

Session Cookies
Persistent Cookies

Yes
No
Yes
No
Yes

Other...

No

42

Does the website have any information or pages
directed at children under the age of thirteen?

Yes

43

Does the website contain links to non- federal
government websites external to HHS?

Yes

No

No

General Comments

OPDIV Senior Official
for Privacy Signature

Beverly E.
Walker -S

Digitally signed by
Beverly E. Walker -S
Date: 2018.03.23 17:23:09
-04'00'

Page 4 of 4