Privacy Impact Assessment

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

TBD

2a Name:

04/18/22

Population-based surveillance of outcomes, needs, and well-bei
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Planning
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

No
Yes
No
Agency
Contractor
POC Title

Health Scientist

POC Name

Karrie Downing

POC Organization NCBDDD
POC Email

[email protected]

POC Phone

404.498.0710
New
Existing
Yes
No

8b Planned Date of Security Authorization
Not Applicable

Page 1 of 10

Save
8c

Briefly explain why security authorization is not
required

CDC has not funded an IT system to support this data
collection effort. Therefore SA is not required.

10

Describe in further detail any changes to the system
that have occurred since the last PIA.

There is no previous PIA for this new electronic information
collection

11 Describe the purpose of the system.

This project will gather information on cardiac and other
healthcare utilization, barriers to health care, quality of life,
social and educational outcomes, transition of care planning
from childhood to adulthood, and mortality of children and
adolescents (ages 2-17 years) with congenital heart defects
(CHD) as well as needs and experiences of their caregivers. The
children and adolescents will be identified as being born with a
CHD through birth defects surveillance systems from funded
sites (TBD) and Metro-Atlanta. Their parents or caregivers will
then be sent information on the project, a passive consent
form, and a paper survey.
The answers to the survey questions will be linked to
information gathered at birth from the birth defects
surveillance systems. The data will be analyzed and results will
be shared in peer-reviewed publications, national and local
meetings, and with public health stakeholders focused on
children and adolescents with CHD. This project fills a gap in
available information on children and adolescents living with
CHD. The information will help children with CHD and their
families receive better care and plan for their future.
Data from the birth defect surveillance systems will be linked
to death records to determine vital status of each child or
adolescent with CHD and year of death for those deceased. For
those not determined to be deceased, the parent or caregiver
will be tracked or traced using data from the birth defect
surveillance system to determine their current contact
information to be mailed a information on the project, a
passive consent form, and a paper survey.

Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)

The survey inquires about the cardiac and other healthcare
utilization, barriers to health care, quality of life, social and
educational outcomes, and transition of care planning from
childhood to adulthood of their child with CHD as well as the
needs and experiences of the parents or caregivers. In addition,
the survey asks the parent or caregiver for an email address if
they would like to receive periodic updates on the results of
project.
The survey data will be linked to the birth defect surveillance
system to include information on the child's diagnoses at birth
and information about their gestation and birth such as
gestational age at birth, plurality, birth weight, birth year, sex,
and maternal race.

Page 2 of 10

Save

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

The survey collects information from parents or caregivers of
children and adolescents (ages 2-17 years) with CHD in MetroAtlanta and up to three funded sites (TBD), names and dates of
birth from the birth defect surveillance systems will be used to
track and trace the current contact information (current name
and mailing address) of parents or caregivers of eligible
children with congenital heart defects to mail paper surveys to
their current address. Parents or caregivers will be mailed a a
paper survey (that takes approximately 20 minutes to
complete) on their child's cardiac and other healthcare
utilization, barriers to health care, quality of life, social and
educational outcomes, and transition of care planning from
childhood to adulthood of children and adolescents (ages 2-17
years) with congenital heart defects (CHD) as well as needs and
experiences of the caregivers. In addition, the survey asks the
parent or caregiver for an email address if they would like to
receive periodic updates on the results of project.
This information will fill a gap in the knowledge on health and
well-being of children and adolescents living with CHD. We
plan to disseminate results of this project to individuals living
with CHD and their families, CHD organizations, health
researchers, and physicians through papers, presentations, and
other documents.
Yes

14 Does the system collect, maintain, use or share PII?

Indicate the type of PII that the system will collect or
15
maintain.

No
Social Security Number

Date of Birth

Name

Photographic Identifiers

Driver's License Number

Biometric Identifiers

Mother's Maiden Name

Vehicle Identifiers

E-Mail Address

Mailing Address

Phone Numbers

Medical Records Number

Medical Notes

Financial Account Info

Certificates

Legal Documents

Education Records

Device Identifiers

Military Status

Employment Status

Foreign Activities

Passport Number

Taxpayer ID

Other...

Other...

Other...

Other...

Other...

Employees
Public Citizens
16

Indicate the categories of individuals about whom PII
is collected, maintained or shared.

Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other

Page 3 of 10

Save
17 How many individuals' PII is in the system?

18 For what primary purpose is the PII used?

19

Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)

5,000-9,999
Names and dates of birth from the birth defect surveillance
systems will be used to track and trace the current contact
information (current name and mailing address) of parents or
caregivers of eligible children with congenital heart defects to
mail paper surveys to their current address. The parent or
caregiver can choose to provide an email address on the
survey to receive periodic updates on the results of project.

Not applicable

20 Describe the function of the SSN.

Not applicable

20a Cite the legal authority to use the SSN.

Not applicable

21

Identify legal authorities governing information use Public Health Service Act, Section 301, "Research and
and disclosure specific to the system and program.
Investigation," (42 U.S.C. 241)

22

Are records on the system retrieved by one or more
PII data elements?

Yes
No
Published:

Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.

09-20-0136, Epidemiologic Studies and Surveilla

Published:
Published:
In Progress

Page 4 of 10

Save
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23

Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other

Identify the sources of PII in the system.

Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a

Identify the OMB information collection approval
number and expiration date.

24 Is the PII shared with other organizations?

Approvals are pending - 60 day comment period in progress
and will be complete on 4/15/2022
Yes
No
Within HHS

Identify with whom the PII is shared or disclosed and
24a
for what purpose.

Other Federal
Agency/Agencies
State or Local
Agency/Agencies
Private Sector

Describe any agreements in place that authorizes the
information sharing or disclosure (e.g. Computer
24b Matching Agreement, Memorandum of
Understanding (MOU), or Information Sharing
Agreement (ISA)).
24c

Describe the procedures for accounting for
disclosures

Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
26

Is the submission of PII by individuals voluntary or
mandatory?

The survey is completed by the individual, who may choose to
provide an email address if they are interested in receiving
periodic updates on the project.
Voluntary
Mandatory

Page 5 of 10

Save
Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.

The informational letter, consent form, and the survey itself,
state that the individual can skip any question on the survey.
The participants will also be provided a name, email, and
phone number of a project coordinator, if they have additional
questions or wish to opt-out of the project.

Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.

Funded sites will be responsible for notifying participants of
major changes to the use of participant data, if changes are
made. Sites may use differing methods to communicate this
information to survey participants. No change of this type is
anticipated to take place throughout the course of the project.

Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.

Potential and participating individuals who have concerns
about the use/misuse/inaccuracy of their PII can contact the
the project site and request for the information to be corrected
or withdrawn - A name, email, and phone number of a project
site coordinator will be provided in the survey mailing.
Participants at any point in the project and after can request to
be removed from the project.

Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.

The project data analyst will initially conduct a quality
assurance step comparing name and address on the survey
materials, the information gathered during tracking and
tracing, and the information in the birth defects registries to
ensure accuracy. Inaccurate or irrelevant information will be
removed from the system. Ongoing review of data entry
accuracy will occur during double data entry and regular
quality checks of the project dataset.
Users
Administrators

31

Identify who will have access to the PII in the system
and the reason why they require access.

Comparing the name and address on
the survey materials, the information

Developers
Contractors

Preparation and distribution of survey
mailing materials.

Others

CDC PI, supervision of all project staff

Describe the procedures in place to determine which All individuals who have access to PII must receive prior
32 system users (administrators, developers,
mandatory ethics training and additional CDC training on
contractors, etc.) may access PII.
confidentiality procedures related to birth defects registries.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.

User roles are implemented to limit information displayed to
individual users, both for functional as well as security
purposes. Information displayed to a particular role is limited
to necessary “need to know” information based on a specific
role’s required tasks throughout the project.

Page 6 of 10

Save

Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.

These individuals receive annual mandatory CDC training on
confidentiality procedures related to birth defects registries.
Once confidentiality training is complete, personnel must sign
a confidentiality agreement that indicates that the signee has
carefully read and understands the agreement and the
confidentiality of all records handled. Confidentiality training
must be received before an individual is allowed access to
project data containing PII. Confidentiality training is renewed
every 365 days.

Describe training system users receive (above and
35 beyond general security and privacy awareness
training).

CDC staff and contractors who have access to project PII
receive confidentiality training. This training covers the
procedures and practices to protect the confidentiality of the
data collected or distributed. Project personnel (students, data
managers, project coordinators, PI) are required at all times to
maintain and protect the data and confidential records that
may come into their presence and under their control. This
training covers, but is not limited to, the following areas of
concern: restrictions on use of information, enhanced
protection of computerized files as part of implementation,
dissemination of research results, data sharing with other study
partners, analytic data access policies and procedures,
instructions concerning confidentiality procedures, procedures
for traveling with confidential study materials, and loss of study
materials containing confidential data. Once confidentiality
training is complete, personnel must sign a confidentiality
agreement that indicates that signee has carefully read and
understands the agreement and the confidentiality of all
records handled. In addition, personnel in specific roles receive
training and awareness related to those roles as needed, e.g.,
computer system administrators and other IT personnel
receive training on computer system security.

Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?

Yes
No
Records are retained and disposed in accordance with the
Scientific and Research Project Records Control Schedule.
PII will be removed before records are archived. Contractors
will transfer relevant records before the end of the award.

Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.

Identifying information will be collected during the data
collection period. During data cleaning, PII will be separated
from other survey elements and stored in a separate file on a
restricted-use folder on a CDC server. Only the research staff
will have access to a list linking a participant’s PII to his/her deidentified survey and birth defect surveillance system data. All
project data will be stored at the CDC in restricted use files only
accessible to individuals who have received confidentiality
training and signed a confidentiality agreement.

Page 7 of 10

Save

Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.

Administrative Controls:
Access to PII follows a least privilege model. Project staff
receive Assurance of Confidentiality training and birth defect
registry-specific confidentiality training. This training covers
the procedures and practices to protect the confidentiality of
the data collected or distributed. Project personnel (CDC staff,
contractors, students) are required at all times to maintain and
protect the survey data and confidential records that may
come into their presence and under their control. This training
covers, but is not limited to, the following areas of concern:
restrictions on use of information, enhanced protection of
computerized files as part of study implementation,
dissemination of results, data sharing with other partners,
analytic data access policies and procedures, instructions
concerning confidentiality procedures, procedures for
traveling with confidential materials, and loss of survey
materials containing confidential data. Once confidentiality
training is complete, personnel must sign a confidentiality
agreement that indicates that signee has carefully read and
understands the agreement and the confidentiality of all
records handled.
Technical Controls:
Access to PII follows a least privilege model. The PII is secured
in restricted-use folders within the CDC electronic system.
Secure logins and using key cards and passcodes prevent
unauthorized access to the project data. Roles will be utilized
to prevent unnecessary viewing of PII. Storage will utilize FIPScompliant encryption. Server room remains locked at all times
through the use of RFID key cards and personal security
passcodes assigned to individual authorized IT staff with
proper security privileges.
Physical Controls:
Physical measures, policies, and procedures are in place at the
CDC office to protect information, buildings, and equipment
from unauthorized intrusions, environmental hazards, and
natural hazards. PII is stored in a separate cabinet and room
than the other survey information. The survey information is
stored in locked filing cabinets in the office of the PI, which
remains locked when not in use. After data entry is complete,
any data collected on paper is stored in a secured file room
with keyed access by only two individuals.

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes

Page 8 of 10

Save
Reviewer Questions
2

Answer

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Page 9 of 10

Save
Reviewer Questions

Answer

Reviewer
Notes

General Comments

OPDIV Senior Official
for Privacy Signature

Jarell
Oshodi -S

Digitally signed by Jarell
HHS Senior
Oshodi -S
Agency Official
Date: 2022.05.19
for Privacy
15:34:19 -04'00'

Page 10 of 10