Privacy Impact Assessment

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

0920-0457

2a Name:

Aggregated Reports for TB Program Evaluation (ARPE)
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Operations and Maintenance
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8a Date of Security Authorization

No
Yes
No
Agency
Contractor
POC Title

Health Scientist

POC Name

Kai Young

POC Organization CDC
POC Email

[email protected]

POC Phone

404-639-2217
New
Existing
Yes
No

8/18/2019

Page 1 of 4

Save

9

Indicate the following reason(s) for updating this PIA.
Choose from the following options.

PIA Validation (PIA
Refresh/Annual Review)
Anonymous to NonAnonymous
New Public Access
Internal Flow or Collection

Significant System
Management Change
Alteration in Character of
Data
New Interagency Uses
Conversion

Commercial Sources
Other...
Describe in further detail any changes to the system
10
that have occurred since the last PIA.

Since the last PIA, additional data elements (nativity, diagnostic
tests, and drug regimen) have been added to the system to
allow for the evaluation of adaptation and effectiveness of new
interventions--namely, short term drug regimen.

11 Describe the purpose of the system.

The purpose of the system is to facilitate the monitoring and
evaluation of national progress toward tuberculosis (TB)
elimination. Data are used to evaluate the effectiveness of TB
control and prevention strategies through contact tracing and
targeted testing and to estimate funding needs.

Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)

The National TB Indicators Project (NTIP) system collects and
stores summary reports of contact investigation and targeted
testing efforts undertaken by the state and local health
departments.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

Respondents provide the data following the reporting format
as outlined on the "Aggregate Reports for Tuberculosis
Program Evaluation." Data elements include number of cases
investigated and number of contacts examined and diagnosed
with TB disease or infection, and the number of patients
completed treatment, the number who move/lost to followup, or died. Data are submitted to the Centers for Disease
Control and Prevention (CDC) annually via NTIP, a CDCencrypted data system for program evaluation data. Data are
presented in the form of indicator reports and disseminated
back to the program through the NTIP system. National data
are published on the CDC website.

14 Does the system collect, maintain, use or share PII?

Yes
No

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes
2

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes
No

Reviewer
Notes

Page 2 of 4

Save
Reviewer Questions
3

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Answer
Yes
No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Reviewer
Notes

Page 3 of 4

Save

General Comments

OPDIV Senior Official
for Privacy Signature

Beverly E.
Walker -S

Digitally signed by
Beverly E. Walker -S
Date: 2019.06.10
09:41:26 -04'00'

HHS Senior
Agency Official
for Privacy

Page 4 of 4