Pia

NIAID ClinRegs_PIA (1).docx

Generic Clearance for NIH Citizen Science and Crowdsourcing Projects (OD)

PIA

OMB: 0925-0766

Document [zip]
Download: zip | pdf

Save

Shape18

Privacy Impact Assessment Form

v 1.47.4


Status Form Number Form Date

Question Answer

1

OPDIV:



2

PIA Unique Identifier:




2a


Name:


NIAID ClinRegs Country Experts Interest






3





The subject of this PIA is which of the following?

General Support System (GSS) Major Application

Minor Application (stand-alone) Minor Application (child)

Electronic Information Collection Unknown


3a

Identify the Enterprise Performance Lifecycle Phase of the system.

Implementation



3b


Is this a FISMA-Reportable system?


Yes No



4

Does the system include a Website or online application available to and for the use of the general public?

Yes No

Accept Reject


5


Identify the operator.

Agency Contractor






6





Point of Contact (POC):

POC Title Assistant Director for Special Projects


POC Name Jonathan Kagan, Ph.D. POC Organization NIAID

POC Email [email protected]

POC Phone 240-669-5221





Accept Reject


7


Is this a new or existing system?

New Existing



8


Does the system have Security Authorization (SA)?

Yes No

Accept Reject

8a

Date of Security Authorization


Dec 31, 2018


Shape17 Shape1 Shape2 Shape3 Shape4 Shape5 Shape6 Shape7 Shape8 Shape9 Shape10 Shape11 Shape12 Shape13 Shape14 Shape15 Shape16


NIAID ClinRegs (clinregs.niaid.nih.gov) is a web-based resource providing country-specific clinical research regulatory information for the purpose of enhancing efficiency and

11 Describe the purpose of the system. quality in global clinical trials. To assure that ClinRegs is

meeting its objectives, it is necessary to solicit feedback via the

ClinRegs Country Experts Interest Form from users about the accuracy of content on the site and as to whether additional information should be included.




Accept Reject

Describe the type of information the system will The type of information NIAID ClinRegs will collect is email

12 collect, maintain (store), or share. (Subsequent address, countries of expertise, and primary organization questions will identify if this information is PII and ask affiliation.

about the specific data elements.)

Accept Reject

Provide an overview of the system and describe the NIAID ClinRegs (clinregs.niaid.nih.gov) is a web-based resource

13 information it will collect, maintain (store), or share, providing country-specific clinical research regulatory

either permanently or temporarily. information for the purpose of enhancing efficiency and

Accept Reject

Yes

14 Does the system collect, maintain, use or share PII?

No

Accept

Reject

39 Identify the publicly-available URL: clinregs.niaid.nih.gov

Accept

Reject

Yes

40 Does the website have a posted privacy notice?

No

Accept

Reject

Is the privacy policy available in a machine-readable Yes 40a format? No

Does the website use web measurement and Yes

41 customization technology? No

Accept

Reject

Does the website have any information or pages Yes

42 directed at children under the age of thirteen? No

Accept Reject

Does the website contain links to non- federal Yes

43 government websites external to HHS? No

Accept

Reject

Is a disclaimer notice provided to users that follow Yes 43a external links to websites not owned or operated by

HHS? No



REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy.

Reviewer Questions Answer

Yes

1 Are the questions on the PIA answered correctly, accurately, and completely?

No

Accept

Reject

Reviewer

Notes

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose Yes

2 justified by appropriate legal authorities? No

Accept

Reject

Reviewer

Notes

Shape19 Shape21 Shape23 Shape27 Shape20 Shape22 Shape24 Shape25 Shape26 Shape28 Shape29 Shape30 Shape31 Shape32 Shape33 Shape34 Shape35 Shape36 Shape37 Shape38 Shape39 Shape40 Shape41 Shape42



Reviewer Questions

Answer



3

Do system owners demonstrate appropriate understanding of the impact of the PII in the system and provide sufficient oversight to employees and contractors?

Yes

No

Accept

Reject

Reviewer

Notes


4


Does the PIA appropriately describe the PII quality and integrity of the data?

Yes

No

Accept

Reject

Reviewer

Notes


5


Is this a candidate for PII minimization?

Yes

No

Accept

Reject

Reviewer

Notes


6


Does the PIA accurately identify data retention procedures and records retention schedules?

Yes

No

Accept

Reject

Reviewer

Notes


7


Are the individuals whose PII is in the system provided appropriate participation?

Yes

No

Accept

Reject

Reviewer

Notes


8


Does the PIA raise any concerns about the security of the PII?

Yes

No

Accept

Reject

Reviewer

Notes

9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need to be?

Yes

No

Accept

Reject

Reviewer

Notes


10


Is the PII appropriately limited for use internally and with third parties?

Yes

No

Accept

Reject

Reviewer

Notes


11


Does the PIA demonstrate compliance with all Web privacy requirements?

Yes

No

Accept

Reject

Reviewer

Notes


12


Were any changes made to the system because of the completion of this PIA?

Yes

No

Accept

Reject

Reviewer

Notes

Shape43 Shape44 Shape45 Shape46 Shape47 Shape48 Shape49 Shape50 Shape51 Shape52 Shape53 Shape54 Shape55 Shape56 Shape57 Shape58 Shape59 Shape60 Shape61 Shape62





General Comments



The NIAID ClinRegs Country Experts Interest is an electronic information collection form whose OMB Control number is 0925-0668 , with a expiration date of 04/2022.


OPDIV Senior Official for Privacy Signature


HHS Senior Agency Official for Privacy


Third-Party Website Assessment PIA Form

v 1.47.4

Status

Form Number Read Only

Form Date

Read Only


Question

Answer



1 OPDIV:

Read Only - OPDIV Read Only - TPWA UID

Read Only - TPWA Name


2 TPWA Unique Identifier (UID):


3 TPWA Name:



4 Is this a new TPWA?

Yes

No


4a Please provide the reason for revision

Will the use of a third-party Website or application

5 create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy

Act?


Yes No



Accept Reject

Indicate the SORN number (or identify plans to put SORN Number: 5a one in place.)

If not published:

Will the use of a third-party Website or application

6 create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)?

Yes

No


Accept

Reject


Indicate the OMB approval number and approval 6a number expiration date (or describe the plans to

obtain OMB clearance.)

OMB Approval Number Expiration Date

Explanation





7 Does the third-party Website or application contain Federal Records?

Yes

No


Accept

Reject

Shape69 Shape63 Shape64 Shape65 Shape66 Shape67 Shape68 Shape70 Shape71 Shape72 Shape73 Shape74 Shape75 Shape76 Shape77



POC Title




POC Name



8 Point of Contact (POC):

POC Organization

Accept

Reject


POC Email



POC Phone


9 Describe the specific purpose for the OPDIV use of the third-party Website or application:



Accept

Reject

Have the third-party privacy policies been reviewed

10 to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use?


Yes

No

Accept

Reject

Describe alternative means by which the public can

11 obtain comparable information or services if they choose not to use the third-party Website or

application:



Accept Reject

Does the third-party Website or application have

12 appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors?


Yes

No

Accept

Reject

13 How does the public navigate to the third party Website or application from the OPIDIV?



Accept

Reject

13a Please describe how the public navigate to the third- party website or application:

If the public navigate to the third-party website or

13b application via an external hyperlink, is there an alert to notify the public that they are being directed to a

nongovernmental Website?


Yes No


Has the OPDIV Privacy Policy been updated to

14 describe the use of a third-party Website or application?


Yes No

Accept Reject

14a Provide a hyperlink to the OPDIV Privacy Policy:

15 Is an OPDIV Privacy Notice posted on the third-party Website or application?


Yes No

Accept Reject

Confirm that the Privacy Notice contains all of the

following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII

15a that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy






Yes No


Is the OPDIV's Privacy Notice prominently displayed

15b at all locations on the third-party Website or application where the public might make PII

available?


Yes No


Shape78 Shape79 Shape80 Shape81 Shape82 Shape83 Shape84 Shape85 Shape86 Shape87 Shape88 Shape89 Shape90 Shape91 Shape92 Shape93 Shape94 Shape95


16 Is PII collected by the OPDIV from the third-party Website or application?

Yes

No


Accept

Reject

17 Will the third-party Website or application make PII available to the OPDIV?

Yes

No


Accept

Reject

Describe the PII that will be collected by the OPDIV

from the third-party Website or application and/or

18 the PII which the public could make available to the OPDIV through the use of the third-party Website or

application and the intended or expected use of the PII:





Accept Reject

Describe the type of PII from the third-party Website

19 or application that will be shared, with whom the PII will be shared, and the purpose of the information

sharing:



Accept Reject

19a If PII is shared, how are the risks of sharing PII mitigated?

20 Will the PII from the third-party Website or application be maintained by the OPDIV?

Yes

No


Accept

Reject

20a If PII will be maintained, indicate how long the PII will be maintained:

21 Describe how PII that is used or maintained will be secured:



Accept

Reject

22 What other privacy risks exist and how will they be mitigated?



Accept

Reject


REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy.

Reviewer Questions


Answer



1 Are the responses accurate and complete?


Yes

No

Accept

Reject

Reviewer

Notes

Is the TPWA compliant with all M-10-23 requirements, including appropriate branding and Yes Accept

2 alerts? No Reject

Reviewer

Notes

Has the OPDIV posted an updated privacy notice on the TPWA and does it contain the five Yes Accept

3 required elements? No Reject

Reviewer

Notes

Shape96 Shape97 Shape98 Shape99 Shape100 Shape101 Shape102 Shape103 Shape104 Shape105 Shape106 Shape107 Shape108 Shape109 Shape110 Shape111 Shape112 Shape113 Shape114



REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy.


4


Does the PIA clearly identify PII made available and/or collected by the TPWA?

Yes

No

Accept

Reject

Reviewer

Notes


5


Is the handling of PII appropriate?

Yes

No

Accept

Reject

Reviewer

Notes


General Comments


Shape115



OPDIV Senior Official for Privacy Signature

HHS Senior Agency Official for Privacy

Shape116 Shape117 Shape118 Shape119 Shape120 Shape121

Page 3 of 7


File Typeapplication/zip
File Modified0000-00-00
File Created2023-08-22

© 2024 OMB.report | Privacy Policy