Privacy Impact Assessment

Save

Privacy Impact Assessment Form
v 1.21
Status

Form Number

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

TBD

2a Name:

03/22/23

Population-based surveillance of outcomes, needs, and well-bei
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Planning
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8a Date of Security Authorization

No
Yes
No
Agency
Contractor
POC Title

Health Scientist

POC Name

Karrie Downing

POC Organization NCBDDD
POC Email

[email protected]

POC Phone

404.498.0710
New
Existing
Yes
No

REDCap PIA ATO is 8-26-2022

Page 1 of 11

Save

10

Describe in further detail any changes to the system
that have occurred since the last PIA.

11 Describe the purpose of the system.

Previous PIA was approved to conduct the survey though mail
only . Survey participants will also be given the option to take
the survey online in REDCap. Funded sites have been
identified.
This project will gather information on cardiac and other
healthcare utilization, barriers to health care, quality of life,
social and educational outcomes, transition of care planning
from childhood to adulthood, and mortality of children and
adolescents (ages 2-17 years) with Congenital Heart Defects
(CHD) as well as needs and experiences of their caregivers. The
children and adolescents will be identified as being born with a
CHD through birth defects surveillance systems from funded
sites (Boston University, Minnesota Department of Health) and
Metro-Atlanta. Once identified, the sites will send the children's
parents or caregivers information on the project, a passive
consent form, a paper survey, and a link to take the survey
online via REDCap if preferred.
The de-identified answers to the survey questions will be
linked to de-identified information gathered at birth from the
birth defects surveillance systems using a code. The deidentified data will be analyzed and results will be shared in
peer-reviewed publications, national and local meetings, and
with public health stakeholders focused on children and
adolescents with CHD. This project fills a gap in available
information on children and adolescents living with CHD. The
information will help children with CHD and their families
receive better care and plan for their future.
At each site, data from the birth defect surveillance systems
will be linked to death records to determine vital status of each
child or adolescent with CHD and year of death for those
deceased. For those not determined to be deceased, each site
will track the parent or caregiver using data from the birth
defect surveillance system to determine their current contact
information. Each site will mail parents information on the
project, a passive consent form, a paper survey and a link to
take the survey online via REDCap if preferred.

Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)

The survey inquires about the cardiac and other healthcare
utilization, barriers to health care, quality of life, social and
educational outcomes, and transition of care planning from
childhood to adulthood of their child with CHD as well as the
needs and experiences of the parents or caregivers. To receive
project updates, participants may also provide their email
address on the paper survey or on paper after survey
completion for those completing it online.
The de-identified survey data will be linked to the de-identified
birth defect surveillance system data to include information on
the child's diagnoses at birth and information about their
gestation and birth such as gestational age at birth, plurality,
birth weight, birth year, sex, and maternal race.

Page 2 of 11

Save

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

Parents or caregivers of children and adolescents (ages 2-17
years) with CHD, identified from three birth defects
surveillance systems, will be sent a ~20-minute survey asking
about their child's health, social, educational, and other
outcomes as well as needs and experiences of the caregivers.
In addition, the survey asks the parent or caregiver for an email
address if they would like to receive periodic updates on the
results of project. Completed surveys will be collected and
stored at CDC. Participants will be assigned a random number
as their participant ID for the project. This participant ID will be
linkable to their current contact information, which is not
included in this system or shared between sites. CDC will notify
sites of participant IDs who have completed a survey so that
the sites can mail those participants a thank you letter as
appreciation for their time and effort to complete the survey.
De-identified survey data will be linked to de-identified birth
defects surveillance data and shared across sites. Email
addresses of survey participants will be stored separately from
survey answers. Results of this project will be disseminated to
individuals living with CHD and their families, CHD
organizations, health researchers, and physicians through
papers, presentations, and other documents.
This information will fill a gap in the knowledge on health and
well-being of children and adolescents living with CHD. We
plan to disseminate results of this project to individuals living
with CHD and their families, CHD organizations, health
researchers, and physicians through papers, presentations, and
other documents.
Data sources includes:
Birth defects surveillance systems from funded sites (Boston
University, Minnesota Department of Health) and MetroAtlanta
Participant authentication:
Each survey participant will receive a QR code that takes them
directly to their individual online survey. They will receive their
QR code via mail. Physical access to the QR code will be the
only point of authentication for the participant. They will not
have to enter any additional information online to get to their
specific online survey. They will not have access to anything
other than their specific online survey in REDCap.
Staff authentication:
CDC staff will be accessing REDCap via SAMS, which requires
an authenticated SAMS account, a CDC SmartCard, and pin.”

14 Does the system collect, maintain, use or share PII?

Yes
No

Page 3 of 11

Save

Indicate the type of PII that the system will collect or
15
maintain.

Social Security Number

Date of Birth

Name

Photographic Identifiers

Driver's License Number

Biometric Identifiers

Mother's Maiden Name

Vehicle Identifiers

E-Mail Address

Mailing Address

Phone Numbers

Medical Records Number

Medical Notes

Financial Account Info

Certificates

Legal Documents

Education Records

Device Identifiers

Military Status

Employment Status

Foreign Activities

Passport Number

Taxpayer ID

Birth weight

Particpant ID

Sex

Gestational age at birth

Maternal race

Employees
Public Citizens
16

Indicate the categories of individuals about whom PII
is collected, maintained or shared.

Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other

17 How many individuals' PII is in the system?

5,000-9,999
Names and dates of birth from the birth defect surveillance
systems will be used at each site to track and trace the current
contact information (current name, mailing address, and
phone number) of parents or caregivers of eligible children
with congenital heart defects to mail survey packets to their
current address. The PII from each site's surveillance system
and tracking and tracing efforts, remains at each site and is not
shared across sites.

18 For what primary purpose is the PII used?

To receive project updates, participants may also provide their
email address on the paper survey or on paper after survey
completion for those completing it online, mailed to CDC. CDC
will email project updates individually to parents who request
them and provide their email address.
Participants will be assigned a random number as their
participant ID for the project. This participant ID will be linkable
to their current contact information, which is not included in
this system or shared between sites. CDC will notify sites of
participant IDs who have completed a survey so that the sites
can mail those participants a thank you letter as appreciation
for their time and effort to complete the survey.

19

Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)

Not applicable

Page 4 of 11

Save
20 Describe the function of the SSN.

Not applicable

20a Cite the legal authority to use the SSN.

Not applicable

21

Identify legal authorities governing information use Public Health Service Act, Section 301, "Research and
and disclosure specific to the system and program.
Investigation," (42 U.S.C. 241)

22

Are records on the system retrieved by one or more
PII data elements?

Yes
No
Published:

Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.

09-20-0136, Epidemiologic Studies and Surveilla

Published:
Published:
In Progress
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources

23

Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other

Identify the sources of PII in the system.

Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a

Identify the OMB information collection approval
number and expiration date.

24 Is the PII shared with other organizations?

OMB Control Number: 0920-1382, Exp. date: 1/31/2026
Yes
No

Page 5 of 11

Save
Within HHS

24a

Identify with whom the PII is shared or disclosed and
for what purpose.

Other Federal
Agency/Agencies
State or Local
Agency/Agencies
Private Sector

Describe any agreements in place that authorizes the
information sharing or disclosure (e.g. Computer
24b Matching Agreement, Memorandum of
Understanding (MOU), or Information Sharing
Agreement (ISA)).
24c

Describe the procedures for accounting for
disclosures

Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.
26

Is the submission of PII by individuals voluntary or
mandatory?

The survey is completed by the parents of children with CHD,
who may choose to provide an email address to CDC if they are
interested in receiving periodic updates on the project.
Voluntary
Mandatory

Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.

The informational letter, consent form, and the survey itself,
state that the individual can skip any question on the survey.
The participants will also be provided a name, email, and
phone number of a project coordinator, if they have additional
questions or wish to opt-out of the project.

Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
28 and/or data uses have changed since the notice at
the time of original collection). Alternatively, describe
why they cannot be notified or have their consent
obtained.

Funded sites will be responsible for notifying participants of
major changes to the use of participant data, if changes are
made. Sites may use differing methods to communicate this
information to survey participants. No change of this type is
anticipated to take place throughout the course of the project.

Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or
that the PII is inaccurate. If no process exists, explain
why not.

Potential and participating individuals who have concerns
about the use/misuse/inaccuracy of their PII can contact the
project site and request for the information to be corrected or
withdrawn - A name, email, and phone number of a project
site coordinator will be provided in the survey mailing.
Participants at any point in the project and after can request to
be removed from the project.

Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.

The project data analyst will initially conduct a quality
assurance step comparing name and address on the survey
materials, the information gathered during tracking and
tracing and the information in the birth defects registries to
ensure accuracy. Inaccurate or irrelevant information will be
removed from the system. Ongoing review of data entry
accuracy will occur during double data entry and regular
quality checks of the project dataset.

Page 6 of 11

Save
Users
Administrators
31

Identify who will have access to the PII in the system
and the reason why they require access.

Comparing the name and address on
the survey materials, the information

Developers
Contractors

Tracking and tracing for current
contact information. Preparation and

Others

CDC PI, supervision of all project staff

Describe the procedures in place to determine which All individuals who have access to PII must receive prior
mandatory ethics training, assurance of confidentiality training,
32 system users (administrators, developers,
and additional CDC training on confidentiality procedures
contractors, etc.) may access PII.
related to birth defects registries.
Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.

User roles are implemented to limit information displayed to
individual users, both for functional as well as security
purposes. Information displayed to a particular role is limited
to necessary “need to know” information based on a specific
role’s required tasks throughout the project.

Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.

These individuals receive annual mandatory CDC training on
assurance of confidentiality and confidentiality procedures
specific to birth defects registries. Once confidentiality training
is complete, personnel must sign a confidentiality agreement
that indicates that the signee has carefully read and
understands the agreement and the confidentiality of all
records handled. Confidentiality training must be received
before an individual is allowed access to project data
containing PII. Confidentiality training is renewed every 365
days.

Describe training system users receive (above and
35 beyond general security and privacy awareness
training).

CDC staff and contractors who have access to project PII
receive confidentiality training. This training covers the
procedures and practices to protect the confidentiality of the
data collected or distributed. Project personnel (students, data
managers, project coordinators, PI) are required at all times to
maintain and protect the data and confidential records that
may come into their presence and under their control. This
training covers, but is not limited to, the following areas of
concern: restrictions on use of information, enhanced
protection of computerized files as part of implementation,
dissemination of research results, data sharing with other study
partners, analytic data access policies and procedures,
instructions concerning confidentiality procedures, procedures
for traveling with confidential study materials, and loss of study
materials containing confidential data. Once confidentiality
training is complete, personnel must sign a confidentiality
agreement that indicates that signee has carefully read and
understands the agreement and the confidentiality of all
records handled. In addition, personnel in specific roles receive
training and awareness related to those roles as needed, e.g.,
computer system administrators and other IT personnel
receive training on computer system security.

Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?

Yes
No

Page 7 of 11

Save
Records are retained and disposed in accordance with
Scientific and Research Project Records Control Schedule
N1-442-09-01. PII will be removed before records are archived.
Contractors will transfer relevant records before the end of the
award.
Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.

Identifying information (email address) will be collected during
the data collection period. During data cleaning, email address
will be separated from other survey elements and stored in a
separate file on a restricted-use folder on a CDC server. Only
the research staff will have access to a list linking a participant’s
PII to his/her de-identified survey and birth defect surveillance
system data. All project data will be stored at the CDC in
restricted use files only accessible to specific project staff who
have received confidentiality training and signed a
confidentiality agreement.

Page 8 of 11

Save
Administrative Controls:
Project staff receive Assurance of Confidentiality training and
birth defect registry-specific confidentiality training. This
training covers the procedures and practices to protect the
confidentiality of the data collected or distributed. Project
personnel (CDC staff, contractors, students) are required at all
times to maintain and protect the survey data and confidential
records that may come into their presence and under their
control. This training covers, but is not limited to, the following
areas of concern: restrictions on use of information, enhanced
protection of computerized files as part of study
implementation, dissemination of results, data sharing with
other partners, analytic data access policies and procedures,
instructions concerning confidentiality procedures, procedures
for traveling with confidential materials, and loss of survey
materials containing confidential data. Once confidentiality
training is complete, personnel must sign a confidentiality
agreement that indicates that signee has carefully read and
understands the agreement and the confidentiality of all
records handled.
Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.

Technical Controls:
Access to PII follows a least privilege model. The PII is secured
in restricted-use folders within the CDC electronic system.
Secure logins and using key cards and passcodes prevent
unauthorized access to the project data. Roles will be utilized
to prevent unnecessary viewing of PII. Storage will utilize FIPScompliant encryption. Server room remains locked at all times
through the use of RFID key cards and personal security
passcodes assigned to individual authorized IT staff with
proper security privileges.
Physical Controls:
Physical measures, policies, and procedures are in place at the
CDC office to protect information, buildings, and equipment
from unauthorized intrusions, environmental hazards, and
natural hazards. PII is stored in a separate cabinet and room
than the other survey information. The survey information is
stored in locked filing cabinets in the office of the PI, which
remains locked when not in use. After data entry is complete,
any data collected on paper is stored in a secured file room
with keyed access by only two individuals.

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.

Reviewer Questions
1

Are the questions on the PIA answered correctly, accurately, and completely?

Answer
Yes
No

Reviewer
Notes

Page 9 of 11

Save
Reviewer Questions
2

Answer

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?

Yes

Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?

Yes

No

Reviewer
Notes
3

No

Reviewer
Notes
4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes
No

Reviewer
Notes
5

Is this a candidate for PII minimization?

Yes
No

Reviewer
Notes
6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes
No

Reviewer
Notes
7

Are the individuals whose PII is in the system provided appropriate participation?

Yes
No

Reviewer
Notes
8

Does the PIA raise any concerns about the security of the PII?

Yes
No

Reviewer
Notes
9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?

Yes
No

Reviewer
Notes
10

Is the PII appropriately limited for use internally and with third parties?

Yes
No

Reviewer
Notes
11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes
No

Reviewer
Notes
12

Were any changes made to the system because of the completion of this PIA?

Yes
No

Page 10 of 11

Save
Reviewer Questions

Answer

Reviewer
Notes

General Comments

OPDIV Senior Official
for Privacy Signature

Beverly E.
Walker -S

Digitally signed by
Beverly E. Walker -S
Date: 2023.05.18
19:08:09 -04'00'

HHS Senior
Agency Official
for Privacy

Page 11 of 11