Privacy Impact Assessment (PIA)

PIA form.pdf

[NIOSH] Health Hazard Evaluations/Technical Assistance and Emerging Problems

Privacy Impact Assessment (PIA)

OMB: 0920-0260

Document [pdf]
Download: pdf | pdf
Save

Privacy Impact Assessment Form
v 1.47.4
Status Draft

Form Number

F-75102

Form Date

Question

Answer

1

OPDIV:

CDC

2

PIA Unique Identifier:

P-6273809-961392

2a Name:

8/25/2022 3:57:48 PM

Modernization Platform (MPN)
General Support System (GSS)
Major Application

3

Minor Application (stand-alone)

The subject of this PIA is which of the following?

Minor Application (child)
Electronic Information Collection
Unknown

3a

Identify the Enterprise Performance Lifecycle Phase
of the system.

Operations and Maintenance
Yes

3b Is this a FISMA-Reportable system?

4

Does the system include a Website or online
application available to and for the use of the general
public?

5

Identify the operator.

6

Point of Contact (POC):

7

Is this a new or existing system?

8

Does the system have Security Authorization (SA)?

8a Date of Security Authorization

No
Yes
No
Agency
Contractor
POC Title

Associate Director of IT

POC Name

Mike Loudermilk

POC Organization CDC/NIOSH/OD
POC Email

[email protected]

POC Phone

404.498.1988
New
Existing
Yes
No

Oct 19, 2022

Page 1 of 12

Save

11 Describe the purpose of the system.

The Modernization Platform (MPN) is a strategic effort to align
existing National Institute for Occupational Safety and Health
(NIOSH) investments to open standards and modern data
services. This platform provides a framework to effectively
manage and provide oversight of NIOSH Information
Technology (IT) systems while encouraging the adoption of
the NIOSH Edge Computing Platform (NECP) and CDC Cloud
Strategy.
The platform supports the replacement and limited
redevelopment of NIOSH applications using agile
methodologies. The platform will be Federal IT Acquisition
Reform Act (FITARA) compliant in planning, programming, and
budgeting and is Federal Information Security Management
Act (FISMA) Moderate.
MPN maintains Social Security Numbers (SSN), names, email
addresses, mailing/physical addresses, phone numbers,
medical notes, certificates, date of birth (DOB), photographic
identifiers, biometric identifiers, demographics (ethnicity and
gender), medical record numbers, military and employment
status.
Other related data include the types of injuries/fatalities
involved in incident, general time and physical location
information related to incident, general exposures, work
behaviors, cancer diagnoses, and other relevant risk factors
with the intent to monitor cancer incidence and other health
related risk factors. Also, desensitized narratives from surveys
and injury context are collected.

Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)
All full time employees and contractors that utilize MPN use
Centers for Disease Control (CDC) user credentials/Personal
Identity Verification (PIV) card to access the system in
conjunction with Active Directory (AD) Services within the
CDC/Agency for Toxic Substances and Disease Registry
(ATSDR) Enterprise. AD is a separate system and is covered by
a separate PIA. Authorized System users have AD accounts
with role-based access to the information system. Some
contractors use CDC credentials to work on behalf of the
agency.
External partners authenticate via Secure Access Management
Services (SAMS), which has its own PIA.

Page 2 of 12

Save
MPN helps to store and share information amongst the NIOSH
divisions which are located in various states. The information
collected is accessed by authorized NIOSH employees, giving
them the ability to enter, search, and view collected data.
MPN collects and maintains identifying information about the
workers involved in the safety incident such as participant
names to ensure collected data is associated with the correct
person. DOB is collected to understand the relationship
between age and safety. Medical information (medical notes,
medical records number, biometric identifiers, medical/health
history) is collected to understand the safety and health risks of
certain tasks and/or environments.

Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.

Demographic information like ethnicity or gender is collected
to understand the role of ethnicity and gender in safety.
Contact information is to ensure that program participants can
be contacted. Employment status and work history is collected
to understand how a worker's role and industry employment
relates to safety.
Other data collected includes the types of injuries/fatalities
involved in incident for safety incident type classifications,
general time and physical location information related to
incident to understand environmental context. Also,
desensitized narratives, from surveys, that may help clarify
what the root causes and contributing factors were for the
incident. Injury context is collected in order to organize each
safety incident into quantifiable data that can be analyzed.
MPN collects external users’ business contact information
(email and phone number) for account set up and user
support.
All full time employees and contractors that utilize MPN use
CDC user credentials/PIV card to access the system in
conjunction with Active Directory Services within the CDC/
ATSDR Enterprise. AD is a separate system with its own PIA.
External partners authenticate via Secure Access Management
Services (SAMS), which has its own PIA.

14 Does the system collect, maintain, use or share PII?

Yes
No

Page 3 of 12

Save

15

Indicate the type of PII that the system will collect or
maintain.

Social Security Number

Date of Birth

Name

Photographic Identifiers

Driver's License Number

Biometric Identifiers

Mother's Maiden Name

Vehicle Identifiers

E-Mail Address

Mailing Address

Phone Numbers

Medical Records Number

Medical Notes

Financial Account Info

Certificates

Legal Documents

Education Records

Device Identifiers

Military Status

Employment Status

Foreign Activities

Passport Number

Taxpayer ID
Demographic information
Medical/health history
Race/ethnicity
Gender
Job title/Dates of employment
Employees
Public Citizens
Indicate the categories of individuals about whom PII
16
is collected, maintained or shared.

Business Partners/Contacts (Federal, state, local agencies)
Vendors/Suppliers/Contractors
Patients
Other

17 How many individuals' PII is in the system?

18 For what primary purpose is the PII used?

19

Describe the secondary uses for which the PII will be
used (e.g. testing, training or research)

Publication Authors, Respirator Manufacturers seeking
approval.

1,000,000 or more
MPN collects external users’ business contact information
(email and phone number) for account set up and user
support. MPN collects and maintains identifying information
about the workers involved in the safety incident such as
participants' names to ensure collected data is associated with
the correct person. DOB is collected to understand any
relationship between age and safety. Medical information
(medical notes, medical records number, biometric identifiers)
is collected to understand the safety and health risks of certain
tasks and/or environments.
Secondary uses for collecting PII include informing workers of
study findings, analyzing data, administering surveys,
contacting participants, verifying the miner's identity, to keep
records of procedures performed within the system, and for
user account setup and user support.

Page 4 of 12

Save
MPN uses miner's SSN to search for data, verify identity, and
group radiographs taken during a miner's lifetime.

20 Describe the function of the SSN.

20a Cite the legal authority to use the SSN.

SSN is also used in determining whether a match is for a
particular worker. The set of information which MPN and the
data source have in common typically consists of SSN, name,
date of birth, and gender. These fields are used to ascertain
whether a linked record for a worker is a true match, a false
match, or whether it remains unclear. Without the SSN, many
of these determinations would be impossible.
Federal Mine Safety and Health Act, Sections 203 and
Occupational Safety and Health Act, Section 20

Occupational Safety and Health Act, Section 20, "Research and
Identify legal authorities governing information use Related Activities" (29 U.S.C. 669); Federal Mine Safety and
21
Health Act of l977, Sections 203, "Medical Examinations" and
and disclosure specific to the system and program.
50l, "Research" (30 U.S.C. 843, 95l); Public Health Service Act,
Section 301, "Research and Investigation" (42 U.S.C. 241).
22

Yes

Are records on the system retrieved by one or more
PII data elements?

Identify the number and title of the Privacy Act
System of Records Notice (SORN) that is being used
22a
to cover the system or identify if a SORN is being
developed.

No
Published:

09-20-0149 | Morbidity Studies in Coal Mining,
Metal and Non-metal Mining and General
Industry

Published:

09-20-0147 | Occupational Health
Epidemiological Studies and EEOICPA Program
Records and WTC Health Program Records

Published:
In Progress

Page 5 of 12

Save
Directly from an individual about whom the
information pertains
In-Person
Hard Copy: Mail/Fax
Email
Online
Other
Government Sources
23

Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Foreign
Other Federal Entities
Other

Identify the sources of PII in the system.

Non-Government Sources
Members of the Public
Commercial Data Broker
Public Media/Internet
Private Sector
Other
23a

Identify the OMB information collection approval
number and expiration date.

24 Is the PII shared with other organizations?

OMB 0920-0953, Expiration: 10/31/2024
OMB 0920-0260, Expiration: 03/31/2024
Yes
No

Page 6 of 12

Save
Within HHS
Other Federal
Agency/Agencies
PII is provided to allow users to contact the publication
author with questions/comments.
The Mine Safety and Health Administration (MSHA) may be
provided PII when needed, as NIOSH runs the Coal Workers'
Health Surveillance Program (CWHSP) on their behalf.
PII is provided to IRS for matching with their database in
order to identify addresses for workers. PII is also provided
to Department of Energy in order to obtain additional
exposure data and study data.
24a

Identify with whom the PII is shared or disclosed and
for what purpose.

State or Local
Agency/Agencies
PII is provided to allow users to contact the publication
author with questions/comments. PII is also provided to the
State statistic offices
Private Sector
PII is provided to allow users to contact the publication
author with questions/comments.
Analysis files not containing direct identifiers may be shared
with collaborators or researchers interested in replicating the
study, either through a data use agreement or at a research
data center.
Lab testing with Clinical Laboratory Improvement
Amendments (CLIA) certified lab.

Page 7 of 12

Save
Agreements are in place for data sharing as follows:
1) Data exchanged with National Death Index (NDI) is
governed by the NDI process which includes an application
process with protocol review of new studies.
2) Data exchanged with the Internal Revenue Service (IRS) is
governed Under Title 26 – Internal Revenue Code 6103(m)(3),
(https://www.irs.gov/irm/part11/irm_11-003-029) as amended
(Appendix A) and Public Law 96-128, title V, Sec. 502, as
amended, (http://thomas.loc.gov/cgi-bin/bdquery/z?
d096:HR02282:@@@D&summ2=m&). NIOSH has been granted
Describe any agreements in place that authorizes the authority for this type of search and has been vetted by IRS to
gain access and the use of their secure FTP site.
information sharing or disclosure (e.g. Computer
24b Matching Agreement, Memorandum of
3) Data exchanged with Department of Energy (DOE) InterUnderstanding (MOU), or Information Sharing
agency Agreement to collect study records from the various
Agreement (ISA)).
sites.
4) Data exchanged with state Vital Records departments are
governed by an approval process with each state at the time
requested.
5) Data exchanged with state cancer registries are governed by
an approval process with each state at the time requested.
7) Study analysis files not containing direct identifiers are
governed by Data Use Agreements or by restricted access
through National Center for Health Statistics (NCHS's) Research
Data Center.
Health Management Systems (HMS) Federal has established
the International Organization for Standardization (ISO) 9001
procedures for accounting for disclosures under this system.
24c

Describe the procedures for accounting for
disclosures

This is maintained by the system owner. Within this disclosure
ledger includes the date, the name (the address if known) of
the entity of the receiving person or agency, a brief description
of the information disclosed, and a brief purpose of the
disclosure (or a copy of the disclosure request).
This ledger is captured in a spreadsheet.
The National Firefighter Registry Consent Form explains how
the firefighter information will be kept private and requires
them to sign granting NIOSH permission to collect and use the
data when requesting access to participate in the NFR.

Describe the process in place to notify individuals
25 that their personal information will be collected. If
no prior notice is given, explain the reason.

26

Is the submission of PII by individuals voluntary or
mandatory?

When voluntarily signing up for an account, individuals
provide business contact information. The website form
describes the information collection and the use of PII.
Users requesting access to the system for a specific role will be
notified during the request either verbally or by email that
their user Id will be stored. New employees are notified via
email or verbally that their information will be stored.
Voluntary
Mandatory

Page 8 of 12

Save
Describe the method for individuals to opt-out of the
collection or use of their PII. If there is no option to
27
object to the information collection, provide a
reason.

Participation is voluntary and initiated by the users. Users
opting to participate are required to provide business contact
information as needed for account setup and user support.
Once established, users can opt out by contacting
[email protected] and their account will be disabled.

Describe the process to notify and obtain consent
from the individuals whose PII is in the system when
major changes occur to the system (e.g., disclosure
Users are notified of system updates via the email
28 and/or data uses have changed since the notice at
address they provide. Major changes in the use of PII are not
the time of original collection). Alternatively, describe anticipated and have not occurred.
why they cannot be notified or have their consent
obtained.
f PII has been inappropriately obtained, used, or disclosed, or if
the PII is inaccurate, an individual can contact the systems
program manager at [email protected].

Describe the process in place to resolve an
individual's concerns when they believe their PII has
29 been inappropriately obtained, used, or disclosed, or Concerns about PII can be directed to NIOSH MPN
that the PII is inaccurate. If no process exists, explain administrators at [email protected]. The administrators will
direct the concern to the system security steward who will
why not.
reach out to the individual and division management, NIOSH's
Information System Security Officer, and CDC's Privacy Office
for an appropriate resolution.

PII contained in the system is reviewed by MPN administrators
weekly and any incorrect information is remedied.
Additionally, users or authors may request their information be
updated by sending an email to the system administrators.
Describe the process in place for periodic reviews of
PII contained in the system to ensure the data's
30
integrity, availability, accuracy and relevancy. If no
processes are in place, explain why not.

Integrity checks include: the data entry staff verify that PII
matches the form when entering the data, entered data are
compared to appropriate valid ranges of values, databases are
designed to eliminate redundancies, and database constraints
require values for critical fields and disallow invalid values.
Workers' addresses are updated prior to notifications.
Users may update their email address and phone number by
sending updates to [email protected]. Reviews are
conducted by NIOSH's Project Manager.
Users

Administrators
Identify who will have access to the PII in the system
31
and the reason why they require access.

Program researchers will have access
to their program's PII data in order to
conduct analysis.
Users are able to respond to inquiries
For creating user accounts and
communicating system status and
providing user support.

Developers
Contractors

Direct contractors serving as users
administrators.

Others
Describe the procedures in place to determine which MPN utilizes Role Based Access Control (RBAC) that enforces
32 system users (administrators, developers,
the most restrictive permissions for authorized users based on
contractors, etc.) may access PII.
their role. The Business Stewards determine which users can

Page 9 of 12

Save

Describe the methods in place to allow those with
33 access to PII to only access the minimum amount of
information necessary to perform their job.

MPN personnel are identified at the project level by role, and
only appropriate personnel with the requisite skills and
knowledge are assigned to the project in the required role.
System users and administrators are given access based on the
principles of least privilege. Least Privilege model is applied,
ensuring privilege levels no higher than necessary to
accomplish required functions.

Identify training and awareness provided to
personnel (system owners, managers, operators,
contractors and/or program managers) using the
34
system to make them aware of their responsibilities
for protecting the information being collected and
maintained.

All users complete Security and Privacy Awareness Training at
least annually.

Describe training system users receive (above and
35 beyond general security and privacy awareness
training).

Do contracts include Federal Acquisition Regulation
36 and other appropriate clauses ensuring adherence to
privacy provisions and practices?

Describe the process and guidelines in place with
37 regard to the retention and destruction of PII. Cite
specific records retention schedules.

The Division of Field Studies and Engineering (DFSE) annually
provides 308(d) training that includes Confidentiality as well as
Privacy Act and security training.
System administrators complete HHS Role Based Training at
least annually.
Yes
No
NIOSH handles and retains information system output and
retention in accordance with the CDC Records Management
Policy. CDC Records Control Schedule and other applicable
record scheduling procedures prescribed by the General
Records Schedule (GRS) and National Archives and Records
Administration (NARA). System stewards consult with the CDC
Records Manager to identify applicable records scheduling
requirements and otherwise manage electronic records.
Records Schedule 16, Item 14
Records Schedule N1-442-09-1, item 3 (4-57)
Records Schedule is N1-442-09-1, item 2
Records Schedule N1-GRS-98-2 item 23
Records Schedule CDC N1-442-2009-01, item 3 and 4
Records Schedule N1-442-09-1

Page 10 of 12

Save

Describe, briefly but with specificity, how the PII will
38 be secured in the system using administrative,
technical, and physical controls.

Administrative: only authorized employees can access using
PIV card and system authentication.
The business steward authorizes new users for the system.
Data is secured by Active Directory and access is only granted
to users authorized by the business steward. Data is stored on
an encrypted database server. The servers and hard-copy
records reside in secured facilities which require PIV card
access. Comprehensive security plans are formalized through
the Security Assessment and Authorization (SA&A) process to
validate compliance with Federal Information Security
Management Act (FISMA) requirements.
Technical: both database layer and application layer access is
controlled by PIV card (network user credentials) to prevent
unauthorized access. PII is secured on the CDC network using
network shares and Server databases that limit access to the
appropriate staff. The network is protected with firewalls, and
intrusion detection systems. All users complete Security and
Privacy Awareness Training at least annually.
Physical: Hosted and stored on the consolidated web server
and database server which is located in a locked secure CDC
facility, secured with security guards, ID badges, key cards and
closed circuit television (CCTV) with access only by authorized
badged staff or escorted visitors.
MPN is a platform framework that involves multiple URLs.

39 Identify the publicly-available URL:

40 Does the website have a posted privacy notice?

https://wwwn.cdc.gov/niosh-statedocs/Default.aspx
https://www.cdc.gov/niosh/topics/NOMS/
https://wwwn.cdc.gov/Niosh-whc/
https://wwwn.cdc.gov/NIOSH-CEL/
https://wwwn.cdc.gov/eworld
https://wwwn.cdc.gov/niosh-mining/
https://wwwn.cdc.gov/niosh-npg
https://wwwn.cdc.gov/niosh-oeb
https://wwwn.cdc.gov/niosh-ohsn
https://wwwn.cdc.gov/niosh-rhd
https://wwwn.cdc.gov/PPEINFO/Search
https://wwwn.cdc.gov/wisards/
https://wwwn.cdc.gov/wpvhc
Yes
No

40a

Is the privacy policy available in a machine-readable
format?

Yes

41

Does the website use web measurement and
customization technology?

Yes

No
No

Page 11 of 12

Save
Technologies

Yes

Web beacons

No
Yes

Web bugs
Select the type of website measurement and
41a customization technologies is in use and if it is used
to collect PII. (Select all that apply)

Collects PII?

No

Session Cookies
Persistent Cookies
Omniture:
Other... Session Storage
via browser

42

Does the website have any information or pages
directed at children under the age of thirteen?

Yes

43

Does the website contain links to non- federal
government websites external to HHS?

Yes

Yes
No
Yes
No
Yes
No

No

No

General Comments

OPDIV Senior Official
for Privacy Signature

signed by Jarell
Jarell Oshodi Digitally
Oshodi -S
Date: 2022.09.21 10:47:29
-S
-04'00'

Page 12 of 12


File Typeapplication/pdf
File Modified2022-09-21
File Created2016-03-30

© 2024 OMB.report | Privacy Policy