Download:
pdf |
pdfPrivacy Impact Assessment (PIA): CDC - EIWT - QTR3 - 2023 - CDC6794740
Created Date: 7/17/2023 1:43 PM Last Updated: 7/9/2024 8:00 PM
Copy PIA (Privacy Impact Assessment)
Do you want to copy this PIA ?
Please select the user, who would be submitting the copied PIA.
Instructions
Review the following steps to complete this questionnaire:
1) Answer questions. Select the appropriate answer to each question. Question specific help text may be available via the
answer dictates an explanation, a required text box will become available for you to add further information.
icon. If your
2) Add Comments. You may add question specific comments or attach supporting evidence for your answers by clicking on the
each question. Once you have saved the comment, the icon will change to the
icon next to
icon to show that a comment has been added.
3) Change the Status. You may keep the questionnaire in the "In Process" status until you are ready to submit it for review. When you have
completed the assessment, change the Submission Status to "Submitted". This will route the assessment to the proper reviewer. Please note that
all values list questions must be answered before submitting the questionnaire.
4) Save/Exit the Questionnaire. You may use any of the four buttons at the top and bottom of the screen to save or exit the questionnaire. The
button allows you to complete the questionnaire. The button allows you to save your work and close the questionnaire. The button allows you to
save your work and remain in the questionnaire. The button closes the questionnaire without saving your work.
Acronyms
ATO - Authorization to Operate
CAC - Common Access Card
FISMA - Federal Information Security Management Act
ISA - Information Sharing Agreement
HHS - Department of Health and Human Services
MOU - Memorandum of Understanding
NARA - National Archives and Record Administration
OMB - Office of Management and Budget
PIA - Privacy Impact Assessment
PII - Personally Identifiable Information
POC - Point of Contact
PTA - Privacy Threshold Assessment
SORN - System of Records Notice
SSN - Social Security Number
URL - Uniform Resource Locator
Does this need
to migrate to a
SubComponent?:
Migrated
Consolidated Parent Component
Component Name
OCIO ISB Infrastructure Services
�General Information
PIA Name:
CDC - EIWT - QTR3 - 2023 - CDC6794740
PIA ID:
6794740
Name of
Component:
Epi Info Web Tools
Name of ATO
Boundary:
Epi Info Web Tools
Migrated Sub-Component PIA
PIA Name
CDC - OCIO ISB INFR SVCS - Epi Info Web Tools - QTR2 - 2024 - CDC8306986
Sub-Component
Software Name
No Records Found
Original Related PIA ID
PIA Name
No Records Found
Overall Status:
Submitter:
PIA Queue:
BROWN, James
# Days Open:
358
5/7/2024
SHAW, Stephanie
Submission
Status:
Re-Submitted
Submit Date:
Next
Assessment
Date:
07/09/2027
Expiration Date: 7/9/2027
Office:
DDPHSS
OpDiv:
CDC
Security
Categorization:
Moderate
Make PIA
available to
Public?:
Yes
Legacy PIA ID:
1:
Identify the Enterprise Performance Lifecycle Phase of the system
Disposition
2:
Is this a FISMA-Reportable system?
Yes
3:
Does the system have or is it covered by a Security Authorization to
Operate (ATO)?
Yes
4:
ATO Date or Planned ATO Date
5/30/2024
Privacy Threshold Analysis (PTA)
PTA Name
CDC - EIWT - QTR3 - 2023 - CDC6792894
History Log:
View History Log
PTA
PTA
PTA - 2:
Indicate the following reason(s) for this PTA. Choose from the following
options.
PIA Validation (PIA Refresh)
PTA - 2A:
Describe in further detail any changes to the system that have occurred
since the last PIA.
Submitted for Annual Assessment
PTA - 3:
Is the data contained in the system owned by the agency or contractor?
Agency
�The Epi Info Web Tools (EIWT) allows CDC users
with authorized access to the EIWT to create,
distribute, and receive completed online surveys to
gather information for analysis. The survey scan be
distributed to the targeted audience using emails or
any other electronic form. Each survey is accessed
using the URL that is unique to a given survey. A
CDC employee will be able to download the survey
responses from the web and analyze the survey
data any time during the period the survey is open
or after the survey has closed.
PTA - 4:
Please give a brief overview and purpose of the system by describing
what the functions of the system are and how the system carries out
those functions.
PTA - 5:
List and/or describe all the types of information that are collected (into), CDC programs use the EIWT to collect public health
data for epidemiological investigations and research
maintained, and/or shared in the system regardless of whether that
studies. The system collects data that enables
information is PII and how long that information is stored.
epidemiologists to conduct outbreak investigations,
track cases, perform contact tracing, evaluate public
health interventions, and collect information on
attitudes and behaviors that impact public health
outcomes.
Programs that use this system must sign an
agreement after reading the Rules of Behavior (RoB)
document that explicitly indicates the terms and
usage of the system and what information can be
collected. The data collected may vary dependent
upon the unique variables needed by individual
research studies. However, any data collected must
fall within the parameters of the RoB, and as such is
limited to:
Name, Date of Birth or Age, Sex, Mailing Address,
Physical Address, Physical locations traveled, Email
Address, Phone Number, Photographic Identifiers,
Employment Status, Occupation, Disease Status,
Disease Signs and Symptoms, and Behavior
Information that impacts Public Health.
Social Security Numbers (SSN) are not allowed to be
collected by the EIWT. Data from this system is not
shared with any other system(s).
External users (survey respondents): No user
credentials collected or required.
PTA - 5A:
Are user credentials used to access the system?
PTA - 5B:
Please identify the type of user credentials used to access the system.
�PTA - 6:
Describe why all types of information is collected (into), maintained,
and/or shared with another system. This description should specify
what information is collected about each category of individual.
EIWT are unique systems that allows for the
creation of a survey by a CDC user based on the
need to conduct an epidemiological investigation.
The survey owner may choose to collect PII as part
of their survey. All data will be stored inside the
EIWT. EIWT do not share any of this data with any
other system.
Data elements that can be collected in a survey
include: Name, Date of Birth or Age, Sex, Mailing
Address, Physical Address, Physical locations
traveled, Email Address, Phone Number,
Photographic Identifiers, Employment Status,
Occupation, Disease Status, Disease Signs and
Symptoms, and Behavior Information that impacts
Public Health.
Social Security Numbers (SSN) are not allowed to be
collected by the EIWT. Data from this system is not
shared with any other system(s). Survey
respondents have the choice to not respond to
specific questions or the survey itself.
Examples of epidemiological investigations that
surveys can be created for:
1. Collecting baseline data regarding prevalence and
incidence of infections on a specific disease in a
given population.
2. Conduct community based evaluations of
interventions.
3. Conduct surveys on attitudes and behaviors
around specific public health initiatives.
4. Conduct surveys on Flu vaccine knowledge,
attitudes and beliefs.
5. Conduct surveys about the level of knowledge
and use of personal protective equipment in a
hazardous workplace environment or among a
particular occupation.
External users (survey respondents): No user
credentials collected or required. Users navigate
directly to survey with a system generated unique
URL. Internal users: Authenticated through Active
Directory (AD). AD is a separate system with its own
PIA.
PTA - 7:
Does the system collect, maintain, use or share PII?
Yes
PTA - 7A:
Does this include Sensitive PII as defined by HHS?
Yes
PTA - 8:
Does the system include a website or online application?
Yes
PTA - 8A:
Are any of the URLs listed accessible by the general public (to include
publicly accessible log in and internet websites/online applications)?
Yes
�PTA - 9:
Describe the purpose of the website, who has access to it, and how
users access the web site (via public URL, log in, etc.). Please address
each element in your response.
The Epi Info Web Tools (EIWT) allows CDC users
with authorized access to the EIWT to create,
distribute, and receive completed online surveys to
gather information for analysis. The survey scan be
distributed to the targeted audience using emails or
any other electronic form. Each survey is accessed
using the URL that is unique to a given survey. A
CDC employee will be able to download the survey
responses from the web and analyze the survey
data any time during the period the survey is open
or after the survey has closed.
PTA - 10:
Does the website have a posted privacy notice?
Yes
PTA - 11:
Does the website contain links to non-federal government websites
external to HHS?
No
PTA - 11A:
Is a disclaimer notice provided to users that follow external links to
websites not owned or operated by HHS?
PTA - 12:
Does the website use web measurement and customization
technology?
Yes
PTA - 12A:
Select the type(s) of website measurement and customization
technologies in use and if it is used to collect PII.
Session Cookies - Does Not Collect PII
PTA - 13:
Does the website have any information or pages directed at children
under the age of thirteen?
No
PTA - 13A:
Does the website collect PII from children under the age thirteen?
PTA - 13B:
Is there a unique privacy policy for the website and does the unique
privacy policy address the process for obtaining parental consent if any
information is collected?
PTA - 14:
Does the system have a mobile application?
No
PTA - 14A:
Is the mobile application HHS developed and managed or a third-party
application?
HHS
PTA - 15:
Describe the purpose of the mobile application, who has access to it,
and how users access it. Please address each element in your response.
PTA - 16:
Does the mobile application/ have a privacy notice?
PTA - 17:
Does the mobile application contain links to non-federal government
website external to HHS?
PTA - 17A:
Is a disclaimer notice provided to users that follow external links to
resources not owned or operated by HHS?
PTA - 18:
Does the mobile application use measurement and customization
technology?
PTA - 18A:
Describe the type(s) of measurement and customization technologies or
techniques in use and what information is collected.
PTA - 19:
Does the mobile application have any information or pages directed at
children under the age of thirteen?
PTA - 19A:
Does the mobile application collect PII from children under the age
thirteen?
PTA - 19B:
Is there a unique privacy policy for the mobile application and does the
unique privacy policy address the process for obtaining parental
consent if any information is collected?
PTA - 20:
Is there a third-party website or application (TPWA) associated with the
system?
No
PTA - 21:
Does this system use artificial intelligence (AI) tools or technologies?
No
PIA
�PIA
PIA - 1:
Indicate the type(s) of personally identifiable information (PII) that the
system will collect, maintain, or share.
Name
Email Address
Phone numbers
Foreign Activities
Date of Birth
Photographic Identifiers
Mailing Address
Employment Status
Other - Free text Field - Medical Information
PIA - 2:
Indicate the categories of individuals about whom PII is collected,
maintained or shared.
Business Partners/Contacts (Federal, state, local
agencies)
Employees/ HHS Direct Contractors
Patients
Members of the public
PIA - 3:
Indicate the approximate number of individuals whose PII is maintained
in the system.
Above 2000
PIA - 4:
For what primary purpose is the PII used?
PII is used to assess exposure risks, monitor
outcomes and interventions, monitor behaviors and
their impact to public health interventions.
PIA - 5:
Describe any secondary uses for which the PII will be used (e.g. testing,
training or research).
Research and the assessment of policy and practice
is the secondary use for the PII.
PIA - 6:
Describe the function of the SSN and/or Taxpayer ID.
N/A
PIA - 6A:
Cite the legal authority to use the SSN.
N/A
PIA - 7:
Identify legal authorities, governing information use and disclosure
specific to the system and program.
Public Health Service Act, 42 U.S. Code § 300u
PIA - 8:
Are records in the system retrieved by one or more PII data elements?
No
PIA - 8A:
Please specify which PII data elements are used to retrieve records.
PIA - 8B:
Provide the number, title, and URL of the Privacy Act System of Records
Notice (SORN) that is being used to cover the system or indicate
whether a new or revised SORN is in development.
PIA - 9:
Identify the sources of PII in the system.
Directly from an individual about whom the
information pertains
In-person
Online
Government Sources
Within the OPDIV
Other HHS OPDIV
State/Local/Tribal
Other
Non-Government Sources
Members of the Public
�No
PIA - 10:
Is there an Office of Management and Budget (OMB) information
collection approval number?
PIA - 10A:
Provide the information collection approval number.
PIA - 10B:
Identify the OMB information collection approval number expiration
date.
PIA - 10C:
Explain why an OMB information collection approval number is not
required.
The surveys maintained in this system are variedsome are subject to the Paperwork Reduction Act,
others not.; however, if a particular survey is subject
to the Paperwork Reduction Act, the survey owner
will be responsible for obtaining the OMB approval
number. Therefore, there is no one OMB Control
Number that covers all.
PIA - 11:
Is the PII shared with other organizations outside the system’s
Operating Division?
No
PIA - 11A:
Identify with whom the PII is shared or disclosed.
PIA - 11B:
Please provide the purpose(s) for the disclosures described in PIA - 11A.
PIA - 11C:
List any agreements in place that authorize the information sharing or
disclosure (e.g., Computer Matching Agreement (CMA), Memorandum
of Understanding (MOU), or Information Sharing Agreement (ISA)).
PIA - 11D:
Describe process and procedures for logging/tracking/accounting for
the sharing and/or disclosing of PII. If no process or procedures are in
place, please explain why not.
PIA - 12:
Is the submission of PII by individuals voluntary or mandatory?
PIA - 12A:
If PII submission is mandatory, provide the specific legal requirement
that requires individuals to provide information or face potential civil or
criminal penalties.
PIA - 13:
Describe the method for individuals to opt-out of the collection or use
of their PII. If there is no option to object to the information collection,
provide a reason.
Individuals may opt-out of the collection and use of
their PII by not participating or entering PII into the
survey.
PIA - 14:
Describe the process to notify and obtain consent from the individuals
whose PII is in the system when major changes occur to the system
(e.g., disclosure and/or data uses have changed since the notice at the
time of original collection). Alternatively, describe why they cannot be
notified or have their consent obtained.
Should major changes ever occur to the system,
CDC will not always have the capability to notify
and obtain consent. The dependency is on the
particular questions on the survey and its purpose
(PII questions pertaining to contact information are
not always asked). Surveys may not have any
identifier other than a random number so there
would be no way to know who filled out the form
because submissions would be anonymous. If data
use changes during or after the program collected
data, and the survey collected contact information,
then the program in question using EIWT would
contact the users directly to obtain consent for
those changes. These terms are outlined in the
system's Rules of Behavior (ROB) document.
PIA - 15:
Describe the process in place to resolve an individual's concerns when
they believe their PII has been inappropriately obtained, used, or
disclosed, or that the PII is inaccurate. If no process exists, explain why
not.
The program contact that signed EIWT's Rules of
Behavior (ROB) document, is also the person who
creates and publishes the surveys. The Rules of
Behavior states that the program agrees to provide
an email contact address within the survey for
respondents to send questions or concerns. Thus,
the program who designed and deployed the survey
would be responsible for handling these concerns.
Voluntary
�PIA - 16:
Describe the process in place for periodic reviews of PII contained in the EIWT system administrators require a CDC user to
sign the Rules of Behavior in order to use the tools.
system to ensure the data's integrity, availability, accuracy and
EIWT system administrators verbally go over the
relevancy. Please address each element in your response. If no
Rules of Behavior with the CDC user who signed it.
processes are in place, explain why not.
The Rules of Behavior states that the survey
administrators will, at a minimum, annually review
the surveys' PII for integrity, availability, accuracy
and relevancy. They also have the right to review
the PII collected at any time, if they suspect
integrity, availability, accuracy, or relevancy has
been compromised.
PIA - 17:
Identify who will have access to the PII in the system.
Administrators
Developers
Contractors
Others
PIA - 17A:
Select the type of contractor.
HHS/OpDiv Direct Contractors
PIA - 17B:
Do contracts include Federal Acquisition Regulation (FAR) and other
appropriate clauses ensuring adherence to privacy provisions and
practices?
Yes
PIA - 18:
Provide the reason why each of the groups identified in PIA - 17 needs
access to PII.
EIWT program management assigns specific system
administrators and developers, the authority to
access, write, update, and maintain the systems.
EIWT management also maintains a Web Survey
Terms of Access and Use document that outlines
how access is granted and outlines the publishing
process.
Administrators need to set up the data owner for
the program in the system and give them the
encryption keys in order for them to create and
distribute the survey, send email alerts.
Developers have access to the production database
to assist in trouble shooting issues with the system.
Some EIWT employees are direct contractors who
have access to the production database to assist in
trouble shooting issues with the system.
Others, The program data owner of the form who
has the key to publish the forms and can download
the data.
PIA - 19:
Describe the administrative procedures in place to determine which
system users (administrators, developers, contractors, etc.) may access
PII.
EIWT program management assigns specific system
administrators and developers, the authority to
access, write, update, and maintain the systems.
EIWT management also maintains a Web Survey
Terms of Access and Use document that outlines
how access is granted and outlines the publishing
process.
�PIA - 20:
Describe the technical methods in place to allow those with access to PII CDC System administrators and developers are
provided access to the system on a need to know
to only access the minimum amount of information necessary to
basis and audit controls are in place to track their
perform their job.
activity on the servers and within the consolidated
database environment. These individuals are
responsible for supporting, building, and
maintaining the system itself and require full access
to the entire application.
PIA - 21:
Identify the general security and privacy awareness training provided to
system users (system owners, managers, operators, contractors and/or
program managers) using the system to make them aware of their
responsibilities for protecting the information being collected and
maintained.
All internal users of the system are required to
complete the security and privacy awareness
training at least annually.
PIA - 22:
Describe training system users receive (above and beyond general
security and privacy awareness training).
None
PIA - 23:
Describe the process and guidelines in place with regard to the
retention and destruction of PII. Cite specific National Archives and
Records Administration (NARA) records retention schedule(s) and
include the retention period(s).
EIWT data is kept by the CDC as a historical public
health record, per CDC's "Scientific and Research
Project Records Control Schedule", section 1a
("Authorized Disposition: PERMANENT"). Records
Schedule N1-442-09-1. After two years the data will
be securely purged from the system.
PIA - 24:
Describe how the PII will be secured in the system using administrative,
technical, and physical controls. Please address each element in your
response.
Administrative Controls:
EIWT system and data, including the PII contained in
the system is secured according to CDC security
guidelines. The CDC Enterprise Master System
Security Plan covers this system. These controls
include the enforcement of user roles and by having
users agree to system Rules of Behavior and taking
mandatory CDC Security Awareness Training and
Records Management training at least annually.
Technical Controls:
Access to the EIWT system is controlled via CDC's
Personal Identification Verification compliant
infrastructure, which features user identification,
Smart Cards, strong frequently changed passwords,
firewalls, intrusion detection systems, and common
access cards. Privileged users such as system
administrators and database administrators are
vetted by the CDC and access data according to the
principle of least-privilege.
Physical Controls:
The EIWT system is in a physically secure area with
security guards, video cameras, ID badges, locked
doors and key cards.
�Review & Comments
Privacy Analyst Review
OpDiv Privacy
Analyst Review
Status:
Approved
Privacy Analyst
Review Date:
5/15/2024
Privacy Analyst
Comments:
OpDiv Analyst: Joshua Mosios (Contractor)
Privacy Analyst
Days Open:
Approved
SOP Signature:
JWO Signature.docx
SOP Review
Date:
5/21/2024
SOP Review
SOP Review
Status:
SOP Comments: Approved on behalf of Beverly Walker
SOP Days Open: 14
Agency Privacy Analyst Review
Agency Privacy
Analyst Review
Status:
Approved
Agency Privacy
Analyst Review
Date:
5/28/2024
Agency Privacy
Analyst Review
Comments:
7/9/2024 Per CDC, this system is migrating from a
Stand-Alone Component to a Sub-Component within
the ISB Infrastructure. In addition to this system
having its own PTA/PIA, ISB Infrastructure will have
its own approved PTA.
Agency Privacy
Analyst Days
Open:
7
5/28/2024 Per CDC email, PTA-14A defaults to
"HHS," and they were unable to make it blank. PTA14A respond should be blank or "No." We have
confirm this system has no mobile application via the
attached PIA (see supporting Documentation. This
PIA is ready for SAOP review and approval.
SAOP Review
SAOP Review
Status:
Approved
SAOP Signature:
SAOP
Comments:
Per CDC, this system is migrating from a Stand-Alone
Component to a Sub-Component within the ISB
Infrastructure. In addition to this system having its
own PTA/PIA, ISB Infrastructure will have its own
approved PTA.
SAOP Review
Date:
7/9/2024
SAOP Days
Open:
42
Per CDC email, PTA-14A defaults to "HHS," and they
were unable to make it blank. PTA-14A respond
should be blank or "No." We have confirm this
system has no mobile application via the attached
PIA (see supporting Documentation.
Supporting Document(s)
Name
Size
Type
Upload Date
Downloads
EIWT-PIA 2024_V2.pdf
337451
.pdf
4/30/2024 10:45 AM
3
�Comments
Question Name
Submitter
Date
Comment
PIA - 18
MOSIOS, Joshua
4/30/2024
Please provide a distinct reason for
each group.
PIA - 10C
MOSIOS, Joshua
4/30/2024
Does this system not have its own
OMB collection number? If so, please
change answer in 10 to "yes"
PIA - 10A
MOSIOS, Joshua
5/6/2024
Please provide the OMB collection
number that this system relies on.
PIA - 1
MOSIOS, Joshua
5/6/2024
In the free text field, please add
"medical information".
PIA - 19
MOSIOS, Joshua
5/6/2024
Your answer here and in 20 were
previously used together to answer
question 20's equivalent in the
previous form (question 33). Please
use your answer in the question 19
equivalent (32) here.
PIA - 10B
MOSIOS, Joshua
5/6/2024
What OMB number does this
expiration date belong to?
PIA - 10C
OSHODI, Jarell
5/21/2024
The response was edited: The surveys
maintained in this system are variedsome are subject to the Paperwork
Reduction Act, others not.; however, if
a particular survey is subject to the
Paperwork Reduction Act, the survey
owner will be responsible for
obtaining the OMB approval number.
Therefore, there is no one OMB
Control Number that covers all.
Attachment
�| File Type | application/pdf |
| File Modified | 2024-07-23 |
| File Created | 2024-07-15 |