Surveillance of HIV-related service barriers among Individuals with Early or Late HIV Diagnoses (SHIELD)
Privacy Act Checklist
OMB control # 0920-1402
Does the data collection involve collecting sensitive or personally identifiable information?
This project will collect information on sensitive HIV risk and prevention behaviors. Question topics include gender identity and sexual orientation, HIV testing history, barriers to testing services, experience with PrEP, barriers to accessing PrEP, substance and alcohol use, high-risk sexual behavior, experiences with health care providers and experiences within health care settings, access to mental health services, stigma, and stressful life events.
Sensitive information collected by the Contractor will not be linked to any other personally identifiable information (PII) and cannot be used to reveal the identity of any one person. No information that could directly identify an individual will be collected as part of the interview by the Contractor. The Contractor will generate a unique identification code (Participant ID) at the time of participant registration. Each Participant ID will include a health department-specific prefix, and the Participant ID shall not include PII (i.e., no date of birth, social security number, etc.). The Contractor will ensure Participant IDs are unique and not duplicated. This Participant ID will be used as a link between all processes (registration, scheduling, completion status, distribution of token of appreciation, etc.). Any contact information collected for the purposes of recruiting (i.e., name and telephone number) will only be accessed by local and state health departments. Health departments will be responsible for securely maintaining the link between the generated Participant ID and the health department’s record of each participant’s contact information.
The Contractor will inform respondents that their responses will be kept private to the extent permitted by the law. All respondents interviewed will be informed that the information collected will not be attributable directly to the respondent and will only be discussed among members of the study team. Terms of the CDC contract authorizing data collection require the Contractor to maintain the privacy of all information collected. CDC and the CDC contractor will not receive any respondent PII.
Although the information requested from participants is highly sensitive, this project cannot achieve its goals without their collection. The collection of the data is used to understand barriers to engaging in protective behaviors, using HIV prevention services, and other services.
In situations in which sensitive information may be collected, as for this project, loss of confidentiality could potentially result in harm to participants. No information that could directly identify an individual will be collected as part of the quantitative or qualitative assessment interviews. Data collected for this project are protected under a Federal assurance of confidentiality (Attachment 10).
Describe how personal information will be maintained and who will have access to it.
Several safety precautions are in place to prevent any information from being connected to a participant. Contractor’s interviewers will complete confidentiality training and sign the statement indicating their understanding of security and confidentiality policies related to HIV surveillance data. Interviewers will also receive training from CDC staff on how to protect the security and confidentiality of the information collected.
The Assurance of Confidentiality will be enforced with appropriate training and contractual agreements which clarify the responsibilities of all participants in HIV/AIDS surveillance activities who have access to directly identifiable data or to data that are potentially identifiable through indirect means. State and local health department personnel who conduct HIV/AIDS surveillance and the CDC Contractor will be subject to the confidentiality obligations described in the CDC guidelines for the security and confidentiality of National HIV Surveillance System data (www.cdc.gov/nchhstp/programintegration/docs/PCSIDataSecurityGuidelines.pdf) and will be required to undergo security and confidentiality training.
Data collectors and data managers will undergo annual security and confidentiality training consistent with the guidelines set forth in the document “Data Security and Confidentiality Guidelines for HIV, Viral Hepatitis, Sexually Transmitted Disease, and Tuberculosis Programs” available at (www.cdc.gov/nchhstp/programintegration/docs/PCSIDataSecurityGuidelines.pdf). CDC’s Office of Grants Services will require the inclusion of 308(d) clauses in any HIV/AIDS support services work done by contractors (e.g., data analysis, computer programming, local area network [LAN] support). All CDC permanent employees and their contractors will be required to attend annual confidentiality training, to sign a “Agreement to Abide by Restrictions on Release of Data” (Attachment 11), and to update their confidentiality agreements on an annual basis. Contractors must sign a “Contractor’s Pledge of Confidentiality.” Access to HIV/AIDS surveillance data maintained at CDC is restricted to authorized personnel who have signed the “Agreement to Abide by Restrictions on Release of Data.”
This project is covered by an Assurance of Confidentiality for HIV/AIDS surveillance data (Attachment 10). The Assurance provides the highest level of legal confidentiality protection to the individual persons who are the subjects of this data collection, and to the individuals and organizations responsible for data collection. The terms of the Assurance of Confidentiality reflect the collective experience of CDC, health departments, and the Council of State and Territorial Epidemiologists with respect to the collection, electronic transmission, and dissemination of HIV/AIDS surveillance data. The Assurance includes established policies and procedures governing all aspects of data collection and de-identification, physical security for paper forms and records, electronic data storage and transmission, and the release of aggregate data in forms that cannot be linked back to individual respondents. The protections afforded by the Assurance of Confidentiality last forever and endure even after the respondent’s death.
Confidentiality precautions approved for telephone interviewing are also applied to videoconference interviewing, which include ensuring that the participant and the interviewer each has a private location in which to conduct the interview. No audiovisual recordings will be made of the interviews obtained through telephone or videoconferencing. Videoconferencing may improve privacy by removing the need to mail project materials such as response cards to participants, as these can be shown to the participant during the videoconference. Additionally, project interviewers may only conduct videoconference interviews on desktop or laptop computers that have password protection, encryption, and controlled access via a secure network.
How long will sensitive or personal information be maintained? This information is crucial. If sensitive information is maintained for even one day, the Privacy Act will apply and we will have to provide language in the clearance package.
No PII or IIF is being collected. The Privacy Act is not applicable because PII is not being collected under this CDC funded activity. There is no current plan for data retirement as the data are used for ongoing analyses to monitor trends over an indefinite period of time. The data associated with this OMB clearance are submitted to CDC and the individual project areas in aggregate form.
Will the collected information be covered by the appropriate CDC Assurance of Confidentiality?
Yes, the collected information will be covered by the Assurance of Confidentiality.
If identifiable information will be filed and retrieved by the name of the individual:
No PII or IIF is being collected.
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Title | Privacy Act Checklist |
Author | vbs6 |
File Modified | 0000-00-00 |
File Created | 2025-05-31 |