DD 2930, Privacy Impact Assessment (PIA), Jun 2017

Status: Original and derived artifacts are available for this document.

Download: pdf

PRIVACY IMPACT ASSESSMENT (PIA)
PRESCRIBING AUTHORITY: DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance". Complete this form for Department of Defense
(DoD) information systems or electronic collections of information (referred to as an "electronic collection" for the purpose of this form) that collect, maintain, use,
and/or disseminate personally identifiable information (PII) about members of the public, Federal employees, contractors, or foreign nationals employed at U.S.
military facilities internationally. In the case where no PII is collected, the PIA will serve as a conclusive determination that privacy requirements do not apply to
system.
1. DOD INFORMATION SYSTEM/ELECTRONIC COLLECTION NAME:

Air Force Medical Operations Agency/Family Advocacy Program NETwork (AFMOA/FAPNET)
3. PIA APPROVAL DATE:

2. DOD COMPONENT NAME:

United States Air Force
Air Force Medical Operations Agency/ Surgeon General Health Work (AFMOA/SGHW)
SECTION 1: PII DESCRIPTION SUMMARY (FOR PUBLIC RELEASE)
a. The PII is: (Check one. Note: Federal contractors, military family members, and foreign nationals are included in general public.)
From members of the general public

From Federal employees

from both members of the general public and Federal employees

Not Collected (if checked proceed to Section 4)

b. The PII is in a: (Check one.)
New DoD Information System

New Electronic Collection

Existing DoD Information System

Existing Electronic Collection

Significantly Modified DoD Information System
c. Describe the purpose of this DoD information system or electronic collection and describe the types of personal information about individuals
collected in the system.

Air Force Medical Operations Agency/Family Advocacy Program Network (AFMOA/FAPNET) maintains records of suspected and
established cases of family maltreatment, assessments and evaluations, investigative reports, checklists, family advocacy case management
team minutes and reports, follow-up and evaluative reports, correspondence, and any other supportive data gathered relevant to individual
family advocacy program cases. Secondary prevention records, assessment and survey instruments, service plans, and chronological
documentation data. Prevention contact activity files. FAPNet consists of a government-developed application that includes a Graphical
User Interface (GUI), an open database management system, and Government Off-the-Shelf (GOTS) and Commercial Off-the-Shelf (COTS)
software. This system is a web-based data collection application with database servers residing in the Naval Information Warfare Center
(NIWC LANT) Component Enterprise Data Center (CEDC) in New Orleans, Louisiana (NOLA). FAPNet is currently used by Military
Treatment Facility (MTF) staff located at 76 Continental United States (CONUS) and Outside Continental United States (OCONUS)
locations.
Categories of individuals in the system include active duty members, children and spouses active duty members that have been involved in
suspected and established cases of family maltreatment.
FAPNet collects personal information from or about individuals: personal descriptors, identification numbers, ethnicity, health, life, and
education information. Records contained in the system may be retrieved by name or another unique identifier.
FAPNET is owned by the Surgeon General of the United States Air Force (AFSG), but managed and maintained by the Defense Health
Agency (DHA) and the Air Force Medical Readiness Agency (AFMRA). The system is currently hosted in Naval Information Warfare
Systems Command (NAVWAR) Atlantic Naval Information Warfare Center (NIWC) Consolidated Enterprise Datacenter (CEDC), but is in
the process of migrating to DHA.
d. Why is the PII collected and/or what is the intended use of the PII? (e.g., verification, identification, authentication, data matching, mission-related use,
administrative use)

The PII is collect in order to properly and specifically identify all parties involved when there are incidents of maltreatment. The intended
use of the PII is to allow AF FAP personnel collect, maintain, analyze, and report data on domestic abuse and child maltreatment to Law
enforcement.
e. Do individuals have the opportunity to object to the collection of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can object to the collection of PII.
(2) If "No," state the reason why individuals cannot object to the collection of PII.

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 1 of 9

Individuals do not have the opportunity to object to the collection of their PII as AFMRA FAPNET is not the initial point of collection for
PII.
f. Do individuals have the opportunity to consent to the specific uses of their PII?

Yes

No

(1) If "Yes," describe the method by which individuals can give or withhold their consent.
(2) If "No," state the reason why individuals cannot give or withhold their consent.

Individuals do not have the opportunity to consent to the specific uses of their PII as AFMRA FAPNET is not the initial point of collection
for PII.
g. When an individual is asked to provide PII, a Privacy Act Statement (PAS) and/or a Privacy Advisory must be provided. (Check as appropriate and
provide the actual wording.)
Privacy Act Statement

Privacy Advisory

Not Applicable

AUTHORITY: 10 U.S.C. 8013, Secretary of the Air Force; Air Force Instruction 40-301, Air Force Family Advocacy Program, and E.O.
9397 (SSN).
PURPOSE: The Air Force Medical Operations Agency/Family Advocacy Program NETwork (AFMOA/FAPNET) will maintains records of
suspected and established cases of family maltreatment, assessments and evaluations, investigative reports, check lists, family advocacy case
management team minutes and reports, follow-up and evaluative reports, correspondence, and any other supportive data gathered relevant to
individual family advocacy program cases.
ROUTINE USES: In addition to those disclosures generally permitted under 5 U.S.C. § 552a(b) of the Privacy Act of 1974, as amended,
these records may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. § 552a(b)(3) as follows: to private
organizations (including educational institutions) and individuals for authorized health research in the interest of the Federal government and
the public; to officials and employees of the Department of Veterans Affairs in the performance of their official duties relating to the
adjudication of veterans claims and in providing medical care; to the Federal, state or local governmental agencies when appropriate in the
counseling and treatment of individuals or when involved in child abuse or neglect; to officials and employees of local and state
governments and agencies in the performance of their official duties pursuant to the laws and regulations governing local control of
communicable diseases, preventive medicine and safety programs, child abuse and other public health and welfare programs; o the Attorney
General of the United States or his authorized representatives in connection with litigation, or other matters under the direct jurisdiction of
the Department of Justice; and the DoD Blank Routine Uses may apply subject to certain exceptions as specified in the below hyperlinked
SORN. For additional details, see the below hyperlinked SORN.
Any protected health information (PHI) in your records may be used and disclosed generally as permitted by the HIPAA Rules, as
implemented within DoD. Permitted uses and disclosures of PHI include, but are not limited to, treatment, payment, and healthcare
operations.
APPLICABLE SORN: F044 AF SG Q, Family Advocacy Program Record (November 18, 2003, 68 FR 65039)
https://dpcld.defense.gov/Privacy/SORNsIndex/DOD-wide-SORN-Article-View/Article/569871/f044-af-sg-q/
DISCLOSURE: Voluntary. If you choose not to provide the requested information, no penalties will be imposed.
h. With whom will the PII be shared through data/system exchange, both within your DoD Component and outside your Component?
(Check all that apply)
Within the DoD Component

Specify.

Other DoD Components (i.e. Army, Navy, Air Force)

Specify.

Other Federal Agencies (i.e. Veteran’s Affairs, Energy, State)

Specify.

State and Local Agencies

Specify.

Contractor (Name of contractor and describe the language in
the contract that safeguards PII. Include whether FAR privacy
clauses, i.e., 52.224-1, Privacy Act Notification, 52.224-2,
Privacy Act, and FAR 39.105 are included in the contract.)

Specify.

Other (e.g., commercial providers, colleges).

Specify.

Air Force Family Advocacy Program Clinical Providers, Air
Force Judge Advocate
Child Protective Services and Police in the locale of the
reported incident

i. Source of the PII collected is: (Check all that apply and list all information systems if applicable)

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 2 of 9

Individuals

Databases

Existing DoD Information Systems

Commercial Systems

Other Federal Information Systems

Defense Enrollment Eligibility Reporting System (DEERS)
j. How will the information be collected? (Check all that apply and list all Official Form Numbers if applicable)
E-mail

Official Form (Enter Form Number(s) in the box below)

In-Person Contact

Paper

Fax

Telephone Interview

Information Sharing - System to System

Website/E-Form

Other (If Other, enter the information in the box below)

AF Form 2522, FAMILY ADVOCACY PROGRAM INTAKE
k. Does this DoD Information system or electronic collection require a Privacy Act System of Records Notice (SORN)?
A Privacy Act SORN is required if the information system or electronic collection contains information about U.S. citizens or lawful permanent U.S. residents that
is retrieved by name or other unique identifier. PIA and Privacy Act SORN information must be consistent.
Yes

No

If "Yes," enter SORN System Identifier

F044 AF SG Q

SORN Identifier, not the Federal Register (FR) Citation. Consult the DoD Component Privacy Office for additional information or http://dpcld.defense.gov/
Privacy/SORNs/
or
If a SORN has not yet been published in the Federal Register, enter date of submission for approval to Defense Privacy, Civil Liberties, and Transparency
Division (DPCLTD). Consult the DoD Component Privacy Office for this date
If "No," explain why the SORN is not required in accordance with DoD Regulation 5400.11-R: Department of Defense Privacy Program.

l. What is the National Archives and Records Administration (NARA) approved, pending or general records schedule (GRS) disposition authority
for the system or for the records maintained in the system?
(1) NARA Job Number or General Records Schedule Authority.

10 U.S.C. 8013, Secretary of the Air Force; and Air Force Instruction

(2) If pending, provide the date the SF-115 was submitted to NARA.

(3) Retention Instructions.

Destruction: IAW FAP Standard, at the conclusion of two years, all DAVA records shall be destroyed completely using cross-cut shredding
or mutilation sufficient to preclude recognition or reconstruction of the record.
m. What is the authority to collect information? A Federal law or Executive Order must authorize the collection and maintenance of a system of
records. For PII not collected or maintained in a system of records, the collection or maintenance of the PII must be necessary to discharge the
requirements of a statue or Executive Order.
(1) If this system has a Privacy Act SORN, the authorities in this PIA and the existing Privacy Act SORN should be similar.
(2) If a SORN does not apply, cite the authority for this DoD information system or electronic collection to collect, use, maintain and/or disseminate PII.
(If multiple authorities are cited, provide all that apply).
(a) Cite the specific provisions of the statute and/or EO that authorizes the operation of the system and the collection of PII.
(b) If direct statutory authority or an Executive Order does not exist, indirect statutory authority may be cited if the authority requires the
operation or administration of a program, the execution of which will require the collection and maintenance of a system of records.
(c) If direct or indirect authority does not exist, DoD Components can use their general statutory grants of authority (“internal housekeeping”) as
the primary authority. The requirement, directive, or instruction implementing the statute within the DoD Component must be identified.

10 U.S.C. 8013, Secretary of the Air Force; Air Force Instruction 40-301, Air Force Family Advocacy Program, and E.O. 9397 (SSN).
DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 3 of 9

n. Does this DoD information system or electronic collection have an active and approved Office of Management and Budget (OMB) Control
Number?
Contact the Component Information Management Control Officer or DoD Clearance Officer for this information. This number indicates OMB approval to
collect data from 10 or more members of the public in a 12-month period regardless of form or format.
Yes

No

Pending

(1) If "Yes," list all applicable OMB Control Numbers, collection titles, and expiration dates.
(2) If "No," explain why OMB approval is not required in accordance with DoD Manual 8910.01, Volume 2, " DoD Information Collections Manual:
Procedures for DoD Public Information Collections.”
(3) If "Pending," provide the date for the 60 and/or 30 day notice and the Federal Register citation.

DoDI 8910.01, Enclosure 3 Section 8 (2)(a)(b)
(a) During the conduct of a federal criminal investigation or prosecution, or during the disposition of a particular criminal matter.
(b) During the conduct of a civil action to which the United States is a party, or during the conduct of an administrative action, investigation,
or audit involving a government agency against specific individuals or entities

DD FORM 2930, JUN 2017

PREVIOUS EDITION IS OBSOLETE.

AEM Designer

Page 4 of 9