Skip Navigation

Email Updates E-mail subscriptions envelope Font Size Reduce Text Size Enlarge Text Size     Print Print     Download Reader PDF

Centers for Disease Control PIA Summaries

Back to Privacy Impact Assessments page

 

06.3 HHS PIA Summary for Posting (Form) / CDC Global Position Management System (GPMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/23/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  GSA/GOVT-4
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Global Position Management System (GPMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  The Global Position Management System (GPMS) is a web-based enterprise application designed to be used by various HHS OPDIVs (e.g. CDC, FDA, etc.) for managing position and people data for the respective agencies.  The application will be available via the CDC intranet and access is controlled via user roles assigned in the FAME system.  The application will provide a mechanism for data entry of position and people data and reporting of any data entered.  The GPMS application will also interface with other CDC enterprise applications such as CDC Neighborhood and People Processing.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No – No PII data is shared
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The GPMS system will collect Name, DOB, Personal Address, Personal Phone Number, and Personal Email address of employees as well as Names and DOB’s for the employees dependents.  The application does contain PII and the submission is mandatory.  This system uses this information for tracking of employees assigned to international positions.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This information is pulled from People Processing and CDC Neighborhood.  Users are notified that their personal information will be used and shared when they voluntarily enter data into CDC Neighborhood annually.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII can only be accessed by authenticated users behind the firewall. Access is limited by user roles and access ranges.
Physical access to the hardware is monitored and controlled according to ITSO Network policies and procedures.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/23/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC 122 Cities Mortality Reporting (122 Cities) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  12/28/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1
7. System Name (Align with system Item name):  122 Cities Mortality Reporting System (CMRS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lynnette Brammer
10. Provide an overview of the system:  The proposed 122 Cities Mortality Reporting System Release 1.0 will be a web-based application available to City/County Health Officers or Vital Statistics Registrar/Reporters of the 122 cities in the United States via the Internet.  Authorized individuals at CDC headquarters will also access the data via the Intranet. This system will provide a simpler means of capturing and reporting the required mortality information that is gathered on a weekly basis.  It will make the review and consolidation of the mortality information easier and will allow for more accurate and timely reporting.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will provide a simpler means of capturing and reporting the required mortality information that is gathered on a weekly basis.  Authorized individuals at CDC headquarters will also access the data via the Intranet.  Ad-hoc requests can be written by CDC Admin Staff and other CDC users in SAS. User ID and password to the authorized users, which is monitored by the 122 CMRS Data Manager. 122 Cities Mortality Reporting System Release 2.0 compiles summary mortality data by age group for all-causes and pneumonia and influenza as reported by Vital Statistic Registrars and Reporters within 122 U.S. cities. This reporting process occurs on a weekly basis through either fax or voice mail. These provisional data are disseminated weekly in Table III of CDC's Morbidity and Mortality Weekly Report. Public health professionals use these data to evaluate mortality patterns to determine if any unusual trends are occurring. Researchers have also used these data to forecast or to predict the number of deaths in defined regional areas. The Influenza Branch of the Division of Viral and Rickettsial Diseases, National Center for Infectious Diseases, CDC, uses these data as part of its influenza surveillance efforts.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A, but a system notice can be sent if desired
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  CDC Policy: User Identification and password Authentication for business contact information
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  12/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Access to Activities (Aact) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Access to Activities
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Morris Campbell
10. Provide an overview of the system:  Access to Activities is used to give users access to the CDC/IS mainframe activities.  In order to access or perform any action on any applications on the mainframe, you must go through Access to Activities. Access rights include: perform, approve, delegate (assign).  The supervisor of the user contacts the MISO Help Desk and is granted mainframe access to the specific activities that user requires., ie. Travel, PMAP, etc..
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A – No PII is collected
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system collects Name and UserID and is federal contact data only.  This system does not collect PII.  This information is used to grant access to activities on the mainframe.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A – No PII is collected.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No IIF Collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date = 2/3/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Accommodation Tracking System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/1/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-9409-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  SORN being developed
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID 1643
7. System Name (Align with system Item name):  Equal Employment Opportunity – Accommodation Tracking System (EEO-ATS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Deirdre Kelly Hector
10. Provide an overview of the system:  The EEO-ATS (Equal Employment Opportunity - Accommodation Tracking System) is a tool that helps CDC employees submit and track Reasonable Accommodation based on office medical needs requests to the EEO.  It helps EEO staff automatically coordinate the process to manage those requests.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Medical records, in accordance with a valid medical release form, may be discussed with an employee’s physician(s) or other health care professional(s).  Additionally this information may be shared with RA Team members on a need to know basis only as stated in EEOC guidelines (refer to Executive Order 13164).  Relevant information may also be shared with personnel who may provide first aid and emergency treatment, and government officials investigating compliance with the Rehabilitation Act of 1973 and Americans with Disabilities Act.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Accommodation request that contains User’s personal information (in some cases Medical information is included). Personal information is mandatory for EEO to be able trace back users who are requesting Accommodations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  When the system is accessed, a disclosure notice shown to the user. They can only use the application after accepting the disclosure notice. Notice of consent is provided via electronic notice.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All information collected in this application will be secured in CDC servers that are located in CDC secured facilities. Only user with the appropriate rights will have access to the data.

E-Authentication Assurance Level = N/A
Risk Analysis Date = 10/21/2011
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/1/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Active Bacterial Core Surveillance [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  9/1/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 4
7. System Name (Align with system Item name):  Active Bacterial Core surveillance (ABCs)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Gayle Langley Fischer
10. Provide an overview of the system:  ABCs is an active, population- and laboratory-based surveillance system conducted in ten Emerging Infections Program sites (EIPs): California, Colorado, Connecticut, Georgia, Maryland, Minnesota, New Mexico, New York, Oregon, and Tennessee.  Surveillance is conducted for invasive bacterial diseases due to pathogens of public health importance.  For each case of invasive disease in the study population, a case report with basic demographic information is completed and, in most cases, bacterial isolates from a normally sterile site from patients are sent for further laboratory characterization.  ABCs data are used to determine the incidence and epidemiologic characteristics of invasive disease due to the pathogens under surveillance and to provide an infrastructure for further research, such as special studies aimed at identifying risk factors for disease, post-licensure evaluation of vaccine efficacy, and monitoring effectiveness of prevention policies.
Data originates at the state level and aggregate, de-identified data is sent to CDC. Data are not retrieved by any unique identifier.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Aggregate data are shared in electronic form with other divisions within CDC for the purpose of generating reports and manuscripts.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  For each case of invasive disease in the surveillance population, a standard case report form with basic demographic and clinical information is completed.  These data are used to determine the incidence and epidemiologic characteristics of invasive disease due to Haemophilus influenzae, Neisseria meningitidis, group A streptococcus, group B streptococcus, Streptococcus pneumoniae, and methicillin-resistant Staphylococcus aureus in several large populations; to determine molecular epidemiologic patterns and microbiologic characteristics of public health relevance for isolates causing invasive infections from select pathogens; to provide an infrastructure for further research, such as special studies aimed at identifying risk factors for disease, post-licensure evaluation of vaccine efficacy, and monitoring effectiveness of prevention policies. 
IIF collected is date of birth, race, ethnic origin, sex, age, weight, height, and whether individual is nursing home resident. System does not contain, name, SSN or other unique identifier.
States voluntarily submit aggregate, de-identified data to CDC.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Notification and consent takes place at the state level. CDC receives only de-identified, aggregate data.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative controls: ABCs data are stored in aggregate form on the agency’s mainframe. Access to aggregate datasets is restricted to approved CDC users. Approved users are granted read only access through the agency’s mainframe system by the database administrator.  Host system security and physical controls for IT infrastructure and services are established in the Service Level Agreement between the Information Technology Services Office (ITSO) and CDC.
Technical controls: user ID,   passwords, firewall, intrusion detection system, common access card and smart cards.
Physical controls: guards, ID badges, key cards, and close circuit TV.

PII collected is date of birth; race, ethnic origin, sex, age, weight, height, and whether individual is nursing home resident. System does not contain, name, SSN or other unique identifier.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/1/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Active Directory - External Partner Domain (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Active Directory – External Partner Domain
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michael Crawley
10. Provide an overview of the system:  The External Partner Domain Controllers provide the following within the DMZ:
1.       User authentication for external users
2.       Active Directory Domain Services
3.       Supports DNS
Group Policy Management
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Active Directory - External Resource Domain (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/17/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Active Directory – External Resource Domain
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michael Crawley
10. Provide an overview of the system:  The External Resource Domain Controllers provide the following services within the DMZ;
1.       Used for DFS replication
2.       Server authentication
3.       Supports DNS for External server
4.       Active Directory Domain Services
Group Policy Management
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alan Olson
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/22/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Active Directory Rights Management Service (ADRMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/2/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Active Directory Rights Management Service (ADRMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lew Newlin
10. Provide an overview of the system:  Active Directory Rights Management Services (AD RMS), a component of Windows Server 2008 R2, is available to help make sure that only those individuals who need to view a file can do so. AD RMS can protect a file by identifying the rights that a user has to the file. Rights can be configured to allow a user to open, modify, print, forward, or take other actions with the rights-managed information
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  User profiles
To identify the rights that a user has to the file
No PII Collected
No PII Collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/2/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Activity Based Costing (ABC) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/2/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1776
7. System Name (Align with system Item name):  Activity Based Costing (ABC)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Joseph Dell
10. Provide an overview of the system:  The Division of the Strategic National Stockpile (DSNS) has recently undertaken an effort to design and build a solution and processes that aims to provide the division with better cost visibility around its missions and provide insight for improved cost analysis and cost management.
The specific goal of this effort is to help DSNS in its efforts to build a capability to:
Improve cost analysis, cost evaluation, planning, and financial management
Project future financial impact or new projects and new missions.

ABC provides the ability to collect and track costs associated with DSNS projects and activities.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The information contained in the system includes no contact data.  No PII is contained.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is contained
Risk Analysis Date = June 1, 2010
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC ADB Diagnostics Sample Database (ADBDSD) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-1481-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 64
7. System Name (Align with system Item name):  ADB Diagnostics Sample Database (ADBDSD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Robert S Lanciotti
10. Provide an overview of the system:  The system tracks laboratory diagnostic samples & resulting test data & generates reports with patient information.  The results are provided to State Laboratories.  The system is an essential resource for clinicians who deal with diagnosing obscure Arboviral organisms, & supports the research of the Coordinating Center for Infectious Diseases, Division of Vector-Borne Infectious Diseases, Arbovirus Diseases Branch (CCID/DVBID/ADB).  It also functions under the auspices of the World Health Organization (WHO) Reference Center for Arboviruses.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Yes.  State Health Departments.  Data originates from the State Health Department and is tested.  After testing, reports of results are returned to the Health Department providing the sample data.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system tracks laboratory diagnostic samples & resulting test data & generates reports with patient information.  The results are provided to State Laboratories.  The system is an essential resource for clinicians who deal with diagnosing obscure Arboviral organisms, & supports the research of the Coordinating Center for Infectious Diseases, Division of Vector-Borne Infectious Diseases, Arbovirus Diseases Branch (CCID/DVBID/ADB).  It also functions under the auspices of the World Health Organization (WHO) Reference Center for Arboviruses. The information collected and processed includes PII data. CDC obtains information from State Health Departments, so CDC does not control or is aware of voluntary nature of data provided from patient participants.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Only aggregate test results data is provided to State Health Departments.  Exception is the State Health Department that originally provided the patients samples.  For health departments that provided the sample data, the patient’s name, age, and sex is provided.

CDC obtains information from the State Health Departments, so CDC does not control or is aware of voluntary nature of data provided from patients’ participants..
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Access to applications is limited to authorized individuals and authentication of individual is achieved at two levels:  Windows Active Directory authentication, and Microsoft Access authentication.  Access to workstation and application server is physically restricted to CDC badge employees and contractors.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Befverly E Walker
Sign-off Date:  2/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ADB Inventory [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/29/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-1481-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC#  948
7. System Name (Align with system Item name):  Arbovirus Diseases Branch  Inventory (ADBI)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Roger Nasci
10. Provide an overview of the system:  This is an Access Program, totally. The front end is Access and the back end is Access. The system resides on a file server in Fort Collins (fcid-vbi-1). The system stores scientific data and tracks virus seeds, antibodies, and antigens of the ADB Virus collection along with their storage location. The system increments and decrements the supply of antigen as it is used by Branch Researchers in order to flag supply for restock.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This is an Access Program. The front end is Access and the back end is Access. The system resides on a file server in Fort Collins (fcid-vbi-1). The system stores scientific data and tracks virus seeds, antibodies, and antigens of the ADB Virus collection along with their storage location. The system increments and decrements the supply of antigen as it is used
by Branch Researchers in order to flag supply for restock.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  6/29/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ADG Application Lifecycle Management (ALM) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/29/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  ADG Application Lifecycle Management (ALM) System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug Correll
10. Provide an overview of the system:  The ADG Application Lifecycle Management (ALM) System is an NCHHSTP Collaborative System Development Environment which allows project teams to focus on the core development tasks while increasing collaboration via an integrated set of tools. The ADG teams need integrated tools to enhance productivity, efficiency and traceability. The ALM Infrastructure deployed on APP-ADGDOCS is a set of tools and processes linked to create a unified development environment. The ADG Teams support over 75 projects that are complete or parts of systems that undergo Certification and Accreditation.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PII no
Risk Analysis date: 7/14/2010
E-Auth Level: N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/3/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC African American MSM Testing [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/27/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-06-02-1000-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1476
7. System Name (Align with system Item name):  African American Men who have Sex with Men (AAMSM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  David Purcell
10. Provide an overview of the system:  The purpose of AAMSM data collection system is to permit funded sites to perform the following activities:
·          Manage venue information and venue testing activities for alternate venue testing and targeted outreach strategies
·          Manage interview data and other information about at-risk individuals who are nominated via the social networks and PCRS strategies
·          Manage clients’ demographic, HIV risk, HIV CTR, and strategy-specific information
·          Manage time and cost information collected for each strategy
·          Manage project staff details (e.g., time spent on a specific strategy activity, hourly rate)
·          Generate custom reports that summarize project data (by and across strategies) and facilitate effective program monitoring and evaluation

The desired impact of this project is to improve the public's health by reducing the number of new HIV infections occurring each year in the United States. The goals of this project are to increase the proportion of HIV-infected African American MSM in the U.S. who are aware of their status and linked to appropriate prevention, care and treatment services. To accomplish these goals, project staff and grantees will evaluate the relative effectiveness of testing strategies based on existing models (e.g., mobile testing and alternative venue testing to make testing more accessible, using social networks of HIV-infected persons to refer at-risk peers for testing, and partner counseling and referral services). This project supports the following CDC Health Protection goal: Healthy People in Every Stage of Life. Although this project can potentially impact people in all life stages, the focus of the project is on improving the health of adults.  The target population is 18 – 24 year old African American MSM.  AAMSM will continue from 6/2008 until 10/2010.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  AAMSM does not contain IIF
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The funded grantees will collect and maintain the following information
·          Venue information and venue testing activities for alternate venue testing strategy
·          Interview data and other information about at-risk individuals who are nominated via the social networks and PCRS strategies
·          Clients’ demographic, HIV risk, HIV CTR, and strategy-specific information
·          Manage time and cost information collected for each strategy
·          Project staff details for the staff who are involved in various activities of the project (e.g., time spent on a specific strategy activity, hourly rate)
The information collected at the sites will be sent to the CDC via secure data network (SDN) for analyzing the data collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  AAMSM does not contain IIF
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  AAMSM does not contain IIF.

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  7/28/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Agreement Management and Tracking System (AMTS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/8/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
v
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 9
7. System Name (Align with system Item name):  Agreement Management and Tracking System (AMTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa  Blake-DiSpigna
10. Provide an overview of the system:  The system provides a central area to collect multiple types of agreement data such as financial, scientific, and industry.  It includes data for the following: Cooperative Research & Development Agreements (CRADAs), Biological Material License Agreements (BMLAs), Material Transfer Agreements (MTAs), Reimbursable/Non-reimbursable Agreements (IAAs), Participating Agency Services Agreements (PASAs), Technical Services Agreements (TSAs), Memorandum of Agreement (MOA), Memorandum of Understanding (MOU), Confidential Disclosure Agreements (CDAs), Letters of Agreement, & User Fee Transactions.  The system also contains information about royalties.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.

No IIF collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = September 28, 2007
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/11/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC AIDS Inventory [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/19/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9324-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  AIDS Inventory
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Dollene Hemmerlein
10. Provide an overview of the system:  System inventories 30+ years of CDC specimens collected during investigations, outbreaks, congressionally mandated studies and CDC funded studies.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Testing labs and study investigators for results matching and use
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Data collected is decided upon by investigator as relevant to study; mostly voluntary
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  All studies receive IRB approval and contain consent forms for collection and use of data and specimens
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All IIF is blocked from view except by authorized users and released only after permission of investigator
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/19/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Alerting Service (CDCAS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/21/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1685
7. System Name (Align with system Item name):  CDC Alerting Service (CDCAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Darlyne Wright
10. Provide an overview of the system:  
CDCAS is a secure, enterprise (SOA) service permitting all CDC offices and programs to issue and gather responses via email, voice (land-line, cell, satellite), fax, pager, and personal digital assistant (PDA) communication devices.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Email addresses and phone numbers are displayed on secure web sites accessible by CDC employees only with appropriate roles to send alerts and view reports.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) CDCAS does not collect any PII data. The data is maintained in the PHIN Directory (PHINDIR) and read by CDCAS for recipient information;
(2) CDCAS uses this information to contact recipients of an alert message;
(3) PHINDIR is the source for PII data and CDCAS only acquires personal communication device information; and
(4) CDCAS is not responsible for collection of PII data.  Users have the option of not providing PII or opting out of alerting. Users either enter their own information into a system which feeds into PHINDIR, or their representative enters their data into a system which feeds into PHINDIR.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  CDCAS is a transactional system and does not collect information. Users have the option of not providing PII or opting out of alerting.  Either the data is entered into a system that feeds PHINDIR by the individual or his/her representative.  The individual would only know his/her information is used by CDCAS when he/she receives an alert.  No notification is given to the people receiving an alert other than the alerts themselves.  Since the data is not stored in CDCAS, there is no mechanism to contact them outside of an alert.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  CDCAS is housed in a secured CDC facility (MTDC). Only authorized CDC users have access to CDCAS through I & A controls. All content is stored in secured servers and databases behind firewalls. Access to CDCAS is limited to CDC employees with secure roles required to send and view alert events.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E. Walker
Sign-off Date:  4/21/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Amyotrophic Lateral Sclerosis Web Portal [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  9/8/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-19-0001
5. OMB Information Collection Approval Number:  0923-0041
6. Other Identifying Number(s):  ESC# 1581
7. System Name (Align with system Item name):  Amyotrophic Lateral Sclerosis Web Portal (ALS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Oleg I. Muravov
10. Provide an overview of the system:  The Amyotrophic Lateral Sclerosis Web Portal (ALS) is an online disease registry operated by the Agency for Toxic Substance and Disease Registry (ATSDR) / Office of the Director (OD) / Division of Health Studies (DHS). The purpose of the ALS Web Portal is to provide users with more information regarding the disease and to facilitate research for medical professionals and individual researchers.
The ALS Web Portal will help in completing the following:
-          Collect ALS patient information as it relates to the patient’s background information, occupational history, military history, smoking and alcohol habits, physical characteristics and activity, family history of disease, and the patient quality of life.
-          Make available to the patients and general public educational materials about ALS.
-          Identify the incidence and prevalence of ALS in the United States.
-          Collect data important to the study of ALS.
-          Promote a better understanding of ALS.
-          Collect information that is important for research into the genetic and environmental factors that cause ALS.
-          Strengthen the ability of a clearing house.
-          Collect and disseminate research findings on environmental, genetic, and other causes of ALS and other motor neuron disorders that can be confused with ALS, misdiagnosed as ALS, and in some cases progress to ALS.
-          Make available information to patients about research studies for which they may be eligible.
-          Maintain information about clinical specialists and clinical trials on therapies.
Enhance efforts to find treatments and a cure for ALS.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Users will only be allowed to view their own personal information.  Any information shared will be general information and not identifiable information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The ALS Web Portal collects ALS patient information as it relates to the patient’s background information, occupational history, military history, smoking and alcohol habits, physical characteristics and activity, family history of disease, and the patient’s quality of life.  The ALS Web Portal also collects minimal identifiable information from researchers and the general public such as name, affiliation, email and location.

(2) The purpose of the ALS Web Portal is to provide users with more information regarding the disease and to facilitate research for medical professionals and individual researchers.

(3) The ALS Web Portal does contain PII.

(4) Submission of personal information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1)  It is required that users give consent to ATSDR to use email as a point of contact. If consent is given, users will be notified by email when major changes occur to the system. 

2)  ALS Patients will be notified, before creating an account, how their data will be used in the ALS System.  There will be a “Privacy Information” link provided on the “Create Account” page that will allow users to view an outline of the ALS Privacy Policy.  There will also be a customized Privacy Notice and Consent Form that allows ALS patients to agree or disagree with ATSDR’s terms.  The decision of the patient is voluntary and will determine whether or not an account is created.

3) PII is not accessible by anyone other than authorized individuals for official business. The ONLY information viewable by the general population is information on ALS and aggregate information.  ATSDR may share information with appropriate ATSDR [CDC] administrative staff, scientists, and researchers in order to facilitate the creation of the ALS Registry and further research on ALS.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative: Users are assigned unique roles and privileges depending on their user status.  ALS patients are able to create an “ALS Patient” account, while all other public users are required to create a “Public” account. The ALS “System Administrator” can manage patient and public accounts and download data.

ALS Patients must also pass a validation process before creating an ALS Patient Account.  The validation process is a series of questions that determine if a patient has ALS.  The general public can create a Public account without going through a validation process. 

ALS Patients can complete surveys and view educational materials (videos, webinars, and documents) about ALS.  The general public will only be able to view educational materials (videos, webinars, and documents) about ALS.  All users can edit their own profile information, create their usernames and passwords (with CDC criteria restrictions), and reset/ change their passwords.  Users will not be allowed to change their username.

The ALS System Administrator can manage user accounts, manage roles and privileges, and download data.  The system administrator panel is only accessible on the ALS Intranet Web Portal via the Administration menu.  Users must be approved by ATSDR management and have administrative roles and privileges to access this menu.  Also, all tasks performed on the Administration Panel must be pre-approved.  The ALS System Administrator is not allowed to perform any administrative tasks outside of CDC grounds and/or access the ALS Web Portal via CITGO or Remote Desktop.

Technical: PII fields will be masked on the GUI depending on the sensitivity of the data. For example the last 5 numbers of the SSN will be masked.  All PII including SSN will be encrypted using CDC approved methods.  To encrypt/decrypt data in database columns designed to hold PII data, a user must be given access to open and close a symmetric key.

Physical Controls: Production and test servers are stored in a server room secured by the CDC.  Access tools are in place to secure entry into CDC buildings (Guards, ID Badges, Key Card, Cipher Locks, and Closed Circuit TV).
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/15/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Angola IT Infrastructure ( GAPAngola) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/23/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC-Angola GAP Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Angola operations. The IT infrastructure provides file server, exchange server and webmail server. Authentication is performed by a locally administered Active Directory for authenticating local users only. Failover is to local AD at the site. Local does not send or receive information from the main HHS/CDC Active Directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 6/6/09
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P kittels
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/29/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC APC/UPC Monitoring Server (APCMon) SYSTEM
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/6/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  None
5. OMB Information Collection Approval Number:  None
6. Other Identifying Number(s):  None
7. System Name (Align with system Item name):  APCMon
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Vijande Burr
10. Provide an overview of the system:  InfraStruXure Central (AP9465)  provides the ITSO network engineers an efficient way to perform real-time monitoring, user-defined reports and graphs, and instant fault notification (critical, warning or normal) allowing for quick assessment and resolution of critical APC UPS events that can adversely affect IT system availability.   Network engineers access system information utilizing a web page management interface.  Management of the APC UPS devices is performed from a single InfraStruXure Central (AP9465) appliance.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to collect, process, or store PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to collect, process, or store PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to collect, process, or store PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to collect, process, or store PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/6/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Approval Task List (ATL) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/13/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 294
7. System Name (Align with system Item name):  Approval Task List (ATL)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  N/A – No PII is collected
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/14/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC APPSense Management Suite (APPSense) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  6/25/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  AppSense
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kenneth Puchosic
10. Provide an overview of the system:  The AppSense Management Suite provides policy and personalization management, application entitlement and system resource entitlement for desktops/laptops and application delivery mechanisms (Citrix).
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected.
EAAL = N/A
Risk Analysis Date = June 9, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Arbovirus Catalogue System (ArboCAT) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/19/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 724
7. System Name (Align with system Item name):  Arbovirus Catalogue System (ArboCAT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Richard Peterson
10. Provide an overview of the system:  ArboCAT is an application that is designed to provide a web-based electronic version of the Arbovirus catalog.  This information will be generally available to interested parties through an Internet-based interface.  This Internet site will be designed to provide searching capabilities only.  Content is managed through an Intranet-based interface accessible only within the CDC network and by users with appropriate User ID and Password access.
The application is utilizing Active Server Pages (ASP) and Hyper Text Mark-up Language (HTML) for the interface and a Microsoft Structured Query Language (SQL) Server platform for data storage and management.
ArboCAT is designed to fulfill a current need of disseminating Arboviral data to a specific audience in a manner that allows for real-time updates to applicable data and real-time searches available to this audience.  By utilizing current CDC resources ArboCAT will integrate as appropriate with existing applications and data sources to allow for robust data content while minimizing maintenance effort.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The International Catalog of Arboviruses including certain other viruses of vertebrates is a registry for the benefit of those studying arboviruses. The Catalog is meant primarily for the description of those viruses biologically transmitted by arthropods in nature and actually or potentially infectious for humans or domestic animals. There is only professional business information in the database. All address, phone numbers, and email address of individuals in the system is work related.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF
Risk Analysis date: 12/22/2009
E-Auth Level = 1
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Archival Specimen & Tracking Retrieval Operations 21C (ASTRO 21C) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/11/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-1030-00-110-219
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 22
7. System Name (Align with system Item name):  Archival Specimen and Tracking Retrieval Operations 21C (ASTRO 21C)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John Murphy,  Office of the Chief Science Officer
10. Provide an overview of the system:  ASTRO 21C is a specimen inventory management system developed specifically for Centers for Disease Control and Prevention (CDC) labs and repositories. The system tracks the full life cycle of specimens and aliquots from creation through aliquoting, shipping, storage, and destruction. All physical aliquot data (location) down to the sub-box (cell) level are tracked. Organizational data, such as Project and Collection, and epidemiological (EPI) data are maintained. A history of each aliquot is recorded, detailing physical or organizational changes, as well as all the aliquot’s movements, which supports chain of custody. Compatibility with CDC labs and the CDC ATSDR Specimen Packaging, Inventory and Repository (CASPIR) organization in the Office of the Director, CASPIR, allows for the exchange of specimens and data between them. Before CASPIR, labs at CDC used incompatible specimen managing systems. CASPIR mandated ASTRO into being so labs at CDC could more easily exchange specimens and data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system manages the full life cycle of specimens and aliquots from creation through aliquoting, shipping, storage, and destruction. All physical aliquot data (location) down to the sub-box (cell) level are managed. Organizational data, such as Project and Collection, and epidemiological (EPI) data are maintained. A history of each aliquot is recorded, detailing physical or organizational changes, as well as all the aliquot’s movements, which supports chain of custody. No IIF is involved.

This information is used to track and locate specimens stored at the CDC. ASTRO21C is used to create ad-hoc reports about these specimens for a limited audience within CDC.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No.  ASTRO 21C does not process or store PII.  It inventories specimens.  It does not test specimens, process test results, or maintain test results.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
No IIF
Risk Analysis Date: 4/12/2010
E-Auth Level = NA
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/11/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Archival Specimen Tracking and Retrieval Operations Catalog (ASTRO Catalog)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/16/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Archival Specimen and Tracking Retrieval Operations (ASTRO) Catalog
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John Murphy,
10. Provide an overview of the system:  ASTRO Catalog, or “Catalog,” is a Web-based application, available on the CDC Intranet (at http://astrocatalog.cdc.gov), for publishing specimen collections from the ASTRO Catalog database. The collections in the Catalog database are replicated from the ASTRO 21C database. Therefore, while physically distinct, the ASTRO Catalog database receives replication data from the ASTRO 21C database.
The collections in the ASTRO 21C database are managed by “custodians”; these users are known as “Collection Custodians.” A Collection Custodian is assigned an application privilege set associated with the duties and responsibilities of this role. This group of users (i.e., the Collection Custodians) and its associated privilege set also are replicated to the ASTRO Catalog database from the ASTRO 21C database, along with the actual collection data as noted above. The Collection Custodians administer specimen publication, ultimately deciding on collection availability via catalog publication and how to represent that collection in the search results through visibility of collection metadata to the search engine.
The Web-based ASTRO Catalog application presents the user with a query interface for searching through the database of collections. The search results include a drill down feature for viewing the details of those results. The drill down feature returns high-level data about the collection such as collection and project names and description, geographic data for where the specimen was collected, collection dates, specimen origin and source, keywords, usage restrictions, institutional review board (IRB) conformance, and Collection Custodian contact information so that the user can inquire further about specimens of interest.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  System does not share or disclose IIF.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) The system allows any CDC user the ability to search for high-level information regarding collections of samples and provides collection custodians’ professional contact information should the user wish to inquire further. (2) The data stored  in this information system consist of the following data elements; Collection Name (Title), Project, Collection Long Name, Description, Geographic Data, Usage Restrictions, Collection Dates, IRB, Specimen Origin, Specimen Source, Keywords,  and custodians’ professional contact information, including name, E-Mail address, and Phone. (3) No personal information or IIF is stored, collected or disseminated, so #4 does not apply.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No.  ASTRO Catalog does not process or store IIF.  It only provides high-level sample collection information available for searching and the contact information for collection custodians for further inquiry by the searcher.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = 9/11/2009

PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Arctic Investigations Program Information Management Project [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 257
7. System Name (Align with system Item name):  Arctic Investigations Program Information Management Project (AIP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Lisa Bulkow
10. Provide an overview of the system:  The application is used to collect, store, process, and report medical research data. The system provides the IT platform for laboratory and epidemiologic work done by the Arctic Investigations Program (AIP). It provides the integrated system for tracking of laboratory specimens and associated epidemiologic study data which are not associated with specimens received at AIP. Medical patient data is collected, processed, and stored for research purposes.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  AIP does not share or disclose PII
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The application is used to collect, store, process, and report medical research data. The system provides the IT platform for laboratory and epidemiologic work done by the Arctic Investigations Program (AIP). It provides the integrated system for tracking of laboratory specimens and associated epidemiologic study data which are not associated with specimens received at AIP. Medical patient data is collected, processed, and stored for research purposes. Medical Patient information is collected directly form patients, who are advised of the purpose of the information. Patients sign privacy waiver before releasing information to CDC staff. CDC staff sign on to application via user-ID and password across Local Area Network (intranet) and enter data into application. PII is collected. Personal information is provided voluntarily.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1) No Process in Place.  2) Personal information is collected directly from people that want to participate in studies. Participants voluntarily provide written consent by signing the consent form agreeing to participate in a research study. 3) All consent forms include a description of how the information is used.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Only authorized individuals have access to PII data, and only for authorized tasks. Individuals permitted access must be logged into the CDC Authentication system in order to access. PII is encrypted and ITSO-SQL maintains the key.  Server housing the application is physically protected with locked doors and limited access. Operating system is hardened to limit exposure to unauthorized access.

IIF Collected = Yes
E-Authentication Assurance Level = N/A
Risk Analysis Date = 01/23/2012
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Arthropod Pooling System (APS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/14/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 15
7. System Name (Align with system Item name):  Arthropod Pooling System (APS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Harry Savage
10. Provide an overview of the system:  This system is used by the division’s entomologists and arbovirologists for the storage of data on mosquito pools.  Data collected on mosquito pools are entered for the purpose of managing data on mosquito species and abundance and the presence of arboviruses.   Mosquito pools are collected during research, surveillance, and outbreak activities.  The system consists of an Microsoft Access front end and a Microsoft SQL Server back end.  Only authorized division scientists have access to the system on the local area network.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Administrative controls: The data will be secured by logical access controls. Technical controls: Access to the data is controlled by user ID and password, firewall.  Internal physical controls include security guards, ID badges, and cardkeys.
No IIF Collected.
 
E-Authentication Assurance Level = N/A
 
Risk Analysis Date =5/25/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/25/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Association of State and Territorial Dental Directors State Synopses [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/25/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  n/a
5. OMB Information Collection Approval Number:  n/a
6. Other Identifying Number(s):  n/a
7. System Name (Align with system Item name):  DOH ASTDD State Synopses
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris (CTR)
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR Geographic Information System (GIS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  Initial PIA Migration to ProSight 
1. Date of this Submission:  8/9/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-01-1011-02
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A -  System does not constitute a "System of Records" under the Privacy Act.
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  ATSDR Geographic information System (GIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Andrew L. Dent
10. Provide an overview of the system:  Geographic Information Systems (GIS) can provide a visual tool for identifying the location of events, the spatial relationship between incidents and the population they may impact.  Mapping technology can also assist in the collection of information from exposed individuals to help identify the source of an unknown release.  Proximity assessment, demographic characterization, and local resource identification (e.g., postal facilities, health care, fire, national guard) are also available through the use of spatial analysis techniques.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system maintains geospatial data such as basemap, emergency response, public health infrastructure, demographic, and environmental hazard data.  The data will be used to generate cartographic products, support research, and analyze spatial relationships between features of interest in the public health domain. The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden, OCISO
Sign-off Date:  8/10/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR Records Management System (ARMS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/4/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1755
7. System Name (Align with system Item name):  ATSDR Records Management System (ARMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Marianne Hartin
10. Provide an overview of the system:  The ATSDR Records Management System (ARMS) is a records management and labeling application used to provide database record searching and produce labels.  ARMS is designed to catalog and index official ATSDR records.  The records are received from divisions within the Agency for Toxic Substances and Disease Registry (ATSDR) and are delivered to the ATSDR Records Center /NCEH-ATSDR Health Communications Science Office.  The ATSDR Records Center uses ARMS to manage records for Superfund sites and other legal and official activities conducted by the agency.  ARMS is used to meet federal records management regulations and requirements.  ARMS is the primary source for the entire ATSDR Records Center in storing, searching and retrieving records.  ARMS can be used for both physical and electronic records.  All aspects of records management are included: lifecycle management, sensitivity levels, clearance, cross referencing of content keys, and linked labels.  Security features include a comprehensive and intuitive system designed to electronically manage the lifecycle of all records and respect the existing IT security conventions already in place.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  The system does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  (1) ARMS contains label numbers, file names and file descriptions.

(2) ARMS is used to catalog and index official ATSDR records, provide database record searching, and produce labels. ARMS is also used as the primary source for the entire ATSDR Records Center in storing, searching and retrieving records. 

(3) The system data are public record and contain no PII or sensitive data of any type.

(4) N/A.  The system does not contain any PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1) N/A.  The system does not contain any PII.

(2) N/A.  The system does not contain any PII.

(3) N/A.  The system does not contain any PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A.  The system does not contain any PII.

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =9/3/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  5/4/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Automated Immunization and Medical Surveillance System [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/29/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0018
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1548
7. System Name (Align with system Item name):  Automated Immunization and Medical Surveillance System (AIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Art Tallman
10. Provide an overview of the system:  Tracks immunizations and medical surveillance programs that involve CDC personnel
Automatically generates e-mail for scheduling appointments
Provides an online reference guide for immunizations and medical surveillance programs for all CDC personnel
Permits viewing and printing of immunization history for CDC personnel
Permits immunization or medical surveillance program requests by employee, supervisors or appropriate administrative personnel via automated Form 697
Provides a decision support tool for supervisors and administrative personnel in CIOs that have immunization or medical surveillance requirements
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Tracks immunizations and medical surveillance programs that involve CDC personnel
Automatically generates e-mail for scheduling appointments
Provides an online reference guide for immunizations and medical surveillance programs for all CDC personnel
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) Data collected pertains to immunization and medical surveillance tracking that involve CDC personnel without any distinguishing identifiable information.

2)     Permits viewing and printing of immunization history for CDC personnel
3)     The following IIF is being collected:
·          Name
·          SSN
·          Mailing Address
·          Phone Number

4)     Voluntary
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  IIF is collected, disseminated or maintained in the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  User ID
Passwords (with expiration)
Firewall
Guards
ID Badges
Key Cards
CCTV

IIF Collected

E-Authentication Assurance Level = N/A

Risk Analysis Date = 2 Sep 09
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  11/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Automated Royalty Tracking System (ARTS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/9/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0024
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1640
7. System Name (Align with system Item name):  Automated Royalty Tracking System (ARTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Martin Vincent
10. Provide an overview of the system:  CDC’s Automated Royalty Tracking System (ARTS) is a web-based application designed to enable the processing, tracking, and reporting of CDC royalty revenue distribution payments.  The users of this system are the Coordinating Center for Infectious Diseases (CCID) Technology Transfer Specialists; Division Approvers from CCID, National Center for Environmental Health (NCEH), the National Institute of Occupational Safety and Health (NIOSH); and the Financial Management Office (FMO) Budget Analysts.  ARTS will provide authorized users with the ability to approve the distribution of royalty payments to Inventors, calculate the amount to be paid, notify Inventors and Laboratories of payment, and report on payment activities.  ARTS will collect Personable Identifiable Information (PII), such as names, SSN (Non-CDC employees), Web URL’s, and both personal and business related email addresses.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  CDC’s Automated Royalty Tracking System (ARTS) is a web-based application designed to enable the processing, tracking, and reporting of CDC royalty revenue distribution payments.  The users of this system are the Coordinating Center for Infectious Diseases (CCID) Technology Transfer Specialists; Division Approvers from CCID, National Center for Environmental Health (NCEH), the National Institute of Occupational Safety and Health (NIOSH); and the Financial Management Office (FMO) Budget Analysts.  ARTS will provide authorized users with the ability to approve the distribution of royalty payments to Inventors, calculate the amount to be paid, notify Inventors and Laboratories of payment, and report on payment activities.  ARTS will collect Personable Identifiable Information (PII), such as names, SSN (Non-CDC employees), Web URL’s, and both personal and business related email addresses.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  CDC’s Automated Royalty Tracking System (ARTS) is a web-based application designed to enable the processing, tracking, and reporting of CDC royalty revenue distribution payments.  The users of this system are the Coordinating Center for Infectious Diseases (CCID) Technology Transfer Specialists; Division Approvers from CCID, National Center for Environmental Health (NCEH), the National Institute of Occupational Safety and Health (NIOSH); and the Financial Management Office (FMO) Budget Analysts.  ARTS will provide authorized users with the ability to approve the distribution of royalty payments to Inventors, calculate the amount to be paid, notify Inventors and Laboratories of payment, and report on payment activities.  ARTS will collect Personable Identifiable Information (PII), such as names, SSN (Non-CDC employees), Web URL’s, and both personal and business related email addresses.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  The individual has already included their information within the vendor file.  It is from this file that individual payouts are processed.  An ACH form is filled out by the vendor in advance if they want to receive payments. There is no notification to the vendor if there are any changes to the system.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system uses standard ITSO controls.  The server is located in a locked room.  AD access is required to access the information, and the administrator periodically reviews information as it is logged in.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/9/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Automated Specimen Tracking (ASTRO) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/5/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0106
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1188
7. System Name (Align with system Item name):  Specimen Tracking and Results Laboratory Information Management System (StarLIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Genny Gallagher
10. Provide an overview of the system:  Once fully implemented and integrated, the NCEZID StarLIMS system will be the NCEZID centralized Laboratory Information Management System (LIMS). This application is a Commercial Off the Shelf (COTS) application built by the StarLIMS Corporation in Hollywood, Florida.  All information related to specimens and the analytical results of testing those specimens will be entered into the system and tracked using the system. Reports will be run and used to notify submitters of the test results.  Aggregated reports may be reviewed by CDC management personnel.  For specimens with legal or forensic ramifications the system will establish and track the Chain-of-Custody of the specimens.  All users of the system will be internal to CDC.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  StarLIMS shares information between Specimen Tracking and Results Reporting System (STARRS), a NCPHI-developed web services application, and Laboratory User Network Application (LUNA), the web interface to STARRS. The integration between STARRS and StarLIMS lays critical groundwork for information exchange between CDC external public health laboratory partners and CDC labs using StarLIMS.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   The system collects name, DOB, and gender.
2)   The information is used to associate a specimen with a particular person.
3)   PII is collected for a specimen in some cases but not always.
4)  Submission of personal information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Processes in place for obtaining PII are controlled outside of this agency by submitters of specimen data
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  System data is secured with role based security.  Users can only see/view data based on personal viewer identification set up for each user that only allows users to see data related to their specific lab.

 IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date = Feb 2, 2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P MAdden
Sign-off Date:  4/6/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Automated Task Order Monitoring System (ATOMS) [Systems]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/14/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 2103
7. System Name (Align with system Item name):  Automated Task Order Monitoring System (ATOMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Michael Freeman
10. Provide an overview of the system:  This system will be used to provide information for the upcoming 2012 DGHA Annual Meeting, providing a registration function by collecting federal contact data.  This site will not request any personally identifiable information.  The data collected will be use to produce conference name badges and schedule meetings with department leaders.  No personal information is being requested. Only Federal and Business Contact data will be collected
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will be used for provide information for the upcoming 2012 DGHA Annual Meeting, providing a registration function by collecting federal contact data.  This site will not request any personally identifiable information.  The data collected will be use to produce conference name badges and schedule meetings with department leaders.  No personal information is being requested.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII information is being requested or collected.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII information is being requested for this effort.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  2/14/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Automated Web Translation Services [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/21/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC ID: 1752
7. System Name (Align with system Item name):  MotionPoint
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Fred Smith
10. Provide an overview of the system:  MotionPoint is an industry innovator in website language translation. MotionPoint develops and deploys a technology suite designed to perform automated website translation. The technologies leverage publicly available web content to perform the translation functions, while preserving the privacy and security of non-public data
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF collected.

E-Authentication Assurance Level = 1

Risk Analysis Date = July 27, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/22/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BDB Reference and Diagnostics (BDB) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/4/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-1480-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0160
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1198
7. System Name (Align with system Item name):  BDB Reference and Diagnostics (BDB)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Martin Schriefer
10. Provide an overview of the system:  This system is internal facing and is not a Web-based application.  This system is an access database which contains critical diagnostic and select agent information. System provides national & international reference diagnostics for plague, tularemia, Lyme, relapsing fever, and BT investigations.  The system tracks laboratory diagnostic samples & resulting test data & generates reports with patient information. After successful login and validation, fcid-vbi-1/BDB.mdb is loaded onto the user’s workstation.  This Access 2003 application consists of forms containing fields for data input.  Once the data is entered it is written to the database portion of the Access .mdb file on the file server fcid-vbi-1.  The system can output various reports to be used for analysis or for reporting test results.  Only local scientists granted permission within the division/branch of DVBID/BDB have access to the data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  State Health Departments. Date originates from State Health Department, and is tested, and after testing, reports of results are returned to Health Department providing the sample data.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Access database which contains critical diagnostic and select agent information. System provides national & international reference diagnostics for plague, tularemia, lyme, relapsing fever, and BT investigations.  The system tracks laboratory diagnostic samples & resulting test data & generates reports with patient information. CDC obtains information from State Health Departments, so CDC does not control or is aware of voluntary nature of data provided from patient participants.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Only aggregate test results data is provided to State Health Departments. Exception is the State Health Department that originally provided the patient samples. For health departments that provided the sample data, the patient’s name, DOB, age, race, gender is provided. State Hearth Departments collecting the patient PII obtains consent and notifies patients, when necessary.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Access to application is limited to authorized individuals, and authentication of individual is achieved at two levels: Windows Active Directory authentication, and Microsoft Access authentication. Access to workstations and application server is physically restricted to CDC-badge employees and contractors. 

IIF collected for research purposes by local scientists
EAAL = N/A
Risk Analysis Date = February 3, 2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles  OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/4/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Biologics Information and Ordering System (BIOS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  2/2/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 865
7. System Name (Align with system Item name):  Biologics Information Ordering System (BIOS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Curtis Taylor
10. Provide an overview of the system:  BIOS is a web-enabled java-based intranet application.  The system is used by SRP Lab technicians to manage inventory and order product.  Users have the ability to enter product orders, determine the number of lots to create for the order, and process the order for shipment.  The system is considered essential for the technicians to perform their job, therefore down time must be kept to a minimum.  BIOS data is contained within the system and does not interact with other CDC systems.
Users are grouped into system roles.  Roles are defined with CDC LDAP.  BIOS authenticates users against the LDAP before gaining access.  BIOS roles include: administrator, manager, orderer, QA, supervisor, technician, and management reports.  The system runs via the CDC Intranet.  It uses an SSL certificate for data encryption.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Lab inventory and job order information.  Maintains and tracks orders for lab items.  No PII information is collected, processed, or stored within the application.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E  Walker
Sign-off Date:  2/2/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Biolomics (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/31/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Biolomics
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Mary Brandt
10. Provide an overview of the system:  Biolomics Phase 1 is an internal, inward-facing microbiology and gene sequencing application. Personnel from the Mycotic Diseases Branch of the CDC use BioloMICS Pro v8.5 software to manage their collection of fungal isolates. Data stored in Biolomics include basic isolate identifiers (human/animal/environmental, genus/species, etc.), image files of cultured isolates, DNA sequences, and references to publicly-available reference material for each isolate.

Personnel from the Mycotic Diseases Branch of the CDC use BioloMICS to input all information, sequences, and image files for each isolate in their collection. All data is stored in a MySQL database on a DSS server. Existing information is retrieved for display/modification through the BioloMICS front-end application. Data is exported for use in research projects and publications as needed.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Collects data on fungi. Allows the division to more efficiently collect and analyze samples. Used for public health research purposes and publications. No PII
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  8/31/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BioSense (BioSense) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  8/4/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-21-01-1163-00-110-030
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  SORN 09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A

7. System Name (Align with system Item name):  BioSense
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Barry Rhodes
10. Provide an overview of the system:  BioSense is a national initiative to support the advancement of incident awareness and early detection capabilities by promoting greater and timelier acquisition of relevant data and by advancing technologies associated with near real-time reporting of secondary data from multiple sources and analytics. At this time, BioSense does not attempt to predict when an event may occur in the future, but rather helps to establish the parameters of an event based on the reported data. As an example, BioSense will help establish if similar symptoms are reported at different cities across the United States.
To enhance consistency of public health surveillance nationally, BioSense facilitates the sharing of automated detection and visualization algorithms and approaches by promoting national standards and specifications developed by such initiatives as the Public Health Information Network (PHIN) and the eGov activities of Consolidated Health Informatics. CDC receives data voluntarily from facilities electronically.  Data can be viewed by users (facilities, Local Health Department, State Health Department) using BioSense Web application which is hosted on CDC Secured Data Network.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  As of  January 2009 , BioSense has hospitals transmitting data and commitments have been received from health systems and state health organizations representing hospitals and covering major metropolitan areas and 50 states. In addition, BioSense has three data sources which do not currently transmit data in real-time: Department of Defense (DoD) military treatment facilities, Department of Veterans Affairs (VA) treatment facilities, and Laboratory Corporation of American (LabCorp) test orders. Data are received and analyzed on a daily basis from these sources. Both the DoD and VA provide ambulatory care data in the form of ICD-9-CM diagnosis codes and CPT medical procedure codes. LabCorp provides test orders and ICD-9-CM codes associated with the reason for the orders. All data sources include additional information with each record such as patient age, gender, zip code of residence, and facility identifier and zip code.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  BioSense facilitates proper controls on its system to ensure the protection of IIF data and other non IIF data.  BioSense is rated a High system per the FIPS 199 categorization.  BioSense implements and facilitates the security controls following the NIST SP 800-53 for a High system which include the controls for administration, technical and physical.  Under the administration controls, BioSense implements access controls.
Specific Controls Administrative: Role based access.
Technical Controls: User ID, passwords, firewall, encryption, IDS, CAC.
Physical Controls: Guards, ID badges, key cards, cipher locks, CCTV.
 
IIF is collected and the proper controls are utilized to safeguard sensitive information.
 
E-Authentication Assurance Level = 3
 
Risk Analysis Date = December 12, 2008
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden, OCISO
Sign-off Date:  8/10/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC BioSense 2.0 (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  5/23/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  BioSense 2.0
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Taha Kass-Hout
10. Provide an overview of the system:  The key aim of BioSense 2.0 is to accelerate and expand state and local syndromic surveillance systems. BioSense 2.0 will contribute to nationwide and regional (i.e., multi-state) situation awareness for all hazards health-related events (beyond bioterrorism), by allowing local and state stakeholders direct control and ownership of the system in order to paint a cohesive regional and national “picture.” This is consistent with the 2006 Pandemic All Hazards Preparedness Act (PAHPA), and 2007 Homeland Security Presidential Directive (HSPD-21), both of which call for regional and nationwide public health situation awareness, through enabling state and local situation awareness capability.  Further, BioSense 2.0 aligns with the priorities identified by the National Biosurveillance Strategy for Human Health. Successful implementation of BioSense 2.0 will promote a national situation awareness picture that provides:
•        Aggregate national view
•        More detailed State/Local views and functionalities
•        View neighboring localities and departments
•        View contextualized alerts and assessments
•        Accept new data sources

BioSense 2.0, governed by state and local stakeholders under the Association of State and Territorial Health Officials (ASTHO), creates an easy way to facilitate the sharing of public health surveillance data between health jurisdictions. Additionally, BioSense 2.0 will cease the collection and maintenance of raw clinical data at CDC as with the case with the original design of BioSense (BioSense 1.0). To achieve this, BioSense 2.0 will emphasize the direct reporting of data from hospitals to state and local health departments instead of CDC, if desired by jurisdictions
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/23/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BioSense Operations & Maintenance (BioSense O&M) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/14/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  None
7. System Name (Align with system Item name):  BioSense Operations & Maintenance (BioSense O&M)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Alan Davis
10. Provide an overview of the system:  BioSense O&M is a national initiative to support the advancement of incident awareness and early detection capabilities by promoting the improved acquisition of relevant data and advancing technologies associated with near real-time reporting of secondary data from multiple sources and analytics. BioSense does not attempt to predict when an event may occur in the future. The system helps establish the parameters of an event based on the reported data. The system uses medical notes, Birth Month/Year, Reported Age, Sex, Race, Ethnic Group, Occupation, state, county, and zip code information to help establish the scope and parameters of a public health event based on the reported data.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A.  BioSense O&M does not share or disclose PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  BioSense has hospitals transmitting data and commitments have been received from health systems and state health organizations representing hospitals and covering major metropolitan areas and 50 states. In addition, BioSense has three data sources which do not currently transmit data in real-time: Department of Defense (DoD) military treatment facilities, Department of Veterans Affairs (VA) treatment facilities, and Laboratory Corporation of American (LabCorp) test orders. Data are received and analyzed on a daily basis from these sources. Both the DoD and VA provide ambulatory care data in the form of ICD-9-CM diagnosis codes and CPT medical procedure codes. LabCorp provides test orders and ICD-9-CM codes associated with the reason for the orders. All data sources include additional information with each record such as patient age, gender, zip code of residence, and facility identifier and zip code.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Security controls in place on the system meet NIST SP 800-53 Rev 3 requirements for an information system with a moderate security rating.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  9/14/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Biotechnology Core Facility Job Tracking Database [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/3/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9422-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 26
7. System Name (Align with system Item name):  Biotechnology Core Facility Job Tracking Database (BCFJOBS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Scott Sammons
10. Provide an overview of the system:  The Biotechnology Core Facility Branch (BCFB) provides custom products, synthetic DNA oligonucleotides and synthetic peptides, as well as other services to CDC laboratory researchers.  Since 1993 the BCFB has employed an electronic relational database for inventory control and tracking data related to these activities.  Paradox was the database product selected after evaluation of commercial products available at that time and is the product currently used by the BCFB
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No PII is contained within the system.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No PII is contained within the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  None
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII is contained within the system.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  11/3/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Birth Cohort Evaluation to Advance Screening and Testing of Hepatitis C (BEST-C) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/24/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Birth Cohort Evaluation to Advance Screening and Testing of Hepatitis C (BEST-C)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Geoff Becker
10. Provide an overview of the system:  The purpose of Birth Cohort Evaluation to Advance Screening and Testing of Hepatitis C (BEST-C) is to gain an understanding of how Primary Care Providers (PCPs) are identifying persons who are anti HCV+. CDC seeks professional services to collect retrospective patient data from the electronic medical records of four large PCPs related to HCV risk, risk assessment, and HCV testing practices, outcomes, and their related costs.
The four PCPs are Henry Ford Hospital (Detroit, MI), University of Alabama at Birmingham (Birmingham, AL), University of Texas at Houston (Houston, TX), and Mount Sinai Medical Center (NYC)
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   SAS datasets 2) Research 3) No personal identifiable information is collected 4) N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No PII
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  1/24/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Blackberry Mobile Voice System (MVS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/16/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 620
7. System Name (Align with system Item name):  Blackberry Mobile Voice System (MVS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Richard Self
10. Provide an overview of the system:  The BlackBerry MVS is a telecommunication mediation server that communicates with the BlackBerry Enterprise Server and PBX through an IP/PSTN media gateway. To enable interoperability and extend and enhance the capabilities of the Nortel 1000 M, the MVS permits users to make calls from and receive calls to their work phone numbers and access some of the features that are available from their CDC desk phones. The MVS also enable administrators to manage BlackBerry devices over the cellular network from a single location and control access to the work phone numbers and phone features that BlackBerry MVS provides.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No PII
Risk Analysis date: 12/14/2009
E-Auth Level: 2
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  4/19/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Blackstone ACD (N/A) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  11/1/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  Blackstone ACD
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Bill McHarg
10. Provide an overview of the system:  Contact Center Manager Server is the core contact center component that provides the intelligent
routing capability for voice contacts to be routed to the most qualified agent. Contact Center Manager Administration is a browser-based tool for contact center administrators and supervisors. You can use Contact Center Manager Administration to manage and configure a contact center and users, define access to data, and view real-time and historical reports.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  This system is not designed to store or retain PII.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system is not designed to store or retain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  This system is not designed to store or retain PII.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  This system is not designed to store or retain PII.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  11/1/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Blood Requests [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9324-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  The PII collected is exempt due to the Business PII determination made in accordance with the HHS PIA SOP of February 2009
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 917
7. System Name (Align with system Item name):  Blood Requests (BLDSERVICES)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Suzette Bartley
10. Provide an overview of the system:  The Blood Requests system is used to create and track blood request made by CDC personnel.  The system is also used to supply data for contract management.  A CDC Investigator request for a fresh blood product is entered into the Blood Requests system.   Requests are then sent to Emory University via fax.  Emory has a contractual agreement with CDC to procure fresh blood products.  Requested blood is sent to CDC usually with 24-48 hours.  There are between 300-500 blood request forms submitted by CDC Investigators annually. The completion of the request is recorded in the system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A, System does not share or disclose PII information
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1) product specifics: product type (whole blood, serum, etc.), blood type, amount, when needed, package type, where delivered, etc.; request specifics: investigator name, contact information, date requested
2) to track product requests and fulfillment
3) the information does not contain PII except business contact information
4) n/a
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  1) n/a – Business IIF only
2) n/a – there is no PII, just business contact information
3) The information is not shared.  It is used to record requests of blood product.  It is used to track request fulfillment.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A, System does not contain PII except business contact information

E-Authentication Assurance Level = N/A

Risk Analysis Date =2/13/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles  OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/3/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Body and Mind (BAM) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/29/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 876
7. System Name (Align with system Item name):  Body and Mind (BAM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Scott Mullins
10. Provide an overview of the system:  BAM is a kid friendly web site for information on physical activity, bullying, nutrition and other health topics of interest to kids.  The site allows for users to create a personal (but not personalized) activity calendar.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  BAM doesn’t collect, maintain or disseminate data.  No PII is collected through BAM.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  3/29/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Body Mass Index Calculators [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/10/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DNPA GA - BMI
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Calculator to help determine Body Mass Index.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Border Infectious Disease Surveillance Project (BIDS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  6/18/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 891
7. System Name (Align with system Item name):  BORDER INECTIOUS DISEASE SURVEILLANCE SYSTEM v4.0 (BIDS4)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Steve Waterman
10. Provide an overview of the system:  System would collect data about patient events in the border cities of US and Mexico.  The data pertains to the following 3 syndromes: Febrile Exanthem, Hepatitis, Undifferentiated fever/neurological syndrome.  Lab data about specimens collected from the patients would also be entered in the system.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  BIDS4 application stores and processes non-personally identifying data about patient events in the border regions of US and Mexico for Hepatitis, Febrile Exanthem, and Neuro-Undifferentiated Syndromes. The application also allows the site administrators in these border sites to enter data about Lab specimens and test results for these patient events.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PII no
E-Auth Level = 1
Risk Analysis date: 4/22/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  6/21/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Bibliography [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Bibliography
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Search tool for BRFSS publications.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is retained until no longer needed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Coordinators [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Coordinators
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  State BRFSS coordinators.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is retained until no longer needed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Data System Course [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Data Systems Course
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen

10. Provide an overview of the system:  BRFSS training web site.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is retained until no longer needed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Historical Questions [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Questions
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Query of questions from previous BRFSS surveys.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Maps [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/9/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GIS - BRFSS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Geographical display of BRFSS data.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Modules and State Added Questions [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Modules
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Listing of BRFSS questionnaire modules available by state and year.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is retained until no longer needed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Prevalence [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Prevalence
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  State BRFSS prevalence data.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  IIF is retained until no longer needed.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Publications [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS Publications
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Citation information for official state publications that include BRFSS data, such as Healthy People 2000 reports and newsletters.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS SMART [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/8/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  DACH GA - BRFSS SMART
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Selected Metropolitan/ Micropolitan Area Risk Trends (SMART) displays BRFSS data for selected metropolitan and micropolitan statistical areas.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BRFSS Survey Operations Support [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/26/2008
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1148
7. System Name (Align with system Item name):  CDC DACH BRFSS Survey Operations Support
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  Track status of data sets submitted by states.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Some of the applications provide business contact information for public officials.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs.  The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  All of the data, including the IIF, follow the security controls of the EMSSP.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Michael W. Harris
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  8/25/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Budget InSight (BIS) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1802
7. System Name (Align with system Item name):  Budget InSight
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Daniel J Hardee
10. Provide an overview of the system:  The Budget InSight is a management financial reporting system, built for the Financial Management Office (FMO) by the Budget Operations Branch (BOB) at the Center for Disease Control (CDC). Budget InIsight supports budget planning and execution by processing financial data from multiple systems and displaying it in summary level management views (dashboards) and detailed reports.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Budget InIsight supports budget planning and execution by processing financial data from multiple systems and displaying it in summary level management views (dashboards) and detailed reports.  The information does not contain PII.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/30/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Budget InSight [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/22/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-90-0013
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1674
7. System Name (Align with system Item name):  Employee Base Line Information System (EBIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Art Tallman
10. Provide an overview of the system:  EBIS is an internally developed system for tracking aliquots generated from blood samples received from Occupational Health and Safety (OHS). The donors are either CDC employees or visiting professionals of OHS. When the blood sample is received from an OHS office, it is “spun’ and of 1 or 0.5 ml aliquot samples are created. These aliquots are stored in the Specimen Management Branch freezers. EBIS also ports an existing Fox Pro database to a MS SQL database. There are two types of samples sent to SMB. Samples from CDC employees with CDC User ID and CDC Visiting Fellows without a CDC User ID and the two are tracked using different type of identification information. CDC employees with CDC User ID are tracked using the four alphanumeric characters; CDC User ID. The visiting fellows are tracked using their name and date of birth. This identification data is used by the system to automatically generate a specimen tracking number which is affixed to the blood sample received from OHS and it is also affixed on the aliquots created from the samples. The system generated aliquot identification number contains information regarding from which original blood sample the aliquot is generated and the storage location of the aliquot in the freezer.
When an aliquot is released the system tracks the date of release, destination of the aliquot.
There are 17,000 aliquot identifications in the Fox Pro database that is being ported to an SQL database. 15,000 of these legacy data has CDC user ID’s and they are tracked and managed using the CDC ID. The 2000 legacy users without CDC User IDs are tracked using name and social security number because these users does not a date birth so donor name and date of birth cannot be used to track the aliquots.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Information Collected:
(1) First Name, Last Name, DOB and Social Security
(2) Used to track number of aliquot donors and identify which Aliquot Management Branch Freezer aliquot is stored. The information is collected from pre-AD retired CDC employees and visiting fellows to accurately identify donors.
(3) IIF is being collected.
(4) Personal information is voluntary but is required to track number of aliquot donors.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  (1)  Users are notified via a general OD announcement when changes occur in the system. Users are also asked to update and validate their information on a yearly basis. A privacy notice opens when the user first accesses their contact information.
(2)  IIF is collected and maintained by CDC.
(3) IIF may be used to search for individual records, but never disclosed except by signed authorization.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Only admin can change/delete/modify data and the administrative control controlled by the Chief, Specimen Management branch.
Users are added by the branch chief by opening ITSO service desk ticket for granting access.

IIF Collected and the proper controls are utilized to safeguard sensitive information.
E-Authentication Assurance Level = N/A
Risk Analysis Date = 02/13/2012
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/22/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Budget Resource Allocation System (CBRA) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/2/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1803
7. System Name (Align with system Item name):  CBRA - CDC Budget Resource Allocation
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kim E. Jennings
10. Provide an overview of the system:  CBRA is a web-based application that serves to model and automate FMO's ceiling resource allocation process.  CBRA allows the user to record funding details (e.g. appropriations, allotments, sub-allotments, adjustments) and generate ceiling memos as well as supporting documentation.  The process within CBRA divides up large pools of money into smaller and smaller pools with each subdivision providing a more specific definition of where and for what purpose the funds will be used.

Features include:
• Secure, role-based access to information via Internet Explorer
• Rules-based calculations for Rescissions, Assessments, Splits, and Sub-Allocations
• Workflow that follows the Budget process from Planning through all Presidential and Congressional Marks to Provisional and Official Ceilings
• Generation of Ceiling Letters and all attachments
• Ad-Hoc versions for "What if?" analysis
• Tracking of all changes from multiple concurrent users
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  FMO will collect and record budget funding details (e.g. appropriations, sub-allocations, adjustments) in order to generate ceiling memos for organizations receiving appropriations.

No PII will be recorded/collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII No
E- Auth Level = N/A
Risk Analysis date 08/18/10
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/7/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Buildings and Facilities Management System (BFMS) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/11/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1821
7. System Name (Align with system Item name):  Buildings and Facilities Management System (BFMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  Buildings and Facilities Management System (BFMS) is a web-based system designed to maintain CDC building and facility details, such as (building names, addresses, campus name, and number of floors per building).  Users of this system can both add and/or update details regarding CDC occupied buildings.  This information will then be utilized by other enterprise software applications, such as CDC Neighborhood, as a basis for building/facility details.  This system contains no Personable Identifiable Information (PII) of any sort.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  This system will contain data relating to CDC building and facility details, such as (building names, addresses, campus name, and number of floors per building).  Users of this system can both add and/or update details regarding CDC occupied buildings.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is collected.
Risk Analysis date: 5/10/2010
E-Auth Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L. Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/11/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC BZB Diagnostic Samples [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  5/23/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-02-02-9721-00-110-246
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  09-20-0136
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 1159
7. System Name (Align with system Item name):  Bacterial Diseases Branch Diagnostic Samples (BDBDS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rich Peterson
10. Provide an overview of the system:  This system provides for the storage, tracking, and transfer of select agent and non select agent isolates within the bacterial zoonoses branch of the division.   The inventory (freezer location, status, and history) of Lyophilized and frozen isolates are tracked via this database.   The system consists of an Microsoft Access front end and a Microsoft SQL Server back end.  Only authorized division scientists have access to the system on the local area network.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Firstname, Lastname, Country, State, County, Year Collected, Age, Sex are collected, not disseminated or shared.  Information is used for molecular and epidemiological studies and for linking samples including those from subsequent investigations.  Information submitted is voluntary via DASH form.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  Information on this is contained on the DASH form the patient signs
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Access & user rights to the system are  limited to authenticated Windows users using Windows and MS SqlServer security, administered by the local SA.  Physically, the MS SqlServer is located behind  two doors protected with card key locking systems.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  5/23/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012

_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CallPilot (CallPilot) SYSTEM
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  7/7/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CallPilot
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  James Deberry
10. Provide an overview of the system:  CallPilot provides Voice/FAX Messaging as well as Desktop Messaging capabilities through the users' desktop email. The additonal server will house the CallPilot Manager Apliication along with the Call Pilot Reporter application.  CallPilot Manager is used to manage day to day functions, such as adding and deleting users from the system.  The CallPilot Reporter is used to provide reports of usuage stats on the CallPilot system.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  7/29/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Cambodia IT Infrastructure (GAP-Cambodia) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/17/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Cambodia IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Cambodia and provides a file server, exchange server, webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  No
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  9/20/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC Cameroon IT Infrastructure (GAP-Cameroon) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/30/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Cameroon IT Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Cameroon and provides a file server, exchange server, webmail server; authentication is performed via CDC Active Directory with a failover to local host.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.
E-Authentication Assurance Level = N/A
Risk Analysis Date =4/8/2010
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/6/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Capacity Building Assistance Evaluation (CBAE) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  3/7/2012
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  0920-0017
6. Other Identifying Number(s):  ESC# 1341
7. System Name (Align with system Item name):  Capacity Building Assistance Evaluation (CBAE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Rashad Burgess
10. Provide an overview of the system:  CDC’s Division of HIV/AIDS Prevention (DHAP) provides community-based organizations with more than $300 million annually to conduct HIV prevention activities. In addition, DHAP’s Capacity Building Branch (CBB) provides funds for Capacity Building Assistance (CBA) services in which considerable resources are allocated to serve community-based organizations (CBO), health departments, and community planning groups nationwide. The CBB provides national leadership and support for capacity building assistance to ensure that DHAP’s grantee have the knowledge, skills and technology to effectively and efficiently conduct HIV prevention across the United States and its territories .
CBA is provided to support grantees in the implementation, monitoring and evaluation of evidence-based HIV prevention interventions and programs; building organizational infrastructure; and community mobilization to decrease stigma and increase HIV testing in high risk communities. Even though CBA has been funded for over 10 years, there has been no systematic assessment of CBA services provided to CBO and health department customers. There has not been a monitoring or evaluation processes to determine if CBA customer ware satisfied with CBA services or if CBA services resulted in improved HIV prevention practices.
The purpose of this project, and system, is to provide program evaluation services to assist DHAP/CBB in the monitoring and evaluation of CBA Cooperative Agreement Program which services community-based organizations (CBO) directly and indirectly funded by CDC, health departments and their community planning groups (GPGs), and other community stakeholders providing HIV prevention services targeting high risk and racial/ethnic minority populations to increase their capacity to implement evidence-based prevention practices.
In September 2009, CBB funded a new round of five-year cooperative agreement with 30 CBA providers. The project focuses on the following monitoring, evaluation, and quality control questions: (1) How satisfied are CBB’s CBA customers with the CBA services that they provide? (2) Do the customers who receive CBA servicers, consider these services to be of benefit to them as they develop the capacity to implement evidence-based services over time? (3) How can customer feedback be utilized to improve CBA services over time? To collect the information, survey evaluation forms are completed by Technical Assistance and Training recipients at point of services, through 45 and 90-day follow-up surveys, and subsequent contact via phone for non-respondents.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  
1)   The Training PIF form is a paper form that training participants provide business contact information, including the individual full name (plus sudo-name, described below) and business contact information, including business name, business phone number, and business e-mail. In addition, the PIF application collects some basic demographic data on the person completing the PIF form, including, racial/ethnic background and gender. Each respondent creates a sudo-identifier composed of their first two letters of their first name, first two letters of their last name, two digit month of birth, and two digit day of birth. This paper form is sent to SciMetrika via UPS or priority mail. SciMetrika performs data entry into the CBAE application of all fields, except the individual’s full name, instead entering the individual’s sudo-name. Forms are shredded on-site after data entry. 
2)The CBB provides national leadership and support for capacity building assistance to ensure that DHAP’s grantee have the knowledge, skills and technology to effectively and efficiently conduct HIV prevention across the United States and its territories .

3) No PII COLLECTED. 
4)Submission of information is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  OMB Control Number 0920-0017 states Public Burden Statement: The information on this form is collected under the authority of 42 U.S.C., Section 243 (CDC). The requested information is used only to process your training registration and will be disclosed only upon your written request. Continuing education credit can only be provided when all requested information is submitted. Furnishing the information requested on this form is voluntary.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  PII is collected and stored. Data is secured by a variety of methods, including securely storing data at CDC contractor site via physically secure and controlled office spaces, encrypted storage of electronic media, and encrypted transmission of electronic data. Paper forms are shredded after data entry.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Beverly E Walker
Sign-off Date:  3/7/2012
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Capital HR/EHRP Support Services (CapHR) [SYSTEM]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  8/9/2010
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  OPM/GOVT-1
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC# 1655
7. System Name (Align with system Item name):  CDC Capital HR/EHRP Support Services (CapHR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Sandy Chapman
10. Provide an overview of the system:  CapHR is the standard HHS Human Resource System which is used to perform all federal employee actions.  MISO has a data instance of CapHR which is used to feed data to other tracking systems such as PMAP, People Processing, CDC Neighborhood, WIZ, and EPATS.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Yes – it supports other tracking systems to provide federal employee data necessary to fulfill the functions of each individual system. CDC Neighborhood, EPATS, PMAP, People Processing, and WIZ.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  The system collects, Name, DOB, Personal Mailing Address and Phone Numbers, Medical Notes, Medical Record Numbers, Financial Account Information, Certificates, Education Records, Military Status, Employment Status, and Foreign Activities.  The information is collected as a data feed to support numerous other CDC personnel tracking systems such as EPATS, CDC Neighborhood, WIZ, People Processing, and PMAP.  The information is mandatory as a condition of employment with the federal government.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  HHS HR collects the information and all federal employees are notified that the information they provide as a condition of employment is explained to them during in-processing and as a condition of the background investigation.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  The system uses Active Directory for authentication.  The system is located in a locked room with guards in the building requiring key cards and ID cards for entry.
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  8/23/2010
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Car Pool Registry (CP) [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   No
If this is an existing PIA, please provide a reason for revision:  PIA Validation 
1. Date of this Submission:  1/27/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  ESC System ID: 588
7. System Name (Align with system Item name):  Car Pool Registry
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  John G. Goodson (hso2)
10. Provide an overview of the system:  SQL/ASP web based system used on the CDC Intranet/Connects for agency wide car pool registration. The system allows the user to associate a zip code based query to find available rides, carpools and vanpool opportunities. The government employee contact information (name, userid, office phone) is associated from the global address book which is matched to the existing carpool information by zip code.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  None
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  
PIA Reviewer Name:  Kerey L Carter
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/27/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC Car Pool Registry [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  9/19/2007
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  Static HTML
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  Carpool
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Kimberly Thurmond
10. Provide an overview of the system:  This is a carpool register.  You can register for a carpool or search the database by area code and locations.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Register information
For carpool
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Alice M Brown
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  2/21/2008
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Mozambique GAP Site
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  10/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  No
7. System Name (Align with system Item name):  CDC-Mozambique GAP Site
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Calvin Johnson
10. Provide an overview of the system:  This is a general office support system for CDC GAP Mozambique IT Infrastructure with file server, exchange server, and webmail server. Authentication is performed via local AD that does not send or receive data from the main HHS/CDC Active directory.
13. Indicate if the system is new or an existing one being modified:  New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  No
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  No 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A

No IIF Collected.

E-Authentication Assurance Level = N/A

Risk Analysis Date =8/25/2009
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felica P Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  10/11/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Staff Tracking [System]
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  4/18/2011
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  FY 07: 009-20-01-09-02-0544-00-403-250
FY 08: 009-20-01-09-02-0544-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  No
5. OMB Information Collection Approval Number:  No
6. Other Identifying Number(s):  ESC# 544
7. System Name (Align with system Item name):  Electronic Staffing Tracking System (eStaff)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Doug Correll
10. Provide an overview of the system:  The Electronic Staffing Tracking System (eStaff) is a browser-based intranet application used by personnel specialists to track detailed position and personnel information for the admin codes that they have access to. The data is used by eStaff Online to generate up-to-date personnel reports for the Centers for Disease Control and Prevention (CDC) senior staff.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  No 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  1)   eStaff collects detailed position and personnel information for the admin codes 2) To generate up-to-date reports for senior staff  3) N/A 4) No PII collected
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  N/A
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  No
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN):  Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  N/A – No PII is contained
Risk Analysis Date = March 25, 2011
E-Authentication Assurance Level = N/A
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  4/18/2011
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH Alcohol Related Disease Indicators (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH Alcohol Related Disease Indicators (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-Aging Work Group Voting
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-Aging Work Group Voting
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-BRFSS Abstract Submission Tool (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-BRFSS Abstract Submission Tool (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-BRFSS Bibliography (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-BRFSS Bibliography (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-BRFSS Interview Training Guide
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-BRFSS Training Guide

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-BRFSS Training Guide
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-BRFSS Interview Training Guide
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-CHAPS Toolkit Admin
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-CHAPS Toolkit Admin
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH GA-Syndemics (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH GA-Syndemics (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DACH PRC MIS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-05-02-9022-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DACH PRC MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  Business Contact information is shared with internal staff.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DASH GA-School Health Education Resources (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DASH GA-School Health Education Resources (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DASH GA-SHI (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DASH GA-SHI (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DASH MIS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DASH MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DCPC Cancer QT
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DCPC Cancer QT
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DCPC Email Form
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DCPC Email Form
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DCPC GA-Issue Tracker
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DCPC GA-Issue Tracker
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DCPC GA-Program Contacts (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DCPC GA-Program Contacts (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DDT MIS (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DDT MIS (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DHDSP HDSP MIS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DHDSP HDSP MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DHDSP Legislative Database (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DHDSP Legislative Database (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DNPA GA-5-A-Day Recipes (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DNPA GA-5-A-Day Recipes (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DNPA GA-DNPA Program Directory (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DNPA GA-DNPA Program Directory (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DNPA GA-DNPA Qualitative Research Inventory (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DNPA GA-DNPA Qualitative Research Inventory (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DNPA GA-Legislative Database (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00

009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CoCHP Intranet Platform DNPA GA-Legislative Database (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia P. Kittles OCISO C&E PM
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DOH ASTDD State Synopses (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform DOH ASTDD State Synopses (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DOH GA - Documents
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform DOH GA - Documents
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DOH MIS (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9024-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform DOH MIS (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Tracks objectives and activities of state based oral health programs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DOH Oral Health Data Resource Center (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9023-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform DOH Oral Health Data Resource Center (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform DOH PTS (Admin)
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  009-20-01-03-02-9121-00
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform DOH PTS (Admin)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Aids in the tracking and reporting of test data from participating water fluoride testing labs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

 

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID CoCHP Intranet Platform NCIPC Injury ACE MIS
PIA SUMMARY AND APPROVAL COMBINED 
PIA Summary 
Is this a new PIA 2011?   Yes
If this is an existing PIA, please provide a reason for revision:  
1. Date of this Submission:  1/2/2009
2. OPDIV Name:  CDC
3. Unique Project Identifier (UPI) Number:  N/A
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN number is required for Q.4):  N/A
5. OMB Information Collection Approval Number:  N/A
6. Other Identifying Number(s):  N/A
7. System Name (Align with system Item name):  CDC CCID NCPDCID CoCHP Intranet Platform NCIPC Injury ACE MIS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:  Cindy Allen
10. Provide an overview of the system:  The CoCHP Internet Platform provides dynamic web content to internal CDC staff in support of the Coordinating Centers for Health Promotion. The platform also hosts several applications for other Coordinating Centers.

Tracks objectives and activities of state based injury programs.
13. Indicate if the system is new or an existing one being modified:  Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?  (Note: This question seeks to identify any, and all, personal information associated with the system. This includes any PII, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):  Yes 
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21 must be Yes and a SORN number is required for Q.4):  No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):  Business Contact information is shared with internal staff.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) in this description, explicitly indicate whether the information contains PII; and (4) whether submission of personal information is voluntary or mandatory:  There are several applications that maintain business contact data.

The data is used in routine administrative tasks.

The PII is a requirement of employment at CDC and therefore mandatory.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); (2) notify and obtain consent from individuals regarding what PII is being collected from them; and (3) how the information will be used or shared. 
(Note: Please describe in what format individuals will be given notice of consent [e.g., written notice, electronic notice, etc.])  No processes in place.
32. Does the system host a website? (Note:  If the system hosts a website, the Website Hosting Practices section is required to be completed regardless of the presence of PII):  Yes 
37. Does the website have any information or pages directed at children under the age of thirteen?:  
50. Are there policies or guidelines in place with regard to the retention and destruction of PII? (Refer to the C&A package and/or the Records Retention and Destruction section in SORN): 
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:  Platform follows all NIST administrative, technical, and physical controls as required under the moderate EMSSP.

IIF Collected = Yes

E-Authentication Assurance Level =

Risk Analysis Date = 12/10/08
PIA Approval
PIA Reviewer Approval:  Promote
PIA Reviewer Name:  Felicia Kittles
Sr. Official for Privacy Approval:  Promote
Sr. Official for Privacy Name:  Thomas P. Madden
Sign-off Date:  1/5/2009
Approved for Web Publishing:  Yes
Date Published:  9/6/2012
_____________________________________________________________________________

Back to top