Appendix C
Tremolite Asbestos Registry
HHS IT Privacy Impact Assessment (PIA) Analysis Worksheet
The PIA determines what kind of information in identifiable form (IIF), if any, is contained within a system, what is done with that information, and how that information is protected. Systems with IIF are subject to an extensive list of requirements based on privacy laws, regulations, and guidance. The HHS Privacy Advocate, for issues related to the Privacy Advocate and citizen complaints, and the HHS Privacy Act Officer, for issues related to the Freedom of Information Act of 1966 (FOIA) and the Privacy Act, and respective OPDIV Privacy Contacts, for issues related to the Privacy Act, can all be used as a resource for questions related to the technicalities of privacy law. The Office of Information Resources Management (OIRM) can answer questions related to the administrative, technical, and physical controls of the system.
|
|
Identifying Numbers (Use N/A for items that are Not Applicable) |
|
Unique Project Identifier Number (UPI): (If the system does not have a UPI, please explain why it does not.) |
0923-0006 |
Privacy Act System of Records (SOR) Number: |
SOR # 09-19-0001 |
OMB Information Collection Approval Number and Expiration Date: |
In final stage of OMB clearance. |
Other Identifying Number(s): |
N/A |
System Name: |
Tremolite Asbestos Registry |
System Location (OPDIV or contractor office building, room, city, and state): |
OPDIV/Contractor: Division of Health Studies, Agency for Toxic Substances and Disease Registry Street Address: 2400 Century Parkway, Floor 3 City Atlanta ST GA ZIP 30345 |
System Point of Contact (POC): |
Theodore Larson |
Name, Title, Organization/Department:
Activity/Purpose of System: |
Theodore Larson, Epidemiologist Division of Health Studies, Agency for Toxic Substances and Disease Registry
Phone Number: (770) 488-3695 E-Mail: thl3@cdc.gov
The Tremolite Asbestos Registry (TAR) is a database of persons exposed to amphibole-contaminated vermiculite in Libby, Montana. The purpose of the TAR is to improve communication with people at risk for developing asbestos-related disease resulting from asbestos exposure in Libby, track changes in their health, and to support research activities related to TAR registrants. The Agency for Toxic Substances and Disease Registry is authorized to create exposure and disease registries under the Comprehensive Environmental Response, Compensation, and Liability Act of 1980. This mandate was reiterated in the Superfund Amendments and Reauthorization Act of 1986.
|
For
clarification and definition of terms, please refer to September 26,
2003, Memorandum on OMB Guidance for Implementing the Privacy
Provisions of the
E-Government Act of 2002.
No. |
Privacy Question Sets |
User Response |
Comments |
||
Yes |
No |
N/A |
|||
System Characterization and Data Categorization |
|||||
1 |
Does/Will HHS own the system?
Note: If no, identify the system owner in the Comments column. |
X |
|
|
Owner: ATSDR |
2 |
Does/Will HHS operate the system?
Note: If no, identify the system operator in the Comments column. |
X |
|
|
Operator: Division of Health Studies |
3 |
Identify in the Comments column the life-cycle phase of this system. |
|
|
|
Initiation Development/Acquisition Implementation X Operations/Maintenance Disposal |
4 |
Has/Have any of the major changes listed in the Comments column occurred to the system since the conduct of the last PIA?
If
yes, please check which change(s) |
|
X |
|
Conversions Anonymous to Non-Anonymous Significant System Management Changes Significant Merging New Public Access Commercial Sources Internal Flow or Collection New Interagency Use Alteration in Character of Data XInitial PIA |
5 |
Is
the system (or will the system be) Note: If yes, identify the system type in the Comments column.
|
X |
|
|
Stand-alone X Networked Other (Please explain) |
6 |
Is the system (or will the system be) a sensitive system?
Note: If yes, identify the system type in the Comments column. |
X |
|
|
X General Support System (GSS) Major Application (MA) Sensitive System (Please explain) |
7 |
Is the system (or will the system be) a General Support System (GSS) or a Major Application (MA)?
Note: If yes, identify the system type in the Comments column. |
X |
|
|
X General Support System (GSS) Major Application (MA) Other (Please explain) |
8 |
Does/Will
the system require an A-11 Capital Planning Exhibit submission
Note: If no, please explain why the system will not be part of an exhibit 300 and/or exhibit 53 submission in the Comments column.
|
|
X |
|
Exhibit 53 Exhibit 300
This program uses IT resources already owned by CDC/ATSDR (SAS, Microsoft Access, Novasoft and the CDC LAN).
|
System Characterization and Data Categorization |
|||||
9 |
Does/Will the system contain information in identifiable form (IIF) within any database(s), record(s), file(s) or Web site(s) hosted by this system?
Note: If yes, check all that apply in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.
Please note: This question seeks to identify all personal information contained within the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation.
If no, mark the remaining questions of the PIA Analysis Worksheet “No” and proceed to the PIA Summary.
|
X |
|
|
Personal Information: X Name X Date of birth X Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) X Mailing address X Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) X Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Other:________________________ Other:________________________ Other:________________________ Other:________________________
|
10 |
Indicate the categories of individuals about whom IIF is or will be collected. |
X |
|
|
Employees X Public citizens Patients Business partners/contacts (federal, state, local agencies) Vendors/Suppliers/Contractors |
System Characterization and Data Categorization |
|||||
11
|
Are records on the system (or will records on the system be) retrieved by one or more data elements?
Note: If yes, specify in the Comments column what method is or will be used in retrieving the records (i.e., using a record number, name, social security number, or other data element or record locator methodology). If the category of personal information is not listed, please check “Other” and identify the category.
|
X |
|
|
Personal Information: X Name Date of birth Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Other:________________________ Other:________________________ Other:________________________ Other:________________________
|
12 |
Are/Will 10 or more records containing IIF [be] maintained, stored or transmitted/passed through this system? |
X |
|
|
|
13 |
Is the system (or will it be) subject to the Privacy Act?
Note: If the answer to questions 9, 11, and 12 were yes, the system will likely be subject to the Privacy Act. System owners should contact their OPDIV’s Privacy Contact for assistance with this question if they are uncertain of the applicability of the Privacy Act.
|
X |
|
|
|
14 |
Has a Privacy Act System of Record (SOR) Notice been published (or will one be published) in the Federal Register?
If
no, explain why not in the |
X |
|
|
No IIF is contained in the system. IIF is in the system, but records are not retrieved by IIF. Should have published an SOR, but was unaware of the requirement. System is required to have an SOR but is not yet procured or operational. Other:________________________ |
15 |
If an SOR Notice has been published, have major changes to the system as defined by M-03-22 occurred since publication of the SOR? |
|
X |
|
|
16 |
Does/Will the SOR Notice address all required categories of information?
Note:
Check all that apply in the
|
X |
|
|
X System name X Security classification X System location
X Categories
of individuals covered by X Categories of records in the system X Authority of maintenance of the system X Purpose
X Routine
uses of records maintained in Disclosure to consumer reporting agencies X Policies and practices for storing, retrieving, accessing, retaining and disposing of records X System manager(s) and address X Notification procedure X Record access procedure X Contesting record procedure X Record source categories X System exempt from certain provisions of the Privacy Act. |
Information Sharing Practices |
|||||
17 |
Is the IIF in the system voluntarily submitted (or will it be)? |
X |
|
|
|
18 |
Does/Will the system collect IIF from individuals?
Note:
If yes, identify in the Comments column the IIF the system
collects or will collect directly from individuals. If the
category of personal information is not listed, please check
“Other” and identify
|
X |
|
|
Personal Information: X Name X Date of birth X Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) X Mailing address X Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Other:________________________ Other:________________________ Other:________________________ Other:________________________
|
19 |
Does/Will the system collect IIF from other resources (i.e., databases, Web sites, etc.)?
Note: If yes, specify the resource(s) and IIF in the Comments column.
|
|
X |
|
Resource: ____________________ Resource: ____________________ Resource: ____________________ Resource: ____________________ Resource: ____________________ |
20 |
Does/Will the system populate data for other resources (i.e., do databases, Web sites, or other resources rely on this system’s data)?
Note: If yes, specify resource(s) and purpose for each instance in the Comments column. |
|
X |
|
Resource: ____________________ Resource: ____________________ Resource: ____________________ Resource: ____________________ Resource: ____________________ |
21 |
Does/Will the system share or disclose IIF with other agencies within HHS, agencies external to HHS, or other people or organizations outside HHS?
Note: If yes, specify with whom and for what purposes, and identify which data elements in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.
|
X |
|
|
With whom and for what purposes: X Data will be shared with Montana Department of Public Health and Human Services, which manages a continuing community screening program being funded by ATSDR, in order to insure that all eligible persons are able to participate in the screening program and to reduce redundancy in both programs. ______________________________ ______________________________ ______________________________ ______________________________
IIF shared: Personal Information: X Name X Date of birth X Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) X Mailing address X Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Other:________________________ Other:________________________ Other:________________________ Other:________________________
|
22 |
If
the IIF in the system is or will be matched against IIF in one
or more other computer systems, are (or will there be) computer
data matching agreement(s)
|
|
X |
|
|
23 |
If data matching activities will occur, will the IIF be de-identified, aggregated, or otherwise made anonymous?
Note: If yes, please describe this use in the Comments column. |
|
X |
|
De-identified Aggregated Other |
24 |
Is there a process, either planned or in place, to notify organizations or systems that are dependent upon the IIF contained in this system when changes occur (i.e., revisions to IIF, when the system encounters a major change, or is replaced)? |
X |
|
|
|
25 |
Is there a process, either planned or in place, to notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection)? |
X |
|
|
|
26 |
Is there/Will there be a process in place for individuals to choose how their IIF data is used?
If
yes, please describe the process for allowing individuals choice
in the
|
X |
|
|
Process: Participants can opt to not participate in any health study using their registry IIF data during the consent process for that study. Participants can also opt out of the registry at any time. |
27 |
Is there/Will there be a complaint process in place for individuals who believe their IIF has been inappropriately obtained, used, or disclosed, or that the IIF is inaccurate?
Note:
If yes, please describe briefly
|
X |
|
|
Process: If a registrant believes his/her registry IIF has been inappropriately obtained, used, or disclosed, or is inaccurate, the registrant contacts the registry point of contact. The POC then either begins an investigation, or in the case if inaccurate data, corrects the data. |
28 |
Are
there or will there be processes in place for periodic reviews
of IIF
Note: If yes, please describe briefly the review process in the Comments column. |
X |
|
|
Process: TAR data will be reviewed every time it is used (for a new data collection or for a health study) for its integrity, availability, accuracy and relevancy. The data are analyzed for missing data elements and data entry errors. |
29 |
Are there/Will there be rules of conduct in place for access to IIF on the system?
Note:
If yes, identify in the Comments column all users with access to
IIF on the system and for what purposes they use
|
X |
|
|
X Users Administrators Developers Contractors
For what purposes: X Theodore Larson, principal investigator; analyzes, processes and collates registry data. X Timothy Copeland, computer specialist; processes and collates registry data. ______________________________ ______________________________ ______________________________
|
Web site Host – Question Sets |
|||||
30 |
Does/Will the system host a Web site?
Note: If yes, identify what type of site the system hosts in the Comments column.
If no, check “No” for all remaining questions in the “Web Site Host Question Sets” section and answer questions starting with the “Administrative Controls” section beginning with question 41. |
|
X |
|
Type of site: Internet_________________________ Intranet ________________________ Both__________________________
|
31 |
Is the Web site (or will it be) accessible by the public or other entities (i.e., federal, state, and local agencies, contractors, third-party administrators, etc.)?
|
|
X |
|
|
32 |
Is a Web site privacy policy statement (consistent with OMB Section 208 Guidance) posted (or will it be posted) on the Web site?
|
|
X |
|
|
33 |
Is the Web site’s privacy policy in machine-readable format, such as Platform for Privacy Preferences (P3P)?
Note: If no, please describe in the Comments column your timeline to implement P3P requirements for this system. |
|
X |
|
Implementation Plan:______________________ ______________________________________________________________________________ |
34 |
Does the Web site employ (or will it employ) persistent tracking technologies?
Note: If yes, identify types of cookies in the Comments column. If persistent tracking technologies are in place, please indicate the official who authorized the use of the persistent tracking technology. |
|
X |
|
Session Cookies Persistent Cookies Web bugs Web beacons Other (Describe): ________________
Authorizing Official: ____________________
Authorizing Date: ______________________ |
35 |
Does/Will the Web site have any information or pages directed at children under the age of 13?
|
|
X |
|
|
36 |
If there is a Web site directed at children, is information (including session cookies) collected (voluntarily or via tracking technologies)?
Note: If yes, identify in the Comments column any information collected, whether there is a unique privacy policy for the site, and the process for obtaining parental consent if any information is collected. |
|
X |
|
Process:_____________________________________________________________________________________________________________________________________________________ |
37 |
Does/Will the Web site collect IIF from individuals?
Note:
If yes, identify what IIF the system collects in the Comments
column. If the category of personal information is not
|
|
X |
|
Personal Information:
Name Date of birth Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Other:________________________ Other:________________________ Other:________________________ Other:________________________
|
38 |
Does/Will the Web site share IIF with other agencies within HHS, agencies external to HHS, or other people or organizations outside HHS?
Note: If yes, specify with whom and for what purposes, and identify the data elements in the Comments column. If the category of personal information is not listed, please check “Other” and identify the category.
|
|
X |
|
With whom and for what purposes: ______________________________ ______________________________ ______________________________ ______________________________ ______________________________
IIF shared: Personal Information:
Name Date of birth Social Security Number (or other number originated by a government that specifically identifies an individual) Photographic identifiers (e.g., photograph image, x-rays, and video) Driver’s license Biometric identifiers (e.g., fingerprint and voiceprint) Mother’s maiden name Vehicle identifiers (e.g., license plates) Mailing address Phone numbers (e.g., phone, fax, and cell) Medical records numbers Medical notes Financial account information and/or numbers (e.g., checking account number and Personal Identification Numbers [PIN]) Certificates (e.g., birth, death, and marriage) Legal documents or notes (e.g., divorce decree, criminal records, or other) Device identifiers (e.g., pacemaker, hearing aid, or other) Web Uniform Resource Locators (URL) E-mail address Education records Military status and/or records Employment status and/or records Foreign activities and/or interests Other:________________________ Other:________________________ Other:________________________ Other:________________________ Other:________________________
|
39 |
Are
rules of conduct in place (or will they be in place) for access
to IIF on the
Note: If yes, identify in the Comments column all categories of users with access to IIF on the system, and for what purposes the IIF is used.
|
|
X |
|
Users Administrators Developers Contractors
For what purposes: ______________________________ ______________________________ ______________________________ ______________________________ ______________________________ |
40 |
Does (or will) the Web site contain links to sites external to the OPDIV that owns and/or operates the system?
Note:
If yes, note in the Comments column whether the system provides
a disclaimer notice for users that follow external links to Web
sites not owned or operated by |
|
X |
|
Disclaimer notice for all external links |
No. |
Privacy Question Sets |
User Response |
Comments |
||
Yes |
No |
N/A |
|||
Administrative Controls |
|||||
Note: This PIA guide uses the terms “administrative,” “technical,” and “physical” to refer to security control questions—terms that are used in several federal privacy laws when referencing security requirements. HHS recognizes the slight difference in terminology used in this guide from those that are used in other documents such as the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems. |
|||||
41 |
Has the system been authorized (or will it be authorized) to process information?
|
|
X |
|
|
42 |
Have there been major changes to the system since it was last certified and accredited?
Note: If the system has not been certified and accredited at the time of this PIA, please describe in the Comments column the plan and timeline for conducting a certification and accreditation (C&A) for this system. |
|
X |
|
According to FIPS 199 information typing, the moderate impact level is the likely rating for TAR. For C&A efforts, TAR will utilize future CDC master enterprise system security plans and FIPS 200 common security controls for this impact level. |
43 |
Are security controls routinely reviewed (or will they be)?
|
X |
|
|
|
44 |
Is there a system security plan for this system (or will there be)?
|
X |
|
|
|
45 |
Is there (or will there be) a contingency (or backup) plan for the system?
|
X |
|
|
|
46
|
Are
files backed up regularly (or will
|
X |
|
|
|
47
|
Are the backup files stored off-site (or will they be)?
|
X |
|
|
|
48 |
Are there user manuals for the system (or will there be)?
|
X |
|
|
|
49 |
Have personnel (system owners, managers, operators, contractors and/or program managers) using the system been trained and made aware of their responsibilities for protecting the IIF being collected and maintained (or will they be)?
|
X |
|
|
|
50
|
Who
will have/has access to the IIF on
Note:
Check all that apply in the |
|
|
|
X Users X Administrators Developers Contractors Other |
51 |
If contractors operate or use the system, do the contracts include clauses ensuring adherence to privacy provisions and practices? |
|
|
X |
|
52 |
Are methods in place to ensure least privilege (i.e., “need to know” and accountability) (or will there be)?
Note: If yes, please specify method(s) in the Comments column. |
X |
|
|
|
53 |
Are there policies or guidelines in place for the retention and destruction of IIF (or will there be)?
Note: If yes, please provide some detail about these policies/practices in the Comments column. |
X |
|
|
|
Technical Controls |
|||||
54 |
Are technical controls in place to minimize the possibility of unauthorized access, use, or dissemination of the data in the system (or will there be)?
Note: If yes, check all that apply in the Comments column.
|
X |
|
|
X User ID X Passwords Firewall Virtual Private Network (VPN) Encryption Intrusion Detection System (IDS) Common Access Cards (CAC) Smart Cards Biometrics Public Key Infrastructure (PKI) Other _________________________ Other _________________________ Other _________________________ |
55 |
Are
any of the password controls listed in the Comments column in
place (or will they be)? Note:
Check all that apply in the
|
X |
|
|
X Passwords expire after a set period of time. X Accounts are locked after a set period of inactivity. X Minimum length of passwords is eight characters. X Passwords must be a combination of uppercase, lowercase, and special characters. X Accounts are locked after a set number of incorrect attempts. |
56 |
Is a process in place to monitor and respond to privacy and/or security incidents (or will they be)?
|
X |
|
|
|
Physical Controls |
|||||
57 |
Are physical access controls in place (or will there be)?
Note: If yes, check all that apply in the Comments column.
|
X |
|
|
X Guards X Identification Badges X Key Cards Cipher Locks Biometrics X Closed Circuit TV (CCTV) Other _________________________ Other _________________________ Other _________________________ |
- END - |
|||||
PIA Analysis Worksheet
Contact Information
______________________________________ 4/5/2006
Signature of Assessor Date
(e.g., System Owner, Operator, Developer, or Other)
Theodore Larson Epidemiologist
Print Name Title/Position
ATSDR
OPDIV and Office/Department
2400 Century Center PKWY NE FL 3
Street Address
______________________________________
Street Address
Atlanta, GA 30345
City, State and Zip Code
(404) 498-0593 (404) 498-0077
Phone Number Fax Number
***Please go to the next page and complete the PIA Summary. This Summary will be made publicly available at http://www.hhs.gov/pia.***
Privacy Impact Assessment (PIA) Summary
Date of this Submission (MM/DD/YYYY): 4/5/2006
HHS OPDIV: ATSDR
Title of system or information collection: Tremolite Asbestos Registry
Is this system or information collection new or is an existing one being modified? New
Does this system collect, maintain, and/or disseminate information in identifiable form (IIF)? Yes
Identifying Numbers (Use N/A, where appropriate)
Unique Project Identifier Number: N/A
System of Records Number: 09-19-0001
OMB Information Collection Approval Number and Expiration Date: 0923-0006 (in final stage of OMB review)
Other Identifying Number(s): N/A
Description
Provide an overview of the system or collection and indicate the legislation authorizing this activity.
The Tremolite Asbestos Registry (TAR) is a database of persons exposed to amphibole-contaminated vermiculite in Libby, Montana. The purpose of the TAR is to improve communication with people at risk for developing asbestos-related disease resulting from asbestos exposure in Libby, track changes in their health, and to support research activities related to TAR registrants. The Agency for Toxic Substances and Disease Registry is authorized to create exposure and disease registries under the Comprehensive Environmental Response, Compensation, and Liability Act of 1980. This mandate was reiterated in the Superfund Amendments and Reauthorization Act of 1986.
Describe
the information the agency will collect, maintain, or disseminate
and how the agency will use the information. In this description,
indicate whether the information contains IIF and whether submission
is voluntary
or mandatory.
In addition to registrant identifying and contact information, others types of data included in the registry include exposure and health outcome. These data are collected using a standardized survey. Exposure data include occupational and environmental asbestos exposure pathways. Health outcome data include self-reports of the presence of disease (e.g. cancer and asbestosis) and symptoms (e.g. excess coughing or shortness of breath).
Participants can refuse to answer any question in the survey, including those in which IIF is collected (e.g. social security number or data of birth).
Explain how the IIF collected, maintained, and/or disseminated is the minimum necessary to accomplish the purpose for this effort.
Because the registry tracks participants' health through time, it is necessary to have full names, addresses and phone number so that ATSDR can conduct follow-up interviews. Social security numbers are also needed to trace registrants in case they have moved without leaving additional contact information, and for matching data within the registry when other identifiers are incomplete. Date of birth is needed because it is used to calculate age for a variety of purposes within the registry.
Explain why the IIF is being collected, maintained, or disseminated.
Collecting IIF allows ATSDR to locate and re-contact TAR registrants to see if their health has changed. ATSDR maintains this data to allow this type of follow-up of registrants.
Identify with whom the agency will share the IIF.
The Montana Department of Public Health and Human Services (MDPHHS) offers free screening in Libby. Because the majority of screening participants are also enrolled in the TAR and because the TAR participants that have not been screened are encouraged to participate in the Montana screening program, ATSDR shares TAR data with MDPHHS.
Describe how the IIF will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a Web-based collection, etc.). Describe any opportunities for consent provided to individuals regarding what information is collected and how the information will be shared.
The CDC Institutional Review Board requires that each TAR candidate consent to participate. As part of the consent process for the TAR, each participant is told that the information given to ATSDR while being interviewed will be added to the TAR. If interviewed by telephone, the consent statement is read to the participant and once the participant provides verbal consent to proceed, the interview begins. If interviewed face-to-face, the participant reads and signs a printed consent form before proceeding with the interview.
State whether personal information will be collected from children under age 13 on the Internet and, if so, how parental or guardian approval will be obtained. (Reference: Children’s Online Privacy Protection Act of 1998)
No personal information will be collected for the TAR from children under age 13 on the Internet.
Describe how the IIF will be secured.
All electronic data will be stored in a firewall and password-protected network and hard copy data will be stored in a locked cabinet in a locked storage room. Access to project data will be limited to the personnel assigned to manage and analyze it. Personal identifiers (including but not limited to names, addresses, dates of birth, social security numbers, and job titles) will be removed from internal-use analysis data files where possible.
Describe plans for retention and destruction of IIF.
Once the TAR is inactivated, the records containing IIF will be transferred to ATSDR’s records room. After two years, the records will be transferred to the Federal Records Center, where they will be destroyed after 10 years.
Identify whether a system of records is being created under section 552a of Title 5, United States Code (the Privacy Act), or identify the existing Privacy Act system of records notice under which the records will be maintained.
SOR # 09-19-0001
Identify a point of contact to whom a member of the public can address questions concerning this information system and the privacy concerns associated with it: Theodore Larson, ATSDR.
Endorse Endorse Approve
_________________________ __________________________ ______________________
[Name] [Name] [Name]
[Privacy Contact/Title] [OPDIV Chief Information Officer] [OPDIV Head Title]
Date ____________ Date: ____________ Date: ____________
| File Type | application/msword |
| File Title | HHS IT Privacy Impact Assessment (PIA) Analysis Worksheet |
| Author | Ted |
| Last Modified By | DHS187496 |
| File Modified | 2009-08-11 |
| File Created | 2009-03-25 |