Download:
pdf |
pdf06.3 HHS PIA Summary for Posting (Form) / NIH NIEHS Career Trac
[System]
PIA SUMMARY AND APPROVAL COMBINED
PIA Summary
Is this a new PIA 2011? No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: 8/30/2012
2. OPDIV Name: NIH
3. Unique Project Identifier (UPI) Number:
4. Privacy Act System of Records (SOR) Number (If response to Q.21 is Yes, a SORN
number is required for Q.4): 09-25-0014
5. OMB Information Collection Approval Number: 0925-0568
6. Other Identifying Number(s): None
7. System Name (Align with system Item name): NIEHS CareerTrac
9. System Point of Contact (POC). The System POC is the person to whom questions about
the system and the responses to this PIA may be addressed: Christie H. Drew
10. Provide an overview of the system: CareerTrac is a trainee tracking and evaluation system
for several NIH Institutes. The goal of this system is to track long-term trainee outcomes for
specific trainees supported by NIEHS, FIC and NLM. The system allows extramural and
intramural PIs to track trainee's accomplishments. Most extramural PIs are required to track
outcomes for 10 years as a condition of their grant award. We will use the system to conduct
assessments and evaluations on trainee productivity, career outcomes, and successes. CareerTrac
is a collaborative database used by multiple ICs, including NIEHS, FIC and NLM. This PIA
covers all ICs. As new partners join the system, we will update the PIA accordingly.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through PII
within any database(s), record(s), file(s) or website(s) hosted by this system? (Note: This
question seeks to identify any, and all, personal information associated with the system.
This includes any PII, whether or not it is subject to the Privacy Act, whether the
individuals are employees, the public, research subjects, or business partners, and whether
provided voluntarily or collected by mandate. Later questions will try to understand the
character of the data and its applicability to the requirements under the Privacy Act or
other legislation. Does/Will the system collect, maintain (store), disseminate and/or pass
through PII within any database(s), record(s), file(s) or website(s) hosted by this system?):
Yes
21. Is the system subject to the Privacy Act? (If response to Q.19 is Yes, response to Q.21
must be Yes and a SORN number is required for Q.4): Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):
NIH evaluation staff for review and evaluations; intramural and university principal investigators
and their administrators responsible for data entry.
30. Please describe in detail: (1) the information the agency will collect, maintain, or
disseminate; (2) why and for what purpose the agency will use the information; (3) in this
description, explicitly indicate whether the information contains PII; and (4) whether
submission of personal information is voluntary or mandatory: (1) The system will collect,
track, and report on information about NIH-supported trainees, such as trainee name, contact
information, biographical information, training information, and subsequent career information.
The system also supports tracking of trainees' accomplishments, such as fellowships, awards,
employment, education, product of policy development, publications, funding received,
presentations at conferences, and students mentored.
(2) The agency will use this information to evaluate the long-term outcomes of training program
investments and make recommendations for improvement. The information may be aggregated
for reporting purposes to other organizations, such as DHHS, Congress and other organizations
interested in training investments and outcomes.
(3) The information contains PII.
(4) Submission of personal information is mandatory for trainees who are officially appointed to
Institutional training grant programs supported by NIH, but is voluntary for trainees who are
supported by grants that do not require formal appointments through X-Train.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from
the individuals whose PII is in the system when major changes occur to the system (e.g.,
disclosure and/or data uses have changed since the notice at the time of the original
collection); (2) notify and obtain consent from individuals regarding what PII is being
collected from them; and (3) how the information will be used or shared.
(Note: Please describe in what format individuals will be given notice of consent [e.g.,
written notice, electronic notice, etc.]) (1) None
(2) Trainees who are officially appointed to the program via X-Train are aware that NIH collects
data about them, based on the conditions of their awards. For all other trainees entered into the
system, CareerTrac will provide an electronic notification to trainees about the purpose of the
data and how it will be used and shared. We request that trainees read the Privacy Act
Disclosure and sign a Certificate of Acceptance form, which is clearly documented in
CareerTrac.
(3) The agency will use this information to evaluate the long-term outcomes of training program
investments and make recommendations for improvement. The information may be aggregated
for reporting purposes to other organizations, such as DHHS, Congress and other organizations
interested in training investments and outcomes.
32. Does the system host a website? (Note: If the system hosts a website, the Website
Hosting Practices section is required to be completed regardless of the presence of PII):
Yes
37. Does the website have any information or pages directed at children under the age of
thirteen?:
50. Are there policies or guidelines in place with regard to the retention and destruction of
PII? (Refer to the C&A package and/or the Records Retention and Destruction section in
SORN):
54. Briefly describe in detail how the IIF will be secured on the system using
administrative, technical, and physical controls.: The following safeguards are implemented
in order to protect the information collected through CareerTrac. Regular access to the
information is limited to NIH employees, contractor employees, or principal investigators and
their administrators who are conducting, reviewing or contributing to the system. Other access
will be granted only on a case-by-case basis, consistent with the restrictions, as authorized by the
system manager or designated responsible official.
Administrative Control: CareerTrac has a system security plan and backup plan. The files are
backed-up regularly and maintained in a secure location.
Technical Control: ES Career Trac is securely hosted behind the NIEHS/NIH firewall.
Passwords are encrypted and changed regularly. PIs and their administrators can only view
records from trainees supported by their grants. NIEHS maintains appropriate physical,
electronic, and procedural safeguards to ensure the security, integrity, and privacy of trainee's
information.
Physical access controls are in place for CareerTrac. Records are stored in locked containers in
areas which are not accessible to unauthorized users, and in facilities which are locked and
guarded. Sensitive records are not left exposed to unauthorized persons at any time.
PIA Approval
PIA Reviewer Approval: Promote
PIA Reviewer Name:
Sr. Official for Privacy Approval: Promote
Sr. Official for Privacy Name: Karen Plá
Sign-off Date: 9/28/2012
Approved for Web Publishing: Yes
Date Published: <>
_____________________________________________________________________________
File Type | application/pdf |
File Title | NIH 2012 Q4 PIA Posting |
Subject | PIA |
Author | DHHS |
File Modified | 2018-03-06 |
File Created | 2013-03-13 |