Pia

NIAID ClinRegs (clinregs.niaid.nih.gov) is a web-based resource providing country-specific clinical research regulatory information for the purpose of enhancing efficiency and

_{11 Describe the purpose of the system.} quality in global clinical trials. To assure that ClinRegs is

meeting its objectives, it is necessary to solicit feedback via the

ClinRegs Country Experts Interest Form from users about the accuracy of content on the site and as to whether additional information should be included.

Accept Reject

^{Describe the type of information the system will} The type of information NIAID ClinRegs will collect is email

₁₂ ^{collect, maintain (store), or share. (Subsequent} address, countries of expertise, and primary organization questions will identify if this information is PII and ask _affiliation.

about the specific data elements.)

Accept Reject

^{Provide an overview of the system and describe the} NIAID ClinRegs (clinregs.niaid.nih.gov) is a web-based resource

13 information it will collect, maintain (store), or share, _{providing country-specific clinical research regulatory}

^{either permanently or temporarily.} information for the purpose of enhancing efficiency and

Accept Reject

Yes

14 Does the system collect, maintain, use or share PII?

No

Accept

Reject

39 Identify the publicly-available URL: _{clinregs.niaid.nih.gov}

Accept

Reject

Yes

40 Does the website have a posted privacy notice?

No

Accept

Reject

Is the privacy policy available in a machine-readable ^{Yes 40a} format? _No

Does the website use web measurement and ^Yes

⁴¹ customization technology? _No

Accept

Reject

Does the website have any information or pages ^Yes

⁴² directed at children under the age of thirteen? _No

Accept Reject

Does the website contain links to non- federal ^Yes

⁴³ government websites external to HHS? _No

Accept

Reject

Is a disclaimer notice provided to users that follow _Yes 43a external links to websites not owned or operated by

HHS? ^No

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy.

Reviewer Questions Answer

Yes

1 Are the questions on the PIA answered correctly, accurately, and completely?

No

Accept

Reject

Reviewer

Notes

Does the PIA appropriately communicate the purpose of PII in the system and is the purpose ^Yes

² justified by appropriate legal authorities? _No

Accept

Reject

Reviewer

Notes

Reviewer Questions

Answer

3

Do system owners demonstrate appropriate understanding of the impact of the PII in the system and provide sufficient oversight to employees and contractors?

Yes

No

Accept

Reject

Reviewer

Notes

4

Does the PIA appropriately describe the PII quality and integrity of the data?

Yes

No

Accept

Reject

Reviewer

Notes

5

Is this a candidate for PII minimization?

Yes

No

Accept

Reject

Reviewer

Notes

6

Does the PIA accurately identify data retention procedures and records retention schedules?

Yes

No

Accept

Reject

Reviewer

Notes

7

Are the individuals whose PII is in the system provided appropriate participation?

Yes

No

Accept

Reject

Reviewer

Notes

8

Does the PIA raise any concerns about the security of the PII?

Yes

No

Accept

Reject

Reviewer

Notes

9

Is applicability of the Privacy Act captured correctly and is a SORN published or does it need to be?

Yes

No

Accept

Reject

Reviewer

Notes

10

Is the PII appropriately limited for use internally and with third parties?

Yes

No

Accept

Reject

Reviewer

Notes

11

Does the PIA demonstrate compliance with all Web privacy requirements?

Yes

No

Accept

Reject

Reviewer

Notes

12

Were any changes made to the system because of the completion of this PIA?

Yes

No

Accept

Reject

Reviewer

Notes

General Comments

The NIAID ClinRegs Country Experts Interest is an electronic information collection form whose OMB Control number is 0925-0668 , with a expiration date of 04/2022.

OPDIV Senior Official for Privacy Signature

HHS Senior Agency Official for Privacy

Third-Party Website Assessment PIA Form

v 1.47.4

Status

Form Number Read Only

Form Date

Read Only

Question

Answer

1 OPDIV:

Read Only - OPDIV Read Only - TPWA UID

Read Only - TPWA Name

2 TPWA Unique Identifier (UID):

3 TPWA Name:

4 Is this a new TPWA?

Yes

No

4a Please provide the reason for revision

Will the use of a third-party Website or application

₅ create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy

Act?

Yes No

Accept Reject

Indicate the SORN number (or identify plans to put ^{SORN Number: 5a} one in place.)

If not published:

Will the use of a third-party Website or application

6 create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)?

Yes

No

Accept

Reject

Indicate the OMB approval number and approval 6a number expiration date (or describe the plans to

obtain OMB clearance.)

OMB Approval Number Expiration Date

Explanation

₇ Does the third-party Website or application contain Federal Records?

Yes

No

Accept

Reject

POC Title

POC Name

8 Point of Contact (POC):

POC Organization

Accept

Reject

POC Email

POC Phone

₉ Describe the specific purpose for the OPDIV use of the third-party Website or application:

Accept

Reject

Have the third-party privacy policies been reviewed

10 to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use?

Yes

No

Accept

Reject

Describe alternative means by which the public can

₁₁ obtain comparable information or services if they choose not to use the third-party Website or

application:

Accept Reject

Does the third-party Website or application have

12 appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors?

Yes

No

Accept

Reject

₁₃ How does the public navigate to the third party Website or application from the OPIDIV?

Accept

Reject

_13a Please describe how the public navigate to the third- party website or application:

If the public navigate to the third-party website or

_13b application via an external hyperlink, is there an alert to notify the public that they are being directed to a

nongovernmental Website?

Yes No

Has the OPDIV Privacy Policy been updated to

14 describe the use of a third-party Website or application?

Yes No

Accept Reject

14a Provide a hyperlink to the OPDIV Privacy Policy:

₁₅ Is an OPDIV Privacy Notice posted on the third-party Website or application?

Yes No

Accept Reject

Confirm that the Privacy Notice contains all of the

following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII

15a that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy

Yes No

Is the OPDIV's Privacy Notice prominently displayed

_15b at all locations on the third-party Website or application where the public might make PII

available?

Yes No

₁₆ Is PII collected by the OPDIV from the third-party Website or application?

Yes

No

Accept

Reject

₁₇ Will the third-party Website or application make PII available to the OPDIV?

Yes

No

Accept

Reject

Describe the PII that will be collected by the OPDIV

from the third-party Website or application and/or

₁₈ the PII which the public could make available to the OPDIV through the use of the third-party Website or

application and the intended or expected use of the PII:

Accept Reject

Describe the type of PII from the third-party Website

₁₉ or application that will be shared, with whom the PII will be shared, and the purpose of the information

sharing:

Accept Reject

_19a If PII is shared, how are the risks of sharing PII mitigated?

₂₀ Will the PII from the third-party Website or application be maintained by the OPDIV?

Yes

No

Accept

Reject

_20a If PII will be maintained, indicate how long the PII will be maintained:

₂₁ Describe how PII that is used or maintained will be secured:

Accept

Reject

₂₂ What other privacy risks exist and how will they be mitigated?

Accept

Reject

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy.

Reviewer Questions

Answer

1 Are the responses accurate and complete?

Yes

No

Accept

Reject

Reviewer

Notes

Is the TPWA compliant with all M-10-23 requirements, including appropriate branding and ^{Yes Accept}

^{2 alerts?} No Reject

Reviewer

Notes

Has the OPDIV posted an updated privacy notice on the TPWA and does it contain the five ^{Yes Accept}

³ required elements? _{No Reject}

Reviewer

Notes

REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV Senior Officer for Privacy.

4

Does the PIA clearly identify PII made available and/or collected by the TPWA?

Yes

No

Accept

Reject

Reviewer

Notes

5

Is the handling of PII appropriate?

Yes

No

Accept

Reject

Reviewer

Notes

General Comments

OPDIV Senior Official for Privacy Signature

HHS Senior Agency Official for Privacy