Pia

11 Describe the purpose of the system.

One the Office of Disease Prevention's priorities is to promote the use of the best available methods in prevention research and support the development of better methods. One of our strategies is to help the Center for Scientific Review (CSR) identify experts in prevention science methods to include on their review panels. This will strengthen the panels and improve the quality of the prevention research supported by NIH. To identify experts in prevention science methods, we worked with our contractor, IQ Solutions, Inc., to develop online software which will allow us to collect scientists’ names, contact information, and resumes, as well as to have those scientists identify their level of expertise in a variety of prevention science methods and content areas. The data collected with this software will be used to create a web-based tool that CSR staff can use to identify scientists with expertise in specific prevention science methods and content areas for invitation to serve on one of the CSR review panels. If successful, this system will also be shared with review staff in the other Institutes and Centers at NIH to use in the same way. Given our plans to create an automated system for reviewer information collection, we are now seeking OMB approval.

^{Describe the type of information the system will} Prevention scientists that would like to participant in the

₁₂ ^{collect, maintain (store), or share. (Subsequent} Expertise in Prevention Science program (EPS) will have an ^{questions will identify if this information is PII and ask} opportunity to provide their content, CV, and methodological

^{about the specific data elements.)} and prevention science content areas of expertise.

The NIH Office of Disease Prevention (ODP) Expertise in Prevention Science (EPS) program is being developed to (1) identify experts in methodology who also have an expertise in content areas related to prevention science, (2) identify mid- and senior- level researchers who may have an interest in serving on study sections, and (3) to enrich the existing pool of NIH reviewers coordinated by the Center for Science Research

^{Provide an overview of the system and describe the} (CSR) by including scientists with methodological and

13 information it will collect, maintain (store), or share, _{prevention science expertise that review prevention} ^{either permanently or temporarily.} applications. Scientists interested in including their

information for the EPS program will provide some identifying information, content and methodological areas of expertise, Curriculum Vitae (CV) or professional resumes, and willingness to serve on a study section. They are vetted for inclusion in the EPS program based on their self-reported level of expertise in methodological and prevention science content areas, as well as, the information provided in their CVs.

Yes

14 Does the system collect, maintain, use or share PII?

No

Describe the process in place to notify individuals

25 that their personal information will be collected. If no prior notice is given, explain the reason.

Individuals are notified at two points that their personal information will be collected. On the landing page, the potential ESP participant is notified "If you chose to share your information, you may be asked to review applications, either on an ad hoc basis or as part of a study section." After the creation of a username/password, a potential participant must chose a disclosure:

1. I agree to have contact information, areas of expertise, and willingness to be a reviewer shared with the Center for Scientific Review and others at the NIH.

2. I do not want my information shared.

If a potential participant chooses not to share their information, they receive a thank you message and the system doesn't allow them to enter PII.

Is the submission of PII by individuals voluntary or ^Voluntary

²⁶ mandatory? _Mandatory

Describe the method for individuals to opt-out of the

₂₇ ^{collection or use of their PII. If there is no option to} Participation in the EPS program is entirely voluntary. They ^{object to the information collection, provide a} have an opportunity to opt out prior to entering PII (see #25).

reason.

Describe the process to notify and obtain consent

from the individuals whose PII is in the system when

major changes occur to the system (e.g., disclosure ^{EPS participants will receive an email:}

_{28 and/or data uses have changed since the notice at} 1. when major changes to the system requires them to update

the time of original collection). Alternatively, describe ^{their information}

_{why they cannot be notified or have their consent} 2. each year asking them to update their information

obtained.

Describe the process in place to resolve an

individual's concerns when they believe their PII has ^{The EPS website will have the ODP point of contact's}

29 been inappropriately obtained, used, or disclosed, or ^{information in case their are changes or concerns by}

_{that the PII is inaccurate. If no process exists, explain} participants. The ODP POC will have administrator privileges

_{why not.} and will be able to make changes to or freeze an account.

Describe the process in place for periodic reviews of

₃₀ PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no

processes are in place, explain why not.

Data from the EPS Tool and Software (ESTS) will be reviewed regularly by the ODP POC and CSR Scientific Review Officers for accuracy. If a participant's information is incorrect, the ODP POC will be notified and the EPS participant will be notified by email and asked to update their information to ensure data maintained is accurate and relevant.

₃₁ Identify who will have access to the PII in the system and the reason why they require access.

Users

CSR Scientific Review Officers will use the ESTS to identify potential grant reviewers with expertise in methodology.

Administrators

ODP Administrators will use the ESTS to ensure participants data is accurate and make any necessary modifications to records or the system.

Developers

Contractors

ODP contractors will have access to the system as back-up to the ODP Administrators and site developers.

Others

Due to the nature of the EPS program, those deemed "system _{Describe the procedures in place to determine which} users" by the ODP Director, or their designee, will have access

_{32 system users (administrators, developers,} to PII. Users will be able to view and download reports, but not

_{contractors, etc.) may access PII.} modify information. Administrators and Contractors will be able to view and download information, as well as, modify and

delete records.

_{Describe the methods in place to allow those with} All users will be granted access via PIV cards. CSR will submit a

_{33 access to PII to only access the minimum amount of} list of SROs that will utilize the system and the ODP

_{information necessary to perform their job.} Administrator and Contractor will work together to grant

individual permissions.

Identify training and awareness provided to personnel (system owners, managers, operators,

_{contractors and/or program managers) using the} A standard operating procedure will be developed to make

³⁴ _{system to make them aware of their responsibilities} users aware of the ESTS, its function, and their responsibilities

for protecting the information being collected and ^{for protecting PII.}

maintained.

Describe training system users receive (above and

35 beyond general security and privacy awareness _N/A training).

Do contracts include Federal Acquisition Regulation _Yes

36 and other appropriate clauses ensuring adherence to

privacy provisions and practices? ^No

Describe the process and guidelines in place with

37 regard to the retention and destruction of PII. Cite specific records retention schedules.

The ESTS data will be housed on the CIT/OIT server and only ^{Describe, briefly but with specificity, how the PII will} accessible through PIV card log in. Only those identified by the

^{38 be secured in the system using administrative,} ODP and CSR Director, or their designees, will receive access. ^{technical, and physical controls.} EPS administrators and contractors are the only people

allowed full access to the system.

_{39 Identify the publicly-available URL:} under development, but will be housed on the ODP website

(prevention.nih.gov)

Yes

40 Does the website have a posted privacy notice?

No