|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA CSAP Health Information Network (SHIN) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Dec 3, 2003
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: 009-30-01-03-02-1027-02
4. Privacy Act System of Records (SOR) Number: None
5. OMB Information Collection Approval Number: 09390-0197
6. Other Identifying Number(s): 277-98-6008
7. System Name: SAMHSA's National Clearinghouse for Alcohol and Drug Information
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nelia C. Nadal
10. Provide an overview of the system: The National Clearinghouse for Alcohol and Drug Information (NCADI) established in conformance with the Public Health Service Act, as amended by the Anti-Drug Abuse Act of 1986, the Omnibus Anti-Drug Abuse Act of 1988, and the ADAMHA Reorganization Act of 1992, supports and promotes the goals of demand reduction for the substance abuse field. NCADI is the hub of the Federal Government's effort to gather and communicate information about effective prevention, intervention, and treatment policies, programs, and practices as well as an important link to scientific research on substance abuse and mental health issues. As such, NCADI provides a single point of entry to comprehensive, customer-oriented information services for SAMHSA's current constituents as well as new audiences.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A The system does not share or disclose IIF information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Only data essential processing orders for substance abuse resources are collected to process customer orders
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is provided voluntarily by customers who contact the NCADI contract via the phone, web, FAX, in-person and via mail.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Any IIF information stored on the system will be physically secured and password protected.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: William Lewis
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA CSAP Prevention Service Accountability Monitoring System (CSAMS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Dec 3, 2003
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: 009-30-01-29-01-1006-00-110-028
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: 09390-0197
6. Other Identifying Number(s): N/A
7. System Name: CSAP/SAMHSA's Prevention Technology Platform (PrevTech)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Augusto Diana
10. Provide an overview of the system: PrevTech was established in conformance with the Public Health Service Act, as amended by the Anti-Drug Abuse Act of 1986, the Omnibus Anti-Drug Abuse Act of 1988, and the ADAMHA Reorganization Act of 1992, supports and promotes the goals of demand reduction for the substance abuse field. PrevTech supports the Federal Government's effort to gather and communicate information about effective prevention, intervention, and treatment policies, programs, and practices as well as an important link to scientific research on substance abuse and mental health issues
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: PrevTech does not collect any information which is used by SAMHSA or CSAP. PrevTech users input data related to their prevention projects but these are subject to a strict privacy policy and are only accessible to the persons who created them.
Registered PrevTech users support their evidence-based prevention programs and collect information related to those projects using PrevTech's interactive tools. Their data is maintained in password-protected accounts and is not shared with the agency or others.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is provided voluntarily by registered PrevTech users and is not shared with others or with the agency.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Physically secured and password protected
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: William Lewis
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA Investigation Tracking System (SIT) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Oct 24, 2006
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: None
4. Privacy Act System of Records (SOR) Number: 09-90-0777
5. OMB Information Collection Approval Number: Not Available
6. Other Identifying Number(s): None
7. System Name: SAMHSA Investigation Tracking System (SIT)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Pamela Kelley
10. Provide an overview of the system: The SIT System tracks the background investigation and badge process for SAMHSA employees, including contractors. The tracking ensures that appropriate background investigations are conducted and badges issued in compliance with HSPD-12 regulations and procedures.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system is used by two SAMHSA divisions to track background investigations and id badges.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system collects employees names, organizations, badging status, badge expiration dates, background investigation levels and dispositions.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The SITS system is a database that houses SAMHSA employees personnel data. The data is obtained from employees background investigation forms. All employees are informed and consent to what information is being collected, how it will be stored and used.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: SAMHSA SIT system ensures the privacy of employees IIF through the use of passwords, secured storage room, and system lock-out with incorrect entry attempts.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: William Lewis
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA OAS DAWN (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Dec 2, 2003
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: 009-30-01-03-02-1005-00
4. Privacy Act System of Records (SOR) Number: 09-30-0049
5. OMB Information Collection Approval Number: 0930-0078
6. Other Identifying Number(s): No
7. System Name: Drug Abuse Warning Network
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Judy Ball
10. Provide an overview of the system: Public health surveillance; the Drug Abuse Warning Network is a public health surveillance system that monitors drug-related emergency department visits and drug-related deaths investigated by medical examiners and coroners. Section 505 of the Public Health Service Act (42 U.S.C. 290aa-4) authorizes SAMHSA to collect such data
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Users include hospital and medical examiner participants in DAWN, the Office of National Drug Control Policy (ONDCP), and other Federal agencies such as the Drug Enforcement Administration (DEA) and the Food and Drug Administration (FDA). DAWN data are used at the State and local level and by the medical community to direct the allocation of resources, to promote the planning and design of State drug abuse treatment and prevention activities, and to provide guidance to prevention efforts. Members of the Community Epidemiology Work Group (CEWG) are intensive and regular user of metropolitan-area findings from DAWN data. The CEWG is a network of epidemiologists and researchers supported by NIDA to provide community-level surveillance of drug abuse for 21 separate areas.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Data items on each ED visit meeting the DAWN case criteria are: date and time of visit, patient demographics (age, race/ethnicity, sex), zip code, a narrative case description, chief complaints, type of case, diagnoses, disposition, and up to 7 drugs, their route of administration, and whether their presence was confirmed by toxicology. Data items on each death meeting the DAWN case criteria are: date of death, patient demographics (age, race/ethnicity, sex), zip code, place of death, factors supporting case determination, manner of death, drug involvement in death, causes of death, and up to 7 drugs, their route of administration, and whether their presence was confirmed by toxicology. DAWN provides information in support of SAMHSA¿s drug abuse surveillance and prevention objectives. DAWN collects very specific drug information at a level of detail unmatched by any other source. As a result, DAWN can be used as an indicator ¿warning¿ of emerging trends in new drugs of abuse and new drug combinations and their potential threat to public health. Recent changes in the way DAWN collects and classifies drugs ¿ illicit drugs, prescription and over-the-counter medications, dietary supplements, and inhalants ¿ have improved DAWN¿s ability to detect emerging trends, especially those involving prescription drugs. Another important feature of DAWN is its ability to provide a measure of the trends and impact of identified drug abuse on the emergency departments of the Nation¿s hospitals. Under the new design, DAWN also will provide important information about the health consequences of drug abuse and misuse. The data items collected by DAWN were recently evaluated as part of a larger re-design effort. Data items were added, deleted, and revised based on availability of information in emergency department medical records, feasibility, user acceptance, consultation with users, and study of other, comparable data collection systems. The amount of information is explicitly restricted so as not to collect direct identifiers of individuals. Section 505 of the Public Health Service Act (42 U.S.C. 290aa-4) requires SAMHSA to collect such data.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No patient is ever interviewed. Within each facility (ED or ME office) that participates in DAWN, a designated DAWN Reporter is responsible for reviewing medical/decedent records retrospectively to identify cases meeting the DAWN reporting criteria and for those patients/decedents, abstracting data elements from the source records. By law, information collected by DAWN may be used only for the purposes for which it was collected. No information identifying an institution or individual may be released in identifiable form without consent. These restrictions are in Section 501(n) of the Public Health Service Act and Title V of the E-Government Act of 2002.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Most data are collected using a secure, web-based data entry system. Data entered using a laptop computer not connected to a network are encrypted for storage and subsequent transmission. Technical, physical, and administration controls restrict unauthorized access of the central servers. Staff receive specific training on confidentiality and data security.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Secure One HHS migration
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel S. Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA OAS National Survey on Drug Use and Health (NSDUH) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Dec 4, 2003
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: 009-30-01-03-01-1003-02
4. Privacy Act System of Records (SOR) Number: 09-30-0049 Please note that this number only covers consultant records maintained by SAMHSA contractors. No system of records notice is applicable for survey data collected by the National Survey on Drug Use and Health (NSDUH).
5. OMB Information Collection Approval Number: 0930-0110
6. Other Identifying Number(s): No
7. System Name: National Survey on Drug Use and Health (NSDUH)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sam Ackley
10. Provide an overview of the system: To provide information on the incidence and prevalence of substance use as required by Section 505 of the Public Health Service Act (42 USC 290aa4). The National Survey on Drug Use and Health (NSDUH) provides information on the incidence and prevalence of substance use required by Section 505 of the Public Health Service Act (42 USC 290aa4). The NSDUH has been conducted on a periodic basis from 1971-1988, and annually since 1990. Section 505 of the Public Health Service Act also requires that these data must be collected annually.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The National Institute on Drug Abuse (NIDA), the Centers for Disease Control and Prevention (CDC), the Office of National Drug Control Policy (ONDCP), and other Federal components interested in the prevalence of substance use including the White House, Congress. This information is also shared with various state and local government agencies, researchers, and the general public. Published reports are available on the web at http://www.DrugAbuseStatistics.SAMHSA.gov
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The NSDUH provides current data on substance use prevalence for the U.S. population aged 12 or older as well as each state. The survey sample supports annual direct estimates of prevalence for: the nation, the eight (8) largest states, and model-based estimates for the remaining 42 States and the District of Columbia. These data are used by SAMHSA, the National Institute on Drug Abuse (NIDA), the Centers for Disease Control and Prevention (CDC), the Office of National Drug Control Policy (ONDCP), and other Federal agencies interested in the prevalence of substance use, in order to: (1) design prevention programs, (2) respond to inquiries on the extent of substance use, (3) estimate treatment need, (4) study the socioeconomic impact of substance abuse, (5) identify correlates of substance use, and (6) evaluate the overall impact that Federal and State programs have on drug demand. NSDUH data provide a useful indicator of individual States¿ overall success at reducing youth substance abuse. In conjunction with other data sources, the survey will provide a means for assessing and improving outcomes of prevention and treatment services. The survey will help SAMHSA identify areas where serious substance abuse problems exist and provide assistance to States to help them develop and adopt targeted responses for those problems. In addition, many special requests for survey information emanate from the White House, Congress, and various state and local government agencies. The survey questionnaire asks for the minimum information necessary to meet the needs of Federal policy makers and the substance abuse research, prevention, and treatment communities. Section 505 of the Public Health Service Act (42 U.S.C. 290aa-4) requires SAMHSA to collect this information. The NSDUH is the nation¿s only source of reliable national substance use data for the general population; it¿s continuation will ensure that SAMHSA will comply with statutory requirements and Federal, State, and local agencies will have timely data available for release on an annual basis. The ability to respond effectively and efficiently to the continually changing dynamics of the drug culture is critical to sound prevention and treatment strategies.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The NSDUH is a survey of the civilian non-institutionalized population of the United States aged 12 or older. Households are sampled using a stratified, multi-stage area probability design. Data collection is facilitated through the use of personal, in-home interviews using computer-assisted interviewing (CAI) technology. The household screening and respondent selection procedures will be administered using a hand-held computer. The interview will be administered using a laptop computer. Each interview consists of both interviewer-administered and self-administered questions (the latter method is used to increase confidentiality of information). The interview incorporates several procedures to ensure that respondents rights will be protected. The interviewer introduces himself/herself and the session with a consent statement. This statement will be read out loud to each interview respondent. As part of the process for obtaining informed consent, respondents are given a document, which includes information on Section 501(n) of the Public Health Service Act and the protection that it affords. Specifically, Section 501(n) states that respondents answers will only be used for research and analysis and cannot be used for any other purpose (see Childrens Health Act of 2000, PL 106-310, page 70 of 146, paragraph titled: (n) Limitation on the Use of Certain Information). Beginning with the 2004 survey, the Confidential Information Protection and Statistical Efficiency Act of 2002, "CIPSEA," included as Title V in the E-Government Act of 2002 (PL 107-347), will provide a uniform set of confidentiality protections to all individually identifiable data collected for statistical purposes under a pledge of confidentiality. Under CIPSEA, penalties are imposed for willfully disclosing information to a person or agency not entitled to receive it; unlawful disclosure could be considered a class E felony with up to 5 years imprisonment or fines not to exceed $250,000.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The general model for securing collected data involves three increasingly restrictive layers of data security. The first layer of security is that provided by the Contractor and the gateways required to access their Public Network. The next layer is the significantly more restrictive procedures required to enter the Contractor's Private Network. Next is the restrictions placed on data files to limit access to those who are working on the project and who have signed confidentiality agreements. The data are collected via computer Contractor field staff. As the data are collected they will be transmitted back to the Contractor electronically to their Public network. Access to the Public Network is restricted by the use of assigned usernames and passwords. These data are restricted to thoses Contractor staff approved to work on the project and who have signed NSDUH confidentiality agreements. A complete backup of all files on every disk is written to tape weekly. Every business day, an incremental backup is performed of all files created or modified since the last complete backup. In the event of a harware or software failure, files can be restored ot their status as of the time of the last incremental backup, usually the evening of the previous business day.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Secure One HHS migration
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel S. Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA OPS Physical Access Control System (PACS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: May 25, 2006
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: None
4. Privacy Act System of Records (SOR) Number: A SOR is currently in the process of being created.
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: SAMHSA Physical Access Control System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathleen Milenkowic
10. Provide an overview of the system: The SAMHSA PACS uses management software for access control and security operations. Its primary function is to provide physical access control predominately for SAMHSA staff and personnel accessing its facilities.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system is a stand a lone system and does not share disclose information with external agencies or people outside the agency.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The SAMHSA PACS system collects the following information: employee name, employment status, social security number, building location, room number and phone number. The SAMHSA PACS system uses this information for badge creation. The information is stored in event of badge losage or duplication request. The IIF information contained is used to perform an employee background investigation which is the determining factor for badge issuance.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Consent is obtained from employees at time of Badge request. When employee returns badge request he/she are notified via formal notice of the IIF being collected, the reason for the IIF information and how the information will be used or shared.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: SAMHSA PACS system ensures the privacy of employees IIF through the use of passwords, secured storage room, and system lock-out with incorrect entry attempts.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: William Lewis
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel S. Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / SAMHSA OPS Web sites (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Mar 14, 2007
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: SAMHSA Agency Website System Owner - Division of Management and Technology
4. Privacy Act System of Records (SOR) Number: No
5. OMB Information Collection Approval Number: No
6. Other Identifying Number(s): No
7. System Name: SAMHSA Website
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dawn Colbert
10. Provide an overview of the system: SAMHSA Agency website is used by internal and external user groups and provides a delivery system for information about SAMHSA to the public.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The SAMHSA Agency Website discloses website urls to the general public to aid with providing more information about programs being offered by SAMHSA.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The agency does not collect PII and is not responsible for the collection contained from links provided on the Agency Website.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: As changes are made to a content owners website nothing is published to the public until approval from the individuals has been recieved by the Webmaster.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Agency Website does not collect IIF. In the event the Agency Website does collect IIF, the IIF will be secured through the use of password protection, user identification codes, physical guards and access identification badges and the IT Security Policy.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: William Lewis
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel S. Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / Services Accountability Improvement System (SAIS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Nov 10, 2006
2. OPDIV Name: SAMHSA
3. Unique Project Identifier (UPI) Number: None
4. Privacy Act System of Records (SOR) Number: None
5. OMB Information Collection Approval Number: 0930-0208
6. Other Identifying Number(s): None
7. System Name: Services Accountability Improvement System (SAIS)GPRA Outcome measures
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Raithel
10. Provide an overview of the system: The SAIS is a Web-based application utilized by CSAT/SAIS to monitor the performance of grants given to grantees. The information processed by the SAIS Web application is used to respond to SAMHSA's Government Performance and Results Act (GPRA) reporting requirements which tracks the effects and accomplishments of its descretionary grant programs.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A The system does not collect, share or disclose IIF information.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: SAIS processes information pertaining to tracking the substance abuse of patients and statistics regarding the success and failures of discretionary grant programs. The information collected by the SAIS system does not contain any confidential information and the confidential level is low due to the fact that the information is not personally identifiable.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no established processess in place for notifying and obtain consent from individuals to collect IIF because the SAIS system does not collect IIF. If the SAIS system evolves to collect IIF information a procedure will be developed.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no IIF information stored on the SAIS system.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: William Lewis
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: Samuel S. Ackley
Sign-off Date: Jun 1, 2006
Date Published: Jun 26, 2008
|
|
|
Print
Download Reader
HHS Home|HHS News|About HHS
