|
06.3 HHS PIA Summary for Posting (Form) / FDA Building Access System (BAS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-0308-00-401-121
4. Privacy Act System of Records (SOR) Number: 09-10-0018
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC MDI Security System Network
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy L. Webber
10. Provide an overview of the system: The FDA MDI Security System Network is comprised of card access, intrusion alarms, and maps. It is utilized to provide FDA Identification/Access cards for FDA facilities. This information is provided pursuant to Public Law 93-597 (Privacy Act of 1974), December 31, 1974 for individuals applying for FDA Security Card Keys. Federal Property Management Regulations, 41 CFR 101.20.301, authorize the maintenance of systems by Government agencies for identifying individuals as employees in order to restrict access to Federal buildings after normal working hours and to areas not open to the general public.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Employees’ names, dates of birth, social security numbers, height, weight, vehicle tag number, access level, building, room number and whether they are a contractor, guest worker, visiting scientist, etc. are required before issuing an FDA Identification/Access Card which allows access to certain FDA facilities.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is secured through different levels of passwords.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within MDI is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within MDI.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER ADMIN TRACKING (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: May 9, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1900-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Admin Tracking
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mahesh Choksi
10. Provide an overview of the system: The Admin Tracking system is a collection of administrative and statistical data. It is comprised of the following components:
1) Counter Terrorism Level of Effort Reporting (CTLoE) – The CTLoE reports monthly counter-terrorism activities. It tracks the number of hours the staff is dedicating for functions related to this funding category.
2) Division of Planning, Evaluation and Budget (DPEB) – The application is accessible from the CBER menu. The DPEB system is a collection of similar forms and reports that are used to track special funding categories. To date forms have been set up to track Administrative and Financial numbers such as the S CBER transaction numbers for Requisitions numbers, K numbers (Bio-Terrorism), X numbers, and U numbers (Cooperative Research and Development Agreement -(CRADA)). Funding amounts are identified sequentially and assigned to cost centers and are associated with location codes, offices, divisions, and CAN numbers by fiscal year. The forms are able to dynamically adjust totals and track funding history by using amendments. Status reports are part of each module.
3) Resource Reporting System (RRS) – The RRS tracks time spent in various work areas for PDUFA reporting, e.g., Investigational Related Applications (IRAs), Biologics License Applications (BLAs), Research, Control Lab, Surveillance & Enforcement, misc., and other types of products: plasma, devices, vaccines, monoclonals, etc. Data is collected quarterly.
4) Account Access Information Review System (AAIR) - The system allows information owners to review their users' associated roles and basic system usage information. AAIR is not accessed through the CBER menu, but rather a web-based link provided to staff by the discretion of upper management on a quarterly basis
5) Automated Person System (APS) - The CBER Document Control Center (DCC) and Office of Information Management (OIM) use APS to record and maintain location and organization information on CBER and the Center for Drug Evaluation and Research (CDER) employees, including contractors. APS provides data to DATS to route and subsequently track CBER regulatory documents. APS provides source data for the CBER staff directory. OIM personnel use person table data for secured account management of their applications including CRMTS, RRS, BIRAMS, LRS, BLT, BLA and EDR; for issuing email from the applications and batch jobs, and removing the IT accounts for identified former CBER employees.
6) Account Database Management System (ADM) - A tool to assist in the assignment of Oracle Database roles to users. This module can be selected in two ways. Access can get granted via the CBER menu or by clicking an icon on the desktop. After which the user will need a username and password to access this module.
7) Director’s View - CBER Menu selection that originally allowed for validated user sign-on to a number of Cold Fusion applications which serve as facilitated queries across CBER regulatory systems. Also allows for validated entry to several other Cold Fusion applications.
8) Contact List - Maintains the list of COOP and Pandemic Flu business contact information. A reminder every month is distributed to update the Contact List, which includes personal and business contact information such as telephone numbers, e-mail addresses and other PII related information.
9) Scientific Computing - CBER Research Central (http://research.cber.fda.gov) supports CBER's goal of maintaining a high-quality research program which contributes directly to the regulatory mission, and it is a component of CBER's Laboratory Quality Assurance program (http://intranet.fda.gov/cber/qa/qa.htm). Scientific Computing has information related to CBER's Research Programs, including annual reports, publications and presentations, scientific equipment, and scientific computing. CBER Research Central also supports the submission, review, approval, and maintenance of information needed for animal research to be conducted at the Center, as well as the ordering system for CBER's Core Facility.
10) CBER Menu – A Selection Portal to most CBER applications.
11) MS Access - Multiple access tables are created for various users needs and users can input and output information from these tables using specialized forms.
12) Pandemic Flu Level of Effort (PFluLOE) - Time reporting system for Pandemic Flu-related tasks and Level of Effort usage.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The IIF in the Contact List module is shared with COOP team members when a contingency situation occurs. The purpose of collecting and disclosing IIF is to ensure COOP members can coordinate with each other to bring the organization back to original state after a contingency situation occurs.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Each component of the Admin Tracking system maintains different types of information for various purposes. Only the Contact List module contains IIF. See below for detailed information.
1) Counter Terrorism Level of Effort Reporting (CTLoE) – The CTLoE reports monthly counter-terrorism activities. It tracks the number of hours the staff is dedicating for functions related to this funding category.
2) Division of Planning, Evaluation and Budget (DPEB) – The application is accessible from the CBER menu. The DPEB system is a collection of similar forms and reports that are used to track special funding categories. To date forms have been set up to track Administrative and Financial numbers such as the S CBER transaction numbers for Requisitions numbers, K numbers (Bio-Terrorism), X numbers, and U numbers (Cooperative Research and Development Agreement -(CRADA)). Funding amounts are identified sequentially and assigned to cost centers and are associated with location codes, offices, divisions, and CAN numbers by fiscal year. The forms are able to dynamically adjust totals and track funding history by using amendments. Status reports are part of each module.
3) Resource Reporting System (RRS) – The RRS tracks time spent in various work areas for PDUFA reporting, e.g, Investigational Related Applications (IRAs), Biologics License Applications (BLAs), Research, Control Lab, Surveillance & Enforcement, misc., and other types of products: plasma, devices, vaccines, monoclonals, etc. Data is collected quarterly.
4) Account Access Information Review System (AAIR) - The system allows information owners to review their users' associated roles and basic system usage information. AAIR is not accessed through the CBER menu, but rather a web-based link provided to staff by the discretion of upper management on a quarterly basis
5) Automated Person System (APS) - The CBER Document Control Center (DCC) and Office of Information Management (OIM) use APS to record and maintain location and organization information on CBER and the Center for Drug Evaluation and Research (CDER) employees, including contractors. APS provides data to DATS to route and subsequently track CBER regulatory documents. APS provides source data for the CBER staff directory. OIM personnel use person table data for secured account management of their applications including CRMTS, RRS, BIRAMS, LRS, BLT, BLA and EDR; for issuing email from the applications and batch jobs, and removing the IT accounts for identified former CBER employees.
6) Account Database Management System (ADM) - A tool to assist in the assignment of Oracle Database roles to users. This module can be selected in two ways. Access can get granted via the CBER menu or by clicking an icon on the desktop. After which the user will need a username and password to access this module.
7) Director’s View - CBER Menu selection that originally allowed for validated user sign-on to a number of Cold Fusion applications which serve as facilitated queries across CBER regulatory systems. Also allows for validated entry to several other Cold Fusion applications.
8) Contact List - Maintains the list of COOP and Pandemic Flu business contact information. A reminder every month is distributed to update the Contact List, which includes personal and business contact information such as telephone numbers, e-mail addresses and other IIF related information. The purpose of collecting and disclosing IIF is to ensure COOP members can coordinate with each other to bring the organization back to original state after a contingency situation occurs. The submission of IIF is mandatory.
9) Scientific Computing - CBER Research Central (http://research.cber.fda.gov) supports CBER's goal of maintaining a high-quality research program which contributes directly to the regulatory mission, and it is a component of CBER's Laboratory Quality Assurance program (http://intranet.fda.gov/cber/qa/qa.htm). Scientific Computing has information related to CBER's Research Programs, including annual reports, publications and presentations, scientific equipment, and scientific computing. CBER Research Central also supports the submission, review, approval, and maintenance of information needed for animal research to be conducted at the Center, as well as the ordering system for CBER's Core Facility.
10) CBER Menu – A Selection Portal to most CBER applications.
11) MS Access - Multiple access tables are created for various users needs and users can input and output information from these tables using specialized forms.
12) Pandemic Flu Level of Effort (PFluLOE) - Time reporting system for Pandemic Flu-related tasks and Level of Effort usage.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within the Admin Tracking system is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within the Admin Tracking system.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER BAES (Item)
|
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0201-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Biologics Adverse Events System (BAES)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Phil Perucci
10. Provide an overview of the system: BAES is comprised of several sub-systems: the Vaccine Adverse Events Reporting System (VAERS) Datamart, the CBER Adverse Events Reporting System (CBAERS), and the Lot Distribution Database (LDD). CBAERS obtains data from the FDA/CDER Adverse Event Reporting System (AERS).
BAES was formerly identified as part of the ABLE system. It meets the Congressional requirement for FDA to perform Adverse Event monitoring. It also satisfies requirements of the National Childhood Vaccine Injury Act of 1986 (NCVIA), the Food and Drug Administration Modernization Act of 1997 (FDAMA), and 21 CFR Parts 1271, 310.305, 312.32, 314.80, 312.32 and 600.80.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system gets data from a) CDC’s VAERS system; b) FDA/CDER AERS system; and c) CBER’s LDD system, and FDA staff use BAES as part of their Adverse Event monitoring duties. Patient, provider, reporter and product data is collected via AERS and VAERS systems via Adverse Event reporting mechanisms established via the source systems at CDC (VAERS) and CDER (AERS). The data is refreshed at regular intervals (at least weekly) and thus data is regularly overwritten with the latest available data from VAERS, AERS and LDD.
Only the information required to perform adverse event monitoring is stored.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The BAES system obtains data from a) CDC’s VAERS system; b) FDA/CDER AERS system; and c) CBER’s LDD system and FDA staff use BAES as part of their Adverse Event monitoring duties. The VAERS or AERS systems may have processes in place.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within BAES is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within BAES.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER RMS/BLA (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: May 9, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1041-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Regulatory Management System - Biologics Licensing Application (RMS/BLA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Di Maria
10. Provide an overview of the system: The Regulatory Management System/Biologics License Application (RMS/BLA) supports Center for Biologics Evaluation and Research (CBER’s) and Center for Drug Evaluation and Research (CDER’s) Managed Review Process for the review and approval of applications for biological derived drugs and blood products (the BLAs) that are regulated by FDA. Submission Tracking Numbers (STNs) are assigned; information about BLAs, products, and facilities are maintained and searchable; review milestone deadlines are generated and reported; and post-Approval commitments are monitored and reported.
IT solutions are essential in enabling FDA to meet its obligations under the statutes of Prescription Drug User Fee Act (PDUFA) for the licensing of biologic products and facilities, the timely review of BLAs, and the tracking of post marketing commitments. RMS/BLA is integrated with Document Accountability and Tracking System (DATS) and Electronic Document Room (EDR). Reviewers can open up electronic submissions from the EDR from within RMS/BLA.
This system is under authority of 21CFR601, 21CFR820 (for IVD test kits), and the Prescription Drug User Fee Act and later amendments to the Act.
BRMS is a legacy licensing system that was replaced by RMS-BLA in July 2000. GBRMS is an updated graphical interface to BRMS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
*30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: RMS/BLA supports CBER’s and CDER’s Managed Review Process for the review and approval of applications for biological derived drugs and blood products (the BLAs) that are regulated by FDA. Submission Tracking Numbers (STNs) are assigned; information about BLAs, products, and facilities are maintained and searchable; review milestone deadlines are generated and reported; and post-Approval commitments are monitored and reported. The purpose of maintaining these types of information is to meet the obligations under the statutes of Prescription Drug User Fee Act (PDUFA) for the licensing of biologic products and facilities, the timely review of BLAs, and the tracking of post marketing commitments. The information collected and maintained do not contain IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No IIF data.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within the RMS-BLA System is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within the CBER RMS-BLA System.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Pubshed: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER Adverse Event Reporting System (AERS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-01-1010-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Adverse Event Reporting System (AERS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Charlie Stone
10. Provide an overview of the system: Drug Safety (Adverse Event Reporting System-AERS) is a computerized information database designed to support the FDA's post marketing safety surveillance program for all approved drug and therapeutic biologic products. The ultimate goal of Drug Safety (AERS) is to improve the public health by providing the best available tools for storing and analyzing safety reports.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system does not require collection of any IIF data for successful submission. However, some physicians, hospitals, or public may voluntarily submit IIF data, for example, social security numbers and patient names.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no processes in place to notify or obtain consent; because all data submitted is on a voluntary basis. The FOI staff ensures that any, voluntarily submitted, IIF data is redacted before it reaches the public.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within AERS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within AERS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER BSE/SPOTS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-020200110 246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Bovine Spongiform Encephalopathy/Special Products Online Tracking System System (BSE/SPOTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: SPOTS / Moheb Nasr, BSE IAL / David Horowitz
10. Provide an overview of the system: BSE is a web application that supports the CDER BSE initiative and provides import officials in the field with a list of foreign-sourced pharmaceutical ingredients and marketed drug products (excluding those that are the subject of an NDA, ANDA, or IND) that are derived from certain ruminant animals' tissue having the potential to be contaminated with the infectious BSE agent.
SPOTS is a web application which supports the tracking of all ingredients (active or inactive with certain specific exceptions) derived from plant (except highly purified compounds), animal, microorganism and recombinant technology used in pharmaceutical products that are the subject of a CDER NDA, ANDA, or IND.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The SPOTS (Special Products Online Tracking System) system is a database that tracks all ingredients (active or inactive with certain specific exceptions) derived from plant (except highly purified compounds), animal, microorganism and recombinant technology used in pharmaceutical products that are the subject of a CDER NDA, ANDA, or IND
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26. 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER COMIS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-04-02-0210-00-110-032
4. Privacy Act System of Records (SOR) Number: 09-10-0010
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Center-wide Oracle Management Information System (COMIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wendy Aaronson
10. Provide an overview of the system:
Core COMIS is a Major Application that is used to track the status and progress of applications for Investigational New Drug Applications (IND), New Drug Applications (NDA), and Abbreviated New Drug Applications (ANDA), both pre- and post-marketing. The FD&C Act of 1938 authorizes this activity.
The data is non-public information and is strictly controlled. It contains no privacy information with the exception of the module known as the Bioresearch Monitoring Information System (BrmIS). This module contains identification of clinical investigators along with identifying information. The database is used to keep track of the investigators and link them to specific applications they are involved with. Because this database contains individual names of investigators and personal identifiers, access to it is more limited than any other Center system. BrMIS is exempt from PIA regulations because it contains investigatory records for law enforcement purposes.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The data is non-public information and it's strictly controlled. It contains no privacy information with the exception of the module known as the Bioresearch Monitoring Information System (BrmIS). This module contains identification of clinical investigators along with identifying information. The database is used to keep track of the investigators and link them to specific applications they are involved with. Because this database contains individual names of investigators and personal identifiers, access to it is more limited than any other Center system. BrMIS is exempt from PIA regulations because it contains investigatory records for law enforcement purposes.
Only BrmIS contains personal identifiers and is exempt under Title 21, vol. 1, section 21.61 (f). A specific exemption was provided because of the investigatory nature of the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no processes in place to notify or obtain consent; due to exemption stated above.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within COMIS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within COMIS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER DARRTS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-020200110 246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Document Archiving, Reporting and Regulatory tracking System (DARRTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Bronwyn Collie
10. Provide an overview of the system: CDER is responsible for tracking, reporting, and maintaining an archival record of the drug and biological products submitted to the FDA for review. The center reports to Congress on a number of issues, including performance on Prescription Drug User Fee Act of 1992 (PDUFA) related goals. To fulfill the mission and goals of CDER, DARRTS will provide a flexible, integrated, web-based system that will:
• Support the drug review and biologic review product tracking process;
• Provide administrative and regulatory reporting capabilities; and
• Improve the process by removing design components that result in work-arounds in the current system.
DARRTS is a component of CDER’s overall initiative to move toward a fully electronic submission receipt, processing, and management system. DARRTS, which will be implemented in phases, will replace CDER’s current systems supporting the receipt, management, and reporting of information about clinical investigational and marketing submissions for human drugs and therapeutics.
According to NIST SP 800-18, DARRTS is considered a Major Application (MA). Major Applications (MAs) are systems that perform clearly defined functions for which there are readily identifiable security considerations and needs.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): DARRTS shares information with other operating divisions within FDA to facilitate the receipt, management, and reporting of information about clinical investigational and marketing submissions for human drugs and therapeutics.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: DARRTS will replace CDER’s current systems supporting the receipt, management, and reporting of information about clinical investigational and marketing submissions for human drugs and therapeutics.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no processes currently in place.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within DARRTS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within DARRTS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER EDR (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-04-02-0205-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Electronic Document Room (EDR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gary Gensinger
10. Provide an overview of the system: EDR stores electronic New Drug Application (NDA) submission files and metadata about submission, allowing reviewers to access submissions via a web-based interface.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: EDR/eCTD is a Major Application (MA) developed to comply with the mandates set forth in the Prescription Drug User Fee Act (PDUFA) and Food and Drug Administration Modernization Act (FDAMA) to reduce the review time required to obtain approval to market new drugs in the United States (U.S.), track the status and progress of each application, and accept regulatory submissions in an electronic format.
EDR stores electronic common technical document submission files containing electronic New Drug Application (NDA), Investigational New Drugs (INDs), Abbreviated New Drug Applications (ANDAs), Drug Master Files (DMF), and EDR NDAs (eNDAs).
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER EES (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Mar 17, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-04-02-0203-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Establishment Evaluation System (EES)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Famulare
10. Provide an overview of the system: EES is an automated tracking system used to track the status of pre-approval inspections of establishments which are associated with applications for drugs submitted for FDA approval.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This system contains no Privacy Act information. It contains non-public information concerning drug manufacturing site inspections and associated FDA conclusions and recommendations. Food, Drug, and Cosmetic Act is the legislative authority for this activity.
Through EES, the agency collects the following types of information: drug application and supplement numbers, drug manufacturer information (name, manufacturing site address), manufacturing site inspection request, inspection tracking information (e.g. scheduled, completed), ORA district office and CDER Office of Compliance recommendations based on inspection outcome. CDER drug application reviewers use this information while making decisions about approval/non-approval of drug applications. ORA field personnel also use this information to help determine whether or not imported drugs should be admitted into the country. EES captures a minimum of site inspection tracking and outcome information needed in order to assist FDA personnel in performing their jobs. The data is relatively high-level, and does not include the details of site inspection reports.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER Electronic Common Technical Document (eCTD) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-04-02-0205-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER Electronic Common Technicial Document (eCTD)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gary Gensinger
10. Provide an overview of the system: eCTD stores electronic New Drug Applications (NDA) submission files and metadata about submissions, allowing reviewers to access submissions via a web-based interface.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: EDR/eCTD is a Major Application (MA) developed to comply with the mandates set forth in the Prescription Drug User Fee Act (PDUFA) and Food and Drug Administration Modernization Act (FDAMA) to reduce the review time required to obtain approval to market new drugs in the United States (U.S.), track the status and progress of each application, and accept regulatory submissions in an electronic format.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDER ePS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-01-0303-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDER ePS
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jim Shugars
10. Provide an overview of the system: ePS receives and stores labeling content and information from pharmaceutical companies.
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Within the proposed FDA FACTS@FDA project, the Agency will use the system and use the collected information as listed below:
Manufacturers submit labeling content and content changes to FDA in a standard electronic format.
FDA receives labeling and listing changes from manufacturers and imports the information into an electronic labeling repository.
FDA processes the labeling content and changes using SPL review and workflow management tools that access the electronic repository.
FDA exports up-to-date SPL to the NLM on a daily basis.
NLM disseminates the medication information to healthcare information suppliers who make it available to the public.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDRH Center Electronic Submissions (CeSub)/Image 2000 (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-5030-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDRH Center Electronic Submissions (CeSub)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Coene
10. Provide an overview of the system:
Under the Medical Device Amendments of 1976, manufacturers of medical devices--including but not limited to x-ray machines, pace makers and breast implants--are required to submit applications to the FDA for approval to ensure that these products are safe, effective, and labeled properly before they become available on the market.
CDRH receives and reviews thousands of submissions from regulated industry and consumers seeking FDA approval to market new devices and products, as well as to track changes and adverse events related to approved products. These submissions traditionally have been scanned into the electronic document management system "Image 2000". The CeSub project is based mostly upon the Image 2000 knowledge and document management system, and it adds functionality to permit the receipt and review of electronic submissions.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Under the 1976 medical device amendments to the Food, Drug, and Cosmetic act, the Food and Drug Administration is mandated to collect and analyze manufacturer data related to the safety and efficacy of medical devices before they may be marketed in the US. The information contained in CeSub represents the official record of submissions from manufacturers. This includes Premarket Notifications 510(k), Premarket Approvals (PMAs), Investigational Device Exemptions (IDEs), labeling data, medical device reporting, and establishment registration and medical device listing forms. In addition, all FDA decision letters and any supplemental information requested from the manufacturer are stored in the CeSUB Image 2000 repository. Any IIF data within the system pertains only to the manufacturer submitting the information, and not to patients.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no processes currently in place.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within (CeSub)/Image 2000 is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within (CeSub)/Image 2000.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDRH Center Legacy Application Support Systems (CLASS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0202-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDRH Center Legacy Automated Support Systems (CLASS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karen Moss
10. Provide an overview of the system: The Center Legacy Application Support Systems (CLASS) represents a set of existing databases that support the primary functional areas of device registration and listing, tracking of submissions prior to marketing a medical device, and recording adverse events related to medical devices after they have been introduced to the marketplace.
The Registration and Listing activity is authorized by Section 510 of the Food, Drug and Cosmetic Act as amended, which requires the Food and Drug Administration to collect information on all medical device establishments that market medical devices in the United States. The act requires that medical device establishment’s register their physical location, and to list the devices manufactured or processed at this physical location with FDA. The act specifies that collected information is FOI-releasable. This portion of the system is a collection of databases that store information that Deregulated medical device establishments are required to submit to comply with the reporting requirements specified in 21 CFR 807.The information is retained forever in a combination of historical tables and current data files.
The pre-market activity is mandated by the 1976 medical device amendments to the Food, Drug and Cosmetic Act, while the post market activity is conducted under the authority of the Safe Medical Devices Act of 1991.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Registration and Listing information collected identifies the name and physical location of the establishment, the establishment’s owner or operator, an Official Correspondent, other business trading names, and the name of the United States agent. Device information collected identifies the category of the device manufactured or processed at this registered establishment. The Official Correspondent and United States agent are business contacts. FDA collects their name, company name, address, phone and fax numbers, and e-mail address. This information is not considered to be personal privacy information since it is solely used to contact the regulated establishment regarding FDA matters. Extensive analysis of the burden of collecting this information, has limited the data collected to the information that FDA needs to carry out its regulatory responsibility to inspect and monitor the compliance of medical device establishments.
Pre-market information collected for this system is primarily a computer record of the receipt of a pre-market submission for a medical device. Information identifying the device, the applicant, the submitter, the manufacturing site, and the intended use of the device are taken from the pre-market submission. Most of the data in the system is administrative data, detailing the FDA review process, generated by FDA, and is not data from the pre-market submission. Submitters do provide the names of contact individuals. These individuals are contacted, as necessary, to answer questions, provide additional information, and facilitate the prompt review of the submission.
Post-market data collected for this system provides details of specific adverse events and malfunctions related to medical devices. The data consist of a summary description of the event being reported, identifies the device and its manufacturer, some general patient and medical information, the location of event, and codified analysis of the event by the device manufacturer. This level of reporting provides enough data to generate adverse event statistics and provides enough detail for qualified event analysts to identify events requiring more extensive investigation, either as an individual event or as part of a systematic evaluation of the safety of specific groups of devices.
Within post-market, certain patient-specific information is collected, such as patient age or birth date, weight, gender, and a non-standard patient identification number created by a user facility. Reporting instructions specifically instruct the reporting hospitals, device manufacturers, device distributors, and any voluntary reporters not to include patient names, names of attending medical personnel, social security numbers, driver’s license numbers or other personally identifiable information in response to specific questions or to imbed this information in descriptions of events. When reporters incorrectly provide such information, it is not entered into the database. References to patient names and attending medical personnel are replaced with generic terms such as “the patient”, “the doctor”, etc. The patient data is never released to the public and is not used to track patients. It is collected solely to provide a complete picture of the adverse event. Reporting organizations, such as a user facility or device manufacturer, do provide the names of contact individuals. These normally would be the names of risk managers for user facilities and product engineers or regulatory managers for device manufacturers. These names are not released to the public.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
No
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDRH Center Tracking Systems (CTS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-09-02-0513-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CDRH Center Tracking System (CTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Coene
10. Provide an overview of the system: The Center Tracking System (CTS) is a workflow, work management, and tracking system which supports a variety of pre-market and post-market business processes in the Center for Devices and Radiological Health.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: CTS is a web based application for workload management and tracking, which contains information related to the pre-market submission review process. Specific activities or processes currently supported by CTS include CLIAs, RFDs, COATS, DNMS and eConsults.
Information about devices that have successfully completed any required pre-market review by the FDA is made public through the CDRH and FDA Freedom of Information Act (FOIA) Offices. Information about devices that are under review, or which were not approved, is not shared. The business contact information in CTS is also not published, but can be made available under a Freedom of Information (FOI) request.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDRH Mammography Program Reporting Information System (MPRIS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-4060-00-110-246
4. Privacy Act System of Records (SOR) Number: 09-10-0019
5. OMB Information Collection Approval Number: OMB 0910-0309
6. Other Identifying Number(s): N/A
7. System Name: FDA CDRH Mammography Program Reporting and Information System (MPRIS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Timothy Haran
10. Provide an overview of the system: Under the Mammography Quality Standards Act, all mammography facilities must be accredited by an approved accreditation body; certified by the FDA; inspected annually in order to legally provide mammography services in the United States; and facility medical personnel must meet qualification standards. MPRIS is used to schedule and hold reports of inspections, and provides inspection results to CMS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s):
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information collected identifies the name and physical location of the mammography facility, along with the facility mailing address, telephone and facsimile numbers, the types and number of mammography equipment in use, and the names and qualifications of facility medical personnel, including official contacts for accreditation, billing, and compliance matters.
This information is not considered to be personal privacy information since it is required by, and solely used in keeping with, the provisions of the MQSA and 21 CFR Part 900, that is, in order to contact the regulated facility regarding FDA matters, to determine their certification status, to schedule inspections, and to determine the compliance of the facility and facility personnel with MQSA law and regulations.
The System of Records: 09-10-0019, "Mammography Quality Standards Act (MQSA) Inspector Profile System, HHS/FDA/CDRH” (formerly the “Mammography Quality Standards Act (MQSA) Training Records”) is no longer in use at FDA, and all computerized records that this system was used to collect have been purged from the system. The responsibilities for MQSA inspector audits, evaluations of the inspector's field performance, and inspector continuing education, have been transferred to the Division of State-Federal Relations, in the FDA Office of Regulatory Affairs. The only information collected by the DMQRP regarding MQSA-certified inspectors is their name, office address, email address and office telephone and facsimile numbers. This is the minimum information about the inspectors necessary to provide them technical, equipment, and policy guidance support.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within MPRIS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within MPRIS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CDRH Medical Surveillance Network (MedSun) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-1020-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: OMB 0910-0471
6. Other Identifying Number(s): N/A
7. System Name: FDA CDRH Medical Product Safety Network (MedSun)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Stephen Sykes
10. Provide an overview of the system: The Medical Product Safety Network (MedSun) is an Internet-based system under which health-care facilities have volunteered to submit reports of adverse events involving medical devices in that facility. Participating facilities--representing hospitals, nursing homes, outpatient treatment and diagnostic centers--each designate a person(s) to submit these reports. At the webserver, each reporter is authenticated and has access only to their facility’s data. This data is transferred in realtime to database servers - no data is stored on the website. Submitted data is then analyzed by FDA employees to gain a perspective on postmarket problems with medical devices.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: MedSun receives information concerning adverse events and is provided on a voluntary basis. Participating facilities--representing hospitals, nursing homes, outpatient treatment and diagnostic centers--each designate a person(s) to submit these reports
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN Adverse Event Reporting System (CAERS_IS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-4100-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Adverse Event Reporting System (CAERS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this: David Acheson
10. Provide an overview of the system: CAERS is part of CFSAN’s Strategic Plans - Strategic Goal 3.5: Reduce the health risks associated with food and cosmetic products by preventing human exposure to hazards, monitoring product quality, and correcting problems that are identified.
CFSAN is responsible for assuring a safe and wholesome food supply as well as safe cosmetics for the United States’ consumers. As part of this mission, CFSAN performs post-market surveillance (CAERS) by collecting and monitoring adverse events resulting from the use of the following:
- cosmetics,
- traditional foods,
- food and color additives,
- Generally Recognized as Safe (GRAS) ingredients,
- special nutritional products including dietary supplements,
- medical foods, and
- infant formulas.
While a small portion of these products have mandatory pre-market approval, pre-market notification, and/or post-market surveillance requirements, most of these products, notably dietary supplements, have no such requirements. CFSAN’s primary source of information about these products and post-market surveillance is collected through voluntary adverse event reporting handled by CAERS.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): When follow-up on case is needed for regulatory investigational purposes related to product, IIF may be disclosed to our field operations (Office of Regulatory Affairs) for investigation (e.g. to obtain product label from case to follow-up with investigation of firm).
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The mission of the U.S. Food and Drug Administration’s (FDA) Center for Food Safety and Applied Nutrition (CFSAN) is to assure the safety and wholesomeness of the nation's dairy products, plant foods, beverages, seafood, dietary supplements, cosmetic products, infant formula, medical foods, food and color additives, and all ingredients that come into contact with foods (CFSAN regulated Products). Among CFSAN's priority activities supporting this mission is performing post-market surveillance including but not limited to collecting, monitoring, and analyzing adverse event reports and product complaints, which are alleged to be related to CFSAN regulated products. Virtually all of reports of the adverse events and product complaints are voluntary submissions from consumers, health professionals, and other interested parties. The very rare exception to voluntary submission is the mandatory reporting required for firms that manufacture infant formula when a death of an infant has been associated with their product. Reports are captured and processed and enter the CFSAN Adverse Event Reporting System (CAERS) through several routes (FDA's Field Accomplishments and Compliance Tracking System (FACTS), FDA's MedWatch Program, and direct mail, e-mail, or phone messages to CAERS). Voluntary IIF information may be included in the system. However, records are not retrievable by IIF; instead, an agency-assigned CAERS case number is given to the case when information is entered into CAERS. The CAERS data is used as a basis for enforcement and regulatory action on CFSAN regulated firms and products to help perform the mission described above.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No processes are in place because records are not retrievable using IIF.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within CAERS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within CAERS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN ARCH (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0202-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Administrative Resources Core Hub (ARCH)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Buddy Heiman
10. Provide an overview of the system: ARCH is not a CFSAN responsibility. However, a subset of ARCH is used in the CFSAN Resource Reporting System Via Project (RSVP) which tracks employee resource use by pay period.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: N/A
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN CARTS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0202-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Automated Research Tracking System (CARTS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Newland
10. Provide an overview of the system: The CFSAN Automated Research Tracking System (CARTS) tracks all CFSAN research projects, including Counter-Terrorism projects.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
*30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: CARTS records all information on research conducted within CFSAN and in collaboration with external organizations from scientists and managers.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN CASPER (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0202-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Automated Submission Process Exchange and Reporting System (CASPER)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: McCarthy, Ruth L
10. Provide an overview of the system: The CFSAN Automated Submission Process Exchange and Reporting System (CASPER) is an electronic workflow tracking and information system designed to automate ONPLDS common business practices of receiving, tracking, processing, reporting, storing, and retrieving submissions. The system will provide ONPLDS personnel a needed tool that replaces the current manual, decentralized receipt and processing of submissions with one that supports an online, single system with a centralized entry and closing point for all of ONPLDS submissions. CASPER provides imaging, OCR, database, and workflow functionality that will allow ONPLDS managers, analysts, and reviewers to electronically access, assign, capture, and retrieve information needed to conduct ONPLDS business.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: CASPER collects data about documents being processed in a defined work flow and who in that work flow is taking what action to complete the assignment. No IIF information is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN Color Certification (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0505-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: OMB 0910-0216
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Colors Certification System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Raymond Decker
10. Provide an overview of the system: The Colors Certification system supports Colors Certifications in accordance with CFR Title 21, Parts 70 and 73. Colors Certification data is exported to the CFSAN web servers so that seventeen industrial users may view data on their own petitions. Requestors for Color certification will have access only to their own data on a separate public web site. All other data is restricted to the Office of Cosmetics and Colors.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information collected is necessary to ensure the name and location of the color manufacturer, where the color additive is being stored, and how the color was made.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN Food Additives Regulatory Management (FARM) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-4050-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Food Additives Regulatory Management (FARM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ziyad, JoAnn
10. Provide an overview of the system: The FARM Project’s electronic information management system is designed to support the electronic processing, review, maintenance, and reporting for food ingredient submissions. This includes the management of food and color additive petitions, Food Contact Notifications (FCNs), Generally Recognized as Safe Notices (GRNs) and Biotechnology Consultations (BNFs), by providing modern electronic information management tools necessary for the food ingredient reviewers and managers to maximize their productivity.
FARM allows reviewers to spend more time reviewing submissions, since they spend less time searching for, processing, and sharing information. FARM also allows reviewers to utilize state-of-the art analytical and search tools to support safety reviews, evaluations, and decisions. FARM is currently able to support industry electronic food ingredient submissions and correspondence in a consistent/standard electronic format which further improves efficiency for industry and the FDA. Freedom of Information Act (FOIA) requests and other communications disclosing information to industry and consumers are done electronically through the FARM System.
The FARM system provides:
Efficient desktop information retrieval and processing.
Workload management .
Step-by-step tracking capability for all aspects of the submission and review processes.
Analytical tools on the desktop to link all information pertinent to the review.
Expanded capability to access online scientific databases.
Capability to capture the data necessary to compare the performance of the base-line system, established in FY 2001, against performance levels/metrics of the previous five years.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The FARM System collects information from the food industry on ingredients that are added to or will come in contact with food for human consumption. The information that industry submits to the agency contains chemistry, toxicology, environmental, nutritional, microbiological, and other relevant data. Information collected by the FARM System consists of data required to perform the safety review of food ingredients under the Federal Food Drug and Cosmetic Act and Regulations in Part 21 CFR Sections 71 & 170-190. These regulatory documents describe the data required from industry for the Food Contact Notification (FCN), Generally Recognized as Safe Notice (GRN), and Bioengineered Foods Consultation (BNF) processes. All notices and notifications must contain appropriate and sufficient scientific data and information to support the safety review process.
The agency collects only the information provided for under the Federal Food, Drug and Cosmetic Act and in the corresponding regulations in 21 CFR 71-199.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN CREMS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0505-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Compliance, Registration, Enforcement and Monitoring System (CREMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kevin Smith / William Jones
10. Provide an overview of the system: CREMS is an aggregate collection of four applications: Compliance Management System, Interstate Milk Shippers, Seafood HACCP, and Shellfish Shippers. Each is separately maintained and independent.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory:
The CREMS system collects information on food shipments and compliance with safety codes and federal regulations.
The information contained in the CREMS system does not have any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN Low Acid Canned Food (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0505-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Low Acid Canned Foods (LACF)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Peter A. Salsbury
10. Provide an overview of the system: The LACF system gives low acid canned foods processors the ability to register data in accordance with CFR Title 21, Parts 108.25, 108.35, 113, and 114. In Phase I, only CFSAN and FDA Field personnel involved in enforcement activities had access to the software and data. The Phase II implementation provides Domestic industry the ability to submit products’ processes as well as monitor all submissions. When full implementation takes place, all foreign and domestic LACF facilities will have the ability to engage in online access and monitoring of a facility’s products’ processes.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: In accordance with CFR Title 21, Parts 108.25, 108.35, 113, and 114, the data collected is reviewed by technical staff to determine if the LACF-related product is commercially sterile to prevent a potential health hazard.
The CFSAN and FDA staff uses this data to enforce CFR Title 21, part 108 regulations.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN PAFA (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0505-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Priority-Based Assessment of Food Additives (PAFA)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary LaVecchia
10. Provide an overview of the system: PAFA gathers administrative, chemical, and toxicological information on over 3000 food substances directly added to food. In addition, limited information is collected on approximately 3500 food additives that may migrate into food through packaging or the like. This information is used as background material for regulatory review, research projects, and serves to answer Freedom of Information requests in an efficient manner. PAFA data is used to seed the tools used for preliminary Structure Activity Relationship (SAR) analysis when new substances are submitted to the Agency for approval.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: PAFA is used to maintain administrative, chemical, and toxicological information on over 2000 of approximately 3000 substances directly added to food, including substances regulated by the U.S. Food and Drug Administration (FDA) as direct, "secondary" direct, and color additives, and Generally Recognized As Safe (GRAS) and prior-sanctioned substances so that toxicological profiles can be produced for the ingredients added to the food supply. It is a source of information for post-market surveillance of food additives.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CFSAN VCRP (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0505-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: OMB 0910-0027 (Exp. 11/30/2007) and OMB 0910-0030 (Exp. 12/31/2008)
6. Other Identifying Number(s): N/A
7. System Name: FDA CFSAN Voluntary Cosmetics Registration System (VCRP)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ray Decker
10. Provide an overview of the system: The Voluntary Cosmetics Registration Program (VCRP) system is a web-based system allowing the cosmetics industry to obtain a registration number for manufacturing establishments and cosmetic product formulations by electronically requesting it, i.e. completing Form 2511, 2512/12a, or 2514, over the Internet.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The Voluntary Cosmetics Registration Program system is a web-based system allowing the cosmetics industry to obtain a registration number for manufacturing establishments and cosmetic product formulations by electronically requesting it using their web browser. Once the registration number is approved, they will also be able to submit and edit product and ingredient information in a similar manner, i.e. using web-based Forms 2512 and 2512a.
The program is voluntary. Companies are requested to provide the physical location of their manufacturing establishments so they may be inspected for good manufacturing practices. Participants are also requested to provide information on their cosmetic product formulations which aids the agency in determining what ingredients are being used in cosmetic products and what preservative systems are being used to protect the integrity of the product.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CVM Content Management System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-09-02-0513-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CVM Content Management System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:
10. Provide an overview of the system: The purpose of the Content Management System is to help manage a consistent flow of information between the web staff and the content owners and allows the assignment of CVM staff as editors to update their web content. The Content Management System (CMS) uses tools that keep the site accurate, maintaining both integrity and accessibility.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The CVM Web Content system provides a mechanism to disseminate mission critical information to the public and FDA employees. The purpose of the RedDot Content Management System is to help manage a consistent flow of information between the web staff and the content owners and allows the assignment of CVM staff as editors to update their web content. The Content Management System (CMS) uses tools that keep the site accurate maintaining integrity and accessibility. The legislation authorizing this activity is the Federal e-Government mandates.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?:
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CVM Corporate Database Portal (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-09-02-4070-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CVM Coporate Database Portal
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:
10. Provide an overview of the system: The CDP is a centralized repository of data supporting the pre-marketing approval process, the post-approval surveillance process, animal drug registration, establishment inspection, and employee time reporting.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory:
- Submission Tracking and Reporting System (STARS): STARS is a submission management module that tracks submissions, reflects the Center’s target submission processing times, and monitors submissions during the developmental or investigational stages and the resulting application for marketing of the product.
- Drug Experience Reporting System (DERS): The DERS Module allows reviewers to monitor Adverse Drug Experience (ADE) reports, both original and follow-up reports on Form FDA 1932; quantity marketed reports which may or may not be broken down by distributor; animal drug product labels; and, other items (e.g., bibliographies, promotional/advertisement pieces, etc.).
- Activity Time Reporting (ATR): ATR aids employees at all levels of CVM in managing the use of their time and monitoring the progress of their work. Specifically, the ATR System provides CVM managers with the ability to capture real-time data for use in strategic and operational planning, management information reports, budget requests and justifications and/or evaluation, cost and trend analyses, and user fee negotiations and/or management activities.
- Bioresearch Monitoring (BIMO): The BIMO Team administers three compliance programs: Good Laboratory Practices (GLP); Sponsors, Contract Research Organizations, and Monitors (Sponsor/Monitor); and Clinical Investigators (CI). The BIMO module provides the ability to effectively track and report on inspection assignments.
- Drug Product Listing (DPL): DPL allows reviewers to track and report on Drug Listing information (e.g., animal drug manufacturer's establishments, distributors, labeling data, ingredients and trade names). The DPL module compiles this information for all animal drugs that are in commercial distribution or have been discontinued.
- Compliance Document Log Module (CDLM): The CDLM provides users with the ability to assign submission type codes and numbers in STARS in order to track the reference documents.
Additional systems that will be accessible from the web are the Log System and the Financial Accounting System. A brief description of each system is shown below:
- Log System: The Log System used by the Division of Compliance consists of 3 modules. The Correspondence Tracking module tracks correspondence received by the Division. It provides various pending, completed, and overdue reports. The Regulatory Action module tracks regulatory actions taken against a company/person. Various types of reports are available. The Certificate Logging module tracks information related to requests for export certificates. Information from this module is sent to a contractor for billing purposes.
- Fiscal Allocation System (FAS): The Fiscal Allocation System (FAS) is a centralized system used to track expenditures to the team level, if necessary. It is also used to reconcile OFM accounting. It provides the management officers with the ability to track calls placed against a VISA or MOD. The system provides standard reports for each office as well as specialized reports tailored to their specific needs.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?:
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CVM Corporate Document Management System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-09-02-1020-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CVM Corporate Document Managment System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:
10. Provide an overview of the system: CDMS serves as a secure centralized repository for key documents. The system provides a single access point to search, retrieve, and annotate policy and regulation documents, labels and CVM-generated review documents, and letters related to the sponsor submissions.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information consists of policy and regulations documents, labels, and CVM generated review documents and letters related to sponsor submissions. Information does not contain IIF and is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?:
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA NCTR Research Management (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-1330-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA NCTR Research Management System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jeremiah Daily
10. Provide an overview of the system: The NCTR’s mission is to conduct peer-reviewed scientific research that supports and anticipates the FDA's current and future regulatory needs. This research includes in-vivo, in-vitro and in-silico experiments that consume significant NCTR resources.
In order to maximize return on investment, NCTR must manage its resources carefully. To do this efficiently and effectively, NCTR has implemented a protocol tracking and approval process and an activity based costing regimen which requires significant data collection and reporting. The Research Management System (RMS) provides the essential tools for gathering these data and for providing the necessary decision support mechanisms used to allocate available resources to new and ongoing research efforts. No PII is needed or collected.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The RMS collects data required by its protocol approval and tracking efforts as well as the data needed to conduct activity based costing functions. Types of data collected include protocol review and approval information, document production and publishing, cost factors, specific training requirements, FTE availability and resource (labor hour and dollar) costs estimated for and consumed in support of specific projects (protocols). Individual’s names or other PII are not involved.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CVM Electronic Submission System (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-09-02-0512-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CVM Electronic Submission System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:
10. Provide an overview of the system: The ESS system will support the pre and post market functions.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This ESS system will initially collect and process information related to adverse drug experiences related to animal drugs. Future expansions of the system will have all the collection, processing, storing and reporting of animal drug information submitted through electronic media and the FDA Gateway. On the production side the ESS system currently collects 5 PDF pre-market animal drug forms. This system does not or will not accept IIF information and is voluntary.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?:
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA NCTR Research Support (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-1331-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA NCTR Research Support System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Appleget
10. Provide an overview of the system: The Research Support System (RSS) is an IT resource used to collect and store data for toxicology studies. It collects subject and experiment data from the introduction of an animal into the NCTR environment by purchase or birth, through the experiment process, and concludes with the data collected from micro-pathological examination of its tissues. NCTR’s mission is to conduct peer-reviewed scientific research that supports and anticipates the FDA's current and future regulatory needs.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The RSS collects data required by toxicology studies. It collects animal data such as weights, food/water consumption, and clinical observations; it collects data such as compound, treatment group and route of administration; and it collects data about the environment in which the experiment takes place such as cage conditions and placements. It also collects gross- and micro-pathology data. These data are required to conduct peer-reviewed scientific research and for the analyses and scientific papers based on the research.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Agency Information Management System (AIMS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-1010-00-404-142
4. Privacy Act System of Records (SOR) Number: 09-10-0004 (FDA) Communications (Oral & Written) with the Public, 09-90-0058 (HHS) FOI Case Files and Correspondence Control Index, OGE-1 (Office of Government Ethics) Financial Disclosure Reports & Other Ethics Programs, OGE-2 (Office of Government Ethics) Confidential Statements of Employment & Financial Interest, 09-90-0008 Conflict of Interest Records, HHS/OS/ASPER, OPM/Central-9 Personnel Investigations Records
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Agency Information Management System (AIMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rosie Whitcraft
10. Provide an overview of the system: AIMS provides administrative tracking and electronic storage for several agency functions. The core data within AIMS is pulled from the agency ASAP system for staff, contractor, and organizational data required for the applications. The core also contains any information that is shared by two or more of the AIMS modules. The modules are Correspondence (both internal generated and received from external sources), Freedom of Information (FOI), Federal Register (FR), Dockets Management, Advisory Committee, Ethics, Passports, Records Case Management, Office Moves, Awards and Interagency Consult Reviews. The system also has a records management application for all records tracked in the system.
The module for Administrative Tracking and Electronic Document Storage of FOI requests, responses, and related correspondence is authorized by the Freedom of Information Act, (FOIA) 5 U.S.C. 552. The module for Ethics records is authorized by the Ethics in Government Act (PL 95-521) and the Ethics Reform Act of 1989, as amended (PL 101-194). The Civil Service Act authorizes the module for Security Clearances. The Federal Advisory Committee Act authorizes the module for Advisory Committee Records.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: FDA receives approximately 24,000 FOI requests per year. A tracking system is required to monitor the processing of requests. In addition the FOIA and the Ethics in Government Act have annual reporting requirements that are based on information collected in the system. The Passport staff is responsible for obtaining and maintaining the government-issued passports for all FDA personnel.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is obtained from correspondence submitted by the FOI requesters and individuals that correspond with the agency or comment on a Federal Register notice. FDA’s Public Information Regulations at 21 CFR Part 20 inform the public of the procedures for submitting FOI requests. Federal Register notices inform individuals of the procedures for commenting on a notice. In the case of security clearances and ethics, when an individual comes to work at FDA as an employee or contractor they are required to complete forms requesting the information. Forms contain notification statements informing the individuals of the purpose for collecting the information and the authority for collecting the information.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within AIMS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within AIMS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Administrative Systems Automation Project (EASE) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-1020-00-403-131
4. Privacy Act System of Records (SOR) Number: 09-40-0010, 09-90-0018, 09-40-0001, 09-90-0017, 09-90-0001
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Enterprise Administrative Support Environment (EASE)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ray Russo
10. Provide an overview of the system: EASE is an FDA-wide administrative system that provides essential personnel, organization, and locator information, automates time and attendance, and provides ad hoc reporting though its associated RAM data warehouse.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS is provided FDA civilian time and attendance data on a biweekly basis to process FDA payroll. Location data is provided to HHS for the HHS Employee Location System.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: FDA personnel data is retrieved from DHHS Personnel Files (FDA only) for the purpose of providing corporate data to various FDA Systems, to provide management reports, and to provide the basis to process civilian personnel time and attendance recording. Person location data is collected to provide HHS and FDA with location and email directories. FDA Non employee personnel data is collected to provide a basis for location and security purposes. Only those data elements required for the FDA applications is being maintained.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: HHS collects the Personnel Data. The Center Representatives, and the various roles involved with the specific data provide notification to the employees/non-employees upon request of the data. Information about the collection of data is providing within the users manuals and upon training.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within EASE is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within EASE.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Emergency Operations Network Project (EON) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-08-01-0305-00-104-010
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Emergency Operations Network (EON)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ellen Morrison
10. Provide an overview of the system: The Emergency Operations Network (EON) provides an Agency-wide system to fully support the enterprise for the full range of FDA emergencies through the implementation of two robust infrastructures, functional and technological, and through the reengineering of the present emergency system. The development and incorporation of agency-wide guidance in the EON will ensure that the Agency response is uniform, consistent, and coordinated. EON will contain contact information for key FDA staff members, including home addresses, telephone numbers and email addresses. This data is needed to effectively and efficiently respond to evolving emergency situations.
The authorizing legislation for EON includes the Food Drug & Cosmetic Act 903(b) and 711, the Bioterrorism Act (2002), and Homeland Security Presidential Directives.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The EON project is in the development phase. EON will provide FDA contact data extracted from the publicly available DHHS employee directory website. For selected key individuals, this will be augmented with other contact information (home and other personal telephone numbers and email addresses) extracted from the FDA Redbook.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Electronic Gateway (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-0501-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Electronic Submissions Gateway (ESG)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Fauntleroy
10. Provide an overview of the system: The purpose of the FDA Electronic Submissions Gateway (FDA ESG) is to provide a centralized, secure, Agency-wide solution for receiving electronic regulatory submissions. The FDA ESG will also be used to transmit regulatory data and information to other Government Agencies. The FDA ESG is a General Support System (GSS) as defined in NIST guidance and OMB Circular A-130. The FDA ESG is essentially a component of a communications system, collecting information from multiple sources, then forwarding that information to a file server where the appropriate FDA system can retrieve the information. Information is stored within the FDA ESG on a limited basis in support of integrity and availability procedures. The FDA ESG owns none of the data that passes through its components. The data are “owned” by the supported applications. Thus, the FDA ESG is providing a supporting service to these applications as opposed to performing an FDA mission-specific function. The FDA ESG project will help the FDA achieve its legal mandate under the Prescription Drug User Fee Act (PDUFA) for eliminating paper transactions in favor of electronic submissions and processing. The FDA ESG was a specific goal of PDUFA III.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The FDA ESG collects two sets of data. The first set of data is collected from external Transaction Partners to create user accounts within the FDA ESG to support the transmission of regulatory documents. The accounts are owned by a corporate entity. The corporate entity supplies the name, phone number and email address for a primary and secondary contact person. This information is used by the FDA ESG when necessary to resolve technical issues. The second set of data is meta-data about each regulatory submission and includes time of submission, user account, transmission protocol, message id, and file name. This information is used by the Agency to track the submission and aid in file recovery.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Facility Management (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-02-1040-00-401-119
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Facility Management System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:
10. Provide an overview of the system: Facility Management System is an integrated solution to further provide better services/information to all Centers and ORA on any facility related issue, such as designing, planning, leasing, or operation.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This system will allow the Office of Real Property Services, Office of Shared Services, to maintain a comprehensive database to better serve all Centers/ORA on their needs related to space design, planning, and any alteration projects within the Food and Drug Administration.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC eRoom (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-02-01-02-1060-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC eRoom
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ray Russo
10. Provide an overview of the system: Documentum eRoom provides a digital workplace that brings people, processes, and content together, enabling teams to collaborate efficiently and organizations to become more productive and agile.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This project focuses on the IT infrastructure for the FDA’s eRoom Infrastrucutre and is managed by the Office of Business Enterprise Solutions (OBES) Internet/Intranet Support Services Group (IISSG). The Office of Public Affairs, Web Site Management Staff, FDA web Content Program Manager and center/organization content developers have responsibility for the eRoom content management. Therefore, the focus of this assessment concentrates on the base infrastructure not the content management of the site. The site provides a mechanism for FDA staff to post FDA information for collaboration with colleagues.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC FDA Consolidated Infrastructure (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-02-01-01-0301-00-404-139
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Consolidated Infrastructure
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tracy Kennedy
10. Provide an overview of the system: FDA is moving towards long-term improvements in the structuring of IT services across centers which is aimed at facilitating greater integration in the delivery of programs and realizing significant cost savings. Efficiencies will be realized by consolidating the technology infrastructure services and in the standardization of how IT service is provided.
The consolidated infrastructure is described as local area networks, help desk and call center, voice and data services, desktop management and support, database and server management, and Intranet services.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: FDA is collecting data for administration and e-mail purposes from and for the employees and contractors in the agency. External data is collected through e-mail from the FDA public website. No PII information is requested, but the public user may have chosen to furnish it.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC FDA Unified Registration and Listing System (FURLS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-1030-00-114-043
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: OMB 0910-0502
6. Other Identifying Number(s): FDA Form Number 3537/3537a
7. System Name: FDA OC Unified Registration and Listing System (FURLS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ray Russo
10. Provide an overview of the system: On June 12, 2002, President Bush signed The Public Health Security and Bioterrorism Act of 2002 (PL 107-188). This Act was written to enhance the nation's ability to prevent, identify, and respond to bioterrorism. In the case of FDA, the Bioterrorism Act substantially expands the authority the FDA can bring to bear in regulating the food industry.
Domestic and foreign food facilities (importing food into the United States) will be required to register with FDA. Information required includes: name and address of facility; a U.S. agent if foreign facility; and emergency contact information in the event of a public health emergency. As a result of this Act, FDA has a very aggressive schedule for rulemakings and for systems addressing the registration of food facilities, record-keeping, and prior notice of imported food shipments.
The Food Facility Registration System required in the Act will allow FDA to compile an up-to-date list of relevant facilities and to rapidly identify and contact potentially affected facilities in the context of possible bioterrorism involving the food supply. However, FDA must accommodate a registration period 60 days in advance of the statutory deadline of December 12, 2003 to assure that the international system of food production and transport is not disrupted.
While FDA regulators work diligently to put the required regulations in place, the aggressive timeframe mandated under law applies also to the development of the Food Registration system. Therefore, the Food Facility Registration Module of the FDA Unified Registration and Listing System was brought on-line on October 16, 2003. Currently, approximately 4,000 registrations are completed per day through this system.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Domestic and foreign food facilities (importing food into the United States) are required to register with FDA. Information required includes: name and address of facility; a U.S. agent if foreign facility; and emergency contact information in the event of a public health emergency. Upon accessing the site, a user is then able to register with the FDA. The majority of F-URLS users are account holders who utilize F-URLS to register their food facilities. The remaining users are comprised of FDA Personnel who are able to use the F-URLS system to gain access to the facilities’ registration information. Users are authenticated by the Accounts Management system, prior to accessing F-URLS. The registration and listing module (FFRM) is responsible for enforcing specific access rules for users. Additionally, the Account Management module uses the business rules and infrastructure implemented by the Enterprise Administrative Support Environment (EASE) in creating and administering FDA Personnel user accounts.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: F-URLS is a web-based system that will allow users worldwide to register with the FDA. The F-URLS system can be accessed through the FDA website 24/7/365. Upon accessing the site, a user is then able to register with the FDA. The majority of F-URLS users are account holders who utilize F-URLS to register their food facilities. The remaining users are comprised of FDA Personnel who are able to use the F-URLS system to gain access to the facilities’ registration information.
The data processed by the system is as follows:
(Italics implies information optional):
· User/Registrant’s Name and Facility Name (Parent Company Name if facility is a subsidiary)
· Facility Address (Parent Company Address if facility is a subsidiary)
· Preferred Mailing Address
· User’s email address
· User’s telephone number
· User’s fax number
· User’s answer to a verification question for password
· User’s password
· Emergency contact name
· Emergency contact title
· Emergency contact office phone
· Emergency Contact Cell Phone
· Emergency contact email address
· Facility trade name(s)
· Seasonal start/end dates
· Establishment type
· Storage type (appears if establishment type was Warehouse/Holding Facility)
· General Product Category, (appears if establishment type was NOT Warehouse/Holding Facility)
· Statement certifying that all information submitted is true and accurate
· Registration and PIN Numbers
· Firm Establishment Identifier (FEI) Numbers
· For foreign food facilities only: U.S. Agent name, address phone number, email address, and fax number.
To accomplish the functions mentioned above, F-URLS will initially include two modules: Food Facility Registration Module (FFRM) and the Account Management module. Additionally there are interfaces that will be described in part I of this section.
Account Management Module
The Account Management module handles the creation and administration of user accounts for access to all FDA registration and listing modules. For F-URLS, the module allows general system users who submit food registrations and updates to create and maintain secure login accounts (the terms “general system user” and “registrant” will be used interchangeably). Users will be authenticated by the Accounts Management system, defined below, prior to accessing F-URLS. The registration and listing module (FFRM) is responsible for enforcing specific access rules for users. Additionally, the Account Management module uses the business rules and infrastructure implemented by the Enterprise Administrative Support Environment (EASE) in creating and administering FDA Personnel user accounts. More information on the interface with EASE can be found in part I of this section. This avoids duplication when managing FDA user accounts and allows FDA users the ability to use their EASE account to access multiple registration and listing modules. More specific information pertaining to the Account Management Module and its use cases can be found in the System Requirements and Design Document (SRDD).
Food Facility Registration Module (FFRM)
The Food Facility Registration Module is essentially the element of the system that meets the requirements of the Bioterrorism Act of 2002, which required that FDA develop a system for registering food facilities. This module will allow users with accounts established through the Account Management module to register their food facility with the FDA. FFRM will prompt each registrant to enter information pertaining to their facility such as the address of the facility, the facility trade name, the establishment type, and the general product category.
In addition to gathering facility information, the FFRM can generate a request to process a mailing. There are four types of correspondence that would require mailing requests and they are as follows:
· Facility Return Receipt: Many registrants will already have Firm Establishment Identifier (FEI) numbers. For those that do not already possess and FEI number, the FFRM will process a mailing request to send them a new FEI number. The facility return receipt is sent to facilities that are assigned new Firm Establishment Identifier (FEI) numbers. The receipt must be returned and logged in to physically validate the facility’s address. Paper format only.
· Agent Return Receipt: Sent via email or letter to US Agents that are assigned new FEI numbers. A response must be returned and logged in to validate the Agent’s contact information.
· Registration Number and PIN: Sent via email or letter.
· Notification of Assignment: When the submitter is the US Agent for a foreign facility, a Notification of Assignment is sent to the facility. If the submitter is the Owner or Operator of a foreign facility, a Notification of Assignment is sent to the US Agent. Sent via email or letter. More specific information pertaining to FFRM and its use cases can be found in the SRDD.
Paper mailing requests are sent to the Paper Processing Facility; the interface to the Paper Processing Facility will be described in part I of this section.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: None
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within FURLS is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within FURLS.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC FDA/HHS eMail (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: N/A
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC HHS eMail
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Glenn Rogers
10. Provide an overview of the system: FDA Email system
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system transports electronic mail. No IIF is contained in the system. The email system is only a conduit for message traffic. FDA policy states email is not a recognized repository for official records.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC fda.gov (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-02-01-02-1060-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Internet (fda.gov website)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lori Jo Churchyard
10. Provide an overview of the system: This project focuses on the IT infrastructure for the FDA’s public Internet web site, www.fda.gov. The Office of Public Affairs, Web Site Management Staff, FDA web Content Program Manager, and center/organization content developers have responsibility for the site's content management. Therefore, the focus of this assessment concentrates on the base infrastructure, not the content management of the site. The site provides a mechanism for FDA staff to post FDA information to the public and to ensure the availability and integrity of that data so that the various FDA content managers can safely and securely provide data to the site.
13. Indicate if the system is new or an existing one being modified: New
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This is not part of the Infrastructure project. Each application and the associated data is the responsibility of the FDA Website management staff and center/organizations, which manage the content of those systems and the data being provided. As the content on FDA.GOV is public facing, it does not contain any IIF.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: Yes
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC iComplaints (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: Yes
If this is an existing PIA, please provide a reason for revision:
1. Date of this Submission: Oct 15, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: No
4. Privacy Act System of Records (SOR) Number: 09-90-0007, 09-90-0009, 09-90-0011, 09-90-0014, 09-90-0015,
5. OMB Information Collection Approval Number: EEOC/GOVT-1
6. Other Identifying Number(s): N/A
7. System Name: FDA OC iComplaints
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Georgia Coffey
10. Provide an overview of the system: The FDA OC iComplaints system is an enterprise level application that provides management and tracking information to the agency regarding EEO complaints. The application is responsible for providing several function pertaining to EEO complaints registered by various FDA centers including:
- Providing FDA officials with information regarding their Center or Office specific EEO complaints with an analysis of the issues and bases in each complaint.
- Supporting communication with the Equal Employment Opportunity Commission, Office of the General Counsel, and the United States Attorneys offices across the nation on FDA EEO complaints. It allows us to meet our mandatory reporting requirements to the EEOC for the annual 462 Report as well as meet our statutory obligations of quarterly reporting under the No Fear Act.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data contained in the iComplaints system is shared with other centers in FDA, Center Directors, Exec officers and the Commissioner for trend analysis and review of current activities. Further data is also shared with the Equal Employment Opportunity Commission and DHHS officials for purposes of mandatory reporting in the EEOC’s annual 462 Report and quarterly reporting pursuant to the No Fear Act.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The agency collects information associated with grievances (employment status, grievance description) as well as information on personnel involved (employees, management, directors, attorneys and investigators). Personal information gathered include name, date of birth, mailing address, email, education, employment status, foreign activities and legal documents. Fees, settlements and agreement information are also stored in this system.
All information stored in the system is voluntary and is used for complaint tracking and trend analysis.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Currently no process is in place to notify and obtain consent from the individuals whose IIF is in the system when major changes occur. However, everyone is provided an EEO briefing prior to the start of the process. Everyone must provide consent during this briefing before the process can be started. All notice is verbal and written, but can also be provided in electronic format upon request.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within iComplaints is protected by several layers of administrative controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within iComplaints.
PIA Reviewer Approval:
Comments:
PIA Reviewer Name: Tim Stitley
Sr. Official for Privacy Approval:
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Oct 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Property Management System (ASSET) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-0307-00-402-128
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Asset Management System (AMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William R Harris
10. Provide an overview of the system: The FDA Asset Management System (AMS) automates administrative management of accountable personal property equipment assets of the FDA throughout the life cycle from receipt to final disposition. Nearly all aspects of daily FDA business operations are supported by some form of accountable personal property equipment.
A broad range of equipment items is managed in AMS, from testing devices to computer mainframes. Each asset item tracked in the system is a complete unit of equipment, durable in nature, with an expected service life of two or more years.
Requirements for AMS are defined in the Joint Financial Management Improvement Program (JFMIP) document, JFMIP-SR-00-4, Federal Financial Management System Requirements, Property Management System Requirements issued in October 2002. A vast array of detailed information about assets' users and contracts is required for effective property management. AMS provides a data repository of asset information as well as enabling asset security, inventorying, control, tracking, and movement. AMS is an internal effectiveness tool supporting Asset and Liability Management and Financial Management as specified in the Business Reference Model (v.2.0) of the Federal Enterprise Architecture.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Federal employee names and employee numbers are passed to the Asset Management System from another internal FDA administrative system, the Enterprise Administrative Support Environment (EASE). The information is transferred weekly and enables the assignment of responsible employee names and numbers to each item of FDA personal property entered in AMS. The information is needed in AMS for property searches in conjunction with periodic equipment inventories.
The FDA Asset Management System does not perform any other public or internal personally identifiable information data collections.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Only information relating to employees is used.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within ASSET is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within ASSET.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC PRISM Simplified Acquisition System (PRISM) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-0306-00-405-143
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Purchase Request Information System (PRISM)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Glenda Conroy
10. Provide an overview of the system: The Purchase Request Information System (PRISM) procurement information system is an automated system for electronic preparation, review/approval of requisitions, and placement of procurement awards. PRISM automates the buying functions.
PRISM streamlines, speeds, and simplifies acquisition processes through parallel processing. Full Time Equivalent (FTE) personnel for creating and tracking procurement documentation are reduced through process automation. The Agency as a whole will benefit from this system due to increased efficiencies in the acquisition process and use of reporting tools.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PRISM automates collection of vendor data (address, tax identification number and DUNS number from the Central Contractor Registry (CCR) system. PRISM provides data relating to purchase orders including vendor tax identification numbers to the Departmental Contracts Information System (DCIS) in a quarterly batch file. PRISM provides accounting data relating to purchase orders including vendor tax identification numbers to provide to the HHS Unified Financial Management System (UFMS) in a daily interface file.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory:
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: PRISM federal employee information is collected as part of the user profile setup process at the time a system logon identifier is assigned. System logon identifiers are concatenations of federal employee first initial and last name, e.g. mdoe for Mary Doe.
Changes to PRISM user profiles may be originated two ways:
1. Notification of change initiated by federal employees to the system help desk.
2. Submission of add/delete user profile change forms by supervisors, managers and team leaders when personnel changes occur.
Federal employee privacy concerns are processed by supervisors, managers and team leaders.
Vendor information is collected from the e-Government Central Contractor Registry (CCR) system.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within PRISM is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within PRISM.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC Science First (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-10-01-2000-00-202-072
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC Science First
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Norris Alderson
10. Provide an overview of the system: SCIENCE FIRST is a virtual agency-wide science center, consolidating scientific information from across the entire agency. SCIENCE FIRST contains tools and applications to support the agency's initiative of enhancing science within the agency, the continuing goal of science-based regulatory decision-making, fostering collaboration and communication between agency scientists, and increasing awareness of FDA research accomplishments. The regulation that applies to this system is the Government Paperwork Elimination Act (GPEA).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system collects and disseminates science-related and other pertinent regulatory information such as skills resources, research projects, scientific and regulatory publications, links to training and knowledge enrichment sources, and scientific data sources. This information will be used to support the agency's initiative to enhance science within the agency, the continuing goal of science-based regulatory decision-making, foster collaboration and communication between agency scientists, and increase awareness of FDA research accomplishments.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA OC User Fees (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-01-01-4140-00-402-125
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA OC User Fee System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Martha Louviere
10. Provide an overview of the system: The User Fee System is a component system of the Financial Enterprise Solutions (FES) Mission Critical computer security classification investment. The system application utilizes various modules of the Oracle eBusiness Suite, v.11.5.9.
The system was developed to respond to the legislative needs of:
Prescription Drug User Fee Act of 2003
Medical Device User Fee and Modernization Act of 2002
Animal Drug and User Fee Act of 2003
Mammography Quality Standards Act
Internal users access the system through the firewall-shielded secure FDA network. Thousands of external industry users access the system via the Internet through a back and front-end, firewall-shielded sub-network in a demilitarized zone. System servers are located in the FDA Network Control Center on the second floor of the Parklawn building in Rockville, Maryland.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): All information collected is required to exchange by the federal government to facilitate payments required by the User Fee legislation. The data collected is the minimum necessary to complete the coversheet and billing processes.
Internal users access the system through the firewall-shielded secure FDA network. Thousands of external industry users access the system via the Internet through a back and front-end, firewall-shielded sub-network in a demilitarized zone. System servers are located in the FDA Network Control Center on the second floor of the Parklawn building in Rockville, Maryland.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The User Fee System collects data related to transactions for which external industry users must pay fees. Such transactions involve user fees associated with:
· Prescription Drug User Fee Act of 2003
· Medical Device User Fee and Modernization Act of 2002
· Animal Drug and User Fee Act of 2003
· Mammography Quality Standards Act
For internal federal users, the User Fee System collects specifically identifiable information about the names and email address. The records are of employees responsible for accessing Oracle Applications as approved by the account approval process.
For external industry, the User Fee System collects business identifiable information about name, address, telephone numbers, email addresses, DUNS, waiver information and Federal Employee Identification number.
All information collected is required to exchange by the federal government to facilitate payments required by the User Fee legislation. The data collected is the minimum necessary to complete the coversheet and billing processes.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no processes in place.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within User Fees is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within User Fees.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA Automated Laboratory Management System (ALMS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-1070-00-110-246
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Electronic Laboratory Exchange Network (eLEXNET)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carl Sciacchitano
10. Provide an overview of the system: The Electronic Laboratory Exchange Network (eLEXNET) was developed to facilitate secure information sharing among public health partners and collaboration among food safety experts. eLEXNET provides food safety officials with access to food test results for analytes of concern at the detail level and at the product or product industry level.
eLEXNET is a seamless, integrated, secure network that provides multiple federal, state and local government agencies engaged in food safety activities with the ability to compare, communicate, and coordinate findings in laboratory analyses. The system enables U.S. health officials to assess risks, analyze trends, and identify problem products. It provides the necessary infrastructure for an early-warning system that identifies potentially hazardous foods.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: eLEXNET currently allows food safety laboratories at all levels of government (federal, state, local) to share real-time food safety sample and analysis data on selected microbiological analytes. eLEXNET receives sample status and sample analysis summary, laboratory analytical methods and results, and laboratory conclusions from other systems within FDA, as well as from participating laboratories. All data collections are necessary to meet the goals of this system. No Personally Identifiable Information is collected or stored in the eLEXNET system. Prior to obtaining access credentials, when laboratories agree with and sign the written Memorandum of Understanding (MOU), they are informed of the data collection process.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Approval: Promote
Comments: This system does not contain IIF - Fred Sadler, Privacy Act Officer
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA Field Accomplishments and Compliance Tracking System (FACTS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-08-01-1010-00-110-032
4. Privacy Act System of Records (SOR) Number: 09-10-0010
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Field Accomplishments and Compliance Tracking System (FACTS)/Electronic State Access to FACTS (eSAF)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Agnes Kivuvani10. Provide an overview of the system: FDA’s inspection process, managed by FACTS, is responsible for the health and safety of the American Public by providing support to the overall FDA’s mission of promoting and protecting the public health by helping safe and effective products reach the market, and monitoring products for continued safety after they are in use. Legislation authorizing this activity is the Food Drug and Cosmetic Act.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?:
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Firm data which may include Physician Names (as Firm entities) is contained within FACTS and used by many agencies within the FDA for many purposes including Firm inspections.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The FACTS system contains data about commercial firms and their business relationships, data, FDA decisions, manpower, procedures, establishments, commerce, compliance, enforcements, products, consumer complaints, and FDA organizations.
There are Firms that are Physician entities represented by their Physician Name. These names may be considered IIF.
The FACTS database provides information on FDA performance to Congress and the OMB, and supports the Drug industry’s PDUFA initiatives. This system also presents rapid review of current and past fieldwork assignments, results, and time/cost to accomplish in the Agency mission areas of regulation, surveillance, and compliance.
The system provides support to the overall FDA’s mission for promoting and protecting the public health by helping safe and effective products reach the market, and monitoring products for continued safety after they are in use.
FACTS shares collected information with the following systems:
Lab data exchange between FACTS-OASIS (ORA), Data to FACTS Reports; OPAS (ORA), Assignment data to Turbo EIR (ORA),
Firm profile data to ORA/DCIQA (Intranet/Internet), Lab data to eLEXNET (ORA, CFSAN), Complaints & Adverse event data to CAERS (CFSAN),
Firm profile data feed to CDER,
Pre-approval inspection data exchange with EES (CDER),
Firm data to eDRLS (CDER),
Inspection data from MPRIS & CASS (CDRH)
The primary users of FACTS are FDA organizations (see above) that enter, update, retrieve, and otherwise manipulate the data contained in the FACTS database with the ORA Field Offices staff being the principal suppliers of FACTS data. The Centers then make extensive use of FACTS to communicate with the Field.
The secondary users of FACTS include organizations and individuals’ external to the FDA that contributes industry information to the FACTS database. These include consumers, health care providers, state partners, state public health agencies, and other Federal agencies.
FACTS has built-in controls to grant or modify access to the relevant data based on the user role and District he or she belongs to with FACTS end users having only ‘read only’ access to data from other district offices.
For the FACTS/eSAF system there are three primary security zones. The three zones are 1) the Internet, 2) the Service Area Network, or Demilitarized Zone (DMZ), and 3) the Intranet or “inner core”. This approach separates the functions of “border control,” “identification and authentication,” and “access control.”
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There are no processes currently in place.
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within RES is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within RES.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA MARCS External Interface (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: Significant System Management Changes
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-08-01-0202-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Mission Accomplishment and Regulatory Compliance Services (MARCS) External Interface
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robin Crisp
10. Provide an overview of the system: The ORA MARCS External Interface is a multi-phased effort that will use Oracle Containers for Java/J2EE (OC4J) software to create an environment where users can, with a single sign-on, access multiple FDA systems. When fully implemented, the interface will provide:
A web infrastructure that will support new applications under development at ORA, and be a platform for integrating older applications as they are migrated, or reengineered, into a web environment.
A number of standard services as a part of its environment: workflow, personalization, secure role-based access to systems, PKI integration through the Agency's SSO and AD Servers, content indexing and retrieval, and other standard web application features.
Process flow capability that will support import review functionality, allowing import reviewers to retrieve data from multiple databases without the manual processes and cumbersome use of legacy applications that are now required.
A comprehensive user environment for information management, allowing retrieval of data from all ORA systems, including the Data Warehouse (ORADSS).
An environment tailored to the ORA work community’s information needs. The environment can easily be customized to each user’s role, providing links to supporting systems, web-sites, and any FDA information needed to support each user’s daily information needs.
The MARCS External Interface will serve as the access control gateway for all ORA applications.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The ORA MARCS External Interface will not collect or maintain data except for the minimum needed to establish a secure account ID. Data accessed through the interface may include:
Data about the facilities that manufacture, store, process, or ship FDA regulated products into the US.
Data about importers, consignees, shippers, carriers, involved in importing and/or distributing imported FDA regulated products.
Data about the size, contents, type of FDA regulated products entering the US.
Data regarding inspections, reviews, investigations or past history (including recalls) of FDA products entering the US of those involved in their manufacture, etc.
FDA approved standards for FDA regulated products.
Most of this data already exists in FDA legacy systems and is currently used in processes used to review admissibility of imported foods, drugs, medical devices, and other regulated products.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA On-line Program Analysis System (OPAS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-08-01-0201-00-301-092
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Online Program Analysis System (OPAS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy Snee
10. Provide an overview of the system: OPAS extracts employee accomplishment information from the ORA Field Accomplishments and Compliance Tracking System (FACTS). The extracted information refers to the employee's work activities by Operation, Firm, Location, Position Class, Program Code, and Number of Hours. This employee information is then counted and aggregated for each dimension (Operation, Location, Position Class, Program Code, Fiscal Year). Values are loaded into an Oracle Express multi-dimensional database for display to the OPAS users (Headquarters managers and analysts, and field managers).
Work plan information is collected from the MODEL files, but MODEL stores no data for an individual employee. In the future, MODEL will be replaced with Field Workforce Planning System (FWFPS). OPAS does not display public information (i.e., names of Firms). Although this information is collected through FACTS, OPAS displays only counts of Firms in various categories (by Establishment Type, Industry Code, Location, and Fiscal Year).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Extracting and consolidating data from two different production systems’ data, OPAS calculates statistics that are consistent in the level of summary for management decision-making purposes. OPAS consolidation and linkage of files and systems, derivation of data, and accelerated information processing and decision making do not affect due process rights of the public and employees, since no personal information is displayed.
The Director of DPEM, who chooses the installations, assures proper use of the data and is responsible for protecting the privacy rights of the public and employees affected by the interface.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA Operating and Admin. Sys. Import Support (OASIS) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-08-01-1020-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mark Gregory
10. Provide an overview of the system: OASIS automated the re-engineered business processes which the FDA utilizes for making its admissibility determinations. These determinations are used to ensure the safety, efficacy, and quality of the foreign-origin products for which FDA has regulatory responsibility under the Federal Food, Drug and Cosmetic Act.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information is collected initially from the Customs and Border Protection through their ACS system. All time spent reviewing commercial entry data, both on-screen and via paper entry documentation, are recorded as Entry Review. This includes checking regulatory status by accessing Center databases or FIARS, review of FD Form 2877s, Affirmation of Compliance Codes and their qualifiers, and review for data accuracy during Entry Review.
In addition, all time spent to make and record May Proceed decisions, regulatory recommendations such as Detention Requests (DTR) or Detention w/o Exam Requests (DER) and setting up Investigations exam/collect work assignments should be recorded as Entry Review. Any changes to transmitted data found to be inaccurate are made before setting up exam/sample assignments if possible. Such errors are then provided to the district personnel responsible for conducting filer evaluations.
In summary OASIS is a mission critical system that supports about 3500 FDA users throughout the US users on a 24/7 basis. It provides:
o An automated interface with US Customs Service systems
o Automated pre-screening processes
o Support for Entry-Reviewers and Compliance Officer review of regulated products, including computer-aided decision-making
o Maintenance of information for reporting decision-making
o Tracking and review of workflow
The OASIS information is shared with Dept. of Homeland Security, Customs and Border Protection (ACS), FACTS, ORADSS, and FDA Centers.
OASIS enables FDA to handle more efficiently and effectively the burgeoning volume of shipments (now over 8 million/year -- up by 50% in the last four years) of imported products, despite decreasing agency resources. It also maximizes the efficiency and accuracy of the import review process to ensure the safety of imports regulated by FDA on behalf of the American public.
OASIS automates a number of previously manual processes, provides more timely data and better data integrity to support decision-making. It also supports better workflow between the Entry Reviewers and Compliance Officers as well as an ability to monitor performance. No IIF information is being collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA ORADSS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-01-1040-00-111-033
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Office of Regulatory Affairs Reporting, Analysis, and Decision Support System (ORADSS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: George Brush
10. Provide an overview of the system: This is a data warehouse and reporting system developed to provide domestic and import reports to headquarters and field users.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information available in this system can be broken down into different areas.
1. Data that is collected as a result of a product being imported into this country. Basically the type of product and how it is packaged.
2. Data that is collected as a result of sample collections. The data collected includes data such as pac, product, industry, firm name, hours, and operation date.
3. Data that is collected as a result of firm inspections. The data collected includes data such as pac, product, industry, firm name, hours, and operation date.
4. Data that is collected as a result of sample analysis. The data collected includes data such as pac, product, industry, firm name, hours, operation date, and results.
5. Data that is collected as a result of legal actions taken against a firm. The history of the legal action is recorded such as when an action was proposed, when it was sent to legal council, etc.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA Recall Enterprise System (RES) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-08-01-1011-00-110-032
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Mission Accomplishment and Regulatory Compliance Services (MARCS) Recall Enterprise System (RES)
9. System Point of Contact (POC): The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Stone
10. Provide an overview of the system: The MARCS Recalls system provides centralized and standard safety and health alerts and regulated product recall information internally at the FDA. Alerts and recalls are an effective method of providing alert notices to the public, and for removing or correcting consumer products that are in violation of the laws administered by the FDA.
The MARCS Recalls Intranet system is FDA’s first agency wide Recall IT system. MARCS Recalls supports business processes for managed application reviews, workload management, investigative, compliance, and analytical operations, quality assurance and other critical initiatives (Manage and Conduct Compliance Work; Monitor Recall; Monitor Regulatory Actions; Negotiate Compliance Action; Support Regulatory Field Action; View Firm Information).
MARCS Recalls Intranet allows FDA personnel to create recall alerts, document recall actions, and to recommend a recall strategy. The system provides capabilities to close recalls when completed and to archive/retain recall records for future use. The system also provides a capability to post a subset of the recall information to the Internet (MARCS Recalls Internet) allowing the general public to view recall information. Although the posting of the data to the Internet database is active, the website accessibility is currently not made available for public access.
The MARCS Recalls Intranet application provides automated support for the daily operations of ORA Field Offices, Center Coordinators, and Headquarters to support the compliance and enforcement activities (Office of Enforcement) of FDA’s Office of Regulatory Affairs (ORA).
MARCS Recalls Intranet is an online system that also integrates with other strategic systems at the FDA to provide additional support and information for the recall. MARCS Recalls Intranet system integrates with the “FIRMS” data (holds shared information for the Field Accomplishment and Compliance Tracking System (FACTS); Operation Administrative System for Import Services (OASIS)), as read only, and allows for information to be stored with the recall record.
MARCS Recalls Intranet also allows for a precedent search for (CDRH) recalls requiring Health Hazard Evaluation (HHE) information. The MARCS Recalls Intranet supports approximately 50 to 100 concurrent users (per day). MARCS Recalls Intranet has approximately 512 FDA Intranet users that are recorded in the application users, across the U.S.
The FDA’s Office of Regulatory Affairs (ORA) is focused on assuring that manufacturing firms comply with FDA regulations in order to achieve consumer safety and health protection. The FDA’s Investigations Operations Manual 2003 states that “ORA’s mission is to achieve effective and efficient compliance of regulated products through high quality, science-based work that results in maximizing consumer protection.” Within ORA, the Recall Operations Staff (ROS) in the Office of Enforcement (OE), Division of Compliance Management and Operations (DCMO) serves as the Agency’s focal point for all safety and health alerts, and product recall activities. ROS is also responsible for providing policy, procedure, and direction to the FDA field and Center recall operations as dictated by the Food, Drug and Cosmetic (FD&C) Act.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The MARCS Recalls Intranet system shares the data maintained in the database for recall events.ORADSS Business Objects / Reporting – To provide the FDA authorized users with reporting capabilities of the recall event data.PREDICT Data mining – to provide for various data mining information that a recall event may contain for analysis and/or corrective actions.Recall Operations Staff in Office of Enforcement / Division of Compliance Management and Operations (DCMO) – Centers for Recall Coordinators and Field operations for Field coordinators. FDA authorized users for view of recall data.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Almost all of the data captured through the RES application is non-personal and can be grouped into the follow categories:
· Firm information
· Product information
· Center-specific information
· Recall Event information
· Recall Recommendation information
· Recall Classification information
· Recall Summary and Termination information
Personally Identifiable Information (PII) is limited to the minimum amount needed for effective communication in the system. This communication has two aspects, internal and external.
The internal aspect of the system uses the names and email addresses of the individual FDA employees who create or work with the records in the RES application. These needed pieces of PII, the employee’s name and email address, come from the FDA’s FACTS database, which is accessed through the individual’s RES login codes. The user’s name and email provides access to the user’s profile information record in the RES database. These records contain information regarding each user’s role, and the FDA Center with responsibility for the over sight of the recall activity.
Coordinator names are also displayed or included for data collection needs of the recall event, work flow processing, and for the application to submit proper notifications. In addition, comment fields are available within the system in which the users will add necessary information, when applicable, in order to process or ensure information is provided for “recall” requirements. In addition to FDA employees, pieces of PII are also captured in regards to the reporting company, the name(s) of the company point(s) of contact, their email addresses, and company mailing addresses. These pieces of information are provided to FDA by the reporting company(s) for means of communication.
The External use of PII is that the company involved in the recall provides the name and email address of a company representative so the public can make enquiries regarding the recall.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Due to the IIF information maintained in the MARCS Recalls system, the choice is based on user acceptance reviews of any requirements and design of the system and as part of the request for user access to the application. In addition, regulations and policies that support processing of recalls data provide guidance for information being displayed or recorded.
User Request Forms for user request to gain access to the application.
Individuals usually notify the Help Desk and provide user request form for coordinators that need to be provided access. Written and email.
Users are notified verbally during coordinator conference calls and or in writing via email if changes to the system.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within RES is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within RES.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA ORA TurboEIR (Turbo) (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
1
|
PIA Summary
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide: PIA Validation
1. Date of this Submission: Aug 10, 2007
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-02-02-1070-00-110-246
4. Privacy Act System of Records (SOR) Number: 09-10-0002
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA ORA Turbo Establishment Inspection Report (EIR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alex Schultz
10. Provide an overview of the system: The Turbo EIR Field Agent application provides a standardized database of citations, and assists the investigator in preparation of the FDA Form 483 and the Establishment Inspection Report (EIR).
FDA field investigators annually conduct approximately 17,000 establishment inspections. A Food Drug and Cosmetic Act requirement of the inspectional process is to report (in writing) certain types of adverse observations to the management of the inspected firm at the conclusion of the inspection. About forty percent of all inspections result in the issuance of an FDA 483. The FDA 483 is the written report listing the adverse observations observed by the investigator.
The investigators must also generate a comprehensive narrative for each inspection. These narratives are known as Establishment Inspection Reports (EIRs) and are commonly prepared with word processing software. Turbo EIR Field Agent provides onscreen guidance to the investigator for preparation of the EIR. Turbo on the Web is a web browser-based application that allows FDA users to retrieve FDA 483 and EIR documents via the FDA intranet.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: Yes
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared with various compliance/management operational divisions (such as Center for Biologics Evaluation and Research, Center for Drug Evaluation and Research, Center for Food Safety and Applied Nutrition, Center for Devices and Radiological Health, Center for Veterinary Medicine) in the FDA that perform enforcement, analysis, and trending.
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Turbo EIR Field Agent gathers data on the specific violations observed during the inspection and proceedings that transpire during the course of the inspection. Those data (and the FDA 483 items themselves) are then uploaded to a central database where they are available in the FDA for analysis and trending. The EIRs are also available online. The standardization inherent in Turbo EIR reduces inconsistency and lack of uniformity in the FDA 483 process.
Specific personally identifiable information collected by Turbo EIR is names of establishment employees that participated in the FDA inspection. The collection of these names is to identify the most responsible person at the establishment and to note how establishment employees participated in the conduct of the inspection. These names are not used by the Turbo EIR system for data searches. The information is provided voluntarily.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Assigned an inspection, the investigator travels to the establishment to perform it. If the investigator observes adverse conditions they are linked to the FDA citation database in Turbo EIR Field Agent. Within Turbo EIR Field Agent the investigator is then able to provide specific information relating to each observation. When all observations and specifics are recorded Turbo EIR Field Agent prints the FDA 483. The investigator then meets with the management of the firm and explains the adverse observations recorded. At this point the firm’s management has an opportunity to have their comments added to the FDA 483. At the end of the management meeting the investigator presents the final FDA 483 (with comments) to the firm’s management and the inspection is complete. Afterwards the investigator using Turbo EIR Field Agent authors the Establish Inspection Report (EIR). An EIR is created for each inspection, even if a FDA 483 is not issued. The EIR is a comprehensive report of the inspection and contains information needed to support the Violation Letter process and of interest to FDA management. The above activites directly support the FDA's responsability to regulate food, drug and devices.
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information contained within TurboEIR is protected by several layers of administrative, physical, and technical controls in accordance with policies and regulations from the FDA, NIST, and OMB. All applicable security controls are reviewed on a periodic basis to ensure that they are implemented correctly, operating as intended, and producing the desired result of protecting all information within TurboEIR.
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 15, 2007
Date Published: Jun 26, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / CBER Electronic Submission Program (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1020-00-204-079
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Electonic Document Room (EDR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mahesh Choksi
10. Provide an overview of the system: The Electronic Document Room (EDR), also known as Electronic Submission Program, is a collection of systems that e-business-enables the regulatory process for industry and CBER. The EDR stores, retrieves, and distributes electronic submissions to reviewers. The EDR is integrated with the CBER regulatory databases to allow for advanced searches based on data in the CBER databases. The EDR automates processing of submissions and automatically sends notifications to reviewers. The EDR also serves as a repository for CBER generated final documents.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The EDR system stores, retrieves, and distributes electronic submissions to reviewers.
No IIF is collected.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: Yes
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 22, 2008
Date Published: September 8, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER BIRAMS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1940-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Biologics Investigational and Related Applications Management System (BIRAMS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joy Feng
10. Provide an overview of the system: The Center for Biologics Evaluation and Research (CBER) is charged with protecting and enhancing public health through the regulation of biological products including blood, vaccines, therapeutics and related drugs and devices. This requires CBER to receive, review and act on IRAs (Investigational Related Applications), IDE’s (Investigational Device Exemptions) and Master Files. The Authority/Mandate for this is 21 CFR 312, 21 CFR 812, 21 CFR 314.420
The Biologics Investigational and Related Applications Management System (BIRAMS) supports high-level tracking and summarization of CBER regulatory efforts associated with IRAs, Master Files (MF), and Investigational Device Exemptions (IDEs). Emergency Use Authorizations (EUAs), which are required to allow drug, device, or biological products to be used in case of a chemical, biological, radiological, or nuclear emergency, are also supported. It is intended to replace the existing Biologics Investigational New Drug Management System (BIMS) as well as related modules added in recent years.
BIRAMS is comprised of the following modules:
1) BIRAMS Module;
2) Gene Therapy (GT) Module;
3) Clinical Trials (CT) Module;
4) Pre-Application Tracking System (PTS).
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: BIRAMS does not collect, store, or disseminate IIF data that identifies an individual. BIRAMS does contain some information related to patients such as Gender, Patient ID, Patient Number, Race ID and Ethnicity Code, but these types of information cannot be used to identify an individual.
All information in BIRAMS was provided by the sponsors of IRA/IDE submissions. It is extracted from FDA Form 1571, 1572 and from within the submissions itself. Other information is added to this from CBER generated actions such as the act of FDA issuing an IRA hold letter or telecon. BIRAMS hold name, business phone number, and business address of company representatives for the purpose of business communication. This information is provided by these business representatives for this very purpose. Other than the business contact name and credentials (M.D., PhD, etc.) no personal phone numbers, addresses, or other personal information is maintained. Business contact information and information shared within the Department is not considered IIF as directed by the FDA ISSO.
Certain information related to the performance of CBER’s review of IRA/IDE submissions is reported to Congress. There are no links to BIRAMS data from outside the Agency. Presently, any information provided outside the agency is through formal reporting.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 22, 2008
Date Published: September 8, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER IQS (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight
1. Date of this Submission: Aug 10, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: None
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Integrated Quality System (IQS)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Di Maria
10. Provide an overview of the system: The Integrated Quality System (IQS) is neither a Capital Planning and Investment Control (CPIC) system nor a major application. Its primary function is to maintain and disseminate laboratory protocols, reports, manufacturer’s product information, product requirements, product characterization data, general maintenance and staff training records. IQS also stores product test plans, documents such as instructions, procedures, and policies. IQS is intended to manage all aspects of quality and business management including revision control for documents, customer processes, equipment, devices, etc. The patient’s information might be present in emails which is stored in the database.
IQS is used as an automated information system to aid FDA, and mainly the Center for Biologics Evaluation and Research (CBER) and the Center for Drug Evaluation and Research (CDER) in complying with ISO quality standard 17025, to facilitate enforcement of uniform quality standards in the product testing laboratory.
In terms of data exchange with other systems outside of the IQS accreditation boundary, IQS pulls data from Regulatory Management System – Biologics License Application (RMS-BLA) and Lot Release System (LRS) in the CBER and Center for Drug Evaluation and Research (CDER) environment to bring in supplier, manufacturer, and Submission Tracking Number (STN) information.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The primary function of the system is to maintain and disseminate laboratory protocols, reports, manufacturer’s product information, product requirements, product characterization data, general maintenance and staff training records. IQS also stores product test plans, documents such as instructions, procedures, and policies. IQS stores name, office address, and other business contact information, but not Personal Identifiable Information (PII). The information maintained in IQS is used to aid FDA, and mainly the Center for Biologics Evaluation and Research (CBER) and the Center for Drug Evaluation and Research (CDER) in complying with ISO quality standard 17025, to facilitate enforcement of uniform quality standards in the product testing laboratory.
IQS collects contact information volunteered by individuals (outside HHS) seeking FDA publicly available information.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 22, 2008
Date Published: September 8, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER PDUFA Tracking (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1950-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Prescription Drug User Fee Act Tracking (PDUFA Tracking)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sujay Pandey
10. Provide an overview of the system: Under FDAMA/PDUFA, the FDA is required to meet specific performance goals related to regulatory meetings with industry. The PDUFA Tracking system enables users to capture the information necessary to measure performance by fulfilling three meeting management goals outlined in the PDUFA regulations: response to meeting requests, scheduling meetings, and issuing meeting minutes. The Center for Biologics Evaluation and Research (CBER) also uses the system to track non-User Fee product-related regulatory meetings.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The PDUFA Tracking system is comprised of the following seven (7) components:
1) Animal Components Database (ACD) points to Investigational Related Applications (IRAs) and BLAs, then tries to determine animal components in the product; from BSE regulations.
2) CBER Regulatory Meetings Tracking System (CRMTS) fulfills the requirements of FDAMA/PDUFA to track industry's requests for formal meetings with the Center and to capture the information necessary to measure performance.
3) Document Tracking System (DTS) fulfills PDUFA requirements for locational tracking of regulatory submissions (interfaced with the RMS-DATS investment).
4) Regulatory Management Systems (RMS) Lot Release System (LRS) supports the FDA Lot Release Program for biologic products. CBER is required to oversee sample lots in support of licensure and for purposes of product approval and the redistribution of lots for regulated products that require lot release and surveillance (21CFR601.2.c). The system conforms to the RMS model and interfaces with the RMS/BLA system as well as the Electronic Document Room (EDR). The nature of Lot Release requires that LRS be flexible enough to allow the assignment of a Lot to a Product/ Establishment relationship that may not be licensed or pending. The system consists of Data Entry/Update, Report, and Maintenance forms.
5) Regulatory Management Systems (RMS) Document Accountability and Tracking System (DATS) supports the CBER Network Control Center (NCC) staff with receipt and routing of drug Tracking System (RMS-DATS) manufacturer submissions to reviewers and incoming and outgoing communications. These include submissions related to IRAs, IDEs, BLAs, NDAs, 510(k)s, PMAs, and labeling submissions. Functionality includes the logging of shipment information, data entry of regulatory application information, support for document routing, circulation, inventory controls and management, and the generation of reports and queries. RMS-DATS interfaces with other CBER systems for the tracking of Licensing Applications, pre-market submissions, electronic submissions and related documents, and a system for the maintenance of valid person names and associated information. DATS, P2P and CIAD are all logically connected to the DATS data. CIAD is a subsystem of DATS, which tracks non-regulatory documents being routed P2P tracks login IDs and where and when documents are being routed.
6) GUI Biologics Regulatory Management System (GBRMS) is the legacy system that was replaced by RMS-BLA. Although most of the data have been migrated to RMS-BLA, it is still essential for review staff and management to have this legacy system available in read-only mode for the foreseeable future. The software running the user interface of the legacy system and the operating system that runs the software have been upgraded to current versions. No further development is anticipated at this time.
7) CBER On-Line Analytical Processing (OLAP) is a small pilot using Business Objects against the product business area of RMS/BLA for ad hoc reporting, including GUI and web-based reporting and querying against RMS/BLA and RMS/LRS data. OLAP does not connect to the FDA CBER network and it is dependent on the CBER Database.
No IIF will be collected by by the system.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 22, 2008
Date Published: September 8, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER PQR (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1920-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Product Quality and Registration (PQR)
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mahesh Choksi
10. Provide an overview of the system: Product Quality Registration (PQR) is comprised of the following subsystems:
Biologics Compliance Information System - BCIS is comprised of modules that are used to support various CBER Office of Compliance and Biologics Quality (OCBQ) activities. One module tracks and records data about BPD reports, to include electronic Biological Product Deviation Reporting (eBPDR) and non-blood reports. Other modules track and record data about recalls alerts (Recalls), recall tracking (RTS), and enforcement actions (ENFACT). In addition, there is a module to show the Compliance History of a facility. As of May 2007, BCIS will automatically exchange recall data with the ORA MARCS RES system.
Electronic Biological Product Deviation Reporting – eBPDR is an Internet form that feeds into Biologics Compliance Information System (BCIS). It is used by manufacturers to enter error reports. Data entered into eBPDR is then loaded into BCIS.
Human Cell and Tissue Establishment Registration System – HCTERS captures and reports on facilities that have registered with FDA/CBER in compliance with various CFR and Federal Register Notifications for Human Cells, Tissues, and Cellular and Tissue-Based Products Establishment Registration
Electronic Human Cell and Tissue Establishment Registration System Internet Query - Internet interface for HCTERS. It is used by manufacturers to electronically register biological human parts. Data from eHCTERS is stored into HCTERS. There is a publicly available Internet query for HCTERS.
Blood Establishment Registration – BER provides access to quality information and improved efficiency in performing regulatory-mandated registration of blood establishments.
Electronic Blood Establishment Registration – eBER is a internet interface form for the Blood Establishment Registration (BER) System. It allows establishment that deal with blood products to electronically register the type of blood products they deal with and what functions they perform on the blood products. This data is then transferred into BER database.
CBER Online – Is the gateway, which needs a username and password, to get into online applications eBER, eHCTERS and eBPDR.
Lot Distribution Database (LDD) – LDD collects data submitted by manufactures under 21 CFR 600.81 and used by OBE office for analysis and research. LDD automates the manual, paper-based system for this data and enables integration of the lot-distribution data to other adverse event databases (AERS, VAERS and RMS / BLA) for safety surveillance reasons.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The FDA CBER PQR system does not contain any IIF. The following data collected and maintained is only accessible to FDA staff:
Biologics Compliance Information System - tracks and records data about BPD reports, to include electronic Biological Product Deviation Reporting (eBPDR) and non-blood reports. Other modules track and record data about recalls alerts (Recalls), recall tracking (RTS), and enforcement actions (ENFACT). In addition, there is a module to show the Compliance History of a facility.
Electronic Biological Product Deviation Reporting –used by manufacturers to enter error reports.
Human Cell and Tissue Establishment Registration System – captures and reports on facilities that have registered with FDA/CBER in compliance with various CFR and Federal Register Notifications for Human Cells, Tissues, and Cellular and Tissue-Based Products Establishment Registration
Electronic Human Cell and Tissue Establishment Registration System Internet Query - used by manufacturers to electronically register biological human parts. Data from eHCTERS is stored into HCTERS.
Blood Establishment Registration –provides access to quality information and improved efficiency in performing regulatory-mandated registration of blood establishments.
Electronic Blood Establishment Registration –allows establishment that deal with blood products to electronically register the type of blood products they deal with and what functions they perform on the blood products.
CBER Online – gateway into online applications eBER, eHCTERS and eBPDR.
Lot Distribution Database (LDD) –collects data submitted by manufactures under 21 CFR 600.81 and used by OBE office for analysis and research.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 22, 2008
Date Published: September 8, 2008
|
|
06.3 HHS PIA Summary for Posting (Form) / FDA CBER Regulatory Tracking (Item)
|
|
PIA SUMMARY AND APPROVAL COMBINED
|
|
Is this a new PIA 2008?: No
If this is an existing PIA, please provide a reason for revision: PIA Validation
1. Date of this Submission: Aug 10, 2008
2. OPDIV Name: FDA
3. Unique Project Identifier (UPI) Number: 009-10-01-03-02-1930-00
4. Privacy Act System of Records (SOR) Number: N/A
5. OMB Information Collection Approval Number: N/A
6. Other Identifying Number(s): N/A
7. System Name: FDA CBER Regulatory Tracking System
9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Vernita Dawkins (BLT) / Carolyn Trickett (NXD)
10. Provide an overview of the system: The FDA CBER Regulatory Tracking System is made up of the following components, which can be individually accessed from the CBER Menu:
· Blood Logging and Tracking (BLT);
· National Xenotransplantation Database (NXD).
These two components are not interrelated and they are grouped together based on the guidance from the Capital Planning and Investment Control (CPIC) side.
BLT is the database used to track pre-market approval applications (PMA), pre-market reports (PMR), supplements, product development protocols (PDP), pre-market notifications, New Drug Application (NDA), and Abbreviated New Drug Applications (ANDA). NDA and ANDA will be removed from the BLT in November 2009. Additionally, BLT is used to maintain information related to the status and review progress of applications for the approval of devices and products related to blood screening, transfusion, and other analogous products. Final approval letters are stored in the Network Control Center (NCC) and BLT information system. Other related documents are stored in BLT using Documentum Workspace 3.2, Adobe Acrobat Exchange 2.1, and Microsoft Word 2000.
Xenotransplantation is any procedure that involves the transplantation, implantation, or infusion into a human recipient of either (a) live cells, tissues, or organs from a nonhuman animal source, or (b) human body fluids, cells, tissues or organs that have had ex vivo contact with live non-human animal cells, tissues or organs. NXD collects seven main categories of information:
· Xenotransplantation facilities;
· Xenotransplantation patients (does not contain any patient data);
· Xenotransplantation procedures;
· Adverse clinical events associated with xenotransplantation;
· Clinical follow-ups of recipients of xenotransplantation products;
· Animal health events/Herd health events; and
· Patient death reports.
13. Indicate if the system is new or an existing one being modified: Existing
17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No
Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation
Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.
If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.
21. Is the system subject to the Privacy Act?: No
30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The information maintained in BLT is related to the status and review progress of applications for the approval of devices and products related to blood screening, transfusion, and other analogous products. The purpose is to track pre-market approval applications (PMA), pre-market reports (PMR), supplements, product development protocols (PDP), pre-market notifications, New Drug Application (NDA), and Abbreviated New Drug Applications (ANDA). NDA and ANDA will be removed from the BLT in November 2009. The data collected and maintained do not contain IIF.
NXD collects seven main categories of information:
· Xenotransplantation facilities;
· Xenotransplantation patients (does not contain any patient data);
· Xenotransplantation procedures;
· Adverse clinical events associated with xenotransplantation;
· Clinical follow-ups of recipients of xenotransplantation products;
· Animal health events/Herd health events; and
· Patient death reports.
The purpose of this information collection is to identify and track any xenotransplantation-related activities. Personal patient information is intentionally excluded from the data collected to avoid loss of personal privacy.
31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A
32. Does the system host a website?: No
37. Does the website have any information or pages directed at children under the age of thirteen?: No
50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes
54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A
PIA Reviewer Approval: Promote
Comments:
PIA Reviewer Name: Tim Stitely
Sr. Official for Privacy Approval: Promote
Comments:
Sr. Official for Privacy Name: John R. Dyer
Sign-off Date: Aug 22, 2008
Date Published: September 8, 2008
|
|
|
Print
Download Reader
HHS Home|HHS News|About HHS
