Font Size Print Download Reader HHS Home|HHS News|About HHS

OS Privacy Impact Assessments

06.3 HHS PIA Summary for Posting (Form) / OS ASAM ACF General Support System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: ACF GSS

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addres sed: Alan Smith

10. Provide an overview of the system: The ACF GSS is a local area network supporting the operations of the HHS/ACF.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Bri efly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM AHRQ Lo cal Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: AHRQ General Support System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith

10. Provide an overview of the system: AHRQ GSS is a LAN supporting the operations of the HHS/AHRQ.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by t his system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approv al: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments: UPI information inaccurate based upon latest guidance from HHS CPIC Manager.

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM AoA General Support System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: AoA General Support System

9. System Point of Contact (P OC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith

10. Provide an overview of the system: The AoA GSS is a lan supporting operations of the HHS/AoA.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system sub ject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-of f Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Asset Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1030-00

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information C ollection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Asset Management System (AMS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addr essed: Debbie Orfe/Jack Sweeney

10. Provide an overview of the system: Provides access to property data by Asset Center Representatives from DHHS agencies.

AMS is the repository for asset records for a number of organizations within the DHHS. AMS generates the debits and credits related to the capitalized value, period depreciation expense, and net book value disposition of an asset if disposed before its service life has expired, stores the values into a subsidiary Standard General Ledger (SGL) account, and transfers the summary values to the PSC Financial Management Services (FMS). AMS has a built in reporting module, allowing the Asset Center Representatives (ACRs) to generate reports for the assets and users of the organizations to which the ACRs belong.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any inf ormation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is contained in this system

PIA Reviewer Approval: Demote

Comments: This system has been decommissioned and replaced with the PMIS system.

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Jun 13, 2006

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM AutoCAD (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: No

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: AutoCAD

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sheila Grossman

10. Provide an overview of the system: Used to provide architectural and renovation drawings for Parklawn building. Pricing for renovations is done using this tool. Monthly rent calculations are done using this application.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with wh om and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments: contains no PII

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting ( Form) / OS ASAM Biometrics Enrollment System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-01-06-02-0030-00

4. Privacy Act System of Records (SOR) Number: 09-40-0013

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Biometric Enrollment System (BES)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Donald Deering

10. Provide an overview of the system: To store, manage, and maintain information related to the enrollment and employment of federal and contractor applicants as well as the issuance and maintenance of PIV credentials to authorized personnel; this includes the process of identity verification and the authorization to access federal space and information systems.

BES is used to collect fingerprints, photo and other identification which is sent to OPM for background investigation and to allow issuance of badges within HHS and other federal agencies.

Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, required the establishment of a standard for identification of Federal Government employees and contractors. HSPD-12 directs the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems. This policy is intended to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy.

HSPD-12 requires that the Federal credential be secure and reliable. The National Institute of Standards and Technology (NIST) published a standard for secure and reliable forms of identification, Federal Information Processing Standard Publication 201 (FIPS 201), Personal Identity Verification (PIV) of Federal Employees and Contractors. The credential is for physical and logical access.

FIPS 201 has two parts: PIV I and PIV II. The requirements in PIV I support the control objectives and security requirements described in FIPS 201, including the standard background investigation required for all Federal employees and long-term contractors. The standards in PIV II support the technical interoperability requirements described in HSPD-12. PIV II specifies standards for implementing identity credentials on integrated circuit cards (i.e., smart cards) for use in a Federal system. Simply stated, FIPS 201 requires agencies to:

• Establish roles to facilitate identity proofing, information capture and storage, and card issuance and maintenance.

• Develop and implement a physical security and information security infrastructure to support these new credentials.

• Establish processes to support the implementation of a PIV program.

In response to HSPD-12 and to meet the requirements summarized above, PSC’s Security Services Branch is responsible for the management and security of all PII information it collects during the HSPD-12 applicant enrollment and card issuance process; including serving as the main internal and external point of contact with respect to program planning, operations, business management, communications and technical strategy.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the syst em collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is disclosed to OPM for performing background investigations for Federal Employees and Contractors as described by HSPD-12 and FIPS-201.

IIF may be disclosed to the enrollee upon request.

IIF may be disclosed to law enforcement officials when HHS becomes aware of evidence of a violation of civil or criminal law.

IIF may be disclosed to congressional offices in response to a verified inquiry made at the written request of the individual.

IIF may be disclosed to the Department of Justice, court or other tribunal when it has been deemed necessary and relevant to litigation.

IIF may be disclosed to officials of labor organizations when relevant and necessary to their duties of exclusive representation.

IIF may be disclosed to organizations approved by the Secretary for performing quality assessments, audits or utilization review.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administration

– Administrative controls of this system are provided by the SSB.

– Training for users and administrators.

– Confidentiality agreements for contractor access.

– Separation of duties and least privilege access and accountability.

– Processes are in place to monitor and respond to privacy and security incidents.

Technical

– Firewalls and Intrusion detection systems protect the boundaries of the HHS network on which this system operates.

– Encryption is enabled on mobile/portable systems

– Passwords are used to control workstation and server access. Passwords are also used to control encryption and application access.

– VPNs are used to encrypt data transfers.

Physical

- Workstations remain in the custody of authorized personnel while on-site and when transported.

- Workstations are covered by HHS physical controls, including guards, CCTV and ID badges, in the Parklawn Building and at all regional offices.

- Servers are maintained at the GTC and will not be removed.

- Servers are protected by the physical controls of the GTC.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Debt Management Collection System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1011-00

4. Privacy Act System of Records (SOR) Number: 09-40-0012

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Debt Management and Collection System (DMCS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and th e responses to this PIA may be addressed: Matthew Zakielarz

10. Provide an overview of the system: Automated system for the performance of receivables management and Core Accounting System feeder system.

Legislation: Debt Collection Act of 1982 and the Debt Collection Improvement Act of 1996.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is shared with credit reporting agencies, collection agencies, the Department of the Treasury and the Department of Justice as part of the debt collection process.

Credit reporting agencies - Credit reporting Collection agencies - debt collection Treasury TOP - Debt collection referrals Department of Justice - litigation IRS - Write offs and interest paid

31. Please describe in detail any proces ses in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is obtained from the agency program offices as a result of defaulted scholarships, loans, etc. and other sources throughout the due diligence process (e.g., collection agency, credit reporting agency, Department of Justice, etc.) No notice is given to individuals for consent, etc. Through demand letters in the due diligence process, individuals are given the opportunity to pay their debt to the Government before information is forwarded to collection agencies, credit reporting bureaus, etc.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical and physical controls are in place to ensure the security of the information. These include an up to date System Security Plan, Contingency Plan, regular offsite backup of the data, and yearly security awareness training for all personnel. Also, the system is part of the yearly SAS-70 (Statement on Auditing Standards No. 70) audit which tests the adequacy and effectiveness of the operating controls.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Pr ivacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Defense Contract Management Agency (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-09-02-1031-00

4. Privacy Act System of Records (SOR) Number: 09-15-0004

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: DCMA

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring, Capt. USPHS; Kim Frasher, DCMA Project Manager

10. Provide an overview of the system: HHS values and benefits from a workforce that is physically well, they support the efforts of DCMA in achieving this goal. DCMA assists employees and employers to resolve medical problems that may adversely impact their work performance, conduct, health and well-being by tracking the subject’s repetitive exposure to items that could be detrimental to the subject’s health. In order to achieve these objectives, of tracking these exposures, the DCMA case management and reporting system was developed.

13. Indicat e if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Medical officers use for review of medical data. DCMA assists employees and employers to resolve medical problems.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Management, operational, and technical controls commensurate with the level of sensitivity for the system, including: - Electronic data is encrypted during transmission.- Electronic data is password protected- Access to electronic data is role-based- Access to electronic data is based on “least privilege”- Access to electronic data is limited by number of attempts, session lock, session termination- Documents are stored in locked file cabinets / offices.- Documents are shredded (Medical Records are archived) when no longer needed- The application servers are isolated from the rest of the FOH network by PIX firewalls, which control access to the application data.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments: This is a DoD application containing DoD data only, hosted by FOH Seattle. Not HHS responsibility to report PIA information.

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS P IA Summary for Posting (Form) / OS ASAM Defense Financial & Accounting System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: new system -- appropriate documentation still in process

4. Privacy Act System o f Records (SOR) Number: N/A -- this is just a pass-through interface

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: DFAS

9. System Point of Contact (POC). The System POC is the person to whom que stions about the system and the responses to this PIA may be addressed: Carol Arbogast

10. Provide an overview of the system: Interface to the DoD payroll system and the HHS time and attendance system, etc.

13. Indicate if the system is new or an existin g one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS OPDIVs responsible for the interconnecting system, and the U.S. Department of Defense who are owners of DFAS main system; this is just a pass-through interface. HHS OPDIV owners of the interconnected systems, DoD as owner of the DFAS system

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- This is just a pass-through interface

PI A Reviewer Approval: Demote

Comments: A DoD system that contains HHS data -- Not HHS' responsibility to report PIA for system.

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Departmental Contract Information System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2 008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0002-00

4. Privacy Act System of Records (S OR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Departmental Contracts Information System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Fred Evans

10. Provide an overview of the system: The DCIS mission is to provide the data collection and reporting capabilities needed to enable HHS to comply with the reporting requirements mandated by Public Law 93-400 for the reporting of procurement actions.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the sys tem collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF p lease specify with whom and for what purpose(s): N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with r egard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Promote

Comments: No IIF information contained within system

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM DPM Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1010-00-402-124

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: DPM LAN

9. System Po int of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Matt Zaklielarz

10. Provide an overview of the system: The DPM LAN provides local connectivity for the DPM office.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for wha t purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- a GSS

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments: UPI information is inaccurate -- does not agree with numbering methodology used by HHS CPIC Manager.

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Electronic Official Personnel Folder (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1120-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: electronic Official Personnel Folder

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast

10. Provide an overview of the system: Converts all HHS' paper-based Federal civilian employee Official Personnel Folders (OPF) to electronic format.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system c ollect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF pleas e specify with whom and for what purpose(s): HHS employees only, and they only have access to their own personnel folder

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: On the HHS Intranet, locked down behind firewalls, with access permitted only to individual whose name matches the folder. Individuals are required to use passwords and be on the HHS network.

PIA Reviewer Approval: Demote

Comments: This is an OPM system, with HHS data -- Not HHS' responsibility to report PIA information.

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Electronic-Induction (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1150-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Nu mber(s): N/A

7. System Name: E-Induction

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast

10. Provide an overview of the system: On-line systems for new hires

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by th is system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for wha t purpose(s): N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A -- This is a duplication of E-INDUCTION

PIA Reviewer A pproval: Promote

Comments: DoLabor system

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Elite Series System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1050-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: EliteSeries System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Irene Grubb

10. Provide an overview of the system: Provides cradle-to-grave management of the Supply Services Center's inventory and customers orders. It is made up of several modules wich are function-specific: Accounts Recievable, Accounts Payable, Inventory Management, Order Management, Purchasing, Production, Warehouse Management. The EliliteSeries Sytem is an off-the-shelf Software product licenesed by the SSC, and installed with no modifications.

13. Indicate if the system is new or an existing one being modifi ed: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If t he system shares or discloses IIF please specify with whom and for what purpose(s): No

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thi rteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is contained in the system

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published : Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Employee Assistance Program Information System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-45-02-1020-00-110-031

4. Privacy Act System of Records (SOR ) Number: 09-90-0010

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): DOCID: fr07mr97-105

7. System Name: Employee Assistance Program Information System (EAPIS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring Capt. PHS

10. Provide an overview of the system: Manage EAP clinician activity.

This system contains a written or electronic record on each EAP client. These records typically contain demographic data such as client name, date of birth, grade, job title, home address, telephone numbers, and supervisor's name and telephone number. The system includes records of services provided by HHS staff and services provided by contractors. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 5 U.S.C. 7361, 7362, 7901, 7904; 44 U.S.C. 3101.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (stor e), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PII is not shared (except as required by law) with anyone outside of HHS

This information is necessary for the clinician to formulate and implement an intervention plan for resolving the problem(s).

31. Please describe in detail an y processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information in this system of records is: (1) Supplied directly by the individual using the program, or (2) supplied by a member of the employee's family, or (3) derived from information supplied by the employee, or (4) supplied by sources to/from whom the individual has been referred for assistance, or (5) supplied by Department officials (including drug testing officers), or (6) supplied by EAP counselors, or (7) supplied by other sources involved with the case. Clients of the EAP will be informed in writing of the confidentiality provisions. Secondary disclosure of information, which was released, is prohibited without client consent.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information in the system is protected by management, operational, and technical security controls commensurate with the level of sensitivity of the system.

PIA Reviewer Approval:

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments: This system was replaced with WebEAP. This system is decommissioned.

UPI information is inaccurate -- does not match current numbering methodology established by HHS CPIC Manager

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Enterprise E-Mail System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-02-00-01-0009-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Enterprise E-Mail System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ken Calabrese

10. Provide an overview of the system: EES is also known as the "HHSMail" system

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this sy stem?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any informatio n or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administr ative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM FOH Local Area Network/Wide Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 2, 2006

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-02-00-02-1041-00

4. Privacy Act System of Record s (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: FOH LAN/WAN

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Mooring

10. Provide an overview of the system: The FOH LAN/WAN provides local connectivity for the FOH BTS office and wide area connectivity for the various FOH office locations

13. Indicate if the system is new or an exi sting one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be s ecured on the system using administrative, technical, and physical controls.: N/A -- a GSS

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 12, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Government Transformation Center computer room (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Government Transformation Center (GTC) computer room

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Tyllas

10. Provide an overview of the system: The Government Transformation Center is a data center facility located in Unisys' Reston, VA complex which houses HHS Enterprise systems, HHS/OS OITO / ITSC GSSs and the HHS/OS OITO ITSC Network Operations Center.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), dissemina te and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what pur pose(s): This facility does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any informat ion or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using adminis trative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval:

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments: This is a GSS (computer center) thus there is no PII. – rmd

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM GovNet-NG (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-01-01-1010-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: GovNet-NG

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robin Hofmann

10. Provide an overview of the system: GovNet-NG is a secure on-line data and report repository which is accessible via the Intranet using standard web browsers. The accounting data archives from the CORE system will be accessible through CORE-like inquiries on transition to UFMS. The report repository will maintain the CORE reports, UFMS reports, and other source system reports, such as Payroll.

13. Indicate if the system i s new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS employees specifically authorized

*31. Please describe in detail a ny processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Data is not collected from the public. CORE accounting transactions will be a one-time data load at the conclusion of the conversion process from CORE to UFMS. The data will be transmitted via secure FTP.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there poli cies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

The following administrative, technical, and physical controls are in place for GovNet-NG:

Administrative controls:

- C&A completed

- System Security Plan

- Contingency Plan

- System backups

- Offsite storage

- User manuals

- Security Awareness Training

- Least Privilege Access

- IIF Policy

Technical Controls:

- User ID and Passwords

- Firewall

- VPN

- Encryption

- Intrusion Detection

Physical Controls:

- Guards

- ID Badges

- Key Cards

PIA Reviewer Approval: Promote

Comments: Question the UPI number used.

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Post ing (Form) / OS ASAM HHH computer room (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Nam e: HHH computer room

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith

10. Provide an overview of the system: The HHH computer room is a data center facility located in HHS's Hubert H. Humphrey building.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Wi ll the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discl oses IIF please specify with whom and for what purpose(s): This facility does not collect, maintain or disseminate IIF.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This facility does not collect, maintain or disseminate IIF.

32. Does the system host a website ?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This facility does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM HHS Property Management Information System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-01-06-01-0021-00

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: OS ASAM HHS Property Management Information System (PMIS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed : Jack Sweeney

10. Provide an overview of the system: PMIS is a Web-based application, running on an Oracle database and developed by Sunflower, Inc. The application is utilized for fixed asset accounting and is maintained by the Logistics Services Branch (LSB). PMIS is used for recording capitalized property to the general ledger of PSC.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF withi n any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system will not share or disclose IIF with other agencies within HHS, agencies external to HHS, or other people or organizations outside HHS.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IIF will be secured using password based identification and authentication policies and technology, network firewalls, virus scanning software, intrusion detection technology, physical secutiy controls and preventative social engeneering best practices.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM HHSNet (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: HHSNet

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Smith

10. Provide an overview of the system: HHSNet is the enterprise backbone network that supports the interconnection and Internet access requirement's of the various networks supporting the individual Departmental StaffDivs/OpDivs.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shar es or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This system does not collect, maintain or disseminate IIF.

32. Does the system host a we bsite?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how t he IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Integrated Time and Attendance System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. U nique Project Identifier (UPI) Number: 009-91-01-06-02-1016-00

4. Privacy Act System of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Integrated Time and Attendance System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Vivian Truss

10. Provide an overview of the system: ITAS is a timekeeping by exception application that supports most aspects of tracking and reporting work hours and leave for federal employees. ITAS provides users with access to real-time leave balances and ensures that users accurately record work activity by enforcing time and attendance policies and procedures specific to the Federal Government. ITAS contains rules specific to data entered by Employees, Timekeepers, Approving Officials, Administrative Officers, and ITAS Administrators.

13. Indicate if the system is n ew or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subjec t to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The ITAS data is secured-FTP over to our Mainframe system, hosted by the NIH/CIT Data Center where it is processed with other HHS OPDIVs time and attendance data. That data is then shared with the Department’s payroll provider Defense Finance and Accounting System. The purpose of sharing the information is to provide data to DFAS for payroll processing.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.:

Each ITAS user is assigned a User ID and password. User IDs and passwords are managed by the ITAS Coordinators or Timekeepers through a user profile program. Granting ITAS Coordinator privileges is done centrally by the ITAS administrator.

The following administrative, technical, and physical controls are in place for ITAS:

Administrative Controls

System security plan

Contingency (or backup) plan

File backup

Backup files stored offsite

User manuals

Security Awareness Training

Contractor Agreements

Least Privilege Access

IIF Policies

Technical Controls

User Identification and Passwords

Firewall

Encryption

Intrusion Detection System (IDS)

Physical Controls

Guards

Identification Badges

Key Cards

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM ITSC Security Program (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: ITSC Security Program

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Errol Brown

10. Provide an overv iew of the system: Weaknesses identified for the infrastructure program

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any datab ase(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

30. Please describe in detail : (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirte en?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Rev iewer Approval: Demote

Comments: ITSC Security Program -- no applicable to PIA

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Publishe d: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Learning Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1070-00

4. Privacy Act System of Records (SOR) Number : PIA and SORN maintained by OPM

5. OMB Information Collection Approval Number:

6. Other Identifying Number(s):

7. System Name: Learning Management System-LMS

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karen Senkel

10. Provide an overview of the system: GeoMaestro 4.4 is an Internet-hosted human capital management and performance platform that enables organizations to capture, create, manage and share knowledge to improve workforce productivity, accelerate critical business processes, and drive organizational performance. The system centralizes and automates the entire learning management process, making the administration of enterprise learning and development both effective and efficient. As an integrated suite of Web-based tools, the GeoMaestro solution helps organizations assess, deliver and measure enterprise learning and development.

GeoMaestro 4.4 includes an LCMS, MyPlan, Classroom Scheduler, DRE, GeoConnect, Competency Plus and Global Mentoring

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF is shared or disclosed outside of administrative reports.

Notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Since Maestro receives user data from HHS, this process would need to occur before data is submitted to Maestro. http://lms.learning.hhs.gov/MaestroC/index.cfm?room=privacy&roomaction=privacy

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system usin g administrative, technical, and physical controls.: System Under Initial Development

PIA Reviewer Approval: Demote

Comments: An OPM system -- not HHS responsibility to report the PIA

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Managing & Accounting Credit Card System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1200-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Managing & Accounting Credit Card System (MACCS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Matt Zakielarz

10. Provide an overview of the system: MACCS is a system designed to provide access to and account for credit card purchases. Using transaction data from the credit card processing ceter at the US Bank, MACCS is a downstream process that provides a means for ensuring that each transaction is a valid transaction, revirewed by an authoirzed official, assigned to a proper budgetary fund, paid in a timely manner and transmitted for posting to the general ledger

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maint ain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Internal HHS Financial Management Staff

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen ?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

The following administrative, technical, and physical controls are in place for MACCS:

Administrative Controls

C&A Completed

System security plan

Contingency (or backup) plan

File backup

Backup files stored offsite

User manuals

Security Awareness Training

Contractor Agreements

Least Privilege Access

IIF Policies

Technical Controls

User Identification and Passwords

Firewall

Virtual Private Network (VPN)

Encryption

Intrusion Detection System (IDS)

Physical Controls

Guards

Identification Badges

Key Cards

Cipher Locks

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM MDI - Badging System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1061-00

4. Privacy Act System of Records (SOR) Number : 09-40-0013

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: MDI Badging System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Don Deering

10. Provide an overview of the system:

The MDI badging System provides card access and intrusion detection and technical alarm points for the HHS-PSC and approximately 9 remote locations.

MDI PIA is being substantially revised. The amended Privacy Act SOR has been published in the Federal Register and is the 45 day comment period.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), d isseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does not share or disclose

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secur ed on the system using administrative, technical, and physical controls.:

Administrative Controls:

- C&A completed 7/13/6

- Approved System Security Plan

- Contingency Plan

- Backups

- Offsite storage

- User Manuals

- Contractor agreements

- Least privilege

- IIF policy

Technical Controls:

- UserID and Passwords

- Firewall

- Process for monitoring and responding to security incidents

Physical Controls:

- Guards

- ID Badges

- Cipher Locks

- Key Cards

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Medical Evaluation/Requirements Information Tracking System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1210-00

4. Privacy Act System of Records (SOR) Number : 09-15-0004

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medical Evaluation/Requirements Information System (MERITS)

9. System Point of Contact (POC). The System POC is the person to whom ques tions about the system and the responses to this PIA may be addressed: Kathy Morring Capt. PHS

10. Provide an overview of the system: Collect, analyze and manage medical data and produce medical reports on the performance capability of Federal Law Enforcement applicants

MERITS is used to Collect, analyze and manage medical data and produce medical reports on the performance capability of Federal Law Enforcement applicants. AUTHORITY FOR MAINTENANCE OF THE

SYSTEM: Includes the following with any revisions or amendments: Executive Orders 12107, 12196, and 12564 and 5 U.S.C. chapters 11, 31, 33, 43, 61, 63, and 83.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Internal: Billing. PII is not shared (except as required by law) with anyone outside of HHS or the customer agency.

Due to the arduous and hazardous nature of weapon-carrying positions, Federal agencies have to assess the performance capability of their employees and applicants and develop strategies to maintain their health and fitness.

32. Does the system host a website?: Yes

37. Does the website have any info rmation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

Information in the system is protected by management, operational, and technical security controls commensurate with the level of sensitivity of the system, including:

- All medical records are stored in a separate "locked" file room.

- Medical database files are protected by an internal PIX firewall.

- ICMP is blocked on the internal pix firewall and the two MERITS SQL servers are configured not to reply to ping request.

- Audit trails are in place to monitor unsuccessful login attempts to the MERITS application.

- SQL servers are kept up to date with the latest security patches from Microsoft.

- Only authorized internal domain users have access to the MERITS database application.

- The PIX firewall logs are routinely reviewed for unauthorized access.

- Social Security numbers have been removed (except for one client - USSS) from all reports generated out of the MERITS application.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 16, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Occupational Health Information Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1031-00

4. Privacy Act System of Recor ds (SOR) Number: 09-15-0004

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: OHIMS

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring, Capt.; Eric Shih, CDR

10. Provide an overview of the system: Ohims assists Reviewing Medical Officers (RMOs) in providing surveillance of employees for federal employers to track medical and exposure histories that may adversely impact their work performance, conduct, and health. In order to achieve these objectives, the Ohims case management and reporting system was developed.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Reviewing medical officers and designated customer representatives who aggregate data. As necessary via law enforcement.

Access to data is restricted to personnel of the DEC and FOH medical review officers assigned to the select agreement. Direct access by non-FOH personnel is not provided. Arrangements can be made through the FOH MRO for an agency to share data sets in Excel or Access format in support of studies conducted by agency representatives. Due to the provisions of FOH policy (M.39, Release of Confidential Medical Information), confidential medical information may be released only to the agency-designated Employee Medical Files System Manager, or upon written consent of th subject employee(s). Non-confidential informatino or non-identifiable data (average weight of the work force) may be released to the agency.

The RMO works with the agency to assist them in identifying the information that is necessary to meet their program needs, and to assure that the information provided does not breach the requirements of confidentiality. Where policy questions exist, staff or contractors can cll the Associate Medical Director or Director of Clinical Services for policy clarification.

Ohims supports operations functionality for Ohims clients in approximately 5 RMO/ doctor locations throughout the United States.

Ohims was completed and placed into production during February 1999. It is comprised of a Microsoft terminal server application that communicates with the centralized Ohims Oracle server at BTS and collects exam data, and a centralized Ohims Reports Oracle database that provides reports to FOH and Customer

management. Ohims provides FOH doctors with a tool that meets their surveillance goals, with centralized management and reporting capabilities.

“Surveilance management” refers to the process of gathering information on a person who has called into the FOH Clinic for an appointment and signed a Statement of Understanding (SOU). Initial client contacts are classified as a “Pre-Phase”. Information is collected from those individual’s exposure history into the Ohims. Pre-Phase information collected from clients and input into Ohims includes demographic information (i.e., employment type, date of birth, name, employee SSN, gender, etc.), contact information, and employment information. This data is input into Pre-Phase module (labeled Health Surveillance Module by Sentry). Refer to Figure 1 for the graphical process flow.

Once complete the exam is sent to the agreement managers who direct it to the Reviewing Medical Officer (RMO) who evaluates the individual’s ability to perform their assigned tasks. The RMO reviews occupational exposure and changes in health to confirm the individual is being properly trained and protected for the work environment.

RMO / doctors are able to create and print any of the Ohims reports to effectively manage the individual’s exposures or activity. These reports are stock FOH forms.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of I IF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Firewalls, active directory, locked room, confidentiality agreements, level 6 clearance of team members.

Users can access Ohims utilizing a Citrix Client connection to the Ohims Terminal Server site through the Intranet. The Ohims ORACLE server maintains an active database of exams and RMO findings, including all demographic and medically confidential data. This is transported to the appropriate nurse or doctor via the Terminal Server though a Citrix Client connection. Additionally, full private firewall and anti-virus protection are provided on each desktop to prevent corruption or unauthorized capture of data. All users are required to have unique user names and passwords to gain access to the database and Ohims application. Strong passwords are required by all users, which consist of eight (8) characters with at least one Capital, one special character and one number. These measures guarantee secure data transmissions and communication between the user community and BTS.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Parklawn computer room (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System o f Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Parklawn computer room

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Errol Brown

10. Provide an overview of the system: The Parklawn computer room is a data center facility located in HHS's Parklawn building.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

30. Please des cribe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-o ff Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Parklawn General Support System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number : N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: PSC Parklawn GSS

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this P IA may be addressed: Errol Brown

10. Provide an overview of the system: The PSC Parklawn GSS is a series of networks that support the operations of the Parklawn building-based portion of PSC (including DCP).

13. Indicate if the system is new or an existi ng one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the re tention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Payment Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1021-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: No

6. Other Ident ifying Number(s): No

7. System Name: Payment Management System (PMS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sheila Conley, Terry Hurst, Larry Bedker

10. Provide an overview of the system: Grant payment, cash management system.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), diss eminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for w hat purpose(s): The PMS provides data to the agencies that utilize its grant payment services, the Federal Reserve Bank system, and the Treasury.

Agency databases, payment activity, disbursement activity, SF224 data, sync data, vendor data, and CAN data

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The data input to the PMS is derived from the agencies, the recipients, and the staff at DPM. The data input to the system from the staff is entered online from workstations located at the DPM site. This information results in the establishment of accounts, subaccounts, and recipient information. The grant recipients are provided with a package of information when they receive a grant award. The packet requests that they provide DPM with identifying information to include taxpayer ID and 1199 direct deposit banking data. This exchange is via hard copy. All other data exchanged between the agencies, treasury, Federal Reserve Bank, and recipients is in an electronic format. DPM has guidebooks that describe the interfaces needed to communicate between systems.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

All data collected to support the processes of the PMS is stored in tables. The information is secured through multiple levels of security and access controls have been established to authenticate the user and to determine if the user has the authorization to perform actions requested. The access controls are supplemented with a secure network at both NIH and DPM.

Administrative Controls:

- C&A 6/30/5

- Approved SSP

- Contingency Plan

- Backups

- Offsite Storage

- User Manuals

- Contractor Agreements

- Least Privilege

- IIF Policy

Technical Controls:

- UserID and Passwords

- Firewall

- Virtual Private Network

- Intrustion Detection

- Process for monitoring and responding to security incidents

- Encryption

- CAC Cards

- PKI

Physical Controls:

- Guards

- ID Badges

- CCTV

- Keycards

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Perry Point Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-08-02-1040-00-405-143

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: P Point LAN

9. System Point of Contact (POC). The System POC is th e person to whom questions about the system and the responses to this PIA may be addressed: Irene Grubb

10. Provide an overview of the system: The Perry Point LAN provides local connectivity for the AOS office.

13. Indicate if the system is new or an exi sting one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be s ecured on the system using administrative, technical, and physical controls.: No

PIA Reviewer Approval: Promote

Comments: A GSS (Local Area Network) -- does not contain PII

UPI number is inaccurate -- does not match numeric methodology established by the HHS CPIC Manager

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Personal Property Facility Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-08-02-1016-00-405-143

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: PPF Local Area Network

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Debbie Orfe

10. Provide an overview of the system: The AOS PPF LAN provides local connectivity for the Personal Property Facility offices and warehouse.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, m aintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruct ion of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No

PIA Reviewer Approval: Promote

Comments: UPI number is inaccurate -- does not match methodology established by the HHS CPIC Manager

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Placement Assistant Website (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1140-00

4. Privacy Act System of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Placement Assistance Web Site (PAWS)

9. System Point of Contact (POC). The System POC is t he person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast

10. Provide an overview of the system: To provide employee placement assistance.

HHS is undergoing a series of changes as it seeks to improve effectiveness and efficiency by implementing the President's Management Agenda and taking actions to achieve Secretary Thompson's goal of becoming "one HHS." Changes such as consolidation of administrative services, outsourcing, introduction of "e-government" systems, and reorganizations and reengineering may impact HHS employees. To honor Secretary Thompson's commitment that every employee will have a job as these initiatives are implemented, and to help insure that HHS retains as many talented employees as possible, the Program Support Center has created a Career Assistance Center that includes this Placement Assistance Web Site (PAWS) per HHS Instruction 330-1, Department of Health and Human Services Career Transition Plan, and 5CFR Part 330, Subpart F-Agency Career Transition Assistance Plans (CTAP) for Local and Surplus and Displaced Employees.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for wh at purpose(s): HHS Human Resources Specialist, Customer Service Representatives, and hiring Management Officials.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thir teen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: system is in the process of being decommissioned -- rmd 8/16/2007

PIA Reviewer Approval: Demote

Comments: Information System has supposedly been deactivated, and should have been decommissioned.

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Program Operations Information System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1015-00

4. Privacy Act System of Records (SOR) Number: OPM/GOVT-10

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Program Operations Information System (POIS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring

10. Provide an overview of the system: Program Operations Support

POIS is an automated information system that assists FOH in the recording, scheduling, processing, and reporting of occupational health services for a given population of service recipients. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Includes the following with any revisions or admendments: Executive Orders 12107, 12196, and 121564 and 5 U.S.C. chapters 11, 31, 33, 43, 61, 63, and 83

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pa ss through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is not shared (except as required by law) with anyone outside of HHS or the customer agency.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

PIA Reviewer Approval: Demote

Comments: Information System supposed replaced by Service Tracking Management Modernization (STM). This system should have been decommissioned.

PIA Reviewer Name: Ruth Doerflein

Sr. Of ficial for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM PropShop (web ordering system) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1020-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: PropShop Web Ordering System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Debbie Orfe, Marty Brown

10. Provide an overview of the system: To enable items and services to be ordered online by DHHS/Federal agencies.

PropShop is critical for providing customer's access 24/7 to requesting products or services from the PPMB.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system coll ect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared with the PSC Business Office which uses PRICES for billing customers. Additionally, customers receive a courtesy copy.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

Users connect through VPN Firewall Brick; which prevents unauthenticated traffic from entering a protected firewall perimeter. It also provides cryptographic protection against attacks by requiring strong end user authentication. Users are authenticated using strong User IDs and passwords.

Administrative Controls:

- C&A completed

- Approved System Security Plan

- Contingency Plan

- Backups

- Offsite storage

- User Manuals

- Contractor Agreements

- Least Privilege

- IIF Policy

Technical Controls:

- UserID and Passwords

- Firewall

- Intrusion Detection

- Encryption

- Process for monitoring and responding to security incidents

Physical Controls:

- ID Badges

- Cipher Locks

- CCTV

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Public Web (Item)

PIA SUMMARY A ND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: No

4. Privacy Act System of Records (SOR) Number: 09-90-0021

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: PSC ESS HHSU Public Web

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast

10. Provide an overview of the system: HHSU Public Web Communities of Practice is a knowledge sharing tool used by Federal, state, local governments and contractors. It provides live chat, bulletin boards and posted content.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System only discloses email addresses for collaborative workings of the users.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Personal information is voluntary. Userids use the personnal email address of the user. Other information is voluntary and includes Name, Address and phone number. This information is collected for administration use only.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

SecureOne Information Privacy Program Policy provides administrative controls. Only the user who enters IIF can access their own information and any system administrator doing maintenance. Intrusion detection system are used as a technical control. Physical control is provided by DHHS and follows DHHS policy as the system is located in DHHS facilities.

Administrative Controls:

- Contingency Plan

- Backups

- Offsite storage

- User Manuals

- Least Privilege

- IIF Policy

Technical Controls:

- UserID and Password

- Firewall

- Intrusion Detection System

- Encryption

- Process for monitoring and responding to security incidents

Physical Controls:

- Guards

- ID Badges

- Cipher Locks

- CCTV

- Keycards

PIA Reviewer Approval: Promote

Comments: No UPI number -- changed from PSC Public Web to HHSU Public Web Communities of Practice

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Purchase Request Information Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1040-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Purchase Request Information SysteM (PRISM)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maggie Pippin

10. Provide an overview of the system: PRISM is a comprehensive acquisition tracking system that automates each step of the procurement process.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any databas e(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for wh at purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

Although there is no IIF data, users do authenticate to the database using a unique User ID and password, using roles assigned.

Administrative:

- Certification and Accreditation

- System Security Plan

- Contingency Plan

- Backups and offsite storage

- User manuals

- Training

- Contractors adhere to privacy provisions

- least privilege

- policy and guidelines for IIF

Technical:

- UserID and Passwords

- Firewalls

- VPN

- Encryption

- Intrusion Detection System

- Process to monitor and respond to security incidents

Physical:

- Guards

- ID badges

- CCTV

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM QuickHire (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1130-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Nu mber(s): none

7. System Name: QuickHire/QuickClass

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Essie Wright, Antonia Harris

10. Provide an overview of the system: The QuickHire software automates the process of filing jobs. QuickClass - links job description data to announcement and EHRP.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, m aintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): uses available job descriptions to populate job announcements. Contains no IIF information.

32. Does the system ho st a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detai l how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Demote

Comments: DoLabor system

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Revenue, Invoicing, and Cost Estimation System (Item)

PIA SUMMARY AND APPROVAL COMBINE D

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1014-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: PSC Revenue, Invoicing, and Cost Estimation System (PRICES)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Woolston

10. Provide an overview of the system: A financial system for the management of a fee for service business. It contains four (4) modules: costing & pricing, forecasting, billing and a web-based customer viewer. PRICES is a system used by the PSC to manage the agency's business operations and facilitate such functions as product costing & pricing, obligation planning, customer invoicing and on-line bill viewing, and cost center management reporting.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Cost and estimated demand information used in the development of rates is presented to the HHS Service and Supply Fund Board during our annual rate approval process. Service provision and billing information is provide to customer program management and fiscal staff to support collection of reimbursements.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destructi on of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

Administrative controls:

- C&A completed 7/5/6

- approved System Security Plan

- Contingency Plan

- System backups

- Offsite storage

- User manuals

- Contractor agreements

- Least Privilege access

- IIF policy

Technical Controls:

- UserID and Passwords

- Firewall

- Intrusion Detection

- Process for monitoring and responding to security incidents

Physical Controls:

- Guards

- ID Badges

- Cipher Locks

- CCTV

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM SAMHSA Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: SAMHSA General Support System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Errol Brown

10. Provide an overview of the system: The SAMHSA GSS is a local area network supporting operations of the HHS/SAMHSA operating division.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not collect, maintain or disseminate IIF.

30. P lease describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-of f Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Web Employee Assistance Program Information System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1021-00

4. Privacy Act System of Records (SOR) Number : 09-90-0010

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): DOCID:fr07mr97-105

7. System Name: Web Employee Assistance Program Information System (Web EAP)

9. System Point of Contact (POC). The System POC is the per son to whom questions about the system and the responses to this PIA may be addressed: Kathy Morring

10. Provide an overview of the system:

Formerly called EAPIS

Manage EAP clinician activity.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system sh ares or discloses IIF please specify with whom and for what purpose(s): IIF is not shared (except as required by law) with anyone outside of HHS.

31. Please describe in deta il any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information in this system of records is: (1) Supplied directly by the individual using the program, or (2) supplied by a member of the employee's family, or (3) derived from information supplied by the employee, or (4) supplied by sources to/from whom the individual has been referred for assistance, or (5) supplied by Department officials (including drug testing officers), or (6) supplied by EAP counselors, or (7) supplied by other sources involved with the case. Clients of the EAP will be informed in writing of the confidentiality provisions. Secondary disclosure of information, which was released, is prohibited without client consent.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destructi on of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, a nd physical controls.: Information in the system is protected by management, operational, and technical security controls commensurate with the level of sensitivity of the system.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Web Warehouse Inventory Manag ement System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Feb 13, 2008

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1018-00

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Web Warehouse Inventory Management System (WebWIMS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Debbie Orfe

10. Provide an overview of the system: Provides inventory management, space control, order entry, receiving, and storage functionality for the AOS Personal Property Facility in Gaithersburg.

WebWIMS provides material handling, inventory control, and employee assignment using radio frequency (narrow band wireless) and barcode technology with optional interfaces to conveyors, carousels, picking devices, etc. A wireless technology is required to accommodate the constant movement of product, mobility of users, and accommodate the demands for real time data in internal inventory control and space management. In addition, data is gathered to support workload and performance monitoring for PSC KPI program and MEO reporting to QASP.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Internal Branch Employees.

PSC/Business Office - manual interface with PRICES for billing customers, Customer courtesy copy

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Full suite of controls in accordance with SP 800-53. See the Security plan for details. Administrative:- Certification and Accreditation- System Security Plan- Contingency Plan- Backups and off-site storage- User Manuals- Training- Contractor privacy clauses- Least privledge- Policy and guidelines for IIF Technical:- UserID and passwords- Firewall- Encryption- Intrusion Detection System- Privacy/security incidents process Physical:- ID Badges- Cipher locks- CCTV

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASPA HHS Enterprise Portal (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1 . Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-02-00-02-0003-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Num ber(s): N/A

7. System Name: HHS Enterprise Portal

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Prudence Goforth

10. Provide an overview of the system: To provide integrated collaboration and application access across the HHS enterprise. To provide employees with instant access to timely information on the vital health and human service programs that reside within HHS. To reach employees directly and quickly with information in a form they can readily use. The Web Portal will facilitate collaboration among the thirteen agencies and numerous Department-level offices that comprise HHS.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the syst em shares or discloses IIF please specify with whom and for what purpose(s): N/A

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official fo r Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Automated Financial Statement System (Item)

PI A SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0004-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Automated Financial Statement System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Katherine Lee

10. Provide an overview of the system: Collects OPDIVs' financial statement data to generate the HHS-wide year-end and quarterly statements

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF wit hin any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for wha t purpose(s): N/A

32. Does the s ystem host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Financial Information Reporting System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: No

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Financial Information Reporting System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Edward A. Martin

10. Provide an overview of the system: Used in the development of outlay estimating, tracking spending, and tracking apportionments. It provides a repository for detailed historical obligations and outlay data for all uncancelled appropriation fiscal years. It also provides rates for accounts and budget activities for "waterfall tables" used in developing outlay estimates for the President's Budget and required to be submitted in support of the Department's outlay estimates.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintai n (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Appr oval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Grants.gov (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-01-99-01-0160-24

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Nu mber(s): none

7. System Name: Grants.gov -- Find and Apply

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Terry Nicolosi

10. Provide an overview of the s ystem: Grants.gov is one of the PMA E-Gov initiatives and is deploying 2 Government-wide grants mechanisms: Find and Apply. The Find mechanism allows Federal agencies to post funding opportunities on Grants.gov and allows potential applicants to search these opportunities. All grant-making agencies were publishing funding opportunities by October 2003. The Apply mechanism allows agencies to post their application packages on Grants.gov and allows applicants to download the packages and complete them offline, and submit them electronically. The Apply mechanism was launched on October 31, 2003. Grants.gov operates a Contact Center at a state-of-the art secure hosting facility to support agency and applicant users. Grants.gov also operates a forms factory to develop (electronic) forms for the grant-making agencies. Grants.govs day-to-day activities are operated out of the Grants.gov Program Management Office.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

32. Does the system hos t a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detai l how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Promote

Comments: No IIF information -- a web search engine application only

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT HHS EA Repository (Metis) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-03-00-02-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Metis Team Server

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Teeter

10. Provide an overview of the system: Used to track and analyze the layers of the HHS Enterprise Architecture (EA) and the relationships between those layers.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system sha res or discloses IIF please specify with whom and for what purpose(s): N/A

32. Does the system host a website?: Yes

37. Does the website have any informa tion or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Offic ial for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT HHS Identity Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 19, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-02-00-02-0030-00

4. Privacy Act System of Records (SOR) Number: SORN currently being developed.

5. OMB Information Collection Approval Number: 3206-0005, SF-85, SF-86 (?)

6. Other Identifying Number(s): GS-35F-0306J (FISMA ID), I-9 form 1615-0047, Declaration for Federal Employment 3206-0182 (?)

7. System Name: OS ASRT HHS Identity Management System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ken Calabrese

10. Provide an overview of the system: This system will produce the new ID badge for all HHS employees and contractors across all HHS Operating Divisions The IIF collected will be used to uniquely identify personnel on PIV II cards. This information includes biometrics (fingerprints) and digital certificates. This system was authorized by the HHS CIO and meets presidential directive HSPD-12 guidance.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS will use the information on the card and may use some of the stored information when person accesses federal facilities, computers, applications, or data to prove person's identity and right of access. Information is shared with OPM for clearance of employees. Information is also shared with the certification authority which provides digital certificates. Limited information may also be exchanged with the Federal Bridge CA.

The investigation is a federal government job requirement. Those who refuse to provide personal information will not meet the requirements of the job and will therefore not be considered further. Current employees who do not meet these requirements will be terminated.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideli nes in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The database and individual OPDIV feeder servers are located within secured buildings. Different degrees of security have been implemented at all location, with some including Biometrics and Closed Circuit TV.

Technical controls which minimize the possibility of unauthorized access, use, or dissemination of the data in the system are also in place. These include: user identification, firewalls, VPN, encryption, Intrusion Detection System and Common Access Cards.

Guards, ID Badges and Key cards further ensure IIF will be secure.

PIA Reviewer Approval: Promote

Comments: This is an HHS Enterprise-wide system.

PIA Reviewer Name: Ruth M. Doerflein

Sr. Official for Privacy Approval: Promote

Comments: Each HHS OPDIV has been involved in the securing of the PII located on this system. Each OPDIV's CIO has signed off on the CA memo with the HHS CIO signing the ATO.

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Sep 20, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT HHS IT Portfolio Management Tool (ProSight) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-03-00-02-0050-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: HHS IT Portfolio Management Tool (Prosight)

9. System Point of Contact (POC). The System POC is the person to whom ques tions about the system and the responses to this PIA may be addressed: Jeff Lovern

10. Provide an overview of the system: To support the Department's Capital Planning and Investment Control (CPIC) process and the information technology (IT) budget formulation process, including the support of data collection and generation for OMB Exhibit 53 and 300 reporting.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/ or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s ): N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirt een?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Rev iewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Information Collection Review & Analysis System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Apr 27, 2006

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0142-00

4. Privacy Act System of Records (SOR) Number : N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Information Collection Request, Review and Approval System

9. System Point of Contact (POC). The System POC is the person to whom questions ab out the system and the responses to this PIA may be addressed: Alice Bettencourt

10. Provide an overview of the system: To assist HHS to electronically administer and manage its information collection clearance responsibilities under the Paperwork Reduction Act (PRA). Information Collection Review & Approval System (ICRAS) is a web-based databasde application that helps Federal agencies electronically administer and manage its information collection clearance responsibilities under the Paperwork Reduction Act (PRA).

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify wi th whom and for what purpose(s): OMB

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Appr oval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Tracking Accountability in Government Grants System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0003-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): none

7. System Name: Tracking Accountability of Government Grants System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be address ed: John Etcheverry

10. Provide an overview of the system: The TAGGS database is a central repository for grants awarded by the twelve HHS Operating Divisions (OPDIVs). TAGGS tracks obligated grant funds at the transaction level. The TAGGS database is a central repository for grants awarded by the twelve HHS Operating Divisions (OPDIVs). TAGGS tracks obligated grant funds at the transaction level.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system coll ect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please sp ecify with whom and for what purpose(s): N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirt een?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Rev iewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Unified Financial Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-01-01-01-0001-00

4. Privacy Act System of Records (SOR) Number : 09-90-0024

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): none

7. System Name: Unified Financial Management System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sheila Conley

10. Provide an overview of the system: The Unified Financial Management System (UFMS) is a business management tool designated to provide timely and reliable information to improve financial, business and operational functions within HHS. UFMS is designated to satisfy 3 categories of financial management systems requirements mandated by the Federal Financial Management Improvement Act (FFMIA). These are: 1) Federal financial management systems requirements promulgated by OMB and the Joint Financial Management Improvement Program (JFMIP); 2) federal accounting standards; and 3) the United States Standard General Ledger at the transaction level.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system sh ares or discloses IIF please specify with whom and for what purpose(s): The information will be shared between the Office of the Secretary (OS), Centers for Disease Control (CDC), Food and Drug Administration (FDA), National Institutes of Health (NIH), Administration on Aging (AoA), Administration for Children and Families (ACF), Agency for Healthcare Research and Quality (AHRQ), Health Resources and Services Administration (HRSA), Indian Health Service (IHS), Substance Abuse and Mental Health Services Administration (SAMHSA), Centers for Medicare and Medicaid Services (CMS), the U.S. Department of the Treasury, and the U.S. Department of Defense.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The information will be keyed into the database. The information may come directly from the private individual source or from other offices within the UFMS boundaries. All notification for the use and protection of private information will be convedyed in writing during training and by electronic notice. Although the need to share this information outside the UFMS system boundaries is not required, it could be in the future. Processes are still being developed to determine how consent will be given with regard to what information is collected and how it will be shared.

32. Does the system host a website?: No

37. Does the we bsite have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system will be secured by methods prescribed in the System Security Plan (SSP). The SSP calls for system life-cycle practices for Federal financial systems. The methods employed include risk assessments and implementation of management, operational, and technical controls.

PIA Reviewer Approval: Promote

Comments: SOR was renamed in the Federal Register Notice of July 1, 2005.

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASRT Watchfire Web XM (Item)

PIA SUM MARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-03-00-02-0025-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Watchfire

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jaren Doherty

10. Provide an overview of the system: Automates the analysis of online properties to identify issues that jeopardize HHS's identity and reputation, mitigates online risk by identifying and alerting executives about privacy and data security issues, and provides an inventory and technology map of their entire online presence.

13. Indicate if the s ystem is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the syst em subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirt een?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Rev iewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promot

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS DAB Automated Case Tracking System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0005-00

4. Privacy Act System of Records (SOR) Number: N/A

5. O MB Information Collection Approval Number: N/A

6. Other Identifying Number(s): none

7. System Name: DAB Automated Case Tracking System

*9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Neil Kaufman

10. Provide an overview of the system: Tracks status of DAB cases via automation. Separate modules for each DAB division.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shar es or discloses IIF please specify with whom and for what purpose(s): N/A

31. Please de scribe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, tech nical, and physical controls.: N/A

PIA Reviewer Approval: Promote

Comments: information tracked by case number, IIF information may be within a text field

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS IOS Strategic Work Information and Folder Transfer (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-7255-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Stragetic Work Information and Folder Transfer

9. System Point of Contact (POC). The System POC i s the person to whom questions about the system and the responses to this PIA may be addressed: Vanessa McClam

10. Provide an overview of the system: SWIFT is the records and document management system for the Office of the Secretary, Executive Office. Swift provides scanning, classifying indexing storage, retrieval, workflow, dissemination, and tracking capabilities for all of the documents received or generated by the executive office.

13. Indicate if the system is new or an existing one being modified : Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirte en?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Revi ewer Approval: Promote

Comments: system re-activated January 2007

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS OCR Program Information Management System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0001-00

4. Privacy Act System of Records (SOR) Number : 09-90-0052

5. OMB Information Collection Approval Number: 0990-0269

6. Other Identifying Number(s): N/A

7. System Name: Program Information Management System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Fernando Correa

10. Provide an overview of the system: Case tracking, document management and executive information. The Program Information Management System (PIMS) was developed to allow OCR to manage more effectively its program information needs and to integrate all of OCR's various business processes, including all its compliance activities, to allow for real time access and results reporting and other varied information management needs. Among other things, PIMS was developed to support the collection of compliance related and other identifying information needed for OCR to complete compliance activities and determinations. Title VI of the Civil Rights Act of 1964, Section 504 of the Rehabilitation Act of 1973, the Age Discrimination Act of 1975 and other statutes that prohibit discrimination by programs or entities that receive Federal financial assistance from HHS; Federally- conducted programs in cases involving disability-based discrimination under Section 504 of the Rehabilitation Act; state and local public entities in cases involving disability-based discrimination under Title II of the Americans with Disabilities Act; certain health plans, health clearinghouses and health care providers with respect to enforcement of the standards for privacy of individually identifiable health information under the privacy rule issued pursuant to the Health Insurance Portability and Accountability Act (HIPAA).

13. Indicate if the system is new or an exi sting one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): DoJ, EEOC, Federal Mediation & Conciliation Service, other Federal agencies, Congressional offices (but only in response to forwarded constitutent inquiries) -- as part of routine uses as specified in Syxstem of Records notice. permitting disclosure to a congressional office, allows subject individuals to obtain assistance from their representatives in Congress, should they so desire. Such disclosure would be made only pursuant to the request of the individual. allows disclosure to the Department of Justice or a court in the event of litigation. allows referral to the appropriate agency, in the event that a System of Records maintained by this agency to carry out its functions indicates a violation or potential violation of law. allows disclosure of records to contractors for the purpose of processing or refining records in the system Complaints involving alleged age discrimination are referred to the Federal Mediation and Conciliation Service consistent with the regulations implementing the Age Discrimination Act of 1975. Certain employment cases may be referred to the Equal Employment Opportunity Commission. In each of these instances, the allegations themselves are forwarded, but the data on the cases resident in OCR's PIMS system is not forwarded.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The mandatory fields for the new forms are: name, contact information, whether the complaint is being filed on behalf of someone else, the basis for the complaint (e.g., race/color/national origin, age, religion, gender (male/female), disability, violation of the privacy of protected health information), the entity against which the complaint is being filed, when the incident(s) occurred, a brief description of what happened and the complainant's signature. In some situations, the law requires OCR to get the complainant's signature, in other cases it is voluntary. In addition, several voluntary fields are included to assist OCR in processing the complaint and to provide appropriate customer service. Those fields are: an alternate person to contact if the complainant cannot be reached; whether this complaint has been filed with other agencies or is the basis of a lawsuit and, if so, to identify where else the complaint has been filed; and whether the complainant needs special accommodations for OCR to communicate with them (e.g. Braille, TDD). We also have included a limited number of questions to be answered on a voluntary basis to help us better assess whether we are adequately reaching and providing service to populations whose rights are covered by our statutory authorities. These questions concerning the complainant or the person on whose behalf a complaint has been filed, are: ethnicity, race, primary language spoken (if other than English), and the means by which the complainant learned about being able to file complaints with the Office for Civil Rights. Failure to answer the voluntary questions will not affect OCR's decision to process a complaint. Use of these forms is voluntary. Alternatively, a complainant may choose to submit a complaint in the form of a letter, or electronically. In its Medicare certification process, each applicant for certification responds to OCR's data request. The questions pertain to the policies and procedures of nondiscrimination; communication with persons who are Limited English proficient or sensory impaired; required notices; provision of auxiliary aids to persons with sensory, manual or speech impairments; grievance procedures for disability discrimination allegations; and information regarding restrictions based on age. The information received in response to a data request does not normally include personally identifiable information.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: For individual complaints, the initial information is collected from the complainant, or someone acting on their behalf. It is collected using one of OCR's two approved complaint forms for discrimination complaints and health information privacy complaints, which are available for downloading from OCR's web site. Alternatively, a complainant may choose to submit a complaint in the form of a letter, or electronically. OCR's two complaint forms each contain a privacy notice describing how the complainants information will be used. The discrimination notice is similar to the following health information privacy notice: "Filing a complaint with OCR is voluntary. However, without the information requested above, OCR may be unable to proceed with your complaint. We collect this information under authority of the Privacy Rule issued pursuant to the Health Insurance Portability and Accountability Act of 1996. We will use the information you provide to determine if we have jurisdiction and, if so, how we will process your complaint. Information submitted on this form is treated confidentially and is protected under the provisions of the Privacy Act of 1974. Names or other identifying information about individuals are disclosed when it is necessary for investigation of possible health information privacy violations, for internal systems operations, or for routine uses, which include disclosure of information outside the Department for purposes associated with health information privacy compliance and as permitted by law. It is illegal for a covered entity to intimidate, threaten, coerce, discriminate or retaliate against you for filing this complaint or for taking any other action to enforce your rights under the Privacy Rule. You are not required to use this form. You also may write a letter or submit a complaint electronically with the same information. To submit an electronic complaint, go to our web site at: http://www.hhs.gov/ocr/privacyhowtofile.htm. To mail a complaint see reverse page for OCR Regional addresses." In addition, for all complaints received that OCR initially determines are within our jurisdiction, complainants receive an acknowledgment letter that includes a fact sheet titled Protecting Personal Information in Complaint Investigations. This fact sheet describes how the information is protected by OCR, how a person can request a copy of their file under the Freedom of Information Act, to what other government agencies OCR may legally give the complainants information (see Section 4 above), and what protections are in place if someone else requests the complainants file. Where investigation of a complaint requires providing the complainants name to the covered entity against whom the complaint is filed, the complainant is always asked to sign a consent form allowing release of their name to the covered entity. Similarly, if investigation of the complaint requires acquiring the complainants medical record from the covered entity, the complainant is asked to sign an authorization allowing OCR to request the information.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Only authorized OCR users whose official duties require the use of such information have access to the information in the system. No users outside of OCR have access to PIMS. Specific access is structured around need and is determined by the person's role in the organization. Access is managed through the use of electronic access control lists, which regulate the ability to read, change and delete information in the system. Each OCR user has read access to designated information in the system, with the ability to modify only their own submissions or those of others within their region or group. Data identified as confidential is so designated and only specified individuals are granted access. The system maintains an audit trail of all actions against the data base. All electronic data is stored on servers maintained in locked facilities with computerized access control allowing access to only those support personnel with a demonstrated need for access. A database is kept of all individuals granted security card access to the room, and all visitors are escorted while in the room. The server facility has appropriate environmental security controls, including measures to mitigate damage to automated information system resources caused by fire, electricity, water and inadequate climate controls. Access control to servers, individual computers and databases includes a required user log-on with a password, inactivity lockout to systems based on a specified period of time, legal notices and security warnings at log-on, and remote access security that allows user access for remote users (e.g., while on government travel) under the same terms and conditions as for users within the office. System administrators have appropriate security clearance. Printed materials are filed in secure cabinets in secure Federal facilities with access based on need as described above for the automated component of the PIMS system.

PIA Reviewer Approval: Promote

Comments: cases tracked by Case number. IIF information could be within some text fields.

09-90-0052 Federal Register / Vol. 67, No. 173 / Friday, September 6, 2002

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS OGC Matter Tracking System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-01-06-02-0138-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Matter Tracking System

9. System Point of Contact (POC). The System POC is the person to whom que stions about the system and the responses to this PIA may be addressed: John Shimabukuro

10. Provide an overview of the system: A centralized system that enables a sophisticated analysis of not only current but also projected workloads across the enterprise. It provides a robust data capture, workflow, timekeeping, and reporting solution set that enables better strategic planning and performance-based budgeting.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or disclose s IIF please specify with whom and for what purpose(s): OGC attorneys, paralegals and legal staff

31. Please describe in detail a ny processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at childr en under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physica l controls.: N/A

PIA Reviewer Approval: Promote

Comments: contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS OPHS Annual Report on Possible Resource Misconduct System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: none

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Infor mation Collection Approval Number: 0937-0198

6. Other Identifying Number(s): N/A

7. System Name: Annual Report on Possible Research Misconduct System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: OS/OPHS/ORI

10. Provide an overview of the system: This reporting system is essential for the over 1400 institutions that receive federal research funding from the US Department of Health and Human Services (HHS), and are mandated to complete this report annually between January and March.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shar es or discloses IIF please specify with whom and for what purpose(s): N/A

31. Pleas e describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Demote

Comments: may contain IIF information within text fields -- need to locate system owner

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments: Insufficient information known about this system

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS OPHS Commissioned Officers Personnel and Payroll System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submi ssion: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1020-00

4. Privacy Act System of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Commissioned Officers Pay and Personnel System (COPPS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jerry Weiskohl, Richard Glabach

10. Provide an overview of the system: Payroll and personnel actions for the Commissioned Corps

COPPS provides pay and personnel services for public health commissioned officers from entry to exit as well as in retirement and for their dependents.

13. Indic ate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21 . Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared only as part of the payroll processing.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information in the system is protected by management, operational, and technical security controls commensurate with the level of sensitivity of the system. The system is certified and accredited.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS OPHS Division of Commissioned Personnel Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-08-01-1100-00-403-250

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: DCP LAN

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addresse d: Carol Arbogast

10. Provide an overview of the system: The DCP LAN provides local connectivity for the DCP office.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shar es or discloses IIF please specify with whom and for what purpose(s): No

30. Please describe in detail:

(1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No

31. Please describe in detail any processes in place to:

(1) notify and obtain consent from the individuals

whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No

PIA Reviewer Appro val: Promote

Comments: UPI number is inaccurate; it does not match methodology required by the HHS CPIC Manager

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / OS Security Program (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: N/A

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Inform ation Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: OS Security Program

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be address ed: Mike Stringer

10. Provide an overview of the system: OS IT Security Program

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for wha t purpose(s): N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

5 4. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A

PIA Reviewer Approval: Demote

Comments: OS IT Security Program -- not applicable

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Demote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Date Published: Jun 26, 2008

06.1 HHS Privacy Impact Assessment (Form) / OS ASAM HHS Consolidated Acquisition System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA?: Yes

If this is an existing PIA, please provide a reason for revision:

1. D ate of this Submission: Aug 13, 2008

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-00-02-00-01-0040-00

4. Privacy Act System of Records (SOR) Number: SORN is in its final clearance prior to publication in the Federal Register.

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: OS ASAM HHS Consolidated Acquisition System (HCAS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Fullem

10. Provide an overview of the system: To realize an enterprise solution for acquisition across the Department, HHS established the HCAS Project Management Office (PMO), within the office of the Assistant Secretary of Administration and Management (ASAM). The PMO will deliver a standardized global Purchase Request Information System (PRISM) for all operational contracting components within HHS that utilize Unified Financial Management System (UFMS) (referred to as HCAS clients). HHS will deploy HCAS to the following ten HCAS client contracting offices: AHRQ, ASPR, CDC, FDA, PSC Division of Acquisition Management, PSC Perry Point, PSC Cooperative Administrative Service Unit (Kansas City), HRSA, IHS, and SAMHSA. The mission of the HCAS PMO is to design, plan, configure, and implement HCAS as efficiently as possible, coordinating with other relevant HHS e-government and enterprise projects to maximize integration.

Once implemented, HCAS will replace the varying PRISM configurations that currently exist across HHS in addition to replacing other legacy acquisition systems and manual processes, resulting in one solution for capturing HHS acquisition transactions for integration with UFMS.. In the long term, a consolidated PRISM facilitates and enables a single solution for integrating acquisition with financial management (one interface between HCAS and UFMS) and other mixed financial management systems.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s ) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The HCAS system itself collects information necessary to support a procurement relationship between HHS and the vendor community. There are limited instances where an individual’s information in identifiable form (IIF) will be collected in order to facilitate a transaction in HCAS. In addition to names of contracting who serve as HHS buyers, HCAS collects and maintains IIF for service fellows and sole proprietorships that provide vendor services as individuals.

30. Please describe in detail the information the agency will collect, maintain, or disseminate and why and for what purpose the agency will use the information. In this description, indicate whether the information contains IIF and whether submission of personal information is voluntary or mandatory: Acquisition processes supported by HCAS include acquisition planning, solicitation, contract creation and approval, contract award and award closeout, and contract performance monitoring and management. To support these business processes, IIF contained in HCAS may include the following: vendor and contracting officer names, vendor mailing addresses, phone numbers, vendor financial account information, legal documents, web URLs, email addresses, vendor education records, and vendor tax ID numbers (TIN) or social security numbers.

Social security numbers of vendors may be captured within HCAS under certain circumstances where a TIN is not available. In order for vendors to obtain the benefit of contracting with HHS, either a TIN or SSN is required. Provision of this information by the vendor is elective and again, is only used when a vendor TIN is not available. 31. Please describe in detail any processes in place to: 31. Please describe in detail any processes in place to: • notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection) • notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: All notification for the use and protection of private information will be conveyed in writing during training and by electronic notice. By completing and signing a new user application, HCAS users will be aware of what IIF is being collected and how it will be used.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: In the C&A process, HCAS used NIST 800-53a security controls and established the required level of security measures, including end user IDs, passwords, group accounts, a certified facility, background screening on system administrators. Security controls will be reviewed annually, at a minimum.

PIA Reviewer Approval: Promote

Comments: This is a new information system, in its beta test phase with FDA and IHS being the first OPDIV end users

PIA Reviewer Name: Ruth M. Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Na me: Suzi Connor

Sign-off Date: Aug 13, 2008

Date Published: September 02, 2008

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Service Tracking Management (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-02-1015-00

4. Privacy Act System of Records (SOR) Number: 09-15-0004

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Service Tracking Module (STM)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dave Fisher

10. Provide an overview of the system: STM provides a complete set of tools to define the interagency agreements between FOH and its customer agencies, collect evidence of the fulfillment of those agreements, and provide external financial systems the information they need to bill for services rendered. STM also provides tools to view reports against data stored within it

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does not share

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Medical notes and employee information in addition to personal identifying information

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Records in this system are obtained from-- a. The individual to whom the records pertain. b. Agency employee health unit staff. c. Federal and private sector medical practitioners and treatment facilities. d. Supervisors/managers and other agency officials. e. Other agency records. Clients will be informed in writing of the confidentiality provisions. Secondary disclosure of information, which was released, is prohibited without client consent.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Information in the system is protected by management, operational, and technical controls comensurate with the level of sensitivity of that information, including:

- Data is stored in a password protected data system

- Data system is protected by network firewalls

- Computer systems maintained at secured government site.

- Electronic data is encrypted.

- Users can enter SSN or Query on SSN to validate a person’s identity, but can not retrieve SSN for viewing.

- Standard Reports do not display SSN.

- Only specialized reports provided directly to authorized agency reps include this information. These reports can only be run by a select group of people and are provided physically via US Mail directed to the authorized person.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Silver Spring Cemter Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: PSC SSC LAN

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Errol Brown

10. Provide an overview of the system: The PSC SSC LAN is a local area network supporting the operations of the Silver Spring Center based portion of the HHS/PSC (HRS).

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not collect, maintain or disseminate IIF.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Accounting for Pay System (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Sep 8, 2008

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-01-01-1013-00

4. Privacy Act System of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Accounting For Pay System (AFPS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Vincent Watson

10. Provide an overview of the system: Automated interface between the Department's central payroll and the HHS agencies for payroll cost distribution.

Provides a systematic interface of payroll accounting information necessary to account for disbursements, expenditures, obligations and accurals for personnel costs. Legislation: Chief Financial Officers Act of 1990.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), recor d(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information is shared with the agencies accounting, budget and administrative offices.

32. Does the system host a websit e?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical and Physical controls are in place to ensure the security of the information. These include an up to date System Security Plan, Contingency Plan, regular offsite backup of the data, and yearly security awareness training for all personnel. Also, the system is part of the yearly SAS-70 (Statement on Auditing Standards No. 70) audit which tests the adequacy and effectiveness of the opperating controls. Specific protection for PII include:

1- Electronic data is password protected

2- Access to electronic data is role-based

3- Documents are locked in file cabinet accessible only to mgt and admin assts

PIA Reviewer Ap proval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Sep 8, 2008

Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / OS ASAM AHRQ Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Sep 10, 2008

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: AHRQ General Support System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott Funk

10. Provide an overview of the system: AHRQ GSS is a LAN supporting the operations of the HHS/AHRQ.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF wi thin any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF wil l be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments: GSS -- contains no IIF information

PIA Reviewer Name: Ruth M. Doerflein

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Sep 10, 2008

Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / OS ASAM Enterprise Human Resources and Personnel (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 13, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-91-01-06-01-1100-00

4. Privacy Act System of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Electronic Human Resources and Payroll (EHRP)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Arbogast

10. Provide an overview of the system: A system for collecting, tracking, routing and maintaining information relating to personnel actions and determinations made about an employee whil employed at HHS.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/W ill the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares o r discloses IIF please specify with whom and for what purpose(s): Human Resource personnel, supervisors, and employees.

OPM Reporting, and Internal Agencies Reporting

32. Does the system host a website?: No

37. Does the website have any information or pages dire cted at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The following administrative, technical, and physical controls are in place for EHRP:Administrative ControlsSystem security plan Contingency (or backup) plan File backup Backup files stored offsite User manualsSecurity Awareness TrainingContractor AgreementsLeast Privilege AccessIIF PoliciesTechnical ControlsUser Identification and PasswordsFirewallEncryptionIntrusion Detection System (IDS)Physical ControlsGuardsIdentification BadgesKey Cards

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments: An OPM system, with HHS data -- Not HHS' responsibility to report PIA information for this system.

UPI information is inaccurate -- does not agree with numbering methodology established by HHS CPIC Manager

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 14, 2007

Approved for Web Publis hing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / OS ASAM OS Local Area Network (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: OS

3. Unique Project Identifier (UPI) Number: 009-90-02-00-01-0001-00

4. Privacy Act System of Records (SOR) Num ber: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: OS LAN Backbone

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to thi s PIA may be addressed: Errol Brown

10. Provide an overview of the system: The OS LAN Backbone is the network supporting operations of the HHS/OS.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain or disseminate IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detai l how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain or disseminate IIF.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: Ruth Doerflein

Sr. Official for Privacy Approval: Promote

Comments: 2/22/2007 previous PIA lost during mistaken movement to Retired systems and back to Current systems. Ray Baumler reproduced PIA. -- rmd

Sr. Official for Privacy Name: Suzi Connor

Sign-off Date: Aug 17, 2007

Approved for Web Publishing: Yes

Date Published: Mar 2, 2009